Microsoft tracks 100 gangs using ransomware, Google Fi customer data is copied and more.
Welcome to Cyber Security Today. It’s Wednesday, February 1st, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsDay.com in the U.S.
There are more than 100 threat actors deploying over 50 families of ransomware, according to Microsoft. In a series of tweets this week it said attackers continue to use phishing and unpatched applications for initial access. However, the use of malvertising as well as fake application and browser updates for initial compromise is increasing.
Google Fi, which is Google’s cellular network provider, has confirmed it has suffered a data breach. According to TechCrunch, Google said the unnamed primary network provider for the service acknowledged customer data — including phone numbers and SIM card serial numbers — were copied. No payment card data or passwords were taken. However, the news story said at least one Google Fi customer claimed in a Reddit post that their phone number was hijacked for two hours. That was enough time for the attacker to use the phone to send and receive text messages.
Cyber crooks continue trying to leverage the document-signing service called DocuSign to steal employees’ login credentials. According to researchers at Armorblox, one of the latest phishing campaigns has a subject line saying, “Please DocuSign: Approve document 2023-01-11.” One tip this is a scam: While the message appears to come from DocuSign, the full email address of the sender shows it didn’t. It’s another example of why IT has to show employees how to turn on the ability to display the full sender’s email address for all messages. The targets of this particular campaign are companies that use the Proofpoint email protection service. Victims who click on the attached document are asked to sign in using their Proofpoint credentials to read the supposed document. Organizations that use Proofpoint have to warn employees to beware of this scam.
YouTube content creators need to toughen their security to avoid their sites being taken over by cryptocurrency scammers. That’s the word from researchers at Guardio Labs. Hacking YouTube channels in what’s called StreamJacking isn’t new. What’s going on now is that it’s being used to spread cryptocurrency scams once the YouTube channel is taken over. Often these messages pretend to be from entrepreneur Elon Musk offering giveaways: Victims are promised a two-for-one swap of any cryptocurrency they send in. What really happens is the crook just takes the digital coins. Meanwhile, the owner of the hijacked YouTube channel can’t get control back. This happens because the owner is tricked into giving away their login credentials, often by falling for email messages promising hacked software or modifications to video games. If you fall for an offer to cheat, don’t complain when you get hacked.
Maintainers of open-source repositories like PyPI, GitHub and others are reminded that some threat actors are determined to drop poisoned packages of code on their platforms. Researchers at Checkmarx this week detailed how one group used several tactics over four months to deposit code that steals credentials, bitcoin wallets and more from victims. These are developers who downloaded the packages and put them in their applications. Open code repositories have to beef up their security, while developers need to be more cautious in downloading packages.
There’s no shortage of reports about hospitals being hit with cyber attacks. Here’s more evidence: Kroll, a cyber risk evaluation provider, says that of its customers healthcare firms were the most breached sector last year. They overtook financial institutions as the most hacked industry. Also during 2022, breaches at industrial services doubled.
Finally, with Super Bowl Sunday less than two weeks away a reminder that crooks will push email and text scams. Officials at BullWall remind sports teams and companies to use email authentication procedures to make sure their brand and domains aren’t spoofed. Fans should be careful with pitches for tickets, T-shirts and other trinkets that appear too good to be true.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.