Rami Saba

I just read this article and thought I’d share since it’s relative to us in the PA area.  Wawa just announced it found malware on its payment processing servers and that it had affected customer payment information since March 4th.  The malware is believed to have been present on most of the 850 store locations by April 22nd.  It exposed credit and debit card numbers, expiration dates, and cardholder names on payment cards used in-store and at gas pumps.  They discovered the malware on December 10th and had it contained by the 12th.  An external forensics firm was hired and is currently investigating to support their review.

Here’s what to do if affected:
“Wawa customers can call 1-844-386-9559 to ask questions and get free credit monitoring and identity-theft protection if their personal information was affected. Consumers should also review payment card account statements for any unauthorized charges.”

https://www.inquirer.com/business/wawa-data-breach-credit-debit-card-numbers-exposed-20191219.html

Elderly individuals are more likely to be targeted by online financial fraud and also lose a higher amount than average.  Cybercrimes against the elderly have increased 5x since 2014 and cost more than $650 million in losses per year.  A new study suggests changes to how the FBI collects information and responds to online crimes targeting elderly and provides suggestions for those living on bank balances, pensions and retirement funds to better protect their assets from online frauds.   The study showed older adults were more tech savvy than expected, but they had problems with FBI forms that require victims of scams to report their experiences online.  The forms timed out too fast and didn’t allow participants to upload screenshots of conversations (something the older adults preferred).  They also felt embarrassed to report- they didn’t want to bother family members or sound like they didn’t understand the technology.

Some preventative measures that are helpful to seniors:

• Different passwords for each site, but if they can’t remember them, it’s safer to have different passwords written down in a drawer than the same password across all the sites.
• Only enter sensitive infoformation on “secure” websites
• Log out of accounts on shared computers
• Use VPNs when using public Wi-Fi
• Report online scams

https://www.cnbc.com/2019/11/23/new-research-pinpoints-how-elderly-people-are-targeted-in-online-scams.html

A new phishing attack that tries to convince the target to open a malicious attachment is being sent through email.  The email identifies itself as being sent from Microsoft with subject lines “Install Latest Microsoft Windows Update now!” or “Critical Microsoft Windows Update!” and has the “latest critical update” as an attachment.  The file that appears to have a .jpg file extension is really  a .NET downloader that delivers malware to your machine.  More specifically, it installs ransomware called bitcoingenerator.exe.  It encrypts the recipient’s files and leaves a text file named “Cyborg_DECRYPT.txt” on their desktop.  A message within it asks for $500 in bitcoin to unlock the files.  Windows users should note that Microsoft will never send a security patch via email.

https://www.cnet.com/news/windows-users-beware-this-fake-update-could-lock-up-your-pc-or-worse/

Cybercriminals have registered over 100,000 look-alike domains that mimic popular retail websites.  The fakes sites use valid TLS certificates to make them appear safe and trusted.  The number of fake sites has doubled since 2018 and are created to target 20 retailers in the U.S., U.K., Germany, France and Australia.  One of the U.S. retailers has over 49,500 look-alike domains targeting it alone.  Retailers and customers should be vigilant in protecting themselves.

https://cyware.com/news/beware-online-shoppers-cybercriminals-have-registered-over-100000-look-alike-domains-that-resemble-popular-retail-websites-8798ad36

Cybercriminals are targeting Application Programming Interfaces (APIs) as they become more popular.  This year alone there have been several APIs targeted to gain unauthorized data access.  APIs are a set of protocols that allow different programs communicate with each other.  They are being used in many places and without careful API management, they will continue being used maliciously worldwide.

LandMark White Limited – February 2019
Justdial unprotected API – April 2019
GateHub – June 2019
Venmo – June 2019

https://cyware.com/news/apis-and-cybercrime-the-state-in-2019-so-far-b73a675a

The Henn na Hotel in Japan has bedside robots that serve as guest assistants.  Several weeks ago, a researcher warned HIS Group that the bed-bots were easily accessible because they allowed unsigned code to run simply by tapping an NFC tag to the back of the robot’s head.  This allowed a hacker to remotely watch and listen through cameras and microphones in the robot.  He released a 0day vulnerability after the researcher had not heard back from the hotel for more than 90 days.  The hotel then apologized and fixed the robots.

The researcher’s twitter also makes for a good read.

The report also includes a note from a cybersecurity specialist.  Joseph Carson said such a vulnerability is not surprising and anything connected to the internet: a laptop, phone, webcam or hospitality robot, are all exposed to the risk of being hacked and abused.

https://www.securitymagazine.com/articles/91157-japanese-hotel-apologizes-for-robots-that-allowed-video-and-sound-to-be-hacked