Beware of unexpected USB keys in the mail, FlexBooker admits data theft and more.
Welcome to Cyber Security Today. It’s Monday, January 10th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
The group behind the Darkside and BlackMatter ransomware malware is mailing infected USB keys to American organizations. According to several news reports, the FBI has sent that warning to American businesses that subscribe to its security alerts. The contaminated USB keys are being sent by a package delivery service seemingly coming from the U.S. Department of Health and Human Services and allegedly have COVID-19 guidelines, or they are sent to seemingly look like a gift in a box with a fraudulent thank you letter.
Infecting USB keys is an old tactic used by threat actors, stemming back from the days when memory sticks were expensive. Threat actors have been known to drop infected USB keys on the floor of a company or its parking lot. They have slipped them onto the desks of booths at trade shows, where USB keys are often given away by vendors. The attackers hope unsuspecting people will plug the device into their computers to find out who lost it, or to see what expect is a vendor’s product information. In the most recent case the infected USB key registers itself as a keyboard and installs code that downloads malware, leading to a ransomware attack.
The best way to fight this kind of attack is to regularly remind employees to never plug USB sticks into that they don’t own into their computers — even if it’s a gift.
Here’s some good news: Salesforce, the cloud-based service used by sales and marketing teams to keep track of their work and contacts, is making mandatory the use of multifactor authentication for users to login to it service. Starting February 1st anyone using Salesforce will have to have enabled MFA. It gets turned on either by the user, or through the Salesforce provider. Multifactor authentication methods include using the Salesforce Authenticator mobile app; one-time passcode authenticator apps like Google Authenticator, Microsoft Authenticator or Authy; security key; or built-in authentication like Touch ID, Face ID or Windows Hello. If MFA is vital for Salesforce, it should be vital for all of your organization’s logins.
The cloud-based FlexBooker service used by organizations for booking and scheduling meetings, has admitted it was hacked late last month. The company said its account on Amazon AWS was compromised. Some customer data including names, email addresses, phone numbers and encrypted passwords was stolen. The company also told the ZDNet news service that partial customer credit card numbers were also stolen.
Data theft by employees isn’t as common as an attack by someone outside your organization. But it happens. The most recent example is a former Chinese employee of agriculture giant Monsanto, who pleaded guilty last week to conspiracy to commit economic espionage. He admitted copying a predictive algorithm used by the company in software onto a memory card. The day after leaving the company in 2017 his baggage was searched at an airport as he was leaving to fly to China. Investigators later found one of his electronic devices had copies of the algorithm. The man was arrested when he returned to the U.S. He’ll be sentenced in April.
Finally, administrators of on-premise SonicWall’s Email Security Appliance or SonicWall firewalls running SonicOS 6 are urged to install updates. They fix a problem created January 1st when the calendar moved to the year 2022. The problem means administrators and email users can’t access their email junk boxes or trace emails through message logs.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.