The latest FBI Internet crime report, adware on the rise, attacks on Wi-Fi and more.
Welcome to Cyber Security Today. It’s Friday February 14th. I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.
The FBI this week released its annual statistics report for complaints about Internet-related crime. The biggest concern is the rise of business email compromise fraud. That’s fraud where an organization gets an email from what appears to be a legitimate firm asking to change the bank account funds are usually sent to. A new wrinkle on this scam is an email appears to come from an employee asking that their direct deposit switch to a different bank. Last year the FBI received over 23,000 complaints about these scams with adjusted losses of over US$1.7 billion. The agency reminds organizations of the importance of verifying bank account change requests coming by email or over the phone.
There are lots of ways to hack personal computers and smartphones, but malicious online ads, called adware, are increasingly being used by crooks. According to a recent report by security vendor Malwarebytes, seven of the top 10 threats against Windows users were delivered through adware. Adware is delivered in many ways, usually through popup ads that suddenly appear on your screen offering miracle weight loss programs, get rich quick schemes or phony warnings your device has been infected. Click on one of these and it likely leads to the downloading of serious malware. Often you get infected with adware by downloading a dodgy program — perhaps offering a free app — although you can also be infected by visiting a dodgy website. So be careful what you download and the sites you visit.
Adware also comes from downloading a bad browser extension. An extension is a plug-in to a browser that act as a utility. After an initial investigation by vendor Cisco Systems, Google this week said it removed 500 extensions for the Chrome browser from the Google Chrome Web Store. These extensions may have been downloaded by 1.7 million people. Some of them may have been available for download for over a year. Google has fraud detection mechanisms for bad extensions, but these got missed. Google is now using a Cisco tool created to detect bad extensions. It also has new data privacy guidelines for developers who want to put extensions in its store.
It’s bad enough that hackers may be able to compromise business systems. A new report says one piece of malware can jump to a corporate Wi-Fi network and infect more devices. A security company called Binary Defense says malware known to experts as Emotet has the capability. After infecting a system it looks for Wi-Fi routers and tries to break into them by cracking their passwords. This may have been going on unknown by the security industry for two years. Network administrators must make sure corporate Wi-Fi routers are using strong passwords and monitor networks for suspicious behavior.
Finally, April 1st is census day in the United States. However, with six and a half weeks to go the Census Bureau isn’t quite ready. A government watchdog reported this week that there are still a number of IT systems with high or very high-risk cyber security bugs. That can be expected in any system. The problem is staff aren’t meeting deadlines for fixing bugs. Some are taking more than 60 days, and there are less than 60 days to Census Day. The Census Bureau says it’s working to meet the deadlines for fixing vulnerabilities.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon