Cybersecurity headlines are insightful for their coverage of a wide variety of cyberattacks, the latest security updates, recommendations, and attack trends. This week’s headlines are just as informative and justify why you must immediately upgrade your ransomware protection measures.
AirTag Comes With Major Security Vulnerability
What would you do if a hacker exploited the item tracker on your device to spy on you? Scary, right? Well, the new Apple AirTag has been out for only a week, and two security vulnerabilities have been spotted already! A user found that the item tracker can be easily used to stalk people. He also rebuilt a thinner card version of the AirTag that goes into wallets. In another incident, security researcher Stack Smashing could hack the microcontroller of the AirTag, which enabled him to modify the NGC URL for its microcontroller of the AirTag – Lost Mode.
The modified AirTag could be easily used in phishing scams, says Smashing. The modified item tracker leads to an unrelated URL (which can have phishing motives, such as logging in to accounts to track devices, making payments, etc.) instead of the regular destination – Find My Website. We hope that Apple is deploying its cybersecurity tools to block this loophole in the item tracker!
Darkside Ransomware Gang Responsible For Colonial Pipeline Attack
The FBI has attributed the recent attack on the Colonial Pipeline network to the DarkSide ransomware gang. Colonial Pipeline had a major shutdown of all its pipeline operations because of this attack.
As investigations by the company, the FBI, and government partners continue, Colonial Pipeline has worked out a ransomware protection scheme that aims to restore operations in a phased manner. While it’s only now that the FBI has confirmed that DarkSide was responsible for the attack, the Associated Press had concluded the same much before.
The FBI & The ACSC Release Avaddon Alerts For Organizations
Avaddon attacks are on the rise, and the FBI and ACSC warned U.S. and Australian citizens of the same via a cybersecurity alert recently. The Federal Bureau of Investigation (FBI) mentions that the ransomware operators primarily target healthcare, manufacturing, and other private sector organizations. The Australian Cyber Security Centre (ACSC) adds that these attacks target several networks, including finance, government, energy, health, law enforcement, and I.T. sectors. It also mentions the countries targeted by Avaddon so far, including the U.S., the U.K., China, Germany, India, UAE, Brazil, Spain, and France, among others.
The ACSC further acknowledges the Avaddon attacks that have already hit Australian enterprises and warns organizations of the denial-of-service (DDoS) attacks that Avaddon promises to launch for its victims. However, the FBI has made no comments on the probability of DDoS attacks after the Avaddon attacks.
Beware Of Search Engine Ads And Scams, Says FBI
Cyber adversaries frequently use search engine ads and search results to launch phishing attacks on users. These attacks have gained momentum since March 2021, and therefore the Federal Bureau of Investigation has released a warning alert for users. Millions of dollars were already lost to such schemes where the threat actors impersonate legitimate financial institutions.
There are two variants of this attack scheme, the FBI warns. One, where search engine ads are deployed, and the other, organic search results lead to a phished website. Both these schemes require users to enter their account details and contact numbers to reach their account landing page. However, since it’s a phished site, the login page doesn’t lead them to their account. The users then receive a call from the adversaries where they pretend to be employees of the financial institution. As customers engage in a long conversation with this fake representative regarding account restoration, a second person from the gang uses the entered credentials to make illicit wire transfers.
By the time victims figure all this out, the money is long gone from their accounts. Perhaps the best way to go about online transactions is the age-old cybersecurity tip in circulation: always visit the official portal directly.
NCSC’s Cyber Threat Warning Service To Be Available To All U.K. Institutions
At the Annual CyberUK Conference on 12th May, the National Cyber Security Centre (NCSC) announced that U.K. businesses are to get free access to Early Warning – its latest cyber-threat warning service. The said Active Cyber Defence (ACD) service previously operated as an alpha version and was available to select parties only. But the new beta version shall be made available to all U.K. organizations without cost. This move is initiated keeping in mind the many institutions that do not have a cybersecurity budget and are therefore exposed to threats online.
The pre-pandemic CyberUK Conference emphasized the need to boycott services from the Chinese firm Huawei in U.K.’s 5G rollout. This year’s online conference again discussed the U.K.’s vision of creating a secure, free, peaceful, and open cyberspace for all in contrast to the digital wars led by Russia, Chine, N. Korea, and Iran. The conference suggested investing £22 million in strengthening cyber capacity in the Indo-Pacific and African region over an unspecified time as a possible solution.
Beware Of Fake Chrome App
Devices in Europe are being hit by a new type of attack where an Android malware impersonates the Google Chrome app and steals user credentials. Cybersecurity researchers at Pradeo describe the processes involved in the attack, saying that it begins with victims receiving an SMS requesting custom fees to release a package delivery. Falling for this text makes an update for Chrome pop up.
Anyone who falls for this second scam clicks the link to update Chrome. He/She is taken to a fake website that downloads a malicious version of Chrome on their phones. Users are advised to use email security services and verify update notifications before following a random link.