A phishing test failure, the AstraLocker ransomware developer quits and a Wi-Fi warning to those sitting in airports.
Welcome to Cyber Security Today. It’s Wednesday, July 6th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Even the savviest people can fail a phishing test. I know one: He’s a friend who used to be a reporter and now works for an IT research company. His firm recently sent out a phishing email test telling him his company laptop was due to be replaced. To register to receive the new one he had to click on a link. The message looked real — it had the research company’s logo, and the sender’s email address looked legit. But there were three clues the message was a fake: First, while the sender’s email was close to the company’s domain it wasn’t identical. Hackers can do this easily by creating a fake domain like “widget.co” instead of “widget.com.” Second, the message misspelled the word “your” as “you’re.” And third, the message didn’t conclude with the usual phrasing from the company’s IT team. Fortunately this was a test, but it contained elements of a typical real phishing message. The lesson: Hackers rely on people making mistakes because everyone reads their emails fast. It’s easy to be suspicious of messages you get from strangers. But it’s important to also be careful with messages from senders that look familiar. You can’t completely rely on your organization’s email screening to catch every scam. Each of us also has to take personal responsibility for cybersecurity as well.
The person or group behind the AstraLocker ransomware has apparently closed shop. The Bleeping Computer news site says it’s been told by the developer that they are releasing decryptors for any organization or individual whose data has been encrypted by the ransomware. That’s the good news. The bad news is the developer says they’re shifting to stealing cryptocurrency from victims.
The British Army’s Twitter and YouTube accounts were hacked earlier this week to promote online scams involving non-fungible digital tokens, or NFTs. Like digital currency, NFTs are tokens on a blockchain. Usually they represent ownership of artwork, trading cards, comic books, sports collectibles, games and more. In this case those on the army’s Twitter site saw promotions for hyped-up NFT digital artworks in a raffle. Those on the army’s YouTube site saw ads promoting ‘double your cryptocurrency’ scams. The British Army soon took back control of the accounts. There was no immediate explanation of how the army lost control of what are supposed to be access-limited accounts.
The news is full of stories these days about chaos at airports. Being forced to spend a lot of time in lines before a flight, and then to find luggage after a flight pushes people to do something to keep from being bored. And often they log into the airport’s free Wi-Fi network to catch up on email, Twitter or the news. But it’s a great opportunity for hackers to set up fake airport hotspots to capture people’s usernames and passwords. Robert Falzon of cybersecurity provider Check Point Canada warns air travelers to be careful with Wi-Fi in general, including at airports. Your cellular network is safer, even if it means eating up your data quota. Before going to the airport turn off Wi-Fi and Bluetooth services. If you have to use a public Wi-Fi network, avoid using personal accounts like email and bank accounts. He also reminds travelers that cyber awareness starts when planning a trip. Make sure the airline, accommodation or car rental site used is legitimate. If a deal looks too good to be true, it probably is. And don’t tell the world on social media that you’re away from home. Tout your vacation when you get back.
Meanwhile Israel’s Privacy Protection Authority has taken over the travel booking sites of a company after the sites were hacked by Iranian attackers. According to the Times of Israel, the attackers copied the personal data of over 300,000 customers last month. The new site quotes the regulator as saying it acted because security changes it demanded weren’t made by the websites’ owner.
Microsoft is warning smartphone users to be careful downloading software from unapproved app stores. Those who aren’t careful unknowingly install bad apps that automatically enroll the phones to premium-priced services that pay the scammers money. Called toll fraud malware, this billing fraud shuts off the victim’s access to Wi-Fi networks and forces the phones to use the cellular carrier’s network. Some malware can even intercept the multifactor authentication process needed for a subscription so the user isn’t aware of fraudulent transactions. To avoid being victimized only download apps from an authorized site like the Google Play store. Any time you get an app avoid giving it SMS permissions, notification listener access or accessibility access unless it’s needed. If you’re the type of person who downloads a lot of apps, consider installing an anti-malware or antivirus solution. Just be careful it’s from a source you trust.
Finally, there’s a security update from Google for users of the Chrome browser.
Remember links to details about podcast stories are in the text version at ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon