Canon hit by ransomware, more on fake website addresses and a bank fined for a hack
Welcome to Cyber Security Today. It’s Monday August 10th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Successful ransomware attacks against major companies are continuing. The latest victim is camera and printer manufacturer Canon. The news site Bleeping Computer reports that a ransomware group calling itself Maze claims to have copied 10 terabytes of data from the company. Typically this group threatens to embarrass the victim company by publicly posting stolen data unless a ransom is paid. I recently talked to Aamir Lakhani, a Canadian-based security researcher for Fortinet, who said an increasing number of attack groups are using this strategy. He also noted that many groups are able to move into ransomware because many chunks of code for creating the malware are available on the Internet. Some web sites help crooks put together packages of malware, including ransomware, for a small fee — ransomware-as-a-service, it’s called. One of them, Lakhani pointed out, is Github, a platform for helping legitimate developers create software. Searching Github you can find applications to assemble ransomware. These programs been created by and are for security researchers. But it’s not hard for a criminal to adjust the code so it can be used for an attack. Fortinet says good security techniques including secure data backups, segmenting important data, installing security updates quickly and educating staff on ignoring phishing email will greatly help to lower risk of successful ransomware attacks.
In my last podcast I gave tips for avoiding fake web sites. One of them was watching for deliberate mis-spellings in the address of the web site. You think after clicking on a link in an email or text you’re going to a real web site, but it’s a phony. The address is close enough to fool you. Well, as I was recording that podcast a security company called Malwarebytes issued a report on a new scheme by a hacker group that uses the same technique — changing one letter in a web address to take victims to a copycat website. In one case victims thought they were going to a site called “cigarpage.com.” But the hackers had created a phony site with a similar-looking name by replacing the “g” in “page” with the letter “q”. Read it fast and it looks right. Another site compromised was fieldsupply.com. The “i” in “field” was replaced with an “l”.
This deception works because browsers use what’s called a sans serif font. Serifs are the little strokes at the end of some letters, like the top and bottom of lower case “l”. A sans serif font doesn’t have the little strokes, so in small print — like in web page addresses — it can be hard to distinguish the letters. That’s why a lower-case “q” can look like a “g”. Crooks have a lot of tricks like that, including using a letter from Latin or the Cyrillic language as part of a phony web address.
If you type the real name for a web site, or if you’ve bookmarked the right site, you’ll always go to the real site. But be careful of where you get taken after clicking on a link in an email, text, or social media message. Then you’re in the hands of whoever created that link. That’s when you have to look carefully at the web address.
Finally, U.S. credit card issuer Capital One has been fined $80 million after a hacker copied the personal information of 100 million credit card applications, 140,000 social security numbers and 1 million Canadian social insurance numbers. The Office of the Comptroller of the Currency levied the fine for failing to establish effective risk mitigation processes before moving data from its on-premise data centre to the internet in 2015. A bank internal audit also failed to spot numerous weaknesses in the planned new cloud environment. According to a news report the hacker took advantage of a misconfigured firewall.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon