The Ivanti Threat Thursday Update for December 14, 2017: New Hacks and Scams, Just in Time for the Holidays!
Greetings and welcome. This week, new attacks on banks around the world, a new PayPal phishing scam, and new evidence that users are password-challenged. ‘Tis the season, so if you care to gift us with any relevant opinions, reactions, and/or suggestions, please feel free to share. Thanks in advance – and Happy “Holidaze!”
MoneyTakers Take Up to US$10 Million from U.S., UK, Russian Banks
A Russian cybersecurity firm claims a new group, known as “MoneyTaker,” has used multiple methods to steal as much as US$10 million from banks in three countries.
- As SiliconANGLE reported, Moscow-based Group-IB claims MoneyTaker “has stolen funds from 20 companies. Some 16 of the attacks targeted U.S organizations, three attacks were on Russian banks and one bank in the U.K. was hit.”
- “The group primarily stole money by targeting card processing and bank transfer systems, including the Russian Interbank System AWS CBR and the Society for Worldwide Interbank Financial Telecommunication, better known by its acronym of SWIFT.” The group also gained access to First Data Corp.’s STAR network, used by automated teller machines (ATMs), then issued new ATM cards, then used those to withdraw money from ATMs in the U.S. and Russia.
- Group-IB said MoneyTaker’s use of publicly available tools and multiple theft methods make tracking and investigating its thefts more challenging. Group-IB also said it expects MoneyTaker to expand its activities, and that these “may move into new regions including South America.”
What We Say: As the Russian proverb made popular in English by U.S. President Ronald Reagan says, "Доверяй, но проверяй" (“Doveryai, no proveryai”) – “trust, but verify.” It’s not enough to put robust cybersecurity measures in place. These must be tested and verified frequently, to ensure that they are doing the most possible to keep your organization ahead of hackers and attackers. Discovery, inventory, frequent testing, and regular updates are all essential components of effective, multi-layered cybersecurity. (See “What to Do BEFORE All Hell Breaks Loose: Cybersecurity for Today’s Extreme Threats.”)
New Phishing Attack Targets PayPal Users
Just as end-of-year holiday shopping ramps up, a new scam seeks to trick PayPal users into giving up fraud-enabling identity information to hackers.
- As Gizmodo reported, “an illicit campaign is underway to deceive PayPal users into believing recent transactions they’ve made ‘could not be verified.’ In emails bearing PayPal’s logo, consumers are warned that PayPal has detected suspicious activity on their accounts and that the company requires updated information to avoid fraudulent charges.”
- The phishing email includes an authentic-looking PayPal logo, an apparent originating address of “service[at]paypal.com,” and erroneous uses of punctuation and English. It also includes a link to a fake PayPal web page that provides a fake case ID number, then says the visitor will need to supply “a few personal details” “to return ‘your account to regular standing.’”
- The next page then asks for “your full name, address, date of birth and mother’s maiden name—everything short of a Social Security number that a person would need to effectively steal your identity. It also requests that you enter your credit card information, including the full number, expiration date and security code.”
What We Say: The Research, Investigations, Solutions and Knowledge (RISK) team at Verizon, authors of the lauded Verizon Data Breach Investigations Report, estimate that more than 90 percent of cybersecurity incidents and breaches begin with phishing expeditions such as this one. To protect your organization, you need tools and processes in place that will protect against the malicious software these unsuspecting users introduce into your environment. You also need education efforts that constantly remind users to follow this “one simple instruction” from the Gizmodo report. “Never login or provide any information to a website that you reach by clicking on a link sent to you by email, no matter how official or authentic it seems.” (See “User Education for Cybersecurity: Yes, It’s Worth It.”)
New Dark Web Data Dump Confirms It: Users Create Bad Passwords
Identity threat intelligence company 4iQ claimed discovery of a single file on the dark web that contains 1.4 billion clear text credentials. The file is not only huge, but confirms that where cybersecurity is concerned, many users are their own worst enemies.
- As 4iQ posted on Medium, none of the passwords discovered in this latest cache was encrypted. The company added that it had “tested a subset of these passwords and most of the have been verified to be true.”
- This latest find includes data captured in 252 previous breaches, but is “not just a list. It is an aggregated, interactive database that allows for fast (one second response) searches and new breach imports. Given the fact that people reuse passwords across their email, social media, e-commerce, banking and work accounts, hackers can automate account hijacking or account takeover.”
- Analysis by 4iQ examined the nature of the passwords included in the database. The top 10 passwords, ranked by count, are “123456,” “123456789,” “qwerty,” “password,” “111111,” “12345678,” “abc123,” “1234567,” “password1,” and “1234567890.” The database also reveals high levels of password reuse.
What We Say: Surveys indicate that many companies do little or nothing to compel users to implement strong passwords, change them regularly, or avoid password reuse. Robust identity management tools and processes, combined with focused, repeated user education, are essential to breaking bad user habits and encouraging better ones. (See “The Biggest Mistakes Users Make When Choosing a Password” and “User Education for Cybersecurity: Yes, It’s Worth It.”)
Empower and Protect Your Users and Your Enterprise with Ivanti
Productivity and cybersecurity all start with your users and their endpoints. Ivanti can help control your users’ applications, devices, and admin rights, while delivering the access they need to do their jobs. Ivanti can also help fight malware attacks more effectively, and recover from successful threats more quickly. And Ivanti can help enhance endpoint management at your organization.
Check out our cybersecurity and endpoint management solutions online. Then, contact Ivanti, and let us help your business tap more of The Power of Unified IT™. (And do please keep reading, sharing, and commenting on our security blog posts, especially our Patch Tuesday and Threat Thursday updates.)