Google Doc phishing attack via social engineering, plus more security news

Scam Of The Week: Massive Google Doc Phishing Attack Propagated Through Social Engineering

A very convincing Google Docs phishing scheme raced through the internet yesterday, looking like it came from someone you know. It was almost spreading as fast as a real computer worm, but this was driven by social engineering the end-users instead. Looks like a million people fell for it in less than an hour.

If an end-user clicked the link, it asked for access permissions to their Gmail account which actual Google Docs links would not need. But this granted permissions to a malicious third-party web app that was simply named “Google Docs,” which gave phishers access to the user’s email and address book, and then spammed everyone in their contacts with the same link to that bogus Google Docs file.

Read full article:

Security Headlines

KnowBe4 – Ransomware Causes 90-day Downtime And 700K Damages For Law Firm Who Then Sues Their Insurer

Cybercriminals held a Providence law firm hostage for months by encrypting its files and demanding $25,000 in ransom paid in Bitcoin to restore access, according to a lawsuit filed in U.S. District Court.

Moses Afonso Ryan Ltd. is suing its insurer, Sentinel Insurance Co., for breach of contract and bad faith after it denied its claim for lost billings over the three-month period the documents were frozen by the ransomware infection.

According to the lawsuit, during the time their files were inaccessible, the firm’s 10 lawyers were left unproductive and inefficient — amounting to $700,000 in lost billings.

After paying the Bitcoins, the firm then had to re-negotiate those terms after the initial key to de-crypt their files failed to work. They had to purchase more Bitcoins in exchange for other tools to recover their documents.

KrebsonSecurity – Breach at Sabre Corp.’s Hospitality Unit

Breaches involving major players in the hospitality industry continue to pile up. Today, travel industry giant Sabre Corp. disclosed what could be a significant breach of payment and customer data tied to bookings processed through a reservations system that serves more than 32,000 hotels and other lodging establishments.

In a quarterly filing with the U.S. Securities and Exchange Commission (SEC) today, Southlake, Texas-based Sabre said it was “investigating an incident of unauthorized access to payment information contained in a subset of hotel reservations processed through our Hospitality Solutions SynXis Central Reservations system.”

According to Sabre’s marketing literature, more than 32,000 properties use Sabre’s SynXis reservations system, described as an inventory management Software-as-a-Service (SaaS) application that “enables hoteliers to support a multitude of rate, inventory and distribution strategies to achieve their business goals.

Threatpost – Ultransonic Beacons are Tracking Your Every Movement

More than 200 Android mobile applications listen surreptitiously for ultrasonic beacons embedded in audio that are used to track users and serve them with targeted advertising.

Academics from Technische Universitat Braunschweig in Germany recently published a paper in which they describe their research into the practice of using these beacons to monitor a consumer’s shopping and possibly television viewing habits in order to serve them relevant advertising. The researchers raise a number of privacy concerns about such tracking, and how adversaries can abuse it to deduce a person’s physical location, and even theoretically de-anonymize their use of the Tor browser or crytocurrency such as Bitcoin.

TechNewsWorld – New Strain of Linux Malware Could Get Serious

A new strain of malware targeting Linux systems, dubbed “Linux/Shishiga,” could morph into a dangerous security threat.

Eset on Tuesday disclosed the threat, which represents a new Lua family unrelated to previously seen LuaBot malware.

Linux/Shishiga targets GNU/Linux systems using a common infection vector based on brute-forcing weak credentials on a built-in password list. The malware uses the list to try a variety of different passwords in an effort to gain access. This is a similar approach used by Linux/Moose, with the added capability of brute-forcing SSH credentials.

BankingInfoSecuirty – ATM Security Software Found to Have Serious Vulnerability

A security application for ATMs that’s designed to thwart “jackpotting” attacks, where cash machines are commanded to surrender their holdings, has been found to have a serious vulnerability.

The software called Checker ATM, developed by the Spanish company GMV, now has a patch. Positive Technologies, a security company, found the vulnerability (CVE-2017-6968), which is a type of memory-related hiccup known as a buffer overflow, in versions 4.x and 5.x.

“The defect allows an attacker to remotely run code on a targeted ATM to increase his privileges in the system, infect it and steal money,” writes Positive Technologies in a blog post.

According to GMV’s website, Checker ATM is used by more than 20 banks across 80,000 cash machines.

Security Bulletins from the FBI and DHS

FBI – ONC Seeks Help Measuring Interoperability Progress

Federal regulators are seeking healthcare sector input on how to measure the progress that’s being made toward achieving nationwide secure exchange of health data to help improve the quality of care.

The Department of Health and Human Services’ Office of the National Coordinator for Health IT is seeking comment on a proposed Interoperability Standards Measurement Framework to evaluate progress so far by healthcare sector stakeholders – including health IT vendors, healthcare providers and health information exchange organizations – in implementing and using standards facilitating health information exchange now that electronic health record use is widespread.

Now, with its proposed Interoperability Standards Measurement Framework, ONC is looking to assess how the healthcare sector is progressing in implementing and using interoperability standards.

DHS – Homeland Security Issues Warning on Cyberattack Campaign

The Department of Homeland Security is warning IT services providers, healthcare organizations and three other business sectors about a sophisticated cyberattack campaign that involves using stolen administrative credentials and implanting malware, including PLUGX/SOGU and RedLeaves, on critical systems.

The alert notes that DHS’ National Cybersecurity and Communications Integration Center “has become aware of an emerging sophisticated campaign, occurring since at least May 2016, that uses multiple malware implants. Initial victims have been identified in several sectors, including information technology, energy, healthcare and public health, communications and critical manufacturing.”

Vendor Information

Microsoft – Microsoft Inches Toward a World Without Passwords

Microsoft on Tuesday announced the general availability of its phone sign-in for customers with Microsoft accounts — a system that could be the beginning of the end for passwords.

The new system requires that customers add their accounts to the Microsoft Authenticator app, which comes in both iOS and Android versions, noted Alex Simons, director of program management of the Microsoft Identity Division.

After supplying a username, a member will get a mobile phone notification. Tapping “approve” on the app will authenticate the member’s information.

The new phone sign-in process is easier than two-factor authentication, according to Simons. 2FA requires users first to enter passwords, and then to enter a code delivered via text or email.

Related Posts