Archive for April 29, 2024

Malicious USPS Phishing Sites Exceed The Traffic Of The Real Site

Posted in Commentary with tags on April 29, 2024 by itnerd

According to a recent blog post by Akamai Technologies, security researchers analyzing phishing campaigns targeting the United States Postal Service saw traffic to the fake domains similar to that of the legitimate site and during the holidays it “greatly exceeded legitimate traffic”.
 
Akamai started observing USPS-themed phishing last October after an employee received a suspicious text that redirected to a site containing malicious JavaScript code. During the 2023 holiday season, researchers observed a significant volume of DNS queries going to “combosquatting” domains that impersonated the USPS service.
 
The design of the fake pages appears as exact replicas of the actual USPS site even with realistic tracking pages with status updates. The total queries generated by these malicious websites between October 2023 and February 2024 is over 1,128,146, just short of the 1,181,235 queries recorded for the legitimate USPS site. Meanwhile, the traffic to malicious domains from November to December was higher compared to the legitimate one.
 
Akamai only focused this research on USPS, so the scale of these combosquatting campaigns could encompass other postal brands and likely be larger.

Dave Ratner, CEO, HYAS had this to say:

   “Attacks involving typosquatting, combosquatting, or look-alike domains are increasing in nature and can be highly effective as individuals often don’t inspect the domain name itself closely enough. This can be made more complicated and difficult to detect with the use of different character sets like punycode which can make the difference between the legitimate and fake domain very hard, if at all possible, to detect by visual inspection.  This is one of the reasons that Protective DNS solutions are so vital today, because they know the legitimate domains from the fake ones and can be the critical difference between a successful attack and a failed attempt.”

This is pretty insane. The fact that the real USPS site gets less traffic than fake ones shows that this is a huge problem that really needs to be addressed. I am not sure how one would address this, but it’s high time to figure it out.

Leave a comment »

Inflation drives up Canadian business cost by 34 per cent for 23/24 financial year: SAP Concur

Posted in Commentary with tags on April 29, 2024 by itnerd

Today SAP Concur announced the results of its review into the costs of business expenses for the 23/24 financial year, which showed a 34 per cent increase in the cost of the average expense transaction compared to pre-pandemic levels in 2019, likely driven by rising inflation.

This is more than four times the 8.1 per cent inflationary rate at the peak of Canadian inflation in June 2022. This demonstrates that Canada, in particular, has been hit harder than average by inflationary increases compared to the rest of the world. Using SAP Concur data from thousands of businesses across Canada, the company has been able to pinpoint some of the main areas where businesses face rising costs and paint a clearer picture on where inflation is damaging profits.

The biggest culprits for rising costs came from gas, car hire and ground transportation which rose 40 percent, 36 per cent and 35 per cent respectively. Similarly, the cost of entertainment also saw a large inflationary rise, coming in at a 35 per cent increase. But the cost of train transportation took the top spot as the biggest expense for businesses, amassing 85 per cent of the total expense amount.

Through SAP Concur’s analysis, it’s clear that businesses across the board are facing real increments in their additional costs. Most of which are often unseen or unaccounted for early on in the financial planning process. Chris Juneau, head of market strategy at SAP Concur said “For all businesses, the costs of operating in the current global market has become trickier with time and the 23/24 financial year was no exception. As the end of the year approaches, now is the time that finance managers and business leaders need to be analysing their outgoings, forecasting for the next financial year and re-evaluating policies to deliver a more robust year ahead.”

To ensure the smooth management of finances in 24/25, finance leaders need to take advantage of every spending moment to navigate times of change. Through the implementation of expense management systems, businesses need to look at ways in which they can better control expenditure. Whether that’s through greater monitoring of expense compliance, improving visibility or improving data driven decision making, finance leaders can take active steps to gain better control for the new financial year.

You can have a look at their write up on this topic here.

Leave a comment »

Open Systems named a Leader in Zero Trust Edge Service Providers

Posted in Commentary with tags on April 29, 2024 by itnerd

Open Systems, the leading provider of native, managed SASE solutions with a superior user experience, today announced it has been named a Leader in The Forrester Wave™: Zero Trust Edge Service Providers, Q2 2024. In the report, Forrester evaluated nine vendors in the ZTE services providers market based on 34 criteria. Open Systems received the highest possible scores in 16 criteria including service delivery platform, networking and security services, last-mile underlay, service delivery capability, vision, innovation, roadmap, partner ecosystem, and adoption.

The Forrester report said: “It sustains its momentum through an excellent vision of target customer profiles, strong commitment to R&D, and deep engineering expertise. Open Systems delivers an impressive NPS above 60, a highly adaptable set of white-labeled targeted partners, and flexible services pricing. Its capability to integrate partners or develop features in 10 weeks or less is unmatched.”

The Forrester Wave™ for ZTE service providers notes, “[Open Systems’] impressive capabilities leverage AI and automation to autoresolve incidents later reported as KPIs. The vendor provides best-in-class service delivery agility that integrates DevOps and CloudOps. Its innovative engineering-to-operations rotation and direct level 3 support are unique among its competition…” The report also noted, “reference customers reported high satisfaction with its technical expertise, engineering support and application understanding.”

Open Systems SASE Experience eliminates the complexity of secure global access and network management, while providing easy and comprehensive global support. It delivers all the benefits of SASE with an exceptional delivery experience – ideal for enterprises who don’t have the resources to do it all. SASE Experience frees customers from the operational overhead of appliance purchases, installation, and maintenance, to minimize staffing costs and provide a fast ROI.

Visit Open Systems at the RSA Conference on May 6-9 in San Francisco at booth 6567 in Moscone North Hall to learn more about Open Systems SASE Experience.

Leave a comment »

AI-driven cyber threats intensify as 50% of Canadian businesses cut IT budgets: CDW Canada

Posted in Commentary with tags on April 29, 2024 by itnerd

Today, CDW Canada launched its annual Canadian Cybersecurity Study, Cybersecurity in Focus 2024: Trends, Threats and Strategieswhich revealed that declining IT budgets coupled with a rise in cyberattackers leveraging AI increasing successful cyberattacks, putting Canadian organizations at increased risk. This year’s findings show a sharp 50 percent reduction in IT budgets since 2023, yet successful cyber incidents have surged by 26 per cent, highlighting a critical vulnerability gap.

The report delves into how these budget cuts are leading to “breach fatigue” among IT security teams. With fewer resources, teams are overextended, which not only reduces their effectiveness in managing threats but also impacts their ability to respond to incidents promptly and effectively. This scenario is creating an environment where organizations are more susceptible to cyberattacks.

To learn more about the state of cybersecurity for Canadian organizations, download the study here.

Leave a comment »

Kaiser Permanente Reports Data Breach Affecting 13.4 Million Patients 

Posted in Commentary with tags on April 29, 2024 by itnerd

The reports of pwnage on this Monday morning continues.

Kaiser Permanente, a major U.S. nonprofit health plan operator, has announced a data breach potentially affecting 13.4 million patients across multiple states. This incident involves unauthorized sharing of personal information through third-party trackers on Kaiser’s websites and mobile apps.

The healthcare giant, which operates 40 hospitals and 618 medical offices in regions including California, Colorado, and Washington, D.C., identified the breach through an internal investigation. The trackers in question, associated with entities such as Google, Microsoft Bing, and Twitter, were transmitting personal data when patients accessed Kaiser’s digital platforms. This data included IP addresses, names, and details indicating whether a user was logged into Kaiser services, as well as their navigation and interaction behaviors on the site.

Though Kaiser reported the unauthorized access to its networks in an April 12 filing with the Dept. of Health and Human Services, the notice was reportedly made public on Thursday.

Importantly, the exposed data did not include usernames, passwords, Social Security Numbers, financial data, or credit card numbers. However, the breach did lead to the exposure of sensitive information such as full names, medical records, dates of service, and lab results.

In response to the breach, Kaiser Permanente has removed the implicated trackers and enhanced their data security measures to prevent similar incidents in the future. Kaiser told Reuters it has not identified any misuse of the data. The breach is part of a broader issue highlighted by the FTC regarding the use of third-party trackers in healthcare and other sensitive areas.

Ted Miracco, CEO, Approov Mobile Security had this to say:

   “Healthcare apps often process and store highly sensitive data, including personal health information (PHI), which requires protection beyond the standard security measures provided by mobile operating systems. The incident with Kaiser Permanente illustrates the vulnerabilities that can arise from mobile applications with inadequate security and improper API usage.

   “Healthcare apps frequently use APIs to interact with other apps and services, including cloud-based storage and third-party analytics. Securing these APIs is crucial as they can be exploited to access sensitive data. Solutions that manage API keys and monitor API gateways can provide an added layer of security by ensuring that only authorized users and systems can access the APIs. This data is a prime target for cybercriminals due to its value on the black market.”

The fact that the healthcare sector continues to be such a “soft target” for threat actors should concern everyone. Action needs to be taken to change that ASAP. Because as it stands right now, threat actors are having a field day at our expense.

Leave a comment »

London Drugs Pwned By Hackers Who Took Down Their Entire Operation…. That’s Not Good To Say The Least

Posted in Commentary with tags on April 29, 2024 by itnerd

I got a tip from a few people who read this blog that something was up at Canadian pharmacy and electronics chain London Drugs yesterday as I started to hear rumours that they had been pwned by hackers in such a catastrophic way, that it took down all their stores. The most that the company said at the time was this:

This morning, I can confirm that they have been pwned by hackers.

There’s currently no word on how they got pwned or what the exact situation is. Nor is there any ETA in terms of when this could be resolved. But this has taken down all 80 of their stores which means that the pwnage is catastrophic. This isn’t good for their customers who rely on them to prescriptions for starters and could have very long lasting effects for all involved.

I’ll be updating this story as I get more information.

UPDATE: London Drugs is now saying this on Twitter:

3 Comments »