More banks added to the target list of Android malware, and the latest data breach news
Welcome to Cyber Security Today. It’s Wednesday June 28th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
More financial institutions in the U.S., the U.K., Germany, Austria, and Switzerland have been added to the Anasta trojan found in some malicious Android apps. That’s according to researchers at ThreatFabric. The firms have been added to the trojan’s database of 600 financial applications. Victims downloading the poisoned apps risk having their bank login credentials stolen from their smartphones because the malware impersonates the login pages. These apps are usually disguised as utilities — like a PDF reader — and games. One problem is the speed at which some crooks replace an apps after it has been yanked by Google from the Play Store. Always be careful before downloading from any app store. Research before you click.
Speaking of Android apps, LetMeSpy, a free app that allows Android users to track anyone who uses their phones — like family, lovers or employees on company-owned devices — has admitted it was hacked last week. The attacker got hold of users’ email addresses, phone numbers and the content of text messages. Access to this data has been suspended until the vulnerability exploited by the attackers is removed. The company advises LetMeSpy users to be careful with suspicious messages.
GeoSouthern Energy, a Texas-based oil and natural gas producer, is notifying just over 21,000 current and former employees of a data breach. Sometime last December its IT system was compromised and personal information — including names and Social Security numbers — were copied.
Conner Strong & Buckelew, a New Jersey-based insurance and benefits broker, is notifying just over 15,000 people of a data breach. Sometime between February and March the email accounts of several employees were hacked. Personal information including names and Social Security numbers were copied.
Siemens Energy, a division of the German industrial giant, is the latest to confirm it was victimized by a vulnerability in the MOVEit file transfer application. According to Bleeping Computer, the Clop ransomware gang added Siemens Energy to its list of victims on Tuesday, after which the company confirmed it had been hit. No critical data has been compromised, the company said.
An American creator of a mobile app that helps women track their periods has agreed to pay US$100,000 in civil penalties for allegedly sharing user data without consent with other firms. Easy Healthcare also has to implement a comprehensive privacy and data security program, and hire an independent firm to regularly assess its compliance for the next 20 years. The U.S. Department of Justice and the Federal Trade Commission alleged the company violated federal law.
The notorious Russian-based group researchers call Nobelium or Cozy Bear is using a new tool for hiding credential attacks. According to Microsoft, the group is using residential proxy services, which offer real home IP addresses from internet service providers. Legitimate businesses and individuals may use a residential proxy network to protect themselves. But threat actors — like Nobelium — can use them to hide their password and token theft attacks. This report is a reminder to internet and residential proxy providers to protect their platforms from being compromised. Under Microsoft’s new naming convention, Nobelium is now called Midnight Blizzard.
The Europol police co-operative says the dismantling three years ago of the EncroChat communications network used by crooks has led to over 6,500 arrests. Of those 197 are considered high-value threat actors. A review issued this week of the crackdown said a combined 7,134 years of jail sentences have been handed out so far. Close to 900 million euros in criminal funds have been seized or frozen, plus a lot of drugs.
Finally, yesterday was International SMB Day according to the UN. To mark the occasion Kaspersky released a study of the common cyber threats small and mid-sized businesses are likely to see in the applications they commonly use — like Microsoft Office, for example. Application exploits, trojans, and backdoors were the most common. These can often come from staff falling for phishing scams where they give away their usernames and passwords, or by being duped into sending money to a bank account controlled by a crook. The report is a reminder that in addition to technology companies need to set up business processes and employee cybersecurity awareness training to stop these attacks.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon