We always get excited when we stumble upon a vulnerability that affects a billion of anything. Today’s star? Kr00k. It’s crime? Exposed Data from Over a Billion Wi-Fi Devices.
“Kr00k impacts devices using some Wi-Fi chips made by Broadcom and Cypress. The vulnerability has been found to affect smartphones, tablets, laptops, IoT devices, routers and access points made by Amazon, Apple, Google, Samsung, Raspberry Pi Foundation, Xiaomi, Asus, and Huawei.” Don’t say we didn’t warn you.
Norton LifeLock Phishing Scam
I thought Norton LifeLock was supposed to protect you from scams. Now it’s being used to phish you. From Bleeping Computer, “Cybercriminals behind a recently observed phishing campaign used a clever ruse in the form of a bogus Norton Lifelock document to fool victims into installing a remote access tool (RAT) that is typically used for legitimate purposes. The malicious activity has the hallmarks of a seasoned threat actor familiar with evasion techniques and offensive security frameworks that help install the payload.”
This is very typical of today’s phishing attacks. The idea is to use trust signals, like Norton Lifelock, to get you to let your guard down. And once you do…
Phishing Attack Via Google Translate
Need to translate something? You might want to steer clear of Google Translate. It’s being used to phish you.
According to an online article, “Here’s how the trick works: You get an email stating that something has gone wrong with your Google account. They may say that someone is trying to access your account. They may then provide a link that is actually a malicious URL for you to click on. If you click it, you will be redirected through Google Translate to a page that looks like the Google login form.” Here’s a tip. Don’t login.
The scary thing is, malware is starting to get really smart. Smart as in it’s learning to avoid detection. From Help Net Security, “Modern malware is increasingly leveraging evasive behaviors. Defense evasion behavior was seen in more than 90 percent of the 2,000 samples they analyzed.”
The article continues, “Cyber criminals continue to leverage standard application protocols in network deployments to operate under the radar and blend in with standard business traffic. They are also deploying secondary C2 methods on sleep cycles, allowing them to wake up a new method of C2 upon discovery or prevention of their primary method.” It’s an arms race and keeping up is getting exhausting.
SSL Certificate on Phishing Sites
There used to be a time, that to protect yourself from phishing, all you had to do is make sure any website you visited has SSL protection (i.e., HTTPS). Not anymore. From a Help Net Security article, “Almost three-quarters of all phishing sites now use SSL protection.”
“The researchers at APWG member PhishLabs documented the rising use of SSL certificates on phishing websites. This was the highest percentage since tracking began in early 2015, and is a clear indicator that users can’t rely on SSL alone to understand whether a site is safe or not.” Those days are gone.
It’s not uncommon to see healthcare companies be victims of a data breach. They’re usually caused by an employee getting their email hacked if they do not have email security service. What we don’t usually see is a data breach at a healthcare company where “several” employees got their email hacked. But, that is the case with the Munson Healthcare data breach.
“The northern-Michigan based Munson Healthcare group reported several employee email accounts were hacked and being accessed for two and a half months last year exposing PHI. The accounts contained PHI that included names, dates of birth, insurance information along with treatment and diagnostic information. In some cases, patient financial account numbers, driver’s license numbers and Social Security numbers were involved.” The more the merrier I suppose.
Tennessee Orthopedic Alliance Phishing Attack
Not to be outdone, the Tennessee Orthopedic Alliance phishing attack impacted over 81,000 patients. [The] “Alliance has discovered unauthorized individuals have gained access to the email accounts of two employees.” Do you see a theme here? More than one employee’s email account being compromised.
“Patients were notified about the breach on February 14, 2019. Individuals whose Social Security number was potentially compromised have been offered complimentary credit monitoring and identity theft protection services. While PHI in the accounts could have been accessed by the attackers, TOA found no evidence to indicate patient information has been misused.” Yet.
PHI Data Breach
Our final installment of the PHI data breach trilogy comes courtesy of…Walgreens. Not just Walgreens, but more specifically, their mobile app. According to SC Magazine, “A leak in the Walgreens mobile app’s messaging service exposed personal information – including what the company said was ‘limited health-related data’ – on a ‘small percentage’ of customers who used the app between Jan. 9-15.”
“Because the leak included PII and potentially protected health information (PHI), Walgreens might find that it’s run afoul of regulations like HIPAA and CCPA and now possibly faces costly penalties.” At least it was only a small percentage of customers.
And that’s the week that was.