The Emotet botnet has improved, phony Google Translate pages used for phishing, fake COVID scams in the US continue, and more
Welcome to Cyber Security Today. It’s Friday, October 14th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Security teams have to keep a closer eye out for possible attacks from the Emotet botnet. According to researchers at ESET, Emotet’s operators have updated their ‘systeminfo’ module, which captures information of infected computers. That information will allow an attacker to improve the targeting of specific victims. The updated module replaces functions in Windows’ WinINet application programming interface. Administrators should watch for signs of tampering.
One of the latest ways crooks try to fool victims is by creating a fake Google Translate login. That’s according to researchers at Avanan. Victims get an email message that appears to come from an internet provider saying their account has to be confirmed by clicking on a link or their access will be restricted. They get sent to a login page that has the Google Translate logo. Presumably the attacker is betting the victim has a Google account and will enter their username and password. Careful inspection of the email address of the sender will show it’s not really from your provider. And hovering your mouse over the URLs in the message will show where those links really go.
Crooks are back trying to con American small business owners into giving away sensitive information by filling out a phony COVID-19 federal grant application. For those of you who don’t know, Washington has stopped accepting applications for these grants. But according to researchers at a firm called INKY, companies are still getting email asking them to click on a link and fill out an online application for COVID financial help. Those who do are taken to a form hosted on Google Docs. That might make it seem authentic, but smart people should know a U.S. government website should end in .gov. and not be on a Google site. There are some tips in the email that it’s a fraud, including spelling and grammatical errors.
There’s a reason why you should wear gloves when typing at a computer, smartphone or bank machine keyboard: The heat from your fingers may give away your password or PIN number. That’s according to researchers at the University of Glasgow. They built a system that uses a thermal image camera that can show the heat residue on keyboards. If the image is taken within 20 seconds of of a person using a keyboard their software can correctly guess a password 86 per cent of the time. The shorter the password or PIN, the easier it is to guess what was typed. So, dip your fingers in cold water before typing. And, because fall is here in the Northern Hemisphere, consider keeping your gloves on. Better yet, use long passwords and enable multifactor authentication.
I regularly report on ransomware aimed at businesses and government departments. However, some gangs still go after computer users at home. One strain they use is called Magniber. According to researchers at HP Wolf Security, since September the threat actors using this strain have created a new phishing campaign trying to convince individuals to download a supposed antivirus or Windows update. What’s different is the latest version of the malware uses new ways to evade being detected by protection software. Home users can improve their protection by not setting up administrator accounts if they don’t need them. But most importantly, don’t download an update from a link in an email or text message. Go to the software vendor website yourself and check if an update is available. Remember, usually those behind this strain of ransomware ask for $2,500 if you want the key to unscramble your data.
Finally, Apple has released an update to its operating system for iPhones. Your phone should be running iOS version 16.0.3.
That’s for now. But remember later today the Week in Review edition of the podcast will be available. Guest commentator Terry Cutler of Cyology Labs will talk about Ontario’s new law forcing many employers to explain how staff are electronically monitored.
Links to details about podcast stories are in the text version at ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.