Cyber threats against executives are increasing, the latest on email scams and more.
Welcome to Cyber Security Today. It’s Friday, February 10th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
Threat actors are increasingly targeting executives and board members. According to researchers at BlackCloak, there’s been a recent surge in doxing and swatting of these people. Doxxing is the threat to release personal information on victims. Swatting is getting police to respond to a fake threat at a victim’s office or home. Infosec leaders should have their executives remove any mention of where their residences are on corporate websites or in social media. As an extra precaution homes should be registered in an anonymous trust or corporation to keep strangers from finding out where they live.
Hackers are increasingly using HTML email attachments to deliver malware. This is called HTML smuggling, according to researchers at Trustwave. It works because the malware is in a blob of data within JavaScript code that gets decoded when opened in a web browser. Email scanners may miss these packages. Ever since Microsoft last year started blocking macros in Office documents sent over the internet by default hackers have shifted to HTML smuggling. Tricks include crafting documents that look like they came from Google Drive, Dropbox or are Adobe Acrobat PDFs. Employees need to be warned — again — to be wary of attachments.
Here’s another warning about phishing emails from crooks: Researchers at Proofpoint are seeing attachments or URLs that lead to the installation of a tool that takes screenshots of victims’ computers. A common message to targets is a request to check the attached business presentation. Clicking on the document or the URL downloads the malware. With a screenshot of the victim’s machine the attacker hopes to see passwords and get information on the victim. Then the attacker will download more malware. Targets have been seen in the U.S. and Germany. Again, employee education is a good way to fight this attack.
Finally, the Super Bowl is this Sunday. It’s available on cable and over the air, but some people want to use illegal internet streaming websites for supposed high-definition viewing. Don’t. Researchers at OpenText note that these services have to make money somehow. Usually they do it by getting victims to download software to help them see the game. That software has malware for stealing passwords. —
Later today the Week in Review podcast will be available. Guest commentator Terry Cutler of Cyology Labs and I will discuss the new ransomware strain going after unpatched installments of VWware’s ESXi hypervisor, holes found in Toyota’s supplier website and more.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.