The cyber-world is full of stories of technological innovations with newer and unthinkable horizons of progress being reached every day. However, development is not just happening for the masses; there is a community of people who are working against these innovations for their personal benefit, often at the price of privacy, property, identity, and money of the innocent users. These are the cybercriminals who come up with new and unusual methods of defying anti-phishing tools. Here is a list of the major attacks from the past week to help keep your guards up.
Google Sends Out Phishing Alert To Users
Google recently identified over 12,000 users, which, according to them, were targeted by the government-backed hackers. In its report published by the Threat Analysis Group (TAG), Google says that the prospective victims received credential phishing emails, which are nothing but emails trying to make users give out their Google account’s access. The Threat Analysis Group of Google spotted more than 270 government-backed hacking groups spread across more than 50 countries for being associated with crimes like unauthorized intelligence collection, spreading coordinated disinformation, stealing intellectual property, destructive cyber-attacks on dissidents, journalists, and activists.
Google sent out these alert notifications to its users between July and September 2019. These government-backed attacks mostly target activists, journalists, policy-makers, and politicians and Google had sent out alerts to those specific users. However, in case, any commoner might have received these emails, they are to ensure that they get better security and phishing prevention measures adopted.
Google has been sending out phishing related warnings to users it suspects are targeted ever since 2012. And although it notified users from over 149 countries, the United States, Pakistan, South Korea, and Vietnam were the most highly targeted nations. Google also extends these email attack alerts to G Suite administrators so that they, too, can take email phishing protection measures to safeguard the interests of their organization and their users.
Following are some of the security measures suggested by Google:
- Enrolling in Google’s Advanced Protection Program (APP), which makes use of hardware security keys and provides the most reliable protection from phishing and account hijackings.
- Regularly updating apps and software.
- Enabling 2-step verification.
PoS Malware Attacks Throughout The Year
Point-of-Sale (PoS) systems are means of simplifying payment procedures used by retailers. The newest feature added to the PoS systems is that of enabling customers to swipe a credit card, insert a chip-based card or tap a card or their mobile device to quicken the payment procedure. However, attackers have used this supposed advantage to their own benefit and created the PoS malware which steals information on payment cards from PoS systems. Using malware such as TinyPoS and DMSniff, the attackers steal the information entered on the terminal and transmit it to their own system.
Here are the major PoS attacks that were reported throughout the year:
On The Border: The Mexican restaurant chain ‘On The Border’ became a victim of PoS attack in which it lost the payment card details of its customers. The attack happened over a period stretching from April 10 to August 10, 2019, and gave out the personal information of customers, including their names, credit card numbers, expiration dates, and verification codes.
Catch Hospitality Group: Between March 19 and October 17, Catch NYC and Catch Roof of the Catch Hospitality Group were the subject of a PoS malware attack. The compromised details of the customers include their card numbers, expiration date, and internal verification code.
Four Restaurant Chains: McAlister’s Deli, Moe’s Southwest Grill, Schlotzsky’s, and Hy-Vee – a restaurant chain in the United States became the victim of a payment card theft induced by PoS malware. The attack stretched over a period from 29 April 2019 to 22 July 2019.
How to ensure PoS malware protection?
Since PoS malware attacks are very rampant, it is necessary to take some preventive measures. The following phishing prevention tips can be followed by retailers and people, in general, to safeguard against PoS malware attacks.
- Enhance security controls by patching vulnerabilities or weak credentials.
- Implementation of process whitelisting by the retailers to ensure protection from unauthorized/malicious programs.
- Implementation of IP/domain whitelisting at the network firewall by the retailers to block malicious traffic from installing PoS malware.
- Code signing for macOS systems so that they can run only executable signed by an Apple-issued key.
Phishing-Skimming Through Third Part Payment Portals
The most recent hacking innovation developed by the attackers, which involves a combination of phishing and skimming, wherein they switch a genuine payment processing page for a fraudulent one created by them. It is a known fact that most e-commerce websites outsource their financial transactions through secure third party payment gateways these days. But the hackers have concocted a mechanism of creating a phishing page that would replace a genuine PSP processing page and steal the personal and financial data of customers.
This phishing-skimming attack is targeting a particular store in Australia that runs the PrestaShop Content Management System (CMS). This store uses the Commonwealth Bank platform to accept all its payments. The skimmer-phishing page was the replica of a legit CommWeb payment processing page from the Australian Commonwealth Bank.
Researchers also discovered a new malicious domain, “payment-mastercard[.]com,” containing a skimmer imitating the PSP. Naturally, users aren’t aware of this scheme of the attackers and end up entering their credentials on the phishing page. In case a user fails to enter full information, the phishing page will notify him/her about the same. Once the user’s details are entered and received by the attacker, the user gets redirected to a genuine payment site for Commonwealth Bank, which displays the correct amount purchased.
This phishing and skimming scheme of the attackers can fool almost anyone and can easily evade phishing protection measures. Researchers say that this attacking scheme is an innovation of a cybercriminal group skilled in using phishing templates and web skimmers, which includes a skimmer called ga.js. This skimmer loads as a fake Google Analytics library.
Ransomware Attack Hits Great Plains Health
The computer network of Great Plains Health medical center was recently hit by a ransomware attack. Although the attack has compelled the hospital to shut down its computer systems and switch to the manual mode of working, it is trying to keep the cases requiring immediate attention unaffected. The attack was detected on the evening of 25th November, and the hospital’s IT department got to work immediately, sitting through the night to minimize the impact of the attack on local health services.
The hospital is rejecting a considerable number of non-emergent patient appointments and procedures at the moment to make space for the existing severe cases and also for ensuring protection from phishing attacks in the future. The Chief Executive Officer of the hospital – Mel McNea says that no patient data has been compromised in the attack and that they are planning to do a full audit to get complete assurance of the same.
However, the threat still remains because ransomware attacks these days not only lock computer networks but also steal data and threaten to post those online if the target organization refuses to pay the demanded ransom. Such an incident had happened in the past where the group behind Maze ransomware had threatened the victim company. They had demanded 300 bitcoin ($2.3 million) in exchange for the decryption key to unlock their files and said that if the company did not make the payment, then their records will be exposed online. The company refused to cooperate, and the hackers did publish a cache of 700MB worth of files.
The hospital has extended full cooperation to law enforcement for investigation. But it is still unclear as to who is behind the attack and what ransomware strain was used for the attack. The hospital hasn’t disclosed whether it has made the ransom payment and has only said that they are currently working on fixing phone issues.
Email Impersonation Scams Steal $32 Million In 9 Months
The Singapore police extended a warning to all warned businesses in the country to guard against e-mail impersonation scams. The email impersonation scams have been extensively used by attackers in recent times, which compelled the police to step in and caution the people. In 2019 alone, an amount exceeding $32 million was stolen by attackers over a period of nine months from January to September.
The impersonation scams lay a trap for employers whereby they end up sending money to who they think are their business partners or employees, but in reality, are the hackers. The hackers impersonate the partners or employees by either hacking or spoofing the email accounts of the victim’s associates and then send out credible emails to him asking for his salary or pending share of the money. They also provide account numbers and other required details that appear to be sent by the employee or business party but are actually the account details of the hackers.
As many as 276 such cases have been reported in the first nine months of 2019, and the newest innovation that the hackers have brought in is impersonating chief executive officers, business partners or suppliers, and employees of the company.
Needless to say, attackers cannot be stopped, but certain measures can surely be adopted for ensuring protection from phishing attacks. The police have asked the people to do the following:
- Check for spelling errors or replacement of letters in the email addresses.
- Check if the business logos, links to the company’s website, or messaging format used in the email body are authentic.
- Look out for new and unexpected changes in payment instructions and bank account details.
- Train employees in charge of transfer of funds to be vigilant and on guard at all times.
- Use strong passwords for email accounts and make sure to change them at regular intervals.
- Use good quality anti-virus and anti-spyware software and regularly update them.
Malware Hits Waterloo Catholic District School Board
A malware attack recently hit the Waterloo Catholic District School Board. According to the Chief Managing Officer of the board – John Shewchuk, they detected the attack early on 24th November (Sunday).
The board was prompt in seeking protection against phishing and got its IT team to action immediately. They also hired a renowned cyber-security expert to help them revive and investigate. Shewchuk has informed that they could successfully manage to restore some of their services; however, a lot still remains to be done. No personal or business information was found to be compromised in the attack, but in case such a thing is detected, the concerned persons shall be notified by the board.
Dark Web’s New Search Engine: Kilos
A new search engine was launched on 15th November that shall cater to the information needs of all people interested in the dark web. The search engine Kilos provides all the information sought about the darknet markets.
Kilos isn’t the first search engine in this field and comes after facilities like Torch and TorLinks and Gram. However, Kilos has several unique and new features that make it worth exploring right now.
For one, it comes with unique filtering options that help one locate specific products from among a thousand dark markets. It attempts the aesthetics of Google and includes forums along with black markets. When the user enters the required product or service, Kilos quickly runs through different markets and forums to present the most suitable and relevant options.
Kilos is becoming very popular and is already indexing 427,150 forum posts, 48,437 listings, and 1,993 vendors. It has also served as many as 15,437 search queries since 10 November 2019.
Another unique feature of Kilos is that it displays a list of the top searches for the latest week. However, one must not forget that Kilos is motivated by all the wrong reasons and that there are high chances that the developer of Kilos would try and access the email account of the visitor!
Australians Beware Of Fake Shopping Websites
With the Christmas holidays coming, people usually are in a mood to shop. Hackers have used this impetus to create fake websites that claim to sell luxury items and other goods at very good prices. This scam targets Australians, and anyone who is not observant enough can easily fall into the trap.
Warnings are being sent out by the Australian Competition & Consumer Commission that informs consumers about fake websites and sellers who claim to have sent parcels for delivery. These scammers impersonate genuine sellers on recognized websites and say that they are traveling, and an agent shall deliver the goods once the payment is paid. However, no products are delivered with absolutely no way to contact the seller, for they become untraceable after receiving the payment.
Fake Hotel Ad Troubles Couple
In a recent online scam, a couple was conned into making a booking and the subsequent payment for a hotel, which wasn’t genuine. This incident took place at Belfast. Simone and Alice Cardillo were on a trip to Northern Ireland and had made a booking in Belfast hotel through the booking site, Airbnb. However, when they reached the place with their huge backpacks, they found that the property was unoccupied and put up for sale.
Although they received a full refund from Airbnb, it must be noted that such incidents are not uncommon. On its part, Airbnb said that as an anti-phishing measure, they had removed the fake post and taken quick action about the matter.
One must be careful while booking hotels, apartments, or houses online for their stay in distant places. There are multiple ways of verifying and checking the authenticity of a property listed on a booking website. Just a bit of research helps one get an idea about the property. There are a hundred fake ads out there posted by hackers who are thousands of miles away from the place of your stay and yet claim to know enough about it to promote it.
Irish Crowd To Stay Alert During Black Friday Sales
The Irish population has been warned to be very careful while making purchases in the upcoming Black Friday and Cyber Monday sales being promoted online. These sales give massive discounts on merchandise, which often seem unbelievable when compared to the market rates of the same products.
It is speculated that the Irish consumers will make online purchases exceeding €4 billion from November to December. However, people need to stay alert and keep checking their online activity. They are to make purchases only from secure websites. Secured websites are the ones with “https” at the beginning of the URL and also the symbol of a padlock beside it. The suggested anti-phishing solutions also include avoiding making purchases using public Wi-Fi and typing out the URL of an online store by oneself rather than going through pop up advertises on social media platforms.