BTH News: 13March2020
This Week In Cybersecurity
It’s Friday the 13th, we are in the midst of a global pandemic, threat actors are leveraging public fear in phishing attacks, and data breaches and critical vulnerabilities make the news!
Coronavirus COVID-19 Phishing and Malware
This week the COVID-19 Coronavirus became a global pandemic and cyber-criminals have leveraged this tragedy to spread their own kind of virus and digital attacks to prey on the fears and generosity of people around the world. Learn more about the methods of attack, what to look for, and how to protect yourself.
Comcast Publishes info about customers who pay to have their info private
According to cybersecurity reporter, Graham Cluley, “Nearly 200,000 customers in the United States, who thought they were paying Comcast Xfinity to keep their information safely out of the public eye, have had their details exposed on the company’s online directory.”
Tech companies Helping businesses and schools stay connected in response to Coronavirus
In wake of the COVID-19 pandemic, many companies are closing their offices or at least encouraging employees to work from home. To assist with this, Microsoft, Google, LogMeIn, and Cisco have offered free, limited-time use of some of their online collaboration tools.
Microsoft offers a six-month free trial to the premium version of Microsoft Teams business
Cisco offers free 90-day license for WebEx to help businesses affected by the Coronavirus Outbreak
FBI Arrests Alleged Top Broker of Stolen Accounts
A suspected Russian threat-actor was arrested on March 7 at New York’s John F. Kennedy Airport for, “facilitating the sale of hacked accounts at video streaming services like Netflix and Hulu and social media platforms like Facebook, Twitter and Vkontakte (the Russian equivalent of Facebook), deer.io also is a favored marketplace for people involved in selling phony social media accounts.”
Microsoft released updates to plug more than 100 security holes in its various software
This month, Microsoft addressed more than 115 security flaws. Twenty-six of them are, “rated ‘critical’, meaning malware or miscreants could exploit them to gain complete, remote control over vulnerable computers without any help from users.”
Unpatched Critical Windows Flaw Disclosed…Then patched
After releasing more than 100 security fixes on Tuesday, Microsoft issued an advisory warning Windows users of a new critical, unpatched, and wormable vulnerability affecting the Server Message Block 3.0 (SMBv3) protocol. SMB is used to share files and folders over a network. If you have network shares at home or work, you are likely using SMB. It seems that Microsoft was originally planning to release a patch, but for some reason did not. However, both Fortinet and Cisco Talos posted details of the vulnerability (CVE-2020-0796) but when the patch was not released, they removed their posts.
Two days later, Microsoft released a patch. This means that attackers will reverse-engineer that patch and we should see attacks in the wild any day now. PATCH THOSE SYSTEMS!
Tip of the Week
With a huge increase in phishing attacks this week, the Tip of The Week is a list of phishing advice.
While it is increasingly difficult to identify a well-crafted phishing email, there are some steps that can be taken to reduce the risk of falling victim to a phishing attack.
1. Look at the email headers. Check the From and To fields for anything suspicious. While we already stated that these can be spoofed, they can be a good first indicator of a suspicious email. Here is how to check the full email headers in Gmail and Outlook.
2. Hover over links and be sure to read the URL from the first forward slash, back to the left, to see where that link is actually going. For example, http://www.google.com.search.us/query.html is actually going to a server called search.us, not google.com. Again, hovering over a link doesn’t necessarily tell you where it’s going but usually it will give you an accurate link.
3. If you have a Gmail account, use this trick when creating an account websites. If you’re registering on facebook.com, and your email address is [email protected], give Facebook the following email address, [email protected] you will get all email sent to that address but if you ever get unsolicited email sent to that address, you know that it was obtained through Facebook.
The United States Computer Emergency Readiness Team (US-CERT) recommends the following ways to minimize your chances of becoming a victim of phishing attacks.
• Filter spam
• Don’t trust unsolicited email
• Treat email attachments with caution
• Don’t click links in email messages
• Install antivirus software and keep it up to date
• Install a personal firewall and keep it up to date
• Configure your email client for security