The Emotet botnet is spreading, a fake Facebook scam and more.
Welcome to Cyber Security Today. It’s Friday June 10th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
IT and security managers are being warned that the botnet distributing the Emotet malware is back. After its infrastructure was taken down over a year ago by a number of law enforcement agencies it was quiet for a while. But according to researchers at Deep Instinct a resurrected Emotet package emerged late last year, with massive phishing campaigns targeting Japanese businesses in February and March. The researchers now report that new phishing campaigns recently began spreading Emotet to more regions. Employees should be warned to watch for email messages with supposed Microsoft Excel spreadsheets or Office documents. The attachments are infected. These messages may appear in the middle of email conversations with people whose email has been hacked. But because the sender’s email is one the victim is familiar with it looks legitimate.
Earlier this week researchers at Proofpoint noted Emotet has a new module that steals credit card details stored by users in their Google Chrome browser.
On Monday I reported that Atlassian is urging administrators to quickly install a security patch to close a vulnerability in its Confluence Server and Data Center applications. It hasn’t taken long for threat actors to go after the flaws. Security researchers at Lacework Labs said this week that the Kinsing and Hezb malware have added ways to exploit this hole. So has the Dark.IoT botnet. The warning has gone out and there is no excuse for administrators to not have addressed this vulnerability by now.
An estimated 1 million Facebook users had their usernames and passwords stolen recently by logging into fake Facebook pages. According to security researchers at a firm called Pixm, victims get messages with a video link on Facebook Messenger from the hacked accounts of people they know. As a result they trust the message and are willing to click on the link. It takes them to what looks like a Facebook verification login page. Actually, it’s a scam to copy their credentials. After logging in the victims get taken to a web page with ads. In addition to stealing passwords the crook also gets paid for the number of people seeing the ads. The scam works because it gets around Facebook security controls. The best way to protect yourself from this type of scam is to enroll in Facebook’s multifactor authentication protection service. But also, whenever you log into any page check the URL at the top and make sure it’s the real thing. That’s hard to do on a mobile device, so think carefully if you’re on a smartphone, click on an email or text link and get set to a login page.
There’s another warning about the dangers of downloading free versions of software you’re supposed to pay for. It comes from researchers at Avast who note these so-called free applications come with an unannounced gift — malware that infects victims’ computers. Some steal data. Others steal cryptocurrency that victims have. Avast estimates in recent campaign a threat actor pulled in $50,000 in cryptocurrency in one month. Victims are tempted by offers of free versions of well-known software such as Microsoft Office, Movavi Video Editor and other games, office programs or applications for downloading multimedia content.
That’s it for this morning. But remember later today the Week in Review edition will be available. My guest will be Terry Cutler of Montreal’s Cyology Labs. We’ll discuss the LockBit ransomware gang’s claim it has data from security provider Mandiant for sale.
Links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.