The cyber domain is live with news of data breaches, security patches, zero day vulnerabilities, among other cyber attacks but ensuring cybersecurity comes with the strenuous task of investing in phishing prevention measures. Despite this, we can always check on the latest cybersecurity trends and stay prepared for such an incident at a personal level. Here is the list of the latest updates from the cyber world from this past week.
Google Drive Links May Not Be Safe After All
While Google tries to warn users of spam emails, the adversaries still manage to defy such email security services. This time around, they use Google’s no-reply email address to send emails to users in Russian or inaccurate English. The hackers are inviting users to collaborate on a Google doc that’s infected with malware. Quite a believable way to approach somebody, isn’t it?
Well, here’s one scam we can now be wary of – Emails with catchy subjects, including Chrome Search contest 2020, personal notifications, or prize scams, need to be watched out for. These might be the ones downloading Trojan or spying on users secretly!
Watch Out Your Actions And Clothing While On Zoom Calls
In another lockdown induced Zoom attack, the attackers exploited a zero-day vulnerability in the app to record the actions of users while on a Zoom video call. The episode became known after a video of renowned journalist Jeffrey Toobin masturbating while he was on a Zoom video call with the New Yorker and WNYC radio members went viral.
The latest Zoom sextortion scam proves once again the importance of phishing protection while working online. The scammers are mainly targeting US-based users and sending them emails with subjects like “Regarding Zoom Conference call.” They are demanding a ransom of $2000 in bitcoin, failing to pay, which would mean a publicly available clip of the victim in some compromising act.
The scammers played the Covid card and said that it’s only because they lost their job due to the pandemic that they are exploiting the victim and threatening them. The attack serves as a lesson to all people whose job revolves around video conferencing to guard and protect themselves from phishing.
Data Stored With Folksam Leaked
In the latest breach, the Swedish insurance provider, Folksam, failed to protect their clients from phishing attacks by accidentally leaking the private data of over a million of its customers. Sensitive information such as the social security numbers, banking information, pregnancy insurance data, etc. of users was unintentionally shared with tech giants like Facebook, Google, Microsoft, and LinkedIn.
The company has claimed that the data hasn’t been exploited by third parties so far. They are working with Sweden’s data watchdog and keen on not letting such a security breach happen again.
U.S. Voters’ Data Targeted By Iranian Hackers
As is customary, several cybersecurity incidents are emerging with the U.S. elections in action. The CISA and the FBI have collectively released an advisory for voters asking them to stay vigilant of Iranian hackers spoofing Proud Boys’ email. These state-sponsored Iranian APT groups are stealing voter registration data from several election sites in the U.S. by exploiting vulnerabilities such as web shell uploads, directory traversal, SQL injection, etc.
To further enhance their shield against anti-phishing protection measures, the adversaries used paid VPN services like HQSERV, NordVPN, CDN77, and M247. FBI reports state that these hacker groups could extract voter registration data from September 29 to October 17. Voters are advised to update and patch applications, audit networks regularly and disable unused services and ports.
Data Breach At Chesapeake Regional Healthcare
Third-party service vendor Blackbaud discovered and stopped a ransomware attack affecting around 23000 patients, employees, and donors of Chesapeake Regional Healthcare. Although professor Gregg Tennefoss from Tidewater Community College says that such cybersecurity incidents are a way of life in 2020, for victims, nothing justifies the breach of their personal information such as name, email address, mail address, demographics, and relationship history with the organization.
Blackbaud claims that the damage is minimal, considering the fact that no social security numbers, bank account or credit card information, or other personal identification information were compromised in the breach. Affected persons have been notified, but further details aren’t disclosed, keeping in mind the anti-phishing norms.
Is Working From Home Safe?
A report by Cyberchology suggests that 80 percent of businesses are experiencing increased cybersecurity risk triggered by human factors in the 2020 pandemic. The report further revealed that 75 percent of companies operate with staff hitherto, not in charge of many responsibilities. Over two-thirds of the surveyed consumers were clueless about cybersecurity norms. The research suggests that enterprises must adopt anti-phishing solutions based on individual profiles by identifying the personality types most vulnerable to cyberattacks.
Cybersecurity specialist Jake Moore highlights the absence of a more centralized security system, which in turn, echoes the security shortcomings of the work-from-home setup. John Hackston from the Myers-Briggs Company hints towards creating a more collective security approach where I.T. and H.R. work together to identify the employees best suited for specific security roles – now that is some perspective for all security experts!
And that’s the week that was.