Cybersecurity Weekly: Gift card scams, IKEA breached, cyber knowledge gaps
New twists on gift card scams flourish on Black Friday. IKEA was hit by a cyber attack that uses stolen internal reply-chain emails. Cybersecurity knowledge gaps at any level of the organization pose security risks. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. New twists on gift card scams flourish on Black Friday
Black Friday cybercriminals have revamped gift card scams to better target modern online shoppers. New tactics include bogus gift card generators that install malware designed to sniff out a victim’s cryptocurrency wallet address. The attack offers gift cards for significantly less than face value as a ploy to entice users to buy stolen gift-cards or download malware.
2. IKEA hit by cyber attack that uses stolen internal reply-chain emails
Once the mail servers are compromised, threat actors use the access to reply to the company’s internal emails in reply-chain attacks. Sending the messages from the organizations allows the attackers to bypass detection. Threat actors also exploit the access to internal emails to target business partners.
3. Cybersecurity knowledge gaps at any level of the organization pose security risks
Human error remains the most pressing challenge in cybersecurity, with as many as 88% of the breaches attributed to mistakes made by employees. Jack Koziol, CEO and founder of Infosec, discussed with CyberNews why education remains the most important cybersecurity practice to follow and how Infosec will help in training your workforce.
4. Hackers using compromised Google Cloud accounts to mine cryptocurrency
Threat actors are exploiting improperly-secured Google Cloud Platform instances to download cryptocurrency mining software to the compromised systems. They can then abuse its infrastructure to install ransomware, stage phishing campaigns and even generate traffic to YouTube videos for view count manipulation.
5. Study reveals an urgent need to quantify cybersecurity culture
Studies have shown that organizations with strong cybersecurity cultures experience increased visibility into potential threats and reduced cyber incidents. However, cybersecurity culture has historically been difficult to quantify. To help overcome this challenge, Infosec came up with a survey to classify cybersecurity culture and systematically measure results.
6. Recently patched Apache HTTP server vulnerability exploited
The vulnerability, tracked as CVE-2021-40438, is a server-side request forgery that can be exploited against httpd web servers that have the mod_proxy module enabled. An attacker can leverage this critical flaw using a specially crafted request to cause the module to forward the request to an arbitrary origin server.
7. VMware patches file read, SSRF vulnerabilities in vCenter Server
The arbitrary file read issue, rated high severity, affects the vSphere Web Client and it could be exploited to obtain sensitive information by an attacker who has network access to port 443 on vCenter Server. The second flaw, rated medium severity, affects the vSphere Web Client, specifically the vSAN Web Client plug-in.
8. Tardigrade malware hits biomanufacturing facilities
WHEN RANSOMWARE HIT a biomanufacturing facility this spring, something didn't sit right with the response team. The attackers left only a halfhearted ransom note, and didn't seem all that interested in actually collecting a payment. It was later discovered that they had used a shockingly sophisticated malware strain dubbed Tardigrade.
9. Arrest in Ransom Your Employer email scheme
In August, it was discovered that scammers were contacting people and asking them to unleash ransomware inside their employer’s network, in exchange for a percentage of any ransom amount paid by the victim company. This week, authorities in Nigeria arrested a suspect in connection with the scheme.
10. Attackers Actively Target Windows Installer Zero-Day
Attackers are actively exploiting a Windows Installer zero-day vulnerability that was discovered when a patch Microsoft issued for another security hole inadequately fixed the original and unrelated problem. The researcher posted a proof of concept exploit on GitHub for the newly discovered bug that he said works on all currently-supported versions of Windows.