FFT news digest August 21 2020

Under fire

Fraudsters are targeting organisations with ever more precise and sophisticated attacks, according to a new report from Abnormal Security. The second quarter of 2020 saw a surge in the number of Business Email Compromise (BEC) attempts, with a particular focus on employees in finance departments. The growth in payment and invoice fraud accelerated, with attacks increasing 112% over the first quarter of the year (compared to a 75% rise on the previous quarter). Zoom replaced American Express as the number one impersonated brand in email attacks, followed by Amazon and DHL. "Cybercriminals are moving at the same pace of our changing world – leveraging workplace upheaval and exploiting businesses’ weakest links – such as vendor and partner relationships," the report warns. Now more than ever, it's vital to have cast-iron processes in place to protect against these attacks.

Threats

Hybrid: Attackers are combining targeted phone calls with custom-made websites in attempt to steal Virtual Private Network credentials. The approach has had "a remarkably high success rate". KrebsonSecurity

Calls: We've had multiple reports of clients experiencing robocalls pretending to be the HMRC, Amazon, and TV Licensing among others. It's worth discussing this with friends and family, particularly those who are older. A paper analyses the phenomenon in the US.

Recruit: Attackers are posing as recruiters to target people with voice calls aimed at extracting personal and/or corporate information. Abnormal Security

Canva: Graphic design platform is being exploited to create and host malicious files. KnowBe4

Duri: Campaign uses HTML smuggling to evade network security solutions such as sandboxes (i.e. isolated testing environments). Technique involves combining several technologies to serve file downloads from within a browser rather than from a remote server. Menlo Security

Romance: Romance scams work. The BBC examines one example and links to an excellent New York Times documentary on the subject.

HMRC: The UK taxman is investigating 10,428 fake emails, text messages, social media posts and phone calls that have been sent during the COVID-19 pandemic. FTAdviser

Ritz: Criminals have been exploiting a recent data breach by posing as hotel staff and asking victims to confirm reservations by handing over credit card details. BBC

Remote oblivion

A fifth of US organisations have experienced a data breach as a result of the move to remote working, use of personal devices for work has surged, and a significant number of users are "oblivious" to best security practices, according to research by Malwarebytes. Its report says the rushed response to COVID-19 has created massive cybersecurity gaps, and 18% of those surveyed said the issue wasn't a priority. Business Email Compromise, the rapid move to cloud services, and improperly secured corporate Virtual Private Networks are all contributory issues. Malwarebytes found that, despite the threat of attack, nearly half of respondents hadn't provided any cybersecurity training to their employees. A report from Fortinet has similar findings from a global perspective. And in the UK, KnowBe4 says almost 40% of business decision makers it surveyed had fired employees for breaching cybersecurity policies since the start of the pandemic.

Wikileaks in the dock

Wikileaks knowingly assisted Moscow's efforts to influence the 2016 US presidential election, according to a report by the Senate intelligence committee. “WikiLeaks actively sought, and played, a key role in the Russian influence campaign and very likely knew it was assisting a Russian intelligence influence effort,” the report says. The committee concluded that there was no evidence Donald Trump's campaign had colluded with Moscow, but it had sought to maximise the impact of the leaks. It's worth remembering that many of the emails published by Wikileaks did not come from a sophisticated attack, but from a simple email that targeted the Gmail account of John Podesta, the chair of Hillary Clinton's campaign. By clicking on a malicious 'Change Password' link, Podesta's staff gave the attackers access not only to Gmail, but to all his other online accounts as well. Such tactics continue to be used today and the incident remains a lesson to us all to beware of friendly blue buttons offering to change passwords or confirm details.

US border risks

We've long warned about the risks of travelling to the US if your passport has evidence of visits to countries like Iran and Pakistan. Now, the US Department of Homeland Security has published updated details about the information they will look for if you are pulled over for 'secondary inspection'. The Privacy Impact Analysis makes clear that they will seek to copy almost everything from electronic devices, including contacts, social media information, photos and videos. The number of such searches remains low as a proportion of the total number of visitors to the US, but it has shot up in recent years from 5,085 in 2012 to 33,295 in 2018. Those who aren't US citizens or Green Card holders can refuse access to their devices, but only at the price of being deported. The Electronic Frontier Foundation has a guide for travellers, and the ACLU has a sobering account of the experiences of some visitors at the US border.

Breaches down. Data up.

The number of data breaches being reported has fallen but their size has shot up, with the latest incident involving almost 235 million Instagram, TikTok and YouTube user profiles. Risk Based Security says the number of publicly-reported breaches is the lowest in five years, but the number of records exposed is over four times higher than for any previous 6-month period. That's partly explained by the two largest breaches ever reported, both of which came to light in the second quarter of 2020 and accounted for 18 billion of the 27 billion records exposed. The number of payment card details revealed in the first half of the year was over 90 million. Risk Based Security reckons the number of breaches hasn't actually fallen; they're just not being reported or picked up. But their severity is almost certainly increasing and there are clear signs that users are continuing to sign up to personal services with work email addresses.

In brief

A month after the EU's top court struck down a key transatlantic data mechanism, privacy campaigners have filed complaints over some websites' use of Google Analytics and Facebook Connect. They argue data is being transferred to the US without a legal basis. noyb

Managing vulnerabilities continues to challenge organisations, with many issues remaining unmitigated six months after being identified. One answer is to understand which issues to prioritise and eliminate false positives. IBM

Almost all global airlines are failing to protect their email domains with the recommended standard. Lack of strict DMARC policies makes it easy for criminals to impersonate their brands. proofpoint

The Weather Channel app will change how it informs users about its sale of personal data. The change settles a lawsuit brought by the city of Los Angeles which alleged the app's operators had misled users. The operators said it had always been transparent. AP

Need to clean up the background for your next video call? The Verge has a guide to the leading video conferencing apps (though it's worth bearing in mind some of the tools/backdrops aren't perfect).

You can buy pretty much everything on the 'Dark Web', including a contract killer. A gentleman from New Jersey has just been charged with trying (and failing) to arrange the murder of a 14-year old with whom he had been exchanging explicit photos. US Dept of Justice

Updates

Windows: Emergency security update to address privilege escalation issues affecting Windows Remote Access service.

Chrome: Version 84.0.4147.135 for Windows, Mac, and Linux addresses a vulnerability that could allow an attacker to take control of an affected system.

Cisco: Urgent update for ENCS 5400-W Series and CSP 5000-W Series appliances which are affected by a critical issue that affects their software (by 'critical' Cisco means there's a default, static password that could allow someone to login remotely with administrator rights).

Telegram: Coinciding with its seventh birthday, messaging app adds secure video calls.

Gmail: During a prolonged (and presumably unconnected) outage, Google fixed a serious security issue in Gmail which could have been exploited to masquerade as any user of the service. It took 137 days for Google to make the change, which was done on its servers so users don't need to do anything.

Subscribe to receive the digest by email

Full Frame Technology

What we do 
Who we are 
Need to know
Privacy Notice
Website terms

Address

152-160 City Road
London, EC1V 2NX

Contacts
Email: info@fullframetech.com
Phone: +44 (0) 20 3290 2205
Support: +44 (0) 20 3290 2207

Company registration no. 10243217

© Copyright 2021 Full Frame Technology - All Rights Reserved