New Cybersecurity Threats and How to Protect Yourself: November 2017
New cybersecurity threats like phishing attacks, ransomware, and scams are always popping up. Stay up to date on the latest widespread threats and protection methods in our recurring series.
NETFLIX PHISHING CAMPAIGN
Watch out for phony Netflix subscription emails. This well-crafted scam comes in the form of an email saying that your account information needs to be updated to avoid suspension. Users who click through are taken to a fake Netflix page which requests login, personal, and financial information. This scam has recently targeted over 110 million users.
The fake site is hard to tell apart from the real thing, and includes their branding and popular shows. One of the only tells is the website URL on the false site - you'll notice in the picture above that the website address is not netflix.com. However on looks alone both the email and website are convincing. So be on your toes if you receive an email like this.
What to do: If you receive an email from Netflix requesting updated information, DO NOT follow links or click buttons contained in the email. Instead, go directly to Netflix.com yourself via your web browser. If there is truly an issue with your account, you'll be notified on their website.
At this point, you've probably heard about Bitcoin, or one of the many other virtual currencies gaining traction. In very simplified terms, these currencies are "created" using the computational power of modern hardware in a process called cryptomining.
"According to analysis from Malwarebytes, a company called Coinhive launched a service back in September that could mine for the digital currency known as Monero from directly within a web browser...[it] is cross-platform compatible and works on all modern browsers.
In and of itself, the technology offers a potential new revenue stream for website owners, perhaps replacing annoying banners and pop-ups with small slowdowns in computer performance stemming from the mining activity. It could be, in theory, a win-win." (Infosecurity Magazine)
Basically, you trade some of your computer hardware's power to help support the website owner via cryptomining, and potentially even get an ad-free browsing experience in exchange.
But of course, this service started to be abused. Responsible users only take over a small, nearly unnoticeable fraction of your CPU. But abusers are victimizing unsuspecting visitors to some websites by utilizing 100% of their CPU to mine for cryptocurrency with no knowledge or consent given. Your CPU is the "brain" of your computer, and using up 100% of its power mining for cryptocurrency would cause huge performance loss and slowdowns - not something anyone wants!
The user also has no way of knowing if he's mining for a legitimate website owner or a criminal gang that is taking advantage of hacked websites.
What to do: Unfortunately there is not much to do to protect against this. Note your computer's performance and CPU usage when visiting unfamiliar websites, and alert the webmaster or owner if a significant slowdown or issues are present. Keep an eye out for warnings from your web browser or in Google search results that a website may be compromised. Coinhive is also working to stem nefarious use of this service.
WINDOWS MOVIE MAKER SCAM
This cybersecurity threat has users downloading a fake version of the discontinued Windows Movie Maker software. Security company ESET discovered scammers boosting these fake download sites to the front page of search engine results by blackhat (aka frowned-upon) SEO techniques. This makes them appear legitimate and enticing to searchers.
Once downloaded, the software appears to function. However it aggressively pushes the user to "upgrade to the full version" for $29.95 to access all features. Of course, you're not paying for legitimate software! The scammers can then just sit back while they collect money from their victims.
What to do: Windows Movie Maker was discontinued in January 2017, so trying to download it from a 3rd party site is risky. Avoid searching out this software and use its official replacement instead - Windows Story Remix. If you've already installed the bogus software, uninstall it and run a full computer scan with your antivirus.
BROTHER PRINTER VULNERABIILITY
Versions of Brother printers 1.20 and earlier were found by Trustwave's SpiderLabs to contain an unpatched vulnerability. It can be abused by attackers to create a denial-of-service condition on the printer, making it unusable.
While denial-of-service attacks seem like nothing more than a nuisance, infected devices can be harnessed as part of a larger network to launch widespread attacks that can shut down huge websites or services.
Approximately 14,989 affected are in use today. Brother has not yet released a patch and it doesn't appear that they will.
What to do: Since we can't count on Brother for a patch, it's up to you or your company to protect vulnerable devices. For businesses, ensure strict access control is in place and use a secure firewall. For home users, check your network security and even unplug the printer (if it makes sense) when not in use.
EMAIL CHAIN PHISHING
Attacks through email are becoming harder to spot every day, and this one is exceptionally sneaky. Researchers at the security company Barkly discovered one of their clients was receiving phony emails from (what appeared to be) their familiar contacts at another business.
The phishing email came as a reply to a legitimate, existing email chain going between the two companies. The scammer's goal was to get their victim to open an attached Word document in the reply to infect that user's computer. The infection could then steal credentials and personal information, and continue to propagate the scam.
You can see from the picture above that this tactic would fool most people! The scammer relies on the legitimacy of the existing email chain to lower his victim's defenses. Once he's able to compromise one employee's email account, he can send these fake replies to as many contacts as he wants. Most people wouldn't think twice about opening an attachment sent via a reply, making this an extra dangerous cybersecurity threat.
What to do: This scam appears to be targeting businesses, so home users likely don't need to worry about this one.
For businesses, your IT admin should ensure that Microsoft Office macros are disabled network-wide if possible as the infection relies on macros to execute. Firewall rules should be updated to flag this type of attachment. Email servers and filters should also block attachments containing VBA/Macro code. And of course, update and configure antivirus/security software to catch potentially dangerous attachments.
At the employee level, take a minute to think before opening any attachments. Forward emails with attachments to your IT person for review if there is even a shred of doubt that it's legitimate.
If you need some extra help identifying or protecting against any of these or other attacks, let us know!