“Font Not Found” malware scam and other security headlines this week

Scam Of The Week: Don’t fall for “Font not found” Google Chrome malware scam

Next time when you accidentally or curiously land up on a website with jumbled content and a “font not found” error prompting you to download a missing font to read the blog by updating the Chrome font pack…

…Just don’t download and install it. It’s a trap!

Scammers and hackers are targeting Google Chrome users with this new hacking scam that’s incredibly easy to fall for, prompting users to download a fake Google Chrome font pack update just to trick them into installing malware on their systems.

Here’s What the Font Not Found Scam is and How it works:

It’s a “The ‘HoeflerText’ font wasn’t found” scam.

Security firm NeoSmart Technologies recently identified the malicious campaign while browsing an unnamed WordPress website that had allegedly already been compromised, possibly due to failing to apply timely security updates.

Read full article: https://thehackernews.com/2017/02/HoeflerText-font-chrome.html

Security Headlines

Gizmodo – Everything You Need to Know About Cloudbleed, the Latest Internet Security Disaster (thx to Ryan Lieving for the article)

Have you heard? A tiny bug in Cloudflare’s code has led an unknown quantity of data—including passwords, personal information, messages, cookies, and more—to leak all over the internet. If you haven’t heard of the so-called Cloudbleed vulnerability, keep reading. This is a scary big deal.

Let’s start with the good news. Cloudflare, one of the world’s largest internet security companies, acted fast when security researcher Tavis Ormandy of Google’s Project Zero identified the vulnerability.

The bad news is that the Cloudflare-backed websites had been leaking data for months. Cloudflare says the earliest data leak dates back to September 2016. It’s so far unclear if blackhat hackers had already found the vulnerability and exploited it secretly before Cloudflare fixed its code. Cloudflare’s clients include huge companies like Uber, OKCupid, 1Password (Update: 1Password claims its user data is safe), and FitBit.


KnowBe4 – Phishing Attack Uses Stuxnet Technology And Makes PCs Into Roombugs

Researchers have uncovered an advanced malware-based operation that siphoned more than 600 gigabytes from about 70 targets in a broad range of industries, including news media, and scientific research.

The operation uses malware to capture audio recordings of conversations, screen shots, documents, and passwords, according to a blog post published last week by security firm CyberX. Targets are initially infected using malicious Microsoft Word documents sent in phishing e-mails.

Once compromised, infected machines upload the pilfered audio and data to Dropbox, where it’s retrieved by the attackers. The researchers have dubbed the campaign Operation BugDrop because of its use of PC microphones to bug targets and send the audio and other data to Dropbox.

To become infected, targets had to open the malicious Word document attached to the phishing e-mail and enable macros. To increase the chance targets would change this default setting, the Word document included a graphic that looked like an official Microsoft notification. It read: “Attention! The file was created in a newer version of Microsoft Office programs. You must enable macros to correctly display the contents of a document.”


Darkreading – Cyber Insurance Uptake Hampered By Skewed Data, Poor Communication

Sales of cyber insurance policies are suffering from a lack of shared data about security incidents, too few standard definitions, and not enough focus on risk mitigation for insurers or customers, according to a report from Deloitte released this week.

Value of the current cyber insurance market ranges from $1.5 billion to $3 billion, and remains a small fraction of the $505 billion revenues from all insurance premiums bought in 2015.

Many businesses have yet to purchase a cyber policy: not even a third of US businesses (29%) bought cyber insurance as of October 2016, according to a survey by the Council of Insurance Agents and Brokers that Deloitte cites. s.


KnowBe4 – Hackers Demand $25K-$30K After Ransomware Attack Takes Down Bingham County (Idaho) Servers

Bingham County officials are scrambling to rebuild parts of their computer infrastructure after a ransomware attack took down county servers on Wednesday. The Bingham County IT team is pulling all-nighters to recover their systems.

Every department in the county is affected in some way,” Bingham County Commissioner Whitney Manwaring tells EastIdahoNews.com. “Phone systems, computer systems, everything. Some departments are handwriting documents.”

The ransomware attack was initially discovered on Wednesday, Manwaring said. The phishing attack infected the county servers and made the data inaccessible to employees. A group of hackers, who have not been identified, then contacted the county and demanded they pay a ransom to obtain a key that would decrypt the data on the county servers.

“They have asked for a price between $25,000 and $30,000 to be paid through BitCoin or Western Union.


Backup Server Infected

The county chose not to pay the ransom and switched over to backup servers Wednesday. Bingham County information technology staff thought the virus was contained but discovered around 4 a.m. Friday that the virus had infected at least one backup server, causing the entire county to go offline.

Emergency 911 calls went through to the system, but were not recorded by the computer tracking logs. Dispatchers also had to use physical maps and cell phones to direct officers to emergencies and at times used computer-aided dispatch services from Boise, officials said. Thousands of radio transmissions and hundreds of calls and police reports will have to be logged manually once the system is back up.


Security Bulletins from the FBI and DHS

DHS – Simulated ransomware attack highlights vulnerability of industrial controls

Cybersecurity researchers at the Georgia Institute of Technology have developed a new form of ransomware that was able to take over control of a simulated water treatment plant. After gaining access, the researchers were able to command programmable logic controllers (PLCs) to shut valves, increase the amount of chlorine added to water, and display false readings.

The simulated attack was designed to highlight vulnerabilities in the control systems used to operate industrial facilities such as manufacturing plants, water and wastewater treatment facilities, and building management systems for controlling escalators, elevators and HVAC systems. Believed to be the first to demonstrate ransomware compromise of real PLCs.


FBI – Identity Theft

A stolen identity is a powerful cloak of anonymity for criminals and terrorists and a danger to national security and private citizens alike. For the FBI, identity theft is nothing new—we’ve been dealing with criminals faking IDs for decades, from check forgers to fugitives on the run. But the threat is more pervasive and the scams more sophisticated than ever, including online elements. The FBI uses both its criminal and cyber resources—along with its intelligence capabilities—to identify and stop crime groups in their early stages and to root out the many types of perpetrators, which span the Bureau’s investigative priorities.

The FBI also taps into its investigative partnerships with federal, state, and local law enforcement (including dedicated task forces in major cities) as well as information-sharing partnerships with every sector of business, government, and education. The Bureau also reaches out with information and education to make sure identity theft doesn’t happen to you.


Vendor Information

Microsoft – MySQL instances attacked by database blackmailers

Internet-facing instances of the popular MySQL information store are being targeted by attackers following similar attacks on insecure databases earlier this year.

Security vendor GuardiCore this month spotted hundreds of attacks emanating from a Dutch web hosting company.

The attack itself relies on brute-forcing or guessing the root password for MySQL instances. If the attacker gets in to the MySQL database, a new table called “WARNING” with contact details for a ransom payment is added. In a variant of the attack, the ransom note table is called “PLEASE_READ”.

After the ransom note tables are created, the attacker then deletes all databases found on the compromised server.

The ransom is 0.2 Bitcoin (A$297.50) to restore the data.


Google – Google: “Office Inbox Receives 6.2X More Phishing Than Your Inbox at Home”

Google Research analyzed over a billion emails passing through Gmail, and the results were presented last week at the RSA security conference in San Francisco which I visited.

Extremely interesting stats: corporate email addresses are 6.2 times more likely to receive phishing attacks, 4.3X likely to receive malware compared to personal accounts, but 0.4X less likely to receive spam.

This is the first time that results like this have been published but it makes sense to the degree that corporate inboxes tend to contain more valuable information, which can be monetized much more easily.


Related Posts