Hackers change tactics to fight Microsoft, a new phishing service aimed at banks and more.
Welcome to Cyber Security Today. It’s Friday, July 29th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
On Wednesday’s podcast I told you that Microsoft has resumed default blocking of VBA macros buried in email attachments as a safety precaution. For years hackers have been abusing the macro capability in Office applications to automatically download and run malware. The blocking of downloadable macros is intended to shut that door. But a report from Proofpoint reminds IT pros that threat actors have been switching tactics for months, moving away from macros to new tactics. These include using container files such as ISO and RAR, as well as Windows Shortcut files which are known by the LNK extension. The lesson: Be aware of the latest techniques and tactics used by threat actors through threat intelligence from your vendors and your colleagues.
Hackers are quietly installing bandwidth-stealing malware on victims’ computers. According to researchers at the South Korean firm ASEC, this type of malware, called proxyware, allows the hacker to not re-sell the bandwidth to other people but also access the victim’s email account. Another strain can be installed on a vulnerable Microsoft SQL server, where it can be used for stealing corporate data. IT departments should find ways to verify all their bandwidth is being used legitimately. Individuals who are tempted to earn money from installing proxyware on their systems should know they are risking it being abused by crooks.
Crooks are running a new phishing-as-a-service platform targeting financial institutions in Canada, the U.S., the U.K. and Australia. Appropriately, it’s called Robin Banks. Researchers at IronNet say the site not only has email and text phishing kits aimed at Bank of America, CapitalOne, Citibank, Lloyds Bank and Wells Fargo, it also has templates customers can use to phish and steal Google, Microsoft, T-Mobile and Netflix users passwords. One example of a scam is a text message sent to people purporting to be from a bank alleging unusual activity on their debit card. Victims are asked to click on a link to very their identity. Hackers can sign up for the service for around $200 a month.
Cybersecurity experts regularly caution people to be very careful before downloading anything to their PCs or smartphones, even if it supposedly offers productivity help. Here’s another reason why: Researchers at Volexity have identified malicious extensions for the Google Chrome and Microsoft Edge browsers. These extensions steal data from victims’ Gmail and AOL email accounts. The report doesn’t explain how the extensions are installed — whether users think the extension is useful, or if users are victimized by clicking on a phishing link. At the very least IT security teams should regularly check on extensions on computers used by high-risk employees. Individuals need to the same by clicking on the Extensions icon in their browsers. In Chrome its a funny black icon in the top right. In Edge it’s a gear-shaped icon on the address bar.
Finally, later today the Week in Review podcast will be available. Guest David Shipley and I will discuss reports on the continuing increase in cyber attacks, the major ways attackers compromise firms and the cybersecurity talent shortage.
Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.
Currently a freelance writer, I’m the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I’ve written for several of ITWC’s sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com