MFA spoils a phishing scam, a Zoom con discovered and another Log4j attacker unveiled
Welcome to Cyber Security Today. It’s Friday, January 28th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Microsoft has discovered a widespread phishing campaign targeting organizations in Australia, Singapore, Indonesia and Thailand. The campaign may come to the U.S. and Canada. The goal is to steal employees’ Microsoft Office or Outlook login usernames and passwords. But here’s the thing: It doesn’t work if staff have to use multifactor authentication as well as their usual credentials to log in.
This is how the scam works: A victim gets an email saying someone has sent them a DocuSign document they have to read and sign. To do that they have to click on a link, which takes them to a fake Office or Outlook page. The victim is supposed to enter their password there. The hacker then used the compromised email address of the victim to send out fake messages to 8,500 other people with a supposed document about a payment. Those who clicked on the payment document also had to put in their username on a fake Office page.
Over 100 people fell for the initial fake message. However, the attack against those who had multi-factor authentication failed. This is another example of why IT departments need to roll out multifactor authentication to as many employees as possible for as many applications that allow it.
Hackers continue trying to take advantage of firms that use the Zoom video conferencing platform. Researchers at Armorblox this week said they found a new scam. Its goal is to steal the usernames and passwords of staff using the Microsoft Teams collaboration software. It starts with a victim getting what seems to be an email from Zoom about a supposed video meeting. The message says ‘Your participants have joined you in a meeting. The crooks hope the victim doesn’t want to miss a meeting, even one they don’t know about, and so will click on the link in the message. That link goes to a page that looks like a Microsoft Outlook login screen. But its a fake designed to capture login information. One lesson: If you aren’t expecting a meeting, don’t log into one. And be suspicious of messages that you don’t anticipate getting but include a link that asks you to log into something.
In a news story on ITWorldCanada.com earlier this month I reported that threat actors are trying to exploit Log4j vulnerabilities in firms that use VMWare Horizon. This week researchers at BlackBerry found more evidence. They said a threat group dubbed Prophet Spider, which breaks into IT networks and then sells the access to other crooks, is one of the attackers going after Horizon. BlackBerry notes that when an initial access broker takes an interest in a vulnerability, that’s a sign it sees significant value in its exploitation. More the reason why IT departments have to root out applications that use Log4j and patch them.
I’ve said before that Google tries hard to block malicious apps from getting into the Android store. But it isn’t batting 1.000 yet. Here’s another example of a miss: Researchers at Zimperium this week described a scamware mobile app campaign it calls Dark Herring. Some of the 470 bad apps it found were in the Android store, and other third-party app stores. They date back to March, 2020. They may be productivity or games. They look and act real, but dupe victims into being charged for a monthly premium service they didn’t want. The apps are no longer in the Android store, but they are in third-party app stores. One lesson: Before downloading any mobile app check with friends and online reviews about whether it’s safe. Another lesson: If you’re the type of person who likes downloading apps, make sure your smartphone has anti-virus or anti-malware software from a well-known company.
The University of Ottawa and the University of Luxembourg are partnering to research the safety and reliability of systems using artificial intelligence. They say system dependability, including cybersecurity, is crucial to many industries including the automotive, aerospace and financial sectors. The goal is to help develop safer cars, planes, and manufacturing plants.
Finally, don’t forget later today the Week in Review podcast will be out. My guest this week is internationally-known privacy expert Ann Cavoukian.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.