news210702

FFT news digest Jul 2 2021

LinkedOut

The phisherman's friend strikes again. The personal data of 700 million LinkedIn users were posted to the RaidForums underground market after being extracted from the site. That follows a similar incident in April which involved 500 million users. Cybernews reports that it took only a few days for a refined subset of users to be made public; it contains personal details of 88,000 US business owners who have changed jobs in the past 90 days, making them an ideal target for phishing attacks.

Strictly speaking, these incidents are not data breaches because the details involved were already public. The people who acquired the information did so by 'scraping' it from public profiles and LinkedIn says no private details were exposed. As far as we're concerned, that's completely irrelevant - as is the fact that using an automated mechanism to crawl through user profiles is against LinkedIn's terms and conditions. We recognise the value of sites like LinkedIn, but that doesn't change the fact that they're a security accident waiting to happen.

If you must use LinkedIn - and similar sites like The Talent Manager - then it's essential to be careful about what information you post. Restrict who can see your full profile, be wary of friend requests and work on the basis that anything you do post will end up in a database for sale at some point.

Threats

Basics: An attack that exploited Microsoft's support capabilities has underlined the importance of basic security measures. Microsoft said it found information-stealing software on the machine of a customer support agent who had access to account information. The attackers promptly used that information to launch targeted attacks. Computer Weekly rounds up what happened and how organisations can combat such threats.

PDF: Changing the filename and using a fake icon are part of an effective scam that leverages what appears to be a PDF file but is actually a malicious zip file. Help Net Security

Real estate: Clever scam exploits the house-buying process by sending a link to key documents. Following the link opens a fake Microsoft login page.So far, attacks have focussed on the US. Avanan

WIM: Be suspicious if you receive a Windows Imaging Format file. Security filters will often allow WIM files through their controls. Opening the file will install malicious software. Trustwave

HMRC: The number of officially reported HMRC-branded phishing scams increased by 87% to 1,069,522 in the 2020-2021 fiscal year. And, as almost every mobile phone user in the UK knows, there's been a surge in the number of fake voice calls threatening imminent arrest for unpaid taxes. Lanop Outsourcing via Verdict

Personal email: The revelations that led to the resignation of UK Health Secretary, Matt Hancock, included his use of personal email for official government business. This is a common problem for all organisations and can be a very risky activity. Mission de Reya explains.

Older, not wiser: 28% of all fraud losses reported to the FBI last year involved people over the age of 60, according to its Elder Fraud Report. That amounted to a total of $1 billion in 2020, though younger people are probably at greater risk - they just don't have as much cash to lose.

WDisaster

Not one, but two vulnerabilities are responsible for the catastrophic security failure that has erased the data on thousands of Western Digital's storage devices. Censys found more than 55,000 of the devices exposed to the internet - and the vast majority of those that remained online were compromised. The affected products are older My Book Live and My Book Live Duo devices. Western Digital says it it will provide data recovery services to affected customers and offer a trade-in program to replace old devices that are no longer supported.

Clueless

Despite the alarming frequency with which cyber attacks hit the headlines, there is a basic lack of awareness about them. Security firm, Armis, found 21% of the people it surveyed hadn't heard of the Colonial Pipeline attack that halted fuel supplies to most of the eastern US. (That's in spite of the ubiquitous pictures of people filling plastic bags with petrol.) The report also suggests that organisations need to be on their guard as (some) employees return to the office. It found most employees intend to bring their personal devices back with them - and over half don't see any risk in doing so. The UK's National Cyber Security Centre explains the problem.

Spies

In this week's cyber-espionage news...the US and the UK have been trying to step up pressure on Russia by highlighting some of what it has been up to. They say Russian military hackers have been bombarding hundreds of targets around the world with commonly-used passwords in an attempt to access their networks. Targets include government and military agencies, political consultants, defence contractors, think tanks, law firms and media companies. This week, it also emerged that Russia compromised Denmark's central bank and had access to its network for seven months.

Existential

Disturbing complex systems too much can cause them to fail catastrophically, and that's the risk humanity is running with social media according to a group of researchers. They argue the way human society interacts with technology should be treated as a "crisis discipline" like climate change. We have long suggested that we don't yet understand the impact of social media on society, but we do know that the effect of disinformation is to remove any agreed basis for peaceful coexistence. The researchers don't have a solution, but they say we had better find one unless we want to continue to flirt with disaster.

In brief

Insurance: Cyber insurance needs to incentivise better security behaviour rather than simply pay the costs of ransomware attacks. A Royal United Services Institute report says the current approach is unsustainable and also acts as an incentive to criminals.

North Korea: Cyber crime is now the primary source of revenue for the Pyongyang regime, according to Venafi. It says North Korea's main activities are ATM and cryptocurrency fraud, and cyber bank raids. And this is setting an example for other rogue states to follow.

Stalkerware: There are signs that surveillance apps are becoming normalised, according to research by NortonLifeLock. Around 8% of people who have been in a romantic relationship admit to using stalkerware or snooping on device and browser history to track their partner online.

Pirates: Anyone tempted to download pirated copies of popular movies might like to read TorrentFreak's analysis of the increasingly proactive approach taken by copyright holders.

Facial recognition; An Israeli artificial intelligence company has found a way to fool facial recognition systems by adding minute information to a picture. Meanwhile, the Financial Times examines ($) more grassroots solutions to defeat surveillance in general and facial recognition in particular.

Mouse: How we use a mouse can reveal surprising information about us. "When you search for something at Google or Bing, your mouse movements are sending a tiny signal to the search engine indicating if you are interested or not in the content you have been shown." University of Luxembourg

Updates

Microsoft: This is unfortunate. Some researchers found a serious vulnerability in a legacy Windows printing service. They thought an update had fixed it, so they released details of the issue and how to exploit it. You guessed. It wasn't fixed and it can be used to take over a computer. The only solution for the moment is to disable the Print Spooler service. Sophos has the details.

WordPress:: Users of the popular ProfilePress plugin should check they're running the latest version (3.1.4) which fixes a critical and easily exploitable vulnerability.

Windows 10: Microsoft has released an optional emergency update for all supported Windows 10 versions to address an issue that stops PDF documents from opening.

Windows 11: It's looking a lot like Microsoft will release its new operating system on October 20th. Meanwhile, it's becoming clear that enhanced security features will mean many older computers won't run Windows 11.

Zimbra: 9.0.0 “Kepler” Patch 16 and 8.8.15 “James Prescott Joule” Patch 23 address multiple security issues.

Edge: We advise caution with most updates (ie take them but not immediately). The exceptions are web browsers which are both crucial to most people's lives but also riddled with vulnerabilities. Microsoft's Edge browser is no exception. Its latest update fixes two serious security issues.