Retailer North Face hacked, Facebook users tricked and a warning from BlackBerry.
Welcome to Cyber Security Today. Monday November 16th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com. To hear the podcast click on the arrow below:
Outdoor retailer The North Face is notifying an unknown number of customers that their accounts were accessed recently by a crook because their email address and North Face passwords were stolen last month. The data theft was from an unnamed service provider partner of North Face that held their login credentials. The hackers got hold of personal information including users’ names and addresses. In addition, if the user saved the data in their profile, the attacker also got their birth dates and phone numbers
The way the attacker got in was through a credential stuffing attack. That’s using stolen usernames and passwords from other data breaches until the crook finds ones that work. This long-time successful tactic is the reason why security experts urge everyone to use a different password for every site they have to log into. And to keep track of all those passwords they have to use a password manager. As a result of the data breach North Face is requiring victims to change their passwords. North Face said its computer systems don’t keep a copy of customers’ payment card information.
Some social media users like finding out who has visited their profile page. That curiosity can be exploited by hackers to steal passwords. In the latest example, researchers at security firm vpnMentor say they discovered what looks like a huge phishing and credit card operation targeting Facebook users. It works like this: Facebook users get a message that looks like it comes from the company offering to let them see who had recently visited their profiles. All they have to do is click on a link. That led them to a fake Facebook login page where their username and password would be captured if entered. However, no names of visitors were shown. Instead, the crooks log into the victims’ Facebook accounts and start posting comments and links to a Bitcoin scam website. The attackers hope lots of people would click on these links. And they did. According to the researchers who found an open database of data collected by the gang, it had at least 150,000 login credentials of Facebook users, plus perhaps 100,000 names, email addresses and phone numbers of people who had registered at the fake Bitcoin site.
This scam might have been foiled if victims had set up two-factor authentication to protect logins. Everyone should also make sure when logging into any site that it’s a real site. In the case of this scam the website sending the offer to users to see who was visiting their Facebook profile page obviously did not come from Facebook.
Threat groups wanting to launch cyber attacks don’t have to buy or build their own infrastructure. They can rent access to a wide range of pieces including email accounts, stolen passwords and exploits. Or they can use an entire hacker-for-hire service. According to BlackBerry one of the latest is a group it calls CostaRicto. Victim organizations have been hit in 13 countries including the United States, China, France, Australia and India. Many of them are financial institutions. The report isn’t clear on how the attack starts, guessing the group uses a stolen username and password, or gets an employee to fall for a phishing email. Once inside an organization’s computer network, the attackers deploy custom and sophisticated tools to snoop around. Interestingly, BlackBerry hasn’t found evidence of data theft or the installation of ransomware. That suggests to BlackBerry the group has been hired by others — perhaps a big criminal group or a country — to quietly look around victim organization’s computer networks and steal sensitive information. This report shows organizations have to do more to toughen their defences.
Finally, a car wash chain in Texas is notifying customers their credit or debit card numbers might have been stolen. The Wash Tub says malware was just found on its system allowing payment card information to be copied as far back as September 2019. This sounds like the point of sales system used by customers had been infected — and indeed the company said that system has now been replaced. Usually there are two ways people are victims of this type of attack: They either don’t have credit or debit cards with security chips, or they do but forget how to safely use them. Swiping a payment card down the side of a payment machine is risky because it uses the data on the black stripe on the back of the card, which can easily be copied. Get a card with a chip that allows you to insert the card into the reader from the bottom, or lets you tap the card. Used that way the card data can’t be stolen.
That’s it for Cyber Security Today. Links to details about these stories are in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals.
Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening.