Fraud Awareness Month, cruise line data breaches and ransomware attacks turning into data breaches.
Welcome to Cyber Security Today. It’s Wednesday March 4th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
This is Fraud Awareness Month. For the next couple of weeks I’ll be offering tips on how to watch for online fraud. I’m starting with a story that luckily ends with good news. Last week entrepreneur Barbara Corcoran, a judge on the American investment competition TV show Shark Tank, admitted her bookkeeper had been tricked into wiring $388,000 to Germany in a real estate scam. It started with a criminal creating a look-alike email account of Corcoran’s assistant. Only a sharp eye would have noticed the name was spelled wrong. Knowing Corcoran often invests in real estate around the world the crook created a fake invoice for payment to a German company. Curious, the bookkeeper sent a reply email to the phony assistant asking for details. Of course, the crook replied. So the bookkeeper paid the bill. Corcoran initially shrugged the incident off and figured the money was gone. However, on Monday we learned that the German bank the money went to had been warned and froze the money transfer before it could be deposited.
Fortunately this story has a happy ending. Many scams like this don’t. It’s another example of how people who handle money for organizations have to treat email, text messages and even voicemail as untrustworthy. Requests for changes in regular procedures, like changing a bank account money usually goes to, have to be treated with suspicion. Same for receiving out-of-the ordinary invoices. Staff can’t just hit “reply” to an email or phone a number in the email to investigate further. If it’s a phony email the fraudster will reply. This is why every business has to create tough procedures to meet these potential threats.
Did you take a cruise on Holland American or Princess Cruises in the past couple of years? If so you may have been the victim of a data breach. The two companies, owned by Carnival Cruise Lines, said this week that in May, 2019 they realized someone had hacked employee email accounts. What the hacker got from just reading the email was employee and passenger names, social security numbers, passport numbers, credit card numbers and more. Victims are being notified. This is a lesson to travelers: Do not send sensitive personal information like birth dates, social insurance numbers and passport numbers in email. Companies in the travel industry should know that if they must get information like this their email systems have to be encrypted.
Ransomware used to do one thing: Scramble an organization’s data unless it paid a ransom for the decryption key. Some companies quietly pay the ransom and customers never know. However, attackers have recently adopted an additional strategy: Copying and stealing data before encrypting it. That way if the company doesn’t pay up, the attacker can also threaten to publicly release the data and embarrass the company. According to a news report this week another hacker group has adopted this strategy. What it means is that victim companies have to assume if they’ve been hit by ransomware there’s a good chance there’s also been a data breach. That ratchets up the pressure on victim organizations. It also means that having a backup of data is no longer an adequate defence against ransomware. You also need to strengthen user passwords — especially those of administrators — and watch for suspicious behavior on the network.
Attention network administrators: If your environment has web servers running Adobe Tomcat make sure they have the latest security patch. Two weeks ago a severe vulnerability was discovered and publicized for versions 7, 8 and 9. At the same time Adobe released patches. By now I’d hope, most systems would be updated. But according to news reports over the weekend someone or groups are doing a lot a scanning on the Internet looking for vulnerable servers. So if you haven’t patched Tomcat, do it now. Remember that version 6 isn’t being fixed. To safely continue using Tomcat you have to upgrade to a higher version.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.