A deepfake video scam costs a company US$25 million, and more.
Welcome to Cyber Security Today. It’s Wednesday, February 7th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
A multinational firm is out US$25 million after an employee fell for a deepfake video impersonating the firm’s chief financial officer. According to CNN, Hong Kong police say the employee, who worked in the finance department, was convinced the video call with the CFO and others was real so unwittingly wired the money to crooks. However, the email setting up the video call had a tell-tale sign of potential fraud: It told the employee the session would be about a secret transaction. Threat actors often trick employees into acting fast and transferring funds by saying the request is urgent. Police said the employee had doubts, but the people on the video call looked and sounded like colleagues he recognized.
The incident is another reminder that managers have to train staff with permission to transfer corporate funds to independently verify money transfer requests — especially if the request involves large amounts of money. This may not be as easy as going to an official’s office in the same building if the organization is spread across a city, a country or around the globe. In this case, the employee appeared to be in Hong Kong and the chief financial officer was based in Britain. Still, there have to be processes for verifying large money transfers.
Here’s another report of a fake call: Last month someone created an automated phone message sounding like President Joe Biden telling New Hampshire voters not to bother voting in the state’s primary. Yesterday the state’s attorney general said the calls have been linked to two Texas companies. Cease and desist orders have been issued.
I’ve reported before about threat actors tricking people into scanning QR codes that lead to the downloading of malware. In a new report researchers at Abnormal Security say this trend shows no sign of slowing down. Interestingly, C-suite executives were 42 times more likely than ordinary employees to receive QR code attacks. The scanned code often takes victims to a seemingly legitimate website that prompts them to enter login credentials — including their two-factor authentication code — or enter sensitive personal data.
Facebook job ads are being used to spread malware that steals data from victims’ computers. That’s according to researchers at Trustwave. The ads say an organization is looking for an account manager or digital marketing specialist. But the included link goes to an infected website that leads to the victim’s computer being compromised by malware. It steals information like passwords, cookies, credit card information, documents and more — stuff that threat actors love to use or sell. This is the latest in a long line of job ads that are used to trick people. Be careful with any job ad that doesn’t directly show what qualifications are needed and describes the job in detail.
In European news, Politico says the European Parliament’s chief cybersecurity official will leave his job just before this June’s elections. This is because of concern that Parliament’s cybersecurity isn’t as good as it should be.
The Netherlands has accused China of hacking into a Dutch military network last year. According to the Reuters news agency the hackers planted malware inside an armed forces network used for unclassified research.
If you want to put 2023 behind you, fine. If you want to ponder cyber trends two companies have published year-end analyses. Malwarebytes just released its annual State of Malware report. Among the data: The biggest target for ransomware gangs was the services sector, followed by manufacturing and IT services. And Darktrace looked at the last six months of 2023 and found threat actors are increasingly leveraging rental tools such as malware-as-a-service and ransomware-as-a-service.
Finally, Canon issued updates to close several vulnerabilities in some models of small office multi-function printers and laser printers. Devices directly connected to the internet without a router could be hacked. Check your Canon printer’s specifications page to see if a firmware update is available.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.