Those days are behind us when merely adopting traditional cybersecurity tools such as local anti-virus software used to be enough to identify and alert against possible cyber threats. Instead, it’s the era of availing services from third-party vendors, and this means any cyber risk to the vendor might be a security concern for the clientele. Among other interesting cyber news this week, here’s what the Reserve Bank of New Zealand found about its recent cyber breach.
KPMG Findings Of Reserve Bank Attack: New Zealand
The Reserve Bank of New Zealand’s supplier of file transfer application (FTA) Accellion underwent a cybersecurity incident back in January 2021. Although Accellion did issue an alert for its customers (including the bank), the notification and breach warning never made it to the Reserve Bank systems. Consequently, all bank files exchanged over Accellion were compromised. This was the second cyberattack in two months to hit the bank related to a third-party application.
As a ransomware protection measure, the bank hired KPMG to investigate the breach and strengthen loopholes within the Reserve Bank’s cyber defenses. Adrian Orr, the Reserve Bank Governor, has asserted that the bank would incorporate all of KPMG’s recommendations as system security has always been its priority. Interestingly, the KPMG report states that though any fault of the bank didn’t directly trigger the attack, it could have been resisted if proper security controls were in place!
Tourists Beware Of Using ATMs In Mexico
Imagine traveling to a new city and withdrawing money from the ATM to perhaps do so touristy shopping. What if the ATM is used to conduct fraudulent transactions and rob you of your money while still in a foreign land? Florian Tudor or The Shark, a Romanian cybercriminal (who was also accused of attempted murder), was recently arrested by the Mexican Police for conducting financial fraud using corrupt ATMs. Tudor reportedly headed these campaigns and stole over $1 billion from tourists to date.
However, his arrest wasn’t as smooth as it sounds. As per reports, Tudor and his associates put up a great fight before finally succumbing to authorities’ might! There was shouting and wrestling culminating in officers carrying Tudor forcibly by his arms and legs. Tudor’s gang has been named ‘Riviera Maya’ by the Organized Crime and Corruption Reporting Project (OCCRP). The gang has infiltrated over 100 ATMs throughout Mexico using Bluetooth skimmers and other malicious methods. What feels like a failure of cybersecurity practices in this entire affair is the role of bank employees in the scam. Insider threats can sabotage even the most secure security walls. In this case, small bribery to the bank employees worked wonders for Tudor and the gang!
Are Unsubscription Emails Genuine Today?
We are all tired of receiving newsletters and promotional emails from sites we don’t necessarily remember subscribing to, but responding to an email to confirm unsubscription isn’t the best idea right now. The adversaries have discovered another innovative way to verify the email addresses of prospective users whom they can target with phishing emails. This tactic involves sending an email with a subject like “Verification,” “Request, please confirm your unsubscription,” or “We_need your confirmation ASAP.”
These emails do not explain which service is being subscribed or unsubscribed per se; it just comes with two colorful boxes with links asking to subscribe or unsubscribe. An unsuspecting user who clicks on these embedded links to (un)subscribe would fall into a trap where your mail client sends an email to several hacker-controlled email IDs and verifies your email account as a functioning email address, suitable for phishing attacks.
Therefore, the best way is to mark such emails without any description of what website/service you’re (un)subscribing to as spam and refrain from clicking on an embedded link. One major cybersecurity tip to remember in such cases is that genuine websites never send out (un)subscription emails without explaining their services.
Do Not Worry About Cancelling Subscription To Bravomovies
The notorious malware BazarLoader is causing havoc again, this time under the pretense of a movie streaming service. Victims receive an email asking them to cancel their subscription to this so-called movie streaming service to prevent their credit cards from being charged in a typical attack. The landing page of this fake streaming service called BravoMovies lists several movie titles but downloads nothing but BazarLoader on users’ devices.
The fake email comes with customer care numbers which are, in reality, answered by actors from the malware group. These people impersonate real call center executives and guide victims through the process of canceling a subscription they hadn’t signed up for in the first place! Since email security services may not always be able to identify and report such malicious emails, users must remain vigilant, especially in current times of the pandemic when the use of online movie streaming sites has skyrocketed.
HPE Fixes Zero-Day Vulnerability
The HPE Systems Insight Manager (SIM) software which provides remote support management and automation solutions for HPE networking products, storage, and servers, was found with a zero-day remote code execution vulnerability in December last year. Tracked as CVE-2020-7200, the critical severity vulnerability enabled attackers with zero privilege to exploit it and execute code on vulnerable servers without any user interaction. It was found in the latest version of Hewlett Packard Enterprise’s SIM software with impacts only on the Windows version.
HPE has taken cybersecurity measures and released a security update that resolves the vulnerability. The SIM hotfix update kit requires admins to disable the “Federated CMS Configuration” and “Federated Search” features to eliminate the threat factor. This essentially means that the federated search feature will no longer be functional.
Google Search Results For AnyDesk May Download Malware
Have you looked up AnyDesk on Google lately? If yes, then chances are, you landed up at its fake version, which has bested even the original AnyDesk ad campaign by bypassing Googe’s anti-malvertising screening policing. Instead, clicking on the fake ad would install the malware, followed by a follow-on hands-on-keyboard activity.
Cybersecurity researchers believe that victims who downloaded the malicious program were tricked into executing the binary called AnyDeskSetup.exe. The objective of this binary is to launch a PowerShell script on the users’ devices. However, Google was quick to respond to the ad abuse and removed it immediately.