BTH News 27March2020
This Week In Cybersecurity
For the third week in a row, COVID-19 is not only the top story in international news, it is also the theme of many attackers on the Internet. This week we cover four COVID-19 themed attacks on home networks, hospitals, and consumers, learn of some cybersecurity heroes who are fighting against those attacks, and another kitchen product’s website is found to have skimmers.
Home Router Attack: New Attack on Home Routers Sends Users to Spoofed Sites That Push Malware Attackers are gaining access to home routers and making DNS changes that send users to malicious websites. At the time of this writing, both Linksys and D-Link routers have been targeted. According to Bleeping Computer, For the past five days, people have been reporting their web browser would open on its own and display a message prompting them to download a 'COVID-19 Inform App' that was allegedly from the World Health Organization (WHO). Of course, this is a malicious download that executes a relatively new piece of malware that extracts browser credentials, cryptocurrency wallet addresses, and possibly other types of sensitive information. While it is unclear how the attackers are gaining access to the routers, experts suspect that attackers are guessing weak passwords. To prevent this attack, turn off remote management to your router, or if you need that feature, ensure that you have a very good password. If possible, enable multi-factor authentication as well.
Hospitals Attacked: On March 22, the Paris hospital authority, AP-HP, was the target of a cyberattack which, “sought to disable hospital service in the French capital by overwhelming its computers” reports Bloomberg. While the attack was not successful, it is the next in a series of hospitals that have become the target of cyberattack during the COVID-19 pandemic, including the U.S. Health and Human Services Department, Australia’s welfare website, and Czech Republic’s second largest hospital.
Free Netflix Pass Because of Coronavirus? It’s a Scam!: One of our favorite cybersecurity bloggers and podcasters, Graham Clueley reported this week, that scammers are sending messages through social media that are offering a free Netflix pass during the COVID-19 Coronavirus pandemic. This scam asks the victim some questions and then has them invite 10 friends to get the free pass. The scam has been issued in both English and Spanish. While this would normally seem like an obvious scam, it currently seems more believable because many companies are offering free services to help people who have been impacted by the pandemic.
Stimulus Check Scam: Security company, KnowBe4, reported of an FBI alert, warning of a coronavirus-related phishing attacks, “particularly surrounding economic stimulus checks. The news that the US government is likely to send upwards of $1,000 to most Americans has created a golden opportunity for scammers, especially since the delivery method for the cash is still uncertain.
Cybersecurity Heroes: Are you sick of attackers using COVID-19 as the basis of their phishing, malware and cyberattacks? You’re not alone! Forbes reported that there are two groups of cybersecurity expert volunteers who are working hard to defend cyberattacks against hospitals and discover and thwart COVID-19 phishing attacks and malware.
The first group, named Cyber Volunteers 19 (CV19) , was formed and is operated by three cybersecurity experts, Lisa Forte, Daniel Card and Radslaw Gnat. The CV19 website states that their purpose is, “To facilitate and enable a Volunteer Matchmaking service to give healthcare services access to a pool of cyber security experts.” CV19 has a website, LinkedIn page, and Twitter account.
The Second group, Called COVID-19 CTI League, was started by Ohad Zaidenberg, an Israel-based cyberthreat researcher who stated, “If anyone is sick enough to use this global crisis to conduct cyberattacks, we need to try to stop them,” Cyberscoop reports. if you want to get involved, you can contact Ohad Zaidenberg or Nate Warfield on Twitter.
Both groups report that they hope these efforts continue, even after COVID-19 is under control.
More Credit Card Skimming Online: Last week we talked about how NutriBullet and some other sites were found to have credit card skimming malware on their site. This week, we can add Tupperware to the list. SecurityWeek.com reports that, “According to Malwarebytes, the credit card skimmer planted on the Tupperware website displayed a fake payment form during the checkout process. The form asked unsuspecting users to provide information such as name, billing address, phone number, credit card number, card expiry date, and CVV.” There seems to be a kitchen theme here for some reason.
Tip of the Week
Multi-Factor Authentication (MFA), also referred to as Two-Factor Authentication (2FA), is a way to add another layer of protection when you log into websites and applications. Typically we log into things with a username and password, however, there are three problems with this method.
If a threat actor can get your password, they can access your account.
Users tend to create easily-guessed passwords.
Users tend to reuse passwords across multiple accounts, leaving them vulnerable to Credential Stuffing Attacks.
So what can you do to prevent your accounts from being compromised?
Create good passwords.
Use a password manager to create and store those passwords so you don’t have to reuse them.
Enable Multi-factor authentication everywhere you can.
With MFA enabled, you’ll need to login with a username, password, and something else, like a 6-digit number that you receive from an SMS (text) message, from an app on your phone, or other device. The reasoning behind this is that the threat actor would likely not have access to your mobile phone, or some other physical device that creates those codes. Biometrics can also be used for MFA, however, the argument against biometrics is that you cannot change things like your fingerprint if a threat actor is able to replicate it. SMS has also been criticized for not being as secure as other methods of MFA. However, SMS MFA is better than no MFA!