Cyber Weekly Flash Briefing 03 April 2020 – GFSC warn over increased fraud & cybercrime, attacks up 37% in a month, criminals sending USB devices in post, Zoom phishers register 2000 domains
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.
GFSC warns over increased risk of fraud and cyber crime
The GFSC has put out a warning to regulated firms on the Island around increased likelihood of fraud and other cyber crimes as a result of the COVID-19 pandemic.
The Commission has stated that they expect licensees to apply effective controls, including having suitable controls to prevent cybercrime.
Cyber-Attacks Up 37% Over Past Month as #COVID19 Bites
Online threats have risen by as much as six-times their usual levels over the past four weeks as the COVID-19 pandemic provides new ballast for cyber-attacks.
Analysis of UK traffic figures for the past four weeks compared to the previous month noted a sharp uptick in malicious activity.
Hacking and phishing attempts were up 37% month-on-month, while on some days, there were between four- and six-times the number of attacks it would usually see.
More here: https://www.infosecurity-magazine.com/news/cyberattacks-up-37-over-past-month/
Cybercrime spikes during coronavirus pandemic, says Europol
Just like everyone else in the face of a pandemic, criminals seem to be staying home — but they're just turning to different methods to make a buck.
That's the message from a new Europol report out this week, which reveals that criminals are adapting to exploit the global chaos.
While many police departments are reporting a lull in physical crime, other types of crime are having a heyday — and those numbers are only expected to increase.
Europol identified cybercrime, fraud, counterfeit goods and organised property crime as categories of particular concern.
Read more here: https://www.euronews.com/2020/03/27/cybercrime-spikes-during-coronavirus-pandemic-says-europol
Cybercriminal group mails malicious USB dongles to targeted companies
Security researchers have come across an attack where an USB dongle was mailed to a company under the guise of a Best Buy gift card. This technique has been used by security professionals during physical penetration testing engagements in the past, but it has very rarely been observed in the wild. This time it's a known sophisticated cybercriminal group who is likely behind it.
The attack was analysed after a US company in the hospitality sector received the USB sometime in mid-February.
The package contained an official-looking letter with Best Buy's logo and other branding elements informing the recipient that they've received a $50 gift card for being a regular customer. "You can spend it on any product from the list of items presented on an USB stick," the letter read. Fortunately, the USB dongle was never inserted into any computers and was passed along for analysis, because the person who received it had security training.
Top Email Protections Fail in Latest COVID-19 Phishing Campaign
Threat actors continue to capitalize on fears surrounding the spread of the COVID-19 virus through a surge in new phishing campaigns that use spoofing tactics to effectively evade Proofpoint and Microsoft Office 365 advanced threat protections (ATPs), researchers have found.
New phishing attacks were discovered that use socially engineered emails promising access to important information about cases of COVID-19 in the receiver’s local area.
The emails evade basic security checks and user common sense in a number of ways, to circumvent detection and steal the user’s Microsoft log-in credentials, he said. They also don’t include specific names or greetings in the body of the messages, suggesting they are being sent out to a broad target audience, according to the report.
More: https://threatpost.com/top-email-protections-fail-covid-19-phishing/154329/
Zoom Phishers Register 2000 Domains in a Month
Over 2000 new phishing domains have been set up over the past month to capitalise on the surging demand for Zoom from home workers, according to new data.
The report analysed data from a threat hunting system since the start of the year, and found 3300 new domains had been registered with the word “Zoom” in them.
The vast majority of these (67%) were created in March, as the COVID-19 pandemic forced lockdowns in multiple European countries and across parts of the US.
With surging levels of interest in Zoom and other video conferencing apps, comes renewed scrutiny from cyber-criminals.
Nearly a third (30%) of the new “Zoom” websites spotted activated an email server which indicates these domains are being used to facilitate phishing attacks.
More here: https://www.infosecurity-magazine.com/news/zoom-phishers-register-2000/
Across-the-board increase in DDoS attacks of all sizes
There has been a 168% increase in DDoS attacks in Q4 2019, compared with Q4 2018, and a 180% increase overall in 2019 vs. 2018, according to a report.
DDoS attacks grew across all size categories increase in 2019, with attacks sized 5 Gbps and below seeing the largest growth. These small-scale attacks made up more than three quarters of all attacks the company mitigated on behalf of its customers in 2019.
In 2019, the largest mitigated threat, at 587 gigabits per second (Gbps), was 31% larger than the largest attack of 2018, while the maximum attack intensity observed in 2019, 343 million packets per second (Mpps), was 252% higher than that of the most intense attack seen in 2018.
However, despite these higher peaks, the average attack size (12 Gbps) and intensity (3 Mpps) remained consistent year over year. The longest single, uninterrupted attack experienced in 2019 lasted three days, 13 hours and eight minutes.
Though the number of attacks increased significantly across all size categories, small-scale attacks (5 Gbps and below) again saw the largest growth in 2019, continuing the trend from the previous year.
More here: https://www.helpnetsecurity.com/2020/03/27/ddos-attacks-increase-2020/
Cybersecurity insurance firm Chubb investigates its own ransomware attack
A notorious ransomware gang claims to have successfully compromised the infrastructure of a company selling cyber insurance.
The Maze ransomware group says it has encrypted data belonging to Chubb, which claims to be one of the world’s largest insurance companies, and is threatening to publicly release data unless a ransom is paid.
The announcement by the cybercrime gang was published on Maze’s website, where it lists what it euphemistically describes as its “new clients”.
Maze’s normal modus operandi is to compromise an organisation, steal its data, infect the network with its ransomware, and post a pre-announcement on its website as a warning to the corporate victim that if they do not pay a ransom their stolen data will be published on the internet.
Read the full article here: https://hotforsecurity.bitdefender.com/blog/cybersecurity-insurance-firm-chubb-investigates-its-own-ransomware-attack-22753.html
Ransomware Payments on the Rise
More ransomware victims than ever before are complying with the demands of their cyber-attackers by handing over cash to retrieve encrypted files.
New research published this week shows that both the number of ransomware attacks and the percentage of attacks that result in payment have increased every year since 2017.
The report states 62% of organisations were victimised by ransomware in 2019, up from 56% in 2018 and 55% in 2017.
In 2017, just 39% of organizations hit by ransomware paid to retrieve their encrypted data. That figure rose to 45% in 2018, then shot up to 58% in 2019.
Read the full article here: https://www.infosecurity-magazine.com/news/rise-in-ransomware-payments/
Marriott hit by second data breach exposing “up to” 5.2 million people
Hotel chain Marriott International this week announced that it has been hit by a second data breach exposing the personal details of “up to approximately 5.2 million guests”.
The breach, which began in mid-January 2020 and was discovered at the end of February 2020, saw contact details, including names, addresses, birth dates, gender, email addresses and telephone numbers exposed. Employer name, gender, room stay preferences and loyalty account numbers were also exposed.
The hotel company has stressed that not all data was exposed for each person.
Marriott has also said that at present it does not believe passports, payment details or passwords were exposed in the data breach.
The data is believed to have been accessed by an unknown third party using the login credentials of two employees at a group hotel operated as a franchise. Marriott has said that it has notified relevant authorities, and has begun notifying those whose data was exposed in the breach. It has also set up a dedicated website to help those impacted by the breach.
More here: https://www.verdict.co.uk/marriott-second-data-breach/
Lawyers urged to switch off Alexa when working from home
Law firms are warning their employees to turn off their smart speakers while working from home due to security concerns.
Smart speakers such as Amazon’s Echo series and Google’s Nest range have become wildly popular in Britain with an estimated 34pc of households now using them.
But privacy and security experts have repeatedly said the devices may pose a security threat and now law firms have advised staff not to disclose sensitive details when they are in use nearby.
A spokesman from one firm of solicitors said that that hackers could access sensitive details through the speakers, telling their staff to check the default settings on the speaker and to the extent that you can, switch them off during the working day.
More here: https://www.telegraph.co.uk/technology/2020/03/30/lawyers-urged-switch-alexa-working-home/