Hackers change tactics against Microsoft, a new phishing service targeting banks and more.
Welcome to Cybersecurity today. It’s Friday, July 29, 2022. I’m Howard Solomon, contributing cybersecurity reporter for ITWorldCanada.com.
On Wednesday’s podcast I told you that Microsoft has continued to by default block VBA macros buried in email attachments as a safety precaution. For years, hackers have abused macro capabilities in Office applications to automatically download and run malware. Blocking downloadable macros aims to close that door. But a report from Proofpoint reminds IT professionals that threat actors have been switching tactics for months, moving from macros to new ones. These include the use of container files such as ISOs and RARs, as well as Windows Shortcut files known for the LNK extension. Lesson: Be aware of the latest techniques and tactics used by threat actors through threat intelligence from your vendors and colleagues.
Hackers are quietly installing The malware steals bandwidth on the victim’s computer. According to researchers at South Korean company ASEC, this type of malware, called proxyware, allows hackers not to sell bandwidth back to others, but also to gain access to victims’ email accounts. Another line can be installed on a vulnerable Microsoft SQL server, where it can be used to steal corporate data. IT departments should find a way to verify all of their bandwidth is being used legally. Individuals who want to make money from installing proxyware on their systems should be aware that they are at risk of being exploited by crooks.
The crook is running a new scam-as-a-service platform targeting financial institutions in Canada, the United States, the United Kingdom, and Australia. Appropriately, it’s called Robin Banks. Not only does the site have an email and text phishing toolkit targeting Bank of America, CapitalOne, Citibank, Lloyds Bank and Wells Fargo, it also has templates that customers can use, researchers at IronNet say. used to scam and steal Google, Microsoft, T-Mobile and Netflix user passwords. An example of a scam is a text message sent to purported people from a bank alleging unusual activity on their debit card. Victims are asked to click on a link to identify them. Hackers can subscribe to this service for around $200 a month.
Cybersecurity expert regularly warns people to be extra careful before downloading anything to their PC or smartphone, even if it’s supposed to provide productivity help. Here’s another reason why: Researchers at Volexity have identified malicious extensions for the Google Chrome and Microsoft Edge browsers. These extensions steal data from the victim’s Gmail and AOL email accounts. The report doesn’t explain how to install the extension – whether the user thinks the extension is useful or the user falls victim to clicking a phishing link. At the very least, IT security teams should regularly test extensions on computers used by high-risk employees. Individuals need to do so by clicking on the Extensions icon in their browser. In Chrome, it has a funny black icon in the top right. In Edge, it’s a gear icon in the address bar.
Final, Later today the podcast in Review Week will be available. Guest David Shipley and I will discuss reports on the continued rise of cyberattacks, the main ways attackers compromise companies, and the shortage of security talent. network.
Remember the links to detailed information on the podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find my other stories.
Subscribe to Cyber Security Today on Apple Podcasts, Google Podcasts, or add us to Flash Summary on your smart speaker.
