VMware vROps Flaws Can Provide ‘Unlimited Opportunities’ in Attacks on Companies.
According to a researcher involved in discovering the security bugs, a couple of serious vulnerabilities patched recently by VMware in its vRealize Operations (vROps) product can pose a significant risk to organizations.
According to VMware, the SSRF flaw can allow an attacker with network access to the API to obtain administrative credentials. The second vulnerability allows an authenticated attacker to write files to arbitrary locations on the underlying Photon operating system.
In February, hackers started to scan the internet for VMware vCenter servers affected by a critical vulnerability that was also discovered by researchers at Positive Technologies. The scanning began just one day after VMware announced the availability of patches. However, in that case, PoC exploit code was quickly made available and it had been known that thousands of potentially vulnerable servers were directly accessible from the internet.
EU Mobile providers exposing sensitive data to leakage and theft
In a research conducted by Tala Security, top EU mobile service provider websites are not well secured hence exposing their customers’ data when it is being submitted. Websites belonging to top 13 service providers with a total over 235 million customers, did not have minimum protection and scored very poor on data security and protection. These websites are used to collect a lot of PII and other details from customers especially as they sign up. With an immense use of third-party code means exposure through JavaScript integrations and forms are exposed to some of the third-parties as well. The JavaScript functions were found to expose all the websites to cross-site scripting (XSS).
Forms data was found to be exposed due to the extensive data sharing with a large number of external domains. These websites fail to protect customer data as it is being entered, hence the JavaScript codes/functions can be modified to steal or leak the data through client side attacks. Data sharing is also not regulated and the telecoms do not have a scope of what type and extent the data is collected. This flaw leaves the door open for exfiltration of data through compromised third-party applications.
It’s important for organizations to take a top-down approach when it comes to protecting data. No one individual is responsible for protecting the company information.
The article breaks down best practices into three steps:
Keep Everyone Educated > This should include creating quizzes after training to makes sure everyone understood the information covered in the education.
Stress Privacy Principles > No employee should collect any customer information other than data that he or she absolutely needs. Moreover, this data should be retained for the shortest amount of time possible.
Write Processes Down > Formally record your organization’s data privacy processes and be sure to document the collection and deletion of customer data. Documented data privacy processes and policies as well as respective teams’ data privacy scores certainly come in handy if and when auditors come knocking.
Npower app attack exposed customers’ bank details
Energy firms Npower has closed down its app following an attack that exposed some customer’s financial personal information. Contact details, birth dates, addresses and partial bank account numbers are among details believed stolen. According to the firm’s statement, “we identified suspicious cyber-activity affecting the Npower mobile app, where someone has accessed customer accounts using login data stolen from another websites. This is known as “credential stuffing”. It also advised customers to change passwords on other accounts if using the same one. It added that the mobile app had already been due to be shut down as part of wind-down plans following Npower’s acquisition. https://www.bbc.com/news/technology-56195631
Nine Critical Flaws in FactoryTalk Product Pose Serious Risk to Industrial Firms
FactoryTalk AssetCentre is designed for securing, managing, tracking, versioning and reporting information related to automation assets across an entire facility. The product is used by many industrial organizations for backup and disaster recovery, which can be very useful in case of a targeted ransomware attack.
The vulnerabilities were discovered by researchers at industrial cybersecurity firm Claroty and they were addressed by the vendor with the release of AssetCentre v11. Previous versions are impacted.
The nine critical vulnerabilities identified by Claroty researchers — all of them have a CVSS score of 10 — can be exploited by remote, unauthenticated attackers to execute arbitrary code (due to data deserialization issues), execute arbitrary commands, modify sensitive data in the application, or launch SQL injection attacks.
“An attacker who is able to successfully exploit these vulnerabilities could do so without authentication and control the centralized FactoryTalk AssetCentre Server and Windows-based engineering stations communicating with the server,” Claroty warned. “In short order, an attacker could own a facility’s entire operational technology (OT) network and run commands on server agents and automation devices such as programmable logic controllers (PLCs).”
On Wednesday March 31st 2021. The University of California reported a ransomware attack. Many other Government Agencies, Private Companies and Other Universities were also involved in the attack though the use of Accellion, a secure file transfer company. Unauthorized personnel managed to exploit a vulnerability in Accellion’s file transfer service. Stolen Information included names, birthdates, social security numbers, and bank account information.The attackers are threatening to publish, or have published, stolen information on the dark web in an attempt to extort organizations and individuals. Stanford University and University of Maryland in Baltimore were among the schools to have been swept up in the attack.An investigation has begin to to assess the information that has been compromised and to limit the release of stolen information,”
The 2019 Facebook leak implicated over half a billion users. The impacted users are 32 million from the United States, 11 million from the UK, and 6 million from India. Although the issue has been patched, this does not mean the data loss is recoverable. Bad actors will leverage the stolen data to use them for more social engineering attacks, scamming, hacking, and marketing. The stolen data will likely be stolen from the criminal enterprises as well and be redistributed in the black market. Criminal enterprises rarely protect the data they stole and could easily have it stolen from them multiple times. Facebook was also been assessed by other firms such as Cambridge Analytica, researchers were able to access 87+ million Facebook Users’ data without knowledge or consent. Since then, Facebook remediated this issue by changing the search feature the firm leveraged.
In many countries, Facebook is used as the primary source of communication and electronic payments. Users should caution how their data is being leveraged not only by bad actors but also by how Facebook is profiting over user data.
This article details what is referred to as the data security-triad. It involves securing data in 3 states; rest, use, and transit. Most organizations take steps to protect there data by using firewalls, IDS, segmentation ect. This article focuses on the importance of encryption to protect data in its 3 main stages. While many people are wise to encrypting sensitive data in transit, many forget to encrypt sensitive data at rest. Data at rest is a juicy target for attackers once a system has been breached so it is wise to make sure any sensitive data is always encrypted at rest on a server. Data in use is one of the most overlooked according to the article. This can include doing searches on a database or performing analytics. Generally speaking this form of data is hardly ever encrypted. Beyond access controls and user authentication, there are a variety of commercially available solutions and technical methods being used to combat this vulnerability including homomorphic encryption, secure multiparty compute, and secure enclave technologies.
Booking.com Fined $558,000 for Late Breach Notification
Booking.com has been fined $558,000 after failing to report a serious data breach within the 72 hours time period mandated by the General Data Protection Regulation (GDPR). The breach happened in 2018 when telephone scammers targeted 40 employees at various hotels in the United Arab Emirates (UAE). After obtaining their login credentials to a Booking.com system, they were able to access personal details of over 4100 customers who had booked a hotel room in the UAE via the site. 283 customers credit card details were exposed and CVV code was compromised in 97 cases. The scammers use the personal details of the customers for phishing. They pretended to belong to the hotel by phone or email and tried to take money from people. Booking.com should have reported this within the time period to prevent damage to the customers. After reporting, Booking.com should have informed its customers of the data breach and offered mitigation/prevention steps.
On Tuesday, SAP released a joint report on various security flaws for their SAP applications. Between June 2020 and March 2021, there were approximately 1,500 attacks on SAP applications and roughly 300 were successful. Threat actors have been exploiting six main vulnerabilities. Related to this chapter, CVE-2016-3976: (CVSS 7.5) can be exploited in SAP NetWeaver/JAVA application to read arbitrary files that can lead to unauthorized disclosure of sensitive information. Other vulnerabilities are more related to access control and one vulnerability that can be exploited to gain administrative controls. SAP release monthly patches for their applications, but in some cases these patches do not get applied for weeks and even months.
APT Group Using Voice Changing Software in Spear-Phishing Campaign
A sub-group of the ‘Molerats’ threat-actor has been using voice-changing software to successfully trick targets into installing malware, according to a warning from Cado Security.
Cado Security says that APT-C-23, believed to be part of Molerats, typically uses social engineering to trick victims into installing malware, and was previously observed impersonating women in attacks that leveraged social media sites to target soldiers in the Israel Defence Forces.
In recent attacks targeting political opponents, APT-C-23 appears to have taken the spear-phishing to a new level, through the use of voice-changing software to pose as women.
“APT-C-23 has been observed impersonating women to engage victims in conversations. As the conversations continue, the group sends video laden with malware to infect the target’s system,” Cado Security said.
Broward School District, the sixth-largest district in the United States located in Fort Lauderdale, was hit with a ransomware attack. The attackers demanded the school pay an absurd $40 Million in cryptocurrency as ransom. While the attack caused a shutdown of their system, the classes themselves were able to still operate. Conti, the group behind the attack, initially stated that they’d lower the amount to $15 Million in Bitcoin if the offer went through within the first 24 hours, to which the school district counter-offered $500,000. The attackers went quiet after that offer. Conti stated they stole personal information, but the district states that there’s no evidence of that data breach occurring. This is not the first time a school district was targeted, as districts in Virginia, Connecticut, Maryland, and Texas were targeted earlier in 2020. The significance of this breach is the ludicrous amount that the attackers were asking for. Because of the pandemic, these attacks have become more frequent, and school districts are using attacks like this to harden their systems.
Data scientists identified that businesses could apply patterns and anomalies in big data to target potential customers, detect fraud, or predict drug interaction by using machine learning. The scientists said that they could use graphs to find the connections between people, groups, or objects via machine learning and data mining algorithms. For example, “friend,” “like,” or “follow” show the relationships in social media, and a list of videos or marked as favorites in subscription service. They use the information to extract belong to an area, which is a graph inference. It shows you a list of suggested movies based on your viewing history or a list of purchasing suggestions in online shopping. To improve graph inference, the scientists absorb non-graph information with graph information to analyze the patterns and anomalies. While they are developing data security, they use the natural variations of wireless channels to provide layers of security for data transmission, so that the cybercriminals are not able to detect this electronic communication. https://techxplore.com/news/2021-04-tools-big.html
Microsoft reported a second outage in two weeks now to their cloud sector on April fools day. Reports say that Azure, cloud services, Teams, Office 365, and OneDrive were all offline. It was tracked down to a DNS issue affecting multiple services. The issues were first seen by twitter users around 5pm and the problem was not resolved until approximately 10:30.pm. This is more than most hot fixes for the company so it tells you the severity of it, especially since it was able to span across a multitude of their platforms.
It’s a sad day (Jan when your backup database from a third-party CSP gets hacked. That was the case for Bonobos (a Walmart subsidiary) and their 70 GB SQL backup file. Customers’ personal information , addresses, phone numbers, partial credit card numbers, order information, and password histories which a hacker could use the compromised data in targeted phishing attacks.
Bonobos response was immediate. Take ownership, don’t blame and finger point and begin to inform and mitigate.
2020 Phishing Trends With PDF Files
From 2019-20, the malicious PDF files has a dramatic 1,160% increased, from 411,800 malicious files to 5,224,056. The top five schemes used by attackers in 2020 to carry out phishing attacks, which we have grouped as Fake Captcha, Coupon, Play Button, File Sharing and E-commerce.
1. Fake CAPTCHA: Fake CAPTCHA PDF files, as the name suggests, demands that users verify themselves through a fake CAPTCHA. The phishing PDF files we observed do not use a real CAPTCHA, but instead an embedded image of a CAPTCHA test. As soon as users try to “verify” themselves by clicking on the continue button, they are taken to an attacker-controlled website.
2. Coupon: phishing PDF files that were coupon-themed and often used a logo of a prominent oil company, which can took us to another website.
3. Static Image With a Play Button: they are mostly static images with a picture of a play button ingrained in them. A significant portion of them either used nudity or followed specific monetary themes such as Bitcoin, stock charts and the like to lure users into clicking the play button.
4. File Sharing: utilizes popular online file sharing services to grab the user’s attention, They often inform the user that someone has shared a document with them, and the user cannot see the content and apparently needs to click on an embedded button or a link.
5. E-commerce: There are is an upward trend in the number of fraudulent PDF files that used common e-commerce brands to trick users into clicking on embedded links. https://unit42.paloaltonetworks.com/phishing-trends-with-pdf-files/?web_view=true
Half of Global Retailers See Account Takeovers Surge.
Most global retailers are predicting an increase in fraud budgets next year. The report shows that 45% of account takeover (ATO) attacks have increased. These efforts are aimed at hijacking consumer accounts in order to use them to obtain any stored personal information that can be monetized on the dark web. Attackers may also attempt to use stored cards to fraudulently purchase goods or sell access to underground site accounts. Ravelin claimed that ATO attacks are on the rise due to shoppers’ password reuse across multiple sites. When one is breached, fraudsters can use these in credential stuffing operations to try them across multiple other sites.
Zibai Yang says
VMware vROps Flaws Can Provide ‘Unlimited Opportunities’ in Attacks on Companies.
According to a researcher involved in discovering the security bugs, a couple of serious vulnerabilities patched recently by VMware in its vRealize Operations (vROps) product can pose a significant risk to organizations.
According to VMware, the SSRF flaw can allow an attacker with network access to the API to obtain administrative credentials. The second vulnerability allows an authenticated attacker to write files to arbitrary locations on the underlying Photon operating system.
In February, hackers started to scan the internet for VMware vCenter servers affected by a critical vulnerability that was also discovered by researchers at Positive Technologies. The scanning began just one day after VMware announced the availability of patches. However, in that case, PoC exploit code was quickly made available and it had been known that thousands of potentially vulnerable servers were directly accessible from the internet.
https://www.securityweek.com/vmware-vrops-flaws-can-provide-unlimited-opportunities-attacks-companies
Humbert Amiani says
EU Mobile providers exposing sensitive data to leakage and theft
In a research conducted by Tala Security, top EU mobile service provider websites are not well secured hence exposing their customers’ data when it is being submitted. Websites belonging to top 13 service providers with a total over 235 million customers, did not have minimum protection and scored very poor on data security and protection. These websites are used to collect a lot of PII and other details from customers especially as they sign up. With an immense use of third-party code means exposure through JavaScript integrations and forms are exposed to some of the third-parties as well. The JavaScript functions were found to expose all the websites to cross-site scripting (XSS).
Forms data was found to be exposed due to the extensive data sharing with a large number of external domains. These websites fail to protect customer data as it is being entered, hence the JavaScript codes/functions can be modified to steal or leak the data through client side attacks. Data sharing is also not regulated and the telecoms do not have a scope of what type and extent the data is collected. This flaw leaves the door open for exfiltration of data through compromised third-party applications.
https://www.securityweek.com/websites-eu-mobile-providers-fail-properly-secure-user-data-report?&web_view=true
Jonathan Castelli says
Data Protection Is a Group Effort
It’s important for organizations to take a top-down approach when it comes to protecting data. No one individual is responsible for protecting the company information.
The article breaks down best practices into three steps:
Keep Everyone Educated > This should include creating quizzes after training to makes sure everyone understood the information covered in the education.
Stress Privacy Principles > No employee should collect any customer information other than data that he or she absolutely needs. Moreover, this data should be retained for the shortest amount of time possible.
Write Processes Down > Formally record your organization’s data privacy processes and be sure to document the collection and deletion of customer data. Documented data privacy processes and policies as well as respective teams’ data privacy scores certainly come in handy if and when auditors come knocking.
https://www.darkreading.com/vulnerabilities—threats/data-protection-is-a-group-effort/a/d-id/1340406
Ting-Yen Huang says
Npower app attack exposed customers’ bank details
Energy firms Npower has closed down its app following an attack that exposed some customer’s financial personal information. Contact details, birth dates, addresses and partial bank account numbers are among details believed stolen. According to the firm’s statement, “we identified suspicious cyber-activity affecting the Npower mobile app, where someone has accessed customer accounts using login data stolen from another websites. This is known as “credential stuffing”. It also advised customers to change passwords on other accounts if using the same one. It added that the mobile app had already been due to be shut down as part of wind-down plans following Npower’s acquisition.
https://www.bbc.com/news/technology-56195631
Wenyao Ma says
Nine Critical Flaws in FactoryTalk Product Pose Serious Risk to Industrial Firms
FactoryTalk AssetCentre is designed for securing, managing, tracking, versioning and reporting information related to automation assets across an entire facility. The product is used by many industrial organizations for backup and disaster recovery, which can be very useful in case of a targeted ransomware attack.
The vulnerabilities were discovered by researchers at industrial cybersecurity firm Claroty and they were addressed by the vendor with the release of AssetCentre v11. Previous versions are impacted.
The nine critical vulnerabilities identified by Claroty researchers — all of them have a CVSS score of 10 — can be exploited by remote, unauthenticated attackers to execute arbitrary code (due to data deserialization issues), execute arbitrary commands, modify sensitive data in the application, or launch SQL injection attacks.
“An attacker who is able to successfully exploit these vulnerabilities could do so without authentication and control the centralized FactoryTalk AssetCentre Server and Windows-based engineering stations communicating with the server,” Claroty warned. “In short order, an attacker could own a facility’s entire operational technology (OT) network and run commands on server agents and automation devices such as programmable logic controllers (PLCs).”
https://www.securityweek.com/nine-critical-flaws-factorytalk-product-pose-serious-risk-industrial-firms
Kyuande Johnson says
On Wednesday March 31st 2021. The University of California reported a ransomware attack. Many other Government Agencies, Private Companies and Other Universities were also involved in the attack though the use of Accellion, a secure file transfer company. Unauthorized personnel managed to exploit a vulnerability in Accellion’s file transfer service. Stolen Information included names, birthdates, social security numbers, and bank account information.The attackers are threatening to publish, or have published, stolen information on the dark web in an attempt to extort organizations and individuals. Stanford University and University of Maryland in Baltimore were among the schools to have been swept up in the attack.An investigation has begin to to assess the information that has been compromised and to limit the release of stolen information,”
https://www.nbcnews.com/news/us-news/university-california-victim-nationwide-hack-attack-n1262972
Mei X Wang says
Data of Half a Billion Facebook Users Leaked
The 2019 Facebook leak implicated over half a billion users. The impacted users are 32 million from the United States, 11 million from the UK, and 6 million from India. Although the issue has been patched, this does not mean the data loss is recoverable. Bad actors will leverage the stolen data to use them for more social engineering attacks, scamming, hacking, and marketing. The stolen data will likely be stolen from the criminal enterprises as well and be redistributed in the black market. Criminal enterprises rarely protect the data they stole and could easily have it stolen from them multiple times. Facebook was also been assessed by other firms such as Cambridge Analytica, researchers were able to access 87+ million Facebook Users’ data without knowledge or consent. Since then, Facebook remediated this issue by changing the search feature the firm leveraged.
In many countries, Facebook is used as the primary source of communication and electronic payments. Users should caution how their data is being leveraged not only by bad actors but also by how Facebook is profiting over user data.
https://www.infosecurity-magazine.com/news/data-of-half-a-billion-facebook/
Anthony Messina says
Uncovering the Data Security Triad
This article details what is referred to as the data security-triad. It involves securing data in 3 states; rest, use, and transit. Most organizations take steps to protect there data by using firewalls, IDS, segmentation ect. This article focuses on the importance of encryption to protect data in its 3 main stages. While many people are wise to encrypting sensitive data in transit, many forget to encrypt sensitive data at rest. Data at rest is a juicy target for attackers once a system has been breached so it is wise to make sure any sensitive data is always encrypted at rest on a server. Data in use is one of the most overlooked according to the article. This can include doing searches on a database or performing analytics. Generally speaking this form of data is hardly ever encrypted. Beyond access controls and user authentication, there are a variety of commercially available solutions and technical methods being used to combat this vulnerability including homomorphic encryption, secure multiparty compute, and secure enclave technologies.
https://www.securityweek.com/uncovering-data-security-triad
Priyanka Ranu says
Booking.com Fined $558,000 for Late Breach Notification
Booking.com has been fined $558,000 after failing to report a serious data breach within the 72 hours time period mandated by the General Data Protection Regulation (GDPR). The breach happened in 2018 when telephone scammers targeted 40 employees at various hotels in the United Arab Emirates (UAE). After obtaining their login credentials to a Booking.com system, they were able to access personal details of over 4100 customers who had booked a hotel room in the UAE via the site. 283 customers credit card details were exposed and CVV code was compromised in 97 cases. The scammers use the personal details of the customers for phishing. They pretended to belong to the hotel by phone or email and tried to take money from people. Booking.com should have reported this within the time period to prevent damage to the customers. After reporting, Booking.com should have informed its customers of the data breach and offered mitigation/prevention steps.
https://www.infosecurity-magazine.com/news/bookingcom-fined-558k-for-late/
Anthony Wong says
On Tuesday, SAP released a joint report on various security flaws for their SAP applications. Between June 2020 and March 2021, there were approximately 1,500 attacks on SAP applications and roughly 300 were successful. Threat actors have been exploiting six main vulnerabilities. Related to this chapter, CVE-2016-3976: (CVSS 7.5) can be exploited in SAP NetWeaver/JAVA application to read arbitrary files that can lead to unauthorized disclosure of sensitive information. Other vulnerabilities are more related to access control and one vulnerability that can be exploited to gain administrative controls. SAP release monthly patches for their applications, but in some cases these patches do not get applied for weeks and even months.
https://www.zdnet.com/article/sap-issues-advisory-on-vulnerable-applications-being-widely-targeted-by-hackers/
Xinyi Zheng says
APT Group Using Voice Changing Software in Spear-Phishing Campaign
A sub-group of the ‘Molerats’ threat-actor has been using voice-changing software to successfully trick targets into installing malware, according to a warning from Cado Security.
Cado Security says that APT-C-23, believed to be part of Molerats, typically uses social engineering to trick victims into installing malware, and was previously observed impersonating women in attacks that leveraged social media sites to target soldiers in the Israel Defence Forces.
In recent attacks targeting political opponents, APT-C-23 appears to have taken the spear-phishing to a new level, through the use of voice-changing software to pose as women.
“APT-C-23 has been observed impersonating women to engage victims in conversations. As the conversations continue, the group sends video laden with malware to infect the target’s system,” Cado Security said.
https://www.securityweek.com/apt-group-using-voice-changing-software-spear-phishing-campaign
Krish Damany says
Broward School District, the sixth-largest district in the United States located in Fort Lauderdale, was hit with a ransomware attack. The attackers demanded the school pay an absurd $40 Million in cryptocurrency as ransom. While the attack caused a shutdown of their system, the classes themselves were able to still operate. Conti, the group behind the attack, initially stated that they’d lower the amount to $15 Million in Bitcoin if the offer went through within the first 24 hours, to which the school district counter-offered $500,000. The attackers went quiet after that offer. Conti stated they stole personal information, but the district states that there’s no evidence of that data breach occurring. This is not the first time a school district was targeted, as districts in Virginia, Connecticut, Maryland, and Texas were targeted earlier in 2020. The significance of this breach is the ludicrous amount that the attackers were asking for. Because of the pandemic, these attacks have become more frequent, and school districts are using attacks like this to harden their systems.
https://www.infosecurity-magazine.com/news/florida-school-district-40m-ransom/
Cami Chen says
Data scientists identified that businesses could apply patterns and anomalies in big data to target potential customers, detect fraud, or predict drug interaction by using machine learning. The scientists said that they could use graphs to find the connections between people, groups, or objects via machine learning and data mining algorithms. For example, “friend,” “like,” or “follow” show the relationships in social media, and a list of videos or marked as favorites in subscription service. They use the information to extract belong to an area, which is a graph inference. It shows you a list of suggested movies based on your viewing history or a list of purchasing suggestions in online shopping. To improve graph inference, the scientists absorb non-graph information with graph information to analyze the patterns and anomalies. While they are developing data security, they use the natural variations of wireless channels to provide layers of security for data transmission, so that the cybercriminals are not able to detect this electronic communication.
https://techxplore.com/news/2021-04-tools-big.html
Austin Mecca says
https://www.infosecurity-magazine.com/news/microsoft-suffers-second-outage-in/
Microsoft reported a second outage in two weeks now to their cloud sector on April fools day. Reports say that Azure, cloud services, Teams, Office 365, and OneDrive were all offline. It was tracked down to a DNS issue affecting multiple services. The issues were first seen by twitter users around 5pm and the problem was not resolved until approximately 10:30.pm. This is more than most hot fixes for the company so it tells you the severity of it, especially since it was able to span across a multitude of their platforms.
Vanessa Marin says
It’s a sad day (Jan when your backup database from a third-party CSP gets hacked. That was the case for Bonobos (a Walmart subsidiary) and their 70 GB SQL backup file. Customers’ personal information , addresses, phone numbers, partial credit card numbers, order information, and password histories which a hacker could use the compromised data in targeted phishing attacks.
Bonobos response was immediate. Take ownership, don’t blame and finger point and begin to inform and mitigate.
https://www.bleepingcomputer.com/news/security/bonobos-clothing-store-suffers-a-data-breach-hacker-leaks-70gb-database/
https://www.msspalert.com/cybersecurity-breaches-and-attacks/hackers-steal-walmart-subsidary-backup/
Zhen Li says
2020 Phishing Trends With PDF Files
From 2019-20, the malicious PDF files has a dramatic 1,160% increased, from 411,800 malicious files to 5,224,056. The top five schemes used by attackers in 2020 to carry out phishing attacks, which we have grouped as Fake Captcha, Coupon, Play Button, File Sharing and E-commerce.
1. Fake CAPTCHA: Fake CAPTCHA PDF files, as the name suggests, demands that users verify themselves through a fake CAPTCHA. The phishing PDF files we observed do not use a real CAPTCHA, but instead an embedded image of a CAPTCHA test. As soon as users try to “verify” themselves by clicking on the continue button, they are taken to an attacker-controlled website.
2. Coupon: phishing PDF files that were coupon-themed and often used a logo of a prominent oil company, which can took us to another website.
3. Static Image With a Play Button: they are mostly static images with a picture of a play button ingrained in them. A significant portion of them either used nudity or followed specific monetary themes such as Bitcoin, stock charts and the like to lure users into clicking the play button.
4. File Sharing: utilizes popular online file sharing services to grab the user’s attention, They often inform the user that someone has shared a document with them, and the user cannot see the content and apparently needs to click on an embedded button or a link.
5. E-commerce: There are is an upward trend in the number of fraudulent PDF files that used common e-commerce brands to trick users into clicking on embedded links.
https://unit42.paloaltonetworks.com/phishing-trends-with-pdf-files/?web_view=true
Junhan Hao says
Half of Global Retailers See Account Takeovers Surge.
Most global retailers are predicting an increase in fraud budgets next year. The report shows that 45% of account takeover (ATO) attacks have increased. These efforts are aimed at hijacking consumer accounts in order to use them to obtain any stored personal information that can be monetized on the dark web. Attackers may also attempt to use stored cards to fraudulently purchase goods or sell access to underground site accounts. Ravelin claimed that ATO attacks are on the rise due to shoppers’ password reuse across multiple sites. When one is breached, fraudsters can use these in credential stuffing operations to try them across multiple other sites.
https://www.infosecurity-magazine.com/news/half-global-retailers-account/
Prince Patel says
https://www.forbes.com/sites/forbestechcouncil/2021/04/06/the-need-for-unified-data-protection-regulation/?sh=528ee55b267f
The Need For Unified Data Protection Regulation
This article connects well with this weeks topics as it talks about the data privacy and addresses privacy as a right. Users should have right to update and delete they information at will. It provides a good perspective on how orgs can move into future by focusing on right to privacy.