“Malicious actors target government contractors,” according to SC Magazine. While targeting government contractors certainly isn’t a new occurrence, it does seem to be on the rise. “Over the past few months we have observed the increasing use of yet another type of transaction-based social engineering scheme designed to hook companies dependent on government contracts: the invitation to bid.”
“Fake bid invitations have been around for a while, to be sure. In many respects, they are a natural variation of the fake RFQ, which leverages a targeted organization’s search for new business to dupe its employees into opening the digital door to security breaches, costly downtime, and financial mayhem.”
Microsoft Word Exploit
There’s nothing harmful about a Word document, is there? That’s what scammers are hoping you think when they launched their newest exploit. According to Fortinet, “Recently, FortiGuard Labs captured a number of Word documents from the wild, which were spreading a new variant of the Ursnif trojan. These infected Word documents contain malicious VBA code.”
“When a victim opens the Word document, it displays a security warning message designed to protect MS Word users from malicious macros (VBA code). However, the document content deceives victims to click the Enable Content button. When the button is clicked, the malicious VBA code is executed because the code is in an AutoOpen sub that is executed at opening the document.”
PayPal Phishing Scam
PayPal is back in the news as a favorite target of phishers. According to an article on Hoax-Slayer, “Supposedly, PayPal’s system has detected that you are using a new unknown device.” That’s the hook on this phish.
It’s not a particularly clever phish, but according to the article, “The criminals responsible for the scam email hope that at least a few recipients will be panicked into clicking the cancel link in the mistaken belief that their PayPal account has been hijacked.”
Phishing Phrontier
We don’t usually report good security news here, but we have some today. Thanks to some quick action on the part of government officials in the city of Unalaska, Alaska, the city has recovered about $2.3 million of the $2.9 million it had sent to fraudsters in a business email compromise phishing scam.
According to Tripwire, “In the case of Unalaska, we were able to recover funds and prevent any future loss thanks to the timely and thorough response from the city administration. We are continuing to investigate this case in an effort to identify the perpetrators.” Way to go, civil servants.
Microsoft SharePoint Exploit
You can be sure if there’s some way to exploit a Microsoft product, hackers will find a way. “The CofenseTM Phishing Defense CenterTM has identified a phishing campaign that uses SharePoint to elude the Symantec email gateway and other perimeter technologies. Using enterprise services like SharePoint almost guarantees the phishing URL will be delivered to the intended target. Aimed at the banking industry, here’s how this campaign works.”
Body Count
We know that healthcare providers are constantly being taken in by phishing scams, but this last week was one for the books. According to Paubox, “five separate healthcare providers have reported potential data breaches due to the lack of email security service in just the span of a week.” The providers include University of Cincinnati Health, East Central Indiana School Trust, Artesia General Hospital in New Mexico, Conway Regional Medical Center in Arkansas, Care Foundation Hospital in Illinois. “In each case, hackers were able to access employees email accounts through a phishing email.”
Facebook Breach
If you judge data breach by the number of people affected, last week’s data breach announcement at Facebook is the gold medal winner. According to SC Magazine, “Unprotected databases are behind a leak that exposed information, including unique identifiers and phone numbers, on more than 419 million Facebook users – 133 million of those records belonging to users in the U.S.” That’s a big number.
“The exposed data is the latest in a string of privacy and data protection missteps by Facebook, which had fallen under intense scrutiny after it suspended Cambridge Analytica —the data analytics firm used by the Trump and Brexit campaigns to target voters—for violating its policies when it collected personal data from accounts of 50 million Americans without their permission.”
Aliznet Exploit
Coming in right behind Facebook this week is Aliznet, French retail consultancy, with a database leak on 2.5 million Yves Rocher customers. According to the article, “The most sensitive leaked data involves [2.5 million Canadian] customers of Aliznet’s client Yves Rocher, an international cosmetics and beauty brand. The information exposed included customers full personally identifiable information (PII), along with detailed records of their orders.”
This is one contest where the silver medal is just as bad as the gold.
And that’s the week that was.