Apple lets in malware, payroll association skimmed and hackers use Telegram.
Welcome to Cyber Security Today. It’s Wednesday September 2nd. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Every organization has an “oops” moment. Apple has just had one. Over the weekend news emerged that a security researcher discovered a fake Adobe Flash Player update aimed at Macintosh users had been found on a web site, apparently approved by Apple. Apple has an automated process for scanning applications for malware called notarization. Apps that are notarized can run on Macs, iPhones or iPads. The goal of this particular piece of malware is to run adware, which could show annoying ads. Or it could lead to downloading something that steals data. Once this bug was reported Apple quickly revoked the security certificate allowing the app to run. However, it shows that even Apple’s tough security systems can be fooled. Experts at the SANS Institute, a security training service, say businesses that use Macs should install malware detection software and not just rely on Apple’s notarization system. Individuals who have sensitive data on their Macs or iOS devices should also buy malware detection.
Cybercriminals can steal data in a number of ways. One is by compromising the web sites of organizations. Then they skim off credit card numbers and passwords from users as they are entered. As you can imagine online retailers are particular targets for this scheme. But other organizations can be hit, too. One of the most recent was the American Payroll Association, an educational and training group for professionals who process payrolls at companies in the U.S. and Canada. The association recently notified members that it detected a skimming cyberattack on July 31st. On investigation it realized the attack might have started as far back as the middle of May. Attackers may have got not only credit card numbers used to pay for courses and membership, but also users’ names, dates of birth and some details about the company members work for. But why attack this association? One reason comes to mind: Senior payroll employees likely have access to their employers’ financial IT systems. If they use the same password for the association and for access corporate accounts, that would be useful to a hacker. This is another reason why you can never use the same password, or variations of the same password, in your personal and business life. Associations should also remember they are not immune from cyber attacks.
Speaking of skimming, security researchers have found a new tactic. Usually web skimming involves hackers creating a system for storing and sending copied data from the victim’s web site. However, a researcher reported last week discovering an attack that immediately encrypts and sends skimmed data to an account on the Telegram instant messaging service. As a blog at security firm Malwarebytes points out, the advantages to a hacker is there’s no need to set up a complicated process for sending stolen data from the victim’s system. As a bonus, this scam allows customer payment information to go both to the cybercriminals and to the legitimate payment processor. So victims don’t know their credit card information is stolen because the purchase goes through. It’s an attack method that companies are going to have to protect against. One way is by making sure web site applications have the latest security patches, and administrator access is protected with tough passwords.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon