Box closes MFA vulnerabilities, VPN service used by crooks shut, ransomware stats, and more.
Welcome to Cyber Security Today. It’s Wednesday, January 19th. I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
Cybersecurity experts agree multifactor authentication is one of the key tools IT departments must adopt to fight intrusions. But it must be set up securely. The cloud file sharing service called Box found out twice recently that the way it did MFA wasn’t secure enough.
One of the best ways to implement MFA is by sending numeric codes to users on a smartphone through an encrypted app like Google Authenticator, Microsoft Authenticator, Authy or Cisco Duo. Sending codes by SMS text is not secure. Box offered SMS text as an option to users for MFA. However, researchers at Varonis discovered the way Box implemented it could be bypassed without having to hack a victim’s phone. If an attacker enrolled as a subscriber with an authenticator app, then entered a victim’s stolen email address and password on the account login page that would trigger a process allowing the attacker to get into the victim’s account. The victim would be unaware since no SMS text was sent. Varonis warned Box about this vulnerability, which has since been closed. By the way, Box also allows users to get their codes through an authenticator app. But last month Varonis also warned Box the way it implemented that was also flawed. Yes, even an authenticator app can be bypassed if it isn’t set up right. In this case an attacker could have un-enrolled a target from the app. Then no extra security code would be sent to a victim. That vulnerability has also been plugged.
Ransomware was in the headlines far too often in the U.S. last year. An analysis of the number of attacks by researchers at Emsisoft gives an idea how of often public sector institutions were hit: Over 2,300 local governments, schools and healthcare providers were victimized by ransomware. That’s a minimum number. Many attacks aren’t reported. Major cities weren’t victims last year. The report suggests perhaps that’s because large municipalities have shored up their defences.
Speaking of ransomware, Italian luxury fashion house Moncler has acknowledged being hit by ransomware in December. This comes after the attackers on Tuesday published personal information of current and former employees they stole from the company, data of customers and some corporate data. Moncler said, no customer credit card numbers were exposed. According to the Bleeping Computer news service, the AlphaV ransomware gang, also called BlackCat, was behind the attack. Moncler said no ransom will be paid.
More on ransomware: A new strain has been seen. Called White Rabbit by some researchers, it was first spotted last month. According to a report this week from Trend Micro, White Rabbit operators not only encrypt data, they also threaten to release or sell stolen corporate data. IT leaders are reminded to deploy cross-layered detection and response defences, and to create playbooks for attack prevention and recovery.
Law enforcement officials in 10 countries including Canada and the U.S. have seized or disrupted the servers running a virtual private network service often used by crooks. The Europol police co-operative said this week the infrastructure of VPNLab.net has been shut. The action was led by German police. The service was popular for cybercrooks because its servers were located in several countries.
Cryptocurrency exchanges are prime targets for hackers. Which means IT defences had better be tough. This week the site crypto.com stopped transactions after detecting unauthorized activity. According to Bloomberg News, several users reported on social media cryptocurrencies had disappeared from their accounts. Users have been told a security update is being pushed out, and they’ll will have to re-set their two-factor authentication. They are also being told all funds are safe.
Finally, crooks continue to take advantage of the COVID-19 pandemic. Researchers at Check Point Software warn there’s a resurgence in counterfeit COVID test and vaccination certificates as more countries demand proof of peoples’ health status for entering businesses, events or crossing borders. The cost of counterfeit test certificates has jumped 600 per cent to between $200 to $600.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.