The best protection strategy against a cyber attack is to prevent it from happening by identifying the weak links before they can be exploited. This week’s cybersecurity headlines are all about the vulnerabilities organizations miss out on, which remain in their systems and how threat actors keep exploiting them. Here are the cyber headlines of this week.
Luxembourg Authorities Fined Amazon To Pay $880 Million
Like the many other US tech giants like Google and Facebook that have been fined in the past for defying the EU’s data protection rules, Amazon was recently fined $880 million by the Luxembourg authorities. The online retail giant was fined on 16th July by the Luxembourg National Commission for Data Protection because of its non-compliance with the EU General Data Protection Regulation (GDPR).
This happens to be the largest fine amount levied for a data protection violation since the GDPR has been passed. While the Securities and Exchange Commission (SEC) document provides no details of the data protection violation, a European consumer group claims that Amazon was collecting users’ data without permission for ad targeting.
Amazon was fined 35 million Euros in 2020 by French authorities for defying their laws on browser cookies. The GDPR provides several data protection and cybersecurity rights to users. Any organization that does not abide by these provisions can be fined up to 4% of its annual global turnover. We hope that this fine serves as a lesson and makes tech giants see beyond their profits!
Beware Of The New PayPal Credential Phishing Scam
Credential phishing attacks where spoofed login forms are circulated can be commonly seen in the cyber world, but the adversaries have gotten creative with their malicious schemes this time. In the latest credential phishing scam targeting PayPal users, adversaries send emails to victims from email addresses unrelated to PayPal. These emails do not contain any typos, are relatively sophisticated, and look genuine with all the links in an actual PayPal email.
In the email, the adversaries ask the victims to initiate a live chat regarding their PayPal account. Following the embedded link leads users to a fake live chat where the adversaries use automated scripts to begin the conversation. Continuing to chat ultimately requires the victims to give out their residential addresses, phone numbers, email addresses, and credit card details. Since such attack schemes are not seen very often, recipients must be vigilant and check the authenticity of the attached links and the email header.
The attackers have deployed such innovative tactics in the past, and they will continue doing so. Therefore, organizations, employees, and individuals must employ adequate email security measures.
An Overview Of The Changing Landscape Of Email Attacks
A report published by the cybersecurity firm Proofpoint reveals some vital information about the changing landscape of email attacks in recent years. Some of these highlights are:
- Email scams using CAPTCHA technology could attract 50 more clicks from victims in 2020 as compared to 2019. This equates to a 5% increase in response rate.
- One-fifth of all recipients fell for the malicious emails embedded with malware spreading PowerPoint and Excel attachments. The report further indicated that one-fourth of all malicious emails used attachments to conceal malware.
- The adversaries send out malicious emails in bulk instead of designing a perfect email (emphasis on quantity over quality). The Emotet botnet was found to be sending out the maximum number of malicious emails and hence registered the highest number of clicks.
- There has been a shift from using email to spread ransomware to spreading initial malware, which would eventually download ransomware. The top email attackers in 2020 were Qbot, The Trick, and Dridex.
Coming to the present year, cyberattacks using email as an initial attack vector have increased significantly in 2021. Therefore, users must adopt special email security measures and cybersecurity tools for security against such email attacks.
Malware Campaigns With Links To The Prometheus TDS Detected
The long list of cybercrime groups now has an addition by the name of Prometheus. The Prometheus cybercrime service helps malware gangs in spreading their malicious payloads to unsuspecting users through compromised websites. It is a traffic distribution system (TDS) that can be rented by the malware gangs to configure the malware payload they plan to distribute. Along with providing a list of compromised web servers, Prometheus also lets the threat actors choose their target victims based on their geographical location and browser version.
When threat actors use such malicious cybercrime services to launch malware attacks, their strength gets doubled. Unaware of all this, victims get redirected to the hacked websites when they click on the links. This is when the Prometheus backdoor begins operating and analyzes the victim’s browser details and redirects them to a clean web page or one with a malicious file. Prometheus services have been available on the dark web at the rate of $15/day and $250/month for almost a year now (first detected in August 2020).
Cybersecurity researchers at Group-IB researchers have detected several malware campaigns associated with the Prometheus TDS. Some of these include Qbot, Campo Loader, SocGholish, IcedID, Buer Loader, etc.
Federal Agencies Are The Most Vulnerable To Cyberattacks
A report of the cybersecurity measures taken by eight federal agencies, published by the Senate Homeland Security and Governmental Affairs Committee, indicates that only one out of the eight agencies (the Department of Homeland Security) was operating with the required cybersecurity protection measures in 2020. These federal agencies include the Departments of Homeland Security, Transportation, Agriculture, Housing and Urban Development, State, Social Security, Education, and Health and Human Services Administration.
This report speaks volumes about the inadequate cybersecurity practices adopted by federal agencies in charge of national security secrets and Personally Identifiable Information (PII) of millions of citizens. While the adversaries are developing innovative and sophisticated cyberattack strategies, these federal agencies continue to use legacy systems that no longer get security updates from their vendors. Such deliberate exposure to vulnerabilities encourages hackers to launch attacks targeting these agencies. Thus, there is a dire need to establish and develop cybersecurity strategies adopted by all federal agencies. National Cyber Director Chris Inglis says that he is working in that direction.
Apple Fixes Multiple Bugs In Its Products
After an unnamed cybersecurity researcher reported the CVE-2021-30807 flaw in Apple’s IOMobileFrameBuffer code, Apple has released several patches in its OS updates iOS, iPadOS, and macOS. Exploiting the CVE-2021-30807 bug would enable adversaries to run malicious code on user devices.
The patches have been released in iOS 14.7.1, macOS Big Sur 11.5.1, and iPadOS 14.7.1 updates. Lately, news about security bugs in Apple products has grabbed people’s attention. The iOS 14.7.1 update also fixes a bug that could unlock an Apple Watch if it was linked to an iPhone.