Business email fraud ring busted in Europe, GoDaddy’s IT system hit again and more.
Welcome to Cyber Security Today! It is Monday, February 20, 2023. I’m Howard Solomon, US cybersecurity reporter for ITWorldCanada.com and TechNewsday.com.
On Friday’s podcast I reminded the audience that business email compromise scams, where a threat actor impersonates a CEO via email or phone, occur in all countries. The goal is to convince the employee to transfer money to an account controlled by the fraudster. After I recorded that podcast, police in Europe announced that they busted a gang in January doing just that. The gang was made up of French and Israeli residents. In one case, the suspect impersonated the CEO of a French metallurgical company and convinced the accountant to make two urgent and secret transfers of hundreds of thousands of euros. In another case, the gang posed as lawyers for an accounting firm. They convinced the financial director of one of the Parisian real estate developers to transfer about 40 million euros. Listeners should note that the victims did not question the transfers of large sums of money by their superiors in order to run the scams. And they were convinced by two requirements: the transfers had to be made quickly and secretly, two signs that should arouse suspicion. Employees in financial departments should be regularly alerted to these signs.
Web hosting provider GoDaddy admitted its system was compromised again, this time late last year. In December, a hacker was able to gain access to a control panel connected to the servers and install malware that redirected visitors to some GoDaddy customer websites to infected sites controlled by the threat actor. Delving deeper into the regulatory filing, GoDaddy said it believes this is the latest in a multi-year campaign by a sophisticated threat actor group. The document mentions several previous successful attacks. In 2021, hackers used a compromised password to gain access to GoDaddy’s provisioning system for 1.2 million managed WordPress customers. In 2020, a threat actor compromised the hosting login credentials of nearly 28,000 hosting customers.
Last December I told listeners about a ransomware attack at a US hospital chain called CommonSpirit Health. The company announced last week that the attack has cost the chain at least $150 million so far in recovery costs. Some of this may be covered by cyber insurance.
Public School Board Des Moines, Iowa say the people behind last month’s ransomware attack were able to copy the data they were holding. However, it doesn’t say how much data it is and whether it’s about a student, teacher or employee. The board had to close schools for two days as crews began restoring servers. At least nine US school districts, with 242 schools, have been hit by ransomware so far this year, according to Emsisoft researchers.
Attention network administrators using the SolarWinds platform; Due to the discovery of several vulnerabilities, the company will release a security update by the end of the month. Until then, make sure the suite’s website is not accessible to the public internet. If access is needed, create a strict permission list and block other traffic. Disable unnecessary ports, protocols, and services on your host operating system and applications like SQL Server. For more instructions, see the SolarWinds Security Vulnerabilities page here.
VMware warns administrators to not install the Windows Server 2022 update if they are also running some earlier versions of the vSphere ESXi hypervisor with secure boot enabled. There is a conflict preventing the operating system from loading. This includes hypervisor versions 6.7 and 7.x. Version 8 is not affected.
Remember In 2020, 130 Twitter accounts were hacked, including Barack Obama, Joe Biden, and Bill Gates. A British man arrested in Spain has been ordered to be extradited The US will face 14 criminal charges related to these attacks.
People still have hope make billions in cryptocurrency. And crooks are still trying to trick those people into downloading malware. The latest example was discovered by researchers at Cisco Systems. Victims are sent phishing emails pretending to be from a crypto payment site called CoinPayments. The victim is asked to click on a ZIP file that purports to contain information about the failed transaction. The file is really downloading ransomware or malware. Be careful with any cryptocurrency-related messages and app downloads.
Finally, if you’re using the Firefox browser, make sure it’s running the latest version. Last week, Mozilla released a new version that addresses 10 high-profile vulnerabilities.
Follow cybersecurity today on Apple Podcasts, Google Podcasts, or add us to your Flash briefing on your smart speaker.