Crooks are using email scams to steal computer hardware, a WooComerce warning, and more.
Welcome to Cyber Security Today. It’s Monday, March 27th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
As Fraud Prevention Month draws to a close the FBI has issued a warning: Crooks are using email scams to steal products. These include computer hardware, construction materials, agricultural supplies and solar energy products from manufacturers and distributors. The tactics are similar to business email scams: Crooks send an email from the hacked email account of a customer or business partner to a target company. Except instead of asking for money to be forwarded to an account the crooks control, they place an order for products. To assure firms the goods will be paid for the crooks ask for credit repayment terms with fake references. The lesson is sales and accounting staff must always be careful when handling emailed orders for products or money transfers.
This warning comes as Arctic Wolf released its first annual Threat Report. It shows business email compromise attacks accounted for 29 per cent of the attacks it responded to last year. The majority of the victims didn’t have multifactor authentication enabled on the compromised email accounts that crooks took advantage of, the report notes.
The criminal case against the alleged founder and administrator of BreachForums continues. On Friday the U.S. Justice Department said 20-year-old Connor Brian Fitzpatrick appeared in a Virginia court. Fitzpatrick, who allegedly used the nickname Pompompurin, is believed to have created BreachForums after authorities seized RaidForums early last year. BreachForums is now out of business.
Threat actors have found a new way to trick victims into giving up their login credentials. They’re emailing people with messages claiming there’s unusual sign-in activity on their Microsoft account. According to researchers at Avanan, the message says a user from Russia/Moscow has just logged into their account. The victim is urged to click on a button to report the incident. That triggers an email form with a reply address already filled in. So far, it seems the victim hasn’t done anything wrong. However, the threat actor will reply to this message asking the victim for their username and password. That’s a giveaway this is a scam. There are two others: The sender’s address isn’t from Microsoft. Nor is the email address the so-called report goes to.
Microsoft administrators who want to secure their Azure, Azure Active Directory and 365 environments have a free new tool. The U.S. Cybersecurity and Infrastructure Security Agency has released what they call the Untitled Goose Tool to help network defenders find potentially malicious activity in Microsoft cloud environments. Administrators can export and review sign-in, activity and audit logs, as well as Microsoft Defender alerts. The tool requires Python. Search results can be analyzed by a security information and event management application.
An American effort to notify companies they are about to be hit by a ransomware attack is paying off. Since the beginning of the year 60 organizations have received a pre-ransomware notice from the Joint Cyber Defense Collaborative, the group said last week. It’s a partnership between U.S. cyber intelligence agencies, cybersecurity companies, infrastructure operators and others. These organizations see hints — or boasts — of attacks on the dark web or other places. Then a warning can be passed on to victims. These early warnings can give defenders time to react before ransomware is deployed. The thing is, the group relies on tips from security researchers. If you see early-stage ransomware activity at an organizaiton, contact the group at report@cisa.dhs.gov. By the way, the group notifies computer emergency response teams outside as well as inside the U.S.
Attention administrators of websites using WooCommerce Payments: Make sure the latest version of the service has been installed. A vulnerability has been found that could permit unauthorized access to the admin console. The updated WooCommerce plugin for WordPress sites will be automatically installed, although it doesn’t hurt to check. Other websites running WooCommerce Payments need to update manually. Once the update has been installed check for any recent unexpected admin users or posts on your site.
Attention developers who use ChatGPT. There’s a security warning about the new plugin feature that allows users to fetch live data from various providers. The warning comes from researchers at GreyNoise. They say the MinIO docker image provided with the plugin feature has a vulnerability. If you are going to use this capability make sure this image is updated.
I hope organizations warn employees about the dangers of plugging USB sticks into computers that are found on the floor or are mailed to them. The keys may contain malware, or a battery with enough power to fry their computer. Or worse. Five reporters in Ecuador recently received USB keys with small explosives. One reporter suffered face and hand injuries when the device went off. If you don’t own the USB stick, don’t plug it into your computer.
Finally, this is the time of year when many Americans and Canadians will start working on their income tax forms. It’s also a time for income tax scams. Researchers at Malwarebytes note that a recent American con is an email message that purports to come from the U.S. Internal Revenue Service with an attached W-9 form. Click on it and you’ll get a message asking to enable editing and content to see the form. Don’t do that. The document is infected with malware.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.