Car Maker Targeted, Water Utility Infiltrated, Facebook Data Settlement - Cybersecurity News [April 15, 2024]
From the latest phishing attacks aimed at a massive American car manufacturer, the impersonation tactics of Sandworm threat actors, the details of the pixel data breach settlement, Google’s ad-blocking measures on YouTube, and the surge in SMS road toll phishing scams—we’re back again with the top cybersecurity news of the week. Stay tuned!
FIN7 Phishing Attacks Aimed at IT Staff of American Car Manufacturer
FIN7 has been targeting IT department employees of a major car manufacturer in the United States.
BlackBerry’s researchers came across the attack where the threat actors lured employees with high-level privileges by impersonating advanced IP (Internet Protocol) scanner tools. The threat actors start with spear-phishing emails with links that are redirected to fake websites. These websites took the victims to a Dropbox page with an executable file.
When a victim executes the file, it starts a multi-stage process, with the Anunak backdoor payload installed on the system – one of the malware tools that FIN7 uses in its attacks. The executable file also installs OpenSSH, allowing the threat actors persistent access and lateral movement within the system.
BlackBerry has not shared the name of the car manufacturing enterprise but did say that it’s a major one.
Russian Sandworm Cyber Group Masquerades as Activists in Water Utility Cyberattacks
The Russian Sandworm hacking group has been posing as a hacktivist group to hide its online activities.
Mandiant shared a report showing that the Sandworm threat actors are linked to multiple Telegram channels, which they used to spread information favoring Russia and amplifying their own activity. The Russian-aligned threat actor group uses credential harvesting and phishing emails to gain initial access and has been using these online personas since the beginning of Russia’s invasion of Ukraine. The Telegram channels (XakNet Team, CyberArmyofRussia_Reborn, and Solntsepek) are tied to the threat actors.
CyberArmyofRussia_Reborn is closely linked to the group, and Mandiant found out that the group is being used to leak the data that the threat actors steal in their attacks. Sandworm has been causing all kinds of trouble since the beginning of the war and carrying out multiple attacks on the country’s critical infrastructure.
Sandworm’s focus is on sabotaging attacks in Ukraine, espionage, and operations to change the perceptions (domestic and foreign) about Russia’s power and cyber capabilities.
Cerebral Agrees to $7 Million Settlement Over Facebook Pixel Data Breach
The FTC (US Federal Trade Commission) ordered Cerebral, a telehealth enterprise, to pay $7 million as they failed to handle people’s sensitive health data.
Cerebral suffered a data breach and sent out notices of said breach in 2023 to over 3 million people who had used its websites, applications, and services. The information was exposed due to tracking pixels that the organization uses on its platform.
FTC issued a complaint highlighting the charges against Cerebral and Kyle Robertson, the former CEO of the organization, as they disclosed the personal health information of the platform’s users for ads and did not follow the cancellation policies. Cerebral leaked data from 3.2 million customers to LinkedIn, Snapchat, and TikTok. Plus, the organization failed to revoke the access of former employees to patient records.
You can read all the details of the announcement that highlights all the other harmful practices that the organization carried out in this report.
Google to Intensify Measures Against Ad-Blocking Third-Party YouTube Applications
YouTube made an announcement this week that all third-party applications that block ads violate its ToS (Terms of Service), and it will take action against the applications soon.
Google shared its APIs (Application Programming Interfaces) that allow developers around the world to integrate YouTube into their applications to show videos and data without it being hosted on the app. However, many people have been misusing the APIs and creating applications that allow you to watch YouTube videos without any ads. Many of these are available to download on Android and iOS.
This week, Google announced that any applications that use the APIs to block advertisements will be shut off, and the users of the applications will have to deal with extended buffering and errors. Many people might dislike the decision, but YouTube has emphasized that if you want a premium experience of not seeing any ads while watching YouTube, you need to subscribe to the platform. The current fee is between $13.99 and $18.99.
YouTube has been conducting experiments to take care of ad-blocking since 2023 and even restricted such users to watching only 3 videos.
FBI Alerts about Surge in SMS Road Toll Phishing Scams
In other news, the FBI (Federal Bureau of Investigation) warned US citizens about a new phishing campaign where threat actors are using SMS phishing (Smishing) to lure victims with unpaid road toll messages.
The attacks surfaced at the beginning of March this year, and the FBI’s IC3 (Internet Crime Complaint Center) has received thousands of complaints since then. The FBI shared a public service announcement, which outlined that the threat actors are moving from state to state and have yet to reach many new ones.
You can avoid these scams because most of them share the language. The threat actors will approach you with a text, highlighting that you own money for unpaid tolls, and will have a link that impersonates your state’s toll service name and phone numbers to make it appear legitimate.
But the links would lead you to malicious sites where the threat actors will scam you out of your money, so keep an eye out. If you do receive such a text, do not click on the link and delete it promptly after reporting the number. It’s always best to go to Google and open the toll service’s genuine website and check if you have any pending tolls from there.
You should file a complaint with the IC3 and add the scammer’s contact number and the website that was listed in the phishing text if you do receive one of these. It’s crucial to prioritize your online safety by being vigilant and utilizing phishing protection measures. It’s also crucial to consider undergoing phishing awareness training to better recognize and thwart such scams in the future.