A phishing service is taken down, phony COVID-19 vaccination documents for sale, Linux hosting site forced to close and more.
Welcome to Cyber Security Today. It’s Wednesday, February 10. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:
Police in Ukraine say they have closed one of the world’s largest phishing services. Working with law enforcement in the United States and Australia, the criminal service was aimed at banks and their customers in at least 11 countries.
It’s believed that more than half of all phishing attacks in 2019 in Australia alone were carried out by hackers using this service, including a huge wave of phishing text messages. More than 200 active buyers of the software were identified from computers and mobile phones seized.
According to security reporter Brian Krebs, part of the service is an administration console called U-Admin, which allows crooks to oversee the theft of usernames and passwords from phishing pages that look like a specific brand.
One of the worst parts of the console was it let crooks to steal multi-factor authentication codes when victims entered them into the fake login pages.
COVID-19 related scams aren’t slowing. The latest is the sale of proof of vaccination record cards supposedly from the U.S. Centers for Disease Control. According to security vendor Domain Tools, these have been seen on the Shopify shopping platform.
They’d be valuable to people who need to provide proof to employers, airlines and other organizations that they have been vaccinated for the virus.
These people may not be able to be vaccinated yet, or they don’t want to be vaccinated, but need to show evidence they have been. Individual cards are selling for $20, while a pack of four goes for $60.
Unfortunately, people who have been vaccinated are proudly showing their proof cards on social media, giving crooks the ability to copy batch numbers and logos to make their counterfeit copies look real.
This isn’t the first time Canadian-based Shopify’s platform has been used for making money from COVID-19. Over the past 12 months, crooks have been offering fake rapid virus tests, masks pretending to be medical-grade and other suspicious products. And as I’ve reported earlier other sites are selling fake bottles of COVID-19 vaccine. Domain Tools suggests not buying anything virus-related unless it comes from an official healthcare provider.
A British Linux hosting provider has been shut by a cyberattack. The provider, called No Support Linux Hosting, posted a message that on Monday all of its servers got compromised, including the customer database.
All customers are urged to download backups of their websites and databases. The ZDNet news service reports that by coincidence — or not — two other U.K.-based hosting companies were also hacked. These two providers sold internet TV services to pirate streaming sites.
CD Projekt Red, which makes the Cyberpunk 2077 and The Witcher video games, has been hit by ransomware. According to TechCrunch, the firm said on its Twitter site that it won’t submit to blackmail even though the hackers threaten to release the games’ source code and other data.
CD Projekt Red, based in Poland, says no customer personal data was taken. The company also got hit by ransomware in 2017.
Finally, yesterday was Patch Tuesday for February, the day Microsoft released its latest security patches for Windows and other products.
Among the issues fixed are three serious vulnerabilities to the protocols Windows uses to connect to the internet called TCP/IP. Don’t delay in installing these and other patches.
That’s it for today. Links to details about these stories can be found in the text version of this podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at cybersecurity professionals.
Subscribe to Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.