Trickbot malware might be back, who stole this database, USCelluar hacked and beware of ads on search engines
Welcome to Cyber Security Today. It’s Monday, February 1. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
You’ll recall that last week law enforcement authorities took down the servers distributing the Emotet malware. The question is, how fast will the crooks behind Emotet bounce back? One answer is to look at a similar malware distribution operation called Trickbot. Last October the Trickbot computer infrastructure was also taken over. Well, a few days ago a cybersecurity firm called Menlo Security said the distribution of Trickbot appears to be back. Researchers discovered email targeted at people who work at law firms and insurance companies in North America with a suspicious message. It says, ‘You’ve been detected with a traffic infringement. Reason: Negligent driving.’ There’s a button to click on that’s supposed to show a photo with proof the reader has broken a traffic law. This is obviously a fake intended to scare the reader. Because if they click on the button, instead of a photo their computer is infected with malware looks similar to the stuff the developers behind Trickbot used for years. Are the people behind Trickbot back? It’s not clear yet. But remember, the developers behind Trickbot — and Emotet — are still out there.
Here’s another mystery: Who copied a database of eight years of court records with personal information from Cook County, Illinois and left it sitting unprotected on the internet? The database was discovered last September by a news site called Website Planet. It appeared to be a copy of data held in the court records management system for the county, which includes Chicago. Nearly every record had personal information such as names, home addresses, email addresses, case numbers and information about criminal, family and immigration cases going back to 2012. Anyone who tripped over the database on the internet could have read it because it wasn’t password protected. And they could have used the information for criminal purposes. News of this is only coming out now because it took time for the data to be analyzed, figure out where it came from and notify the county. For its part the county says it doesn’t own the unsecured server where the database was found. Someone was able to copy that database.
There’s only so much you can do to protect your cellphone number and account from being taken over by crooks. Security also depends on your carrier. So there are a lot of questions to be answered after news emerged a couple of days ago that USCellular has warned some customers its customer management system was hacked on January 4th. As a result some names, addresses, cellphone numbers, and most importantly, the account PIN numbers, were copied by attackers. The carrier says customers’ social security numbers and credit card information was masked and couldn’t be read. Still, some victims had their wireless number ported to another phone, presumably one controlled by crooks. That could mean their email was accessed or their IT employer’s IT system was accessed from the crooks’ phone. Both of which could lead to phishing scams, data theft and fraud. After discovering the attack two days later USCellular has reset affected customers’ accounts and PIN numbers. Still, they need to watch for phishing scams.
Finally, it takes a lot of knowledge to safely use the internet. A news story from Bleeping Computer gives an example: When you do a search using Google sometimes the first results are ads. They are properly labeled as ads. What you have to know is if you click on their links you could be infected with malware, even though the ad itself has a legitimate link. For example, Bleeping Computer recently found searching for Home Depot resulted in an ad at the top of the results page that has www.homedepot.com. But clicking on the ad made a ‘Windows Defender Security Warning’ notice pop up with a request to phone Microsoft because porn has been discovered. It’s a scam to get worried people into phoning the number, which has nothing to do with Microsoft. Instead a so-called support person tries to get victims to buy unneeded security support. That’s how criminals leverage online ads. If you’re not looking for an ad when doing a search, don’t click on on an ad.
That’s it for today. Links to details about these stories can be found in the text version of this podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at cybersecurity professionals.
Subscribe to Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.