BTH News 15May2020
This Week In Cybersecurity
This week Between the Hacks reports on a 238% increase in cyberattacks against the financial sector, Windows 10 quietly gets a packet sniffer, Google plans to unload resource-hogging ads, a Nigerian crime ring files fraudulent unemployment claims in multiple U.S. states, and a browser plug-in that helps prevent websites from tracking you online.
Financial Sector Cyberattacks Up 238% In 3 Months
From February to April 2020, amid the COVID-19 surge, cyberattacks against the financial sector increased by 238 percent, according to VMware Carbon Black’s Modern Bank Heists 3.0 report. In the same time frame, ransomware attacks against the financial sector have increased by 900 percent.
The 2020 report shows that 64 percent of surveyed financial institutions reported increased attempts of wire fraud transfer, a 17 percent increase over 2019. This is typically executed using a Business Email Compromise (BEC) attack.
The report also shows a new trend in cybercrime against the financial sector called a reverse business email compromise. This happens when an attacker, “successfully takes over a victim’s email server and executes file-less malware attacks against members of the organization as well as the board” according to the report.
Windows 10 Quietly Gets A Packet Sniffer (19 months ago)
As Microsoft plans to add Linux to Windows 10 later this year, they are also adding some Linux-like features to their own operating system. One tool in particular was added and almost nobody noticed. “With the release of the Windows 10 October 2018 Update, Microsoft quietly added a new network diagnostic and packet monitoring program called C:\Windows\system32\pktmon.exe” reports Bleeping Computer.
This command line tool works like tcpdump on Linux and the popular cross-platform tool, Wireshark. Its feature-set is limited compared to Wireshark, but in their review, Bleeping Computer shows some basic commands and shares how to use this tool with the GUI Microsoft Network Monitor software, to better view the output.
The inclusion of pktmon in WIndows 10 should make network troubleshooting easier for IT departments and savvy end users but it will also be interesting to see if this tool will be disabled on company assets by the IT security department of companies in order to prevent mischievous use.
Google to Remove ads that use too many system resources
Google will be adding a setting to Chrome that will detect and unload ads if they are using too much of your computer’s system resources, such as network bandwidth and CPU power. The new feature is scheduled to be made available with the release of Chrome 86 at the end of August.
However, the release of this feature will be available before August “as the release date for Chrome 86 gets nearer, the feature will be added to Chrome Beta, and then to the main Chrome release, where it will be enabled by default, for both desktop and mobile devices” reports ZDNet.
According to Google, the criteria to unload an ad are as follows:
The user has not interacted with the ad
The ad uses more than 4 MB of network bandwidth
The ad uses more than 60 seconds of total CPU power
The ad uses more than 15 seconds in any 30-second window of total CPU power
ZDNet reports that the feature is currently only available in Chrome Canary distributions, where users can enable it by visiting the following URL:
chrome://flags/#enable-heavy-ad-intervention
As shown below, I was given the option to enable this feature in Chrome Version 81.0.4044.138 (Official Build) (64-bit) for macOS.
Unemployment Insurance Fraud
KrebsOnSecurity reports, “A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S. Secret Service”
The fraudsters are reportedly using the Social Security numbers and other personally identifiable information (PII) of first responders, government personnel and school employees, to file unemployment claims. The Secret Service stated, “The primary state targeted so far is Washington, although there is also evidence of attacks in North Carolina, Massachusetts, Rhode Island, Oklahoma, Wyoming and Florida.”
At a time when U.S. states are struggling to support the skyrocketing numbers of unemployed due to COVID-19 social distancing orders, these fraudsters are making the situation worse by taking advantage of a system that is not able to efficiently detect fraudulent claims.
Tip of the Week
Privacy Badger
Privacy Badger is a free browser plug-in (extension, add-on) made by the Electronic Frontier Foundation (EFF), that stops third-party advertisers from secretly tracking where you go and what websites you visit on the Internet. “If an advertiser seems to be tracking you across multiple websites without your permission, Privacy Badger automatically blocks that advertiser from loading any more content in your browser. To the advertiser, it’s like you suddenly disappeared.”
Privacy Badger is a privacy tool, not an ad blocker. While it does block some ad content, the Privacy Badger site states, “Our aim is not to block ads, but to prevent non-consensual invasions of people’s privacy because we believe they are inherently objectionable. We also want to create incentives for advertising companies to do the right thing.” As with ad blockers, if you find that Privacy Badger is causing problems on a page that you trust, you can disable Privacy Badger for that site very easily.