Cybersecurity News Roundup: Week of February 14, 2022

Hello and thank you for visiting our blog again. Here’s the latest on what happened in cybersecurity last week.

The Federal Bureau of Investigation (FBI) warned this week that American organizations and individuals are increasingly being targeted in commercial email compromise (BEC) attacks on virtual meeting platforms. With BEC attacks, perpetrators target businesses large and small, as well as individuals. The end goal is for hackers to compromise work email accounts to extract money (by redirecting payments to their own bank accounts). To protect yourself, the FBI suggests using secondary channels or two-factor authentication to verify requests to change account information, ensure the URL in emails is associated with the company/individual which it claims to be from, and does not send login credentials or personally identifiable information via email.

Russian-backed hackers have been targeting and compromising US-licensed defense contractors (CDCs) since at least January 2020 to access and steal sensitive information, providing insight into the programs and capabilities of US defense and intelligence. Russian hacking groups have hacked into several CDC networks for at least two years. According to a joint advisory issued Wednesday by the FBI, NSA and CISA, compromised entities included CDCs supporting US Army, US Air Force, US Navy, US Space Force and DoD and Intelligence.

A new report from cybersecurity firm Egress indicates that phishing attacks on LinkedIn have increased by 232% since early February. Scams trick users twice: first, by clicking on phishing links in Outlook 365, and then by entering their user credentials on fraudulent websites. For example, with typical LinkedIn emails that might say “You appeared in four searches this week”, scammers are now sending fake emails with the same subject lines, tricking victims into trusting them.

The Internet Society (ISOC) announced a data breach that exposed the login credentials of 80,000 members. The nonprofit, which focuses on keeping the internet open and secure, blamed the leak on a third-party vendor. The breach occurred on an unprotected Microsoft Azure cloud repository, comprising millions of JSON files including, among other things, full names, email and postal addresses, and login information.

Adobe issued an emergency advisory on Sunday regarding a zero-day vulnerability affecting Commerce and Magento users. The flaw, identified as CVE-2022-24086, was described as an issue with incorrect input validation that could lead to the execution of arbitrary code. Adobe says the vulnerability can be exploited without authentication.

Also last week, Emil Frey, one of Europe’s largest car dealers, announced that it had been hit by a Hive ransomware attack last month. The company claims to have “restored and restarted” business activity, but it is unclear whether customer information was accessed during the attack. According to the VPN Guru blog, “HIVE is one of the most dangerous ransomware groups in the world… The FBI should put the group on its radar since it has attacked at least 28 healthcare organizations worldwide l ‘last year.”

It’s a wrap for this week. Have a good week-end!

Amy

Top Global Security News

beeping computer (February 16, 2022) FBI warns of BEC attackers impersonating CEOs in virtual meetings

The Federal Bureau of Investigation (FBI) today warned that American organizations and individuals are increasingly being targeted by business email compromised (BEC) attacks on virtual meeting platforms.

BEC scammers have been known to use various tactics (including social engineering, phishing, and hacking) to compromise business email accounts with the end goal of redirecting payments to their own bank accounts.

In this type of attack, scammers target small, medium and large businesses as well as individuals. The success rate is also very high, as fraudsters usually pose as people that employees trust, such as business partners or CEOs.

READ MORE

beeping computer (February 16, 2022) US claims Russian hackers raped defense contractor

Russian-backed hackers have been targeting and compromising authorized U.S. defense contractors (CDCs) since at least January 2020 to access and steal sensitive information that provides insight into U.S. defense and intelligence programs and capabilities.

CDCs are private entities authorized by the Department of Defense (DoD) to access classified information to bid for contracts or support DoD programs. They have access to information related to DoD and intelligence community programs in a variety of areas, including:

  • Command, control, communication and combat systems
  • Intelligence, surveillance, reconnaissance and targeting
  • Weapons and missile development
  • Vehicle and aircraft design
  • Software development, data analysis, computers and logistics.

READ MORE

ZDNet (Feb 16, 2022) LinkedIn Phishing Scams Increase 232% Since Feb 1: Report

Phishing attacks impersonating emails from LinkedIn have increased 232% since early February, according to cybersecurity firm Egress.

The company released a report on cybercriminals using display name spoofing and styled HTML templates to socially trick victims into clicking phishing links in Outlook 365 and then entering their credentials on sites Fraudulent web.

Many people have grown accustomed to seeing emails from LinkedIn saying things like “You appeared in 4 searches this week”, “You have 1 new post”, and “Your profile matches this job”.

But now, cybercriminals are using webmail addresses with LinkedIn display names to send fake emails with the same subject lines.

READ MORE

Portswigger (February 15, 2022) Internet Society data leak revealed login credentials of 80,000 members

The Internet Society (ISOC), a nonprofit organization dedicated to keeping the Internet open and secure, blamed the inadvertent exposure of the personal data of its more than 80,000 members on a third-party vendor. The data, which was publicly available on an unprotected Microsoft Azure cloud repository, included millions of JSON files including, among other things, full names, email and postal addresses, and login information.

“Based on the size and nature of the exposed repository, we can assume that all member login and adjacent information has been open to the public internet for an indefinite period,” cybersecurity firm Clario said in a statement. a blog post today (February 15).

Aided by independent researcher Bob Diachenko, Clario security researchers made the discovery and alerted the Internet Society on December 8, 2021. The repository was secured a week later on December 15. Diachenko told the Daily Swig that the data was likely exposed for at least a month.

READ MORE

safety week (February 13, 2022) Adobe Releases Emergency Patch for Exploited Commerce Zero-Day

Adobe issued an emergency advisory on Sunday to notify Commerce and Magento users of a critical zero-day vulnerability that has been exploited in attacks.

The flaw, identified as CVE-2022-24086 and assigned a CVSS score of 9.8, was described as an improper input validation issue that could lead to the execution of arbitrary code. Adobe says the vulnerability can be exploited without authentication.

The security flaw affects open source e-commerce platforms Magento and Adobe Commerce, specifically versions 2.4.3-p1 and earlier and 2.3.7-p2 and earlier. Adobe has developed fixes, which are provided as MDVA-43395_EE_2.4.3-p1_v1.

The software giant states that “CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants.

READ MORE

ZDNet (February 11, 2022) Europe’s largest car dealer hit by ransomware attack

One of Europe’s largest car dealers, Emil Frey, fell victim to a ransomware attack last month, according to a company statement. The Swiss company showed up on the Hive ransomware victim list on February 1 and confirmed it was attacked in January.

“We have restored and restarted our business activity already a few days after the incident on January 11, 2022,” a spokesperson said, declining to answer further questions about access to customer information.

The company – which has about 3,000 employees – generated $3.29 billion in sales in 2020 through a variety of auto-related businesses. It was ranked as the number 1 car dealership in Europe based on turnover and total number of vehicles for sale.

READ MORE

Other major industry news

Researchers analyze activity of cybercrime group targeting aviation and other industries – Security Week

BlackCat (ALPHV) claims Swissport ransomware attack and leaks data – BleepingComputer

Barclays: UK scams increased in last quarter of 2021 – InfoSecurity

School District CISO Resigns Over Handling Data Breach – DataBreachToday

Massachusetts Legislature Advances Data Privacy Bill – Wall Street Journal (requires subscription)

Half of global emails were spam in 2021 – Infosecurity Magazine

Improving Cyber ​​Resilience of Critical Infrastructure – DataBreachToday

A look at an ugly insider data breach litigation – DataBreachToday