66 Percent of Consumers Recycle Their Account Passwords. Do You?

As the world becomes more digitally bound and workers adapt to new business models, our cyber habits should improve considerably. Unfortunately, this hasn’t been the case. The 2020 LastPass ‘Psychology of Passwords’ report has revealed alarming online behavior by consumers.

Password recycling should not be ‘a thing’

In the past 5 months, the digital landscape has been pushed to its limits, and bad actors are combing every nook and cranny for new ways to exploit careless behavior.

New data reveals 91% of consumers agree that using the same or a variation of the same password is a security risk. However, despite the intense global awareness of data breach attacks and dangers of online exposure, 66% of respondents use the same password anyway, and 53% have not changed their passwords in the last 12 months. Why? According to the study, 60% attribute their questionable practices to the fear of forgetting login credentials, while 52% percent claim they wish to have more control of all of their passwords.

Cyber Security Haze?

The report also revealed that 42% of consumers believe the information available in their online account is not “valuable enough to be worth a hacker’s time.” They couldn’t be more wrong. Scraps of information are common puzzle pieces for an attacker.

A skilled social engineer can use any information in their advantage, and, ultimately, fill in the gaps of what encompasses your digital identity – basically, users are willingly handing over the keys to their online ‘kingdom’ to cybercriminals.

While 77% of participants say they feel informed on password best practices, 27% stated that they will write it down and 54% struggle to memorize passwords. The survey also highlights the contradictory state of consumers. If 80% are concerned with having their passwords stolen, 48% said that they would not change their password unless required.

MFA and Biometric authentication

In terms of additional layers of security, 54% of respondents use multi-factor authentication on their personal accounts and 37% use it at work. Additionally, 65% said they trust fingerprint or facial recognition more than traditional passwords, and that they would feel comfortable using fingerprints or face recognition to log in into their accounts.

The Global survey, which included 3,250 individuals from the United States, Australia, Singapore, Germany, Brazil and the UK, shows that respondents neglect good cyber hygiene even though they know better.

In recent months, we’ve been focusing on raising awareness of the risks of data breaches, and while some of us might ignore the next headline with a ‘so what’ attitude, millions of consumers suffer the consequences of ignorance each year.

Don’t ignore any security incident, especially when it comes to your online accounts. You are not just allowing attackers to impersonate or steal your identity, but you are also exposing your friends and family to the same risks.

We know you have other fish to fry right now, but nobody planned for this global shutdown. We’re here to help you by taking care of your online presence and digital footprint. If you’re interested in finding out more about how professionals can help you protect your digital identity, click here.

Stay Safe!

Chatbooks security breach. Users told to change their passwords

Chatbooks security breach. Users told to change their passwords

Customers of Chatbooks, a photo book-making company that turns users’ Instagram posts into books, have been warned that their data has fallen into the hands of hackers.

In a statement posted on the Chatbooks website, the company’s CEO Nate Quigley described how the firm had learned last week that information related to users had been stolen from its database.

According to an investigation conducted by third-party experts called in by Chatbooks, the security breach is thought to have occurred on March 26 2020.

Although the majority of the data stolen consisted of users’ names, email addresses, salted and hashed passwords, a “small proportion” of affected records also included users’ phone numbers, Facebook IDs, and social media access tokens.

Users are being advised to change their passwords as soon as possible:

“Even though the stolen Chatbooks passwords were not stolen in plain text format, as a precaution we recommend that you change your password at your earliest convenience.”

What’s disappointing, however, is to see no advice given to users to ensure that they are not using the same passwords on any other websites. Past breaches have proven, time and time again, that many people are in the habit of using the same password at different websites, meaning that a password breach at one site could lead to a hacker also gaining access to other online accounts.

For instance, you may not care a great deal if your Chatbooks account password is breached, but you certainly do not want a hacker to be able to use the information to also unlock – for instance – your email account.

Fortunately, payment card information which customers may have used to purchase photo books has not been compromised – for the very simple reason that Chatbooks does not store such details in its database. Furthermore, the company says that it has not seen any evidence that photographs were accessed by the hackers.

ZDNet reported this weekend that a hacking group known as ShinyHunters is claiming to be responsible for the Chatbooks breach and is offering to sell 15 million breached user records for US $3,500 via an underground criminal website.

The same hacking gang claim to have stolen millions of user records from the Zoosk dating app, the Home Chef food delivery service, the online art and design marketplace Minted, and others.

Cognizant Expects to Lose up to $70 Million from April Ransomware Attack

IT services giant Cognizant has calculated it will lose between $50 million and $70 million from a ransomware incident in April, the CFO said on an earnings call.

Cognizant confirmed to clients on April 18 that a security incident involving its internal systems was causing service disruptions. The hack had Maze Team’s signature, the firm said, adding that it was providing affected customers with indicators of compromise (IOCs) and other “defensive” technical information.

During last week’s earnings call with investors, Cognizant Chief Financial Officer Karen McLoughlin said the company stands to incur substantial financial damages as a result of the hack.

“While we anticipate that the revenue impact related to this issue will be largely resolved by the middle of the quarter, we do anticipate the revenue and corresponding margin impact to be in the range of $50 million to $70 million for the quarter,” McLoughlin said, according to ZDNet.

While Cognizant’s investigation is ongoing, the company believes it has contained the attack.

“Based on the investigation to date, we believe the attack principally impacted certain of our systems and data,” the company said in its quarterly SEC filing. “The attack resulted in unauthorized access to certain data and caused significant disruption to our business. This included the disabling of some of our systems and disruption caused by our taking certain other internal systems and networks offline as a precautionary measure.

“The attack compounded the challenges we face in enabling work-from-home arrangementsduring the COVID-19 pandemic and resulted in setbacks and delays to such efforts,” the filing said. “The impact to clients and their responses to the security incident have varied.”

Cognizant expects the business disruption to hit Q2 2020 financial results. It also expects to continue to experience a loss of revenue due to disruption, “either as a direct consequence of the attack or as a result of clients suspending our access to their networks as a security precaution.”

The $50 million-$70 million range includes incremental costs for the investigation, containment and remediation of the security incident, as well as legal fees and investments to enhance the company’s overall security posture looking forward.

DigitalOcean Accidentally Leaks Customer Data

DigitalOcean, a popular web-hosting platform, has started informing customers about a data leak that “unintentionally” exposed personally identifiable information online.

According to a notification sent to DigitalOcean users, the incident is linked to a 2018 company-owned document that was publicly available for viewing without requiring any authentication.

“This document contained your email address and/or account name (the name you gave your account at sign-up) as well as some data about your account that may have included Droplet count, bandwidth usage, some support or sales communications notes, and the amount you paid during 2018,” the letter reads. An investigation by the provider’s security team found the internal document was “accessed at least 15 times” before it was taken down.

No official statement was released, but company officials have commented on the incident, saying that “there was no malicious access to that document” and “less than 1% of our customer base was impacted.”
“The only PII included in the file was account name and email address,” the company added. “This was not related to a malicious act to access our systems.”

DigitalOcean takes full responsibility for the data leak, and promises to undergo extensive employee training for assuring customer data protection and preventing future incidents.

The notification letter also reassures users that “your Droplets and other systems you run on our platform have not been impacted by this mistake, we are committed to being transparent anytime we feel your data has been used in a way that does not align with our values.”

While there is no indication of foul play or a targeted attack, changing your account password and enabling two-factor authentication is never a bad idea. Companies should start focusing on protecting customer data, regardless of the type of information they handle. Even with limited information, bad actors can still formulate phishing campaigns to steal additional information or financial details.

WeChat is Surveilling International User Files to Strengthen China’s National Censorship Model

Chinese social media giant WeChat is screening documents and images shared by overseas users, according to researchers from the Citizen Lab of the University of Toronto.

As of late 2019, the messaging app is said to have had more than 1 billion active users on a monthly basis, sending around 45 billion messages daily.

According to the study, the company has been silently surveilling and analyzing millions of files shared by international WeChat users via a remote server hosted by Chinese Internet provider Tencent.

“Like any other Internet platform operating in China, WeChat is expected to follow rules and regulations from Chinese authorities around prohibited content,” the researchers said. Later adding that, “companies are expected to invest in human resources and technologies to moderate content and comply with government regulations on content controls. Companies which do not undertake such moderation and compliance activities can be fined or have their business licenses revoked”.

In the most recent report, entitled ‘We Chat, They Watch,’ Citizen Lab observed that the app’s remote server scans for “politically sensitive” content, adding a digital signature (MD5 hash) that assures no Chinese users can see the shared files.

Researchers conducted several experiments by running two separate channels. The first channel was set up to communicate entirely with non-China-registered accounts, while the second used a China-registered WeChat account. While no censorship of communication between non-China-registered accounts was detected, the study showed that “such accounts are nevertheless subject to content surveillance.”

“Such surveillance was discovered by confirming that politically sensitive content which was sent exclusively between non-China-registered accounts was identified as politically sensitive and subsequently censored when transmitted between China-registered accounts, without having previously been sent to, or between, China-registered accounts,” they added.

The analysis also shows that files containing prohibited topics and shared between non-China groups are only surveilled. If the same file is sent to a China group chat, however, the document is censored in real time.
“In the case of image files, we observed that sometimes WeChat censors them in real time even if they have not previously undergone content surveillance on the platform,” Citizen Lab said.

While the data gathered cannot demonstrate how long non-China users’ files have been surveilled, the team concluded that “files deemed politically sensitive were used to invisibly train and build up WeChat’s Chinese political censorship system.”

Researchers still have many questions, and although additional information was requested from both WeChat and parent company Tencent, the two companies have failed to respond to inquiries regarding WeChat’s privacy policies.

PrivateVPN and Betternet Apps Vulnerability Let Attackers Send Malicious Updates

VPN apps PrivateVPN and Betternet were plagued by a
vulnerability that could have let attackers push fake updates to the apps and
install malicious apps.

One reason people use a VPN solution is to stay safe in a
dangerous online world. A good example is when connecting to a public Wi-Fi
network. Without a VPN, the data sent and received by a user could be
intercepted.

But what happens when the VPN application itself has a
vulnerability that could let attackers remotely install applications on
people’s phones or laptops? While it’s true that most software has vulnerabilities,
the type of vulnerability found in Betternet and PrivateVPN is not what you
might expect.

The discovery was made by VPNPro, a publication that
deals with reviews, guides, trends, and other types of media. Only a couple of
VPN clients could have been exploited, although more apps permitted the initial
conditions.

“Vulnerabilities in the PC apps of two of the top 20
VPNs, PrivateVPN and Betternet, can allow hackers to intercept its
communications and force the apps to download a fake update,” says VPNPro.
“The app may automatically apply the fake update, or send the user a
notification to update the app.”

Researchers were able to force the two apps to download
and install a fake update, which means that someone with control over the
network, such as a free hotspot, for example, could trigger the installation of
malware.

People could be hit by ransomware, become a bot in DDoS
attacks, lose credentials for their banking accounts, and much more.

Fortunately, the developers of both apps were quick to
fix the issues after VPNPro notified them on February 18. PrivateVPN released a
patch on March 26 and Betternet fixed it on April 14.

Users can’t do much to mitigate this problem, but it’s a
good practice never to download files while connected to public Wi-Fi and
always have a security solution running to make sure malware is intercepted
before it has a chance to do any harm.

GoDaddy Data Breach Affects 28,000 User Accounts

GoDaddy, the world’s largest domain registrar, has confirmed that 28,000 of its customers’ web hosting accounts were compromised following a security incident in October 2019.

Unfortunately, the web-hosting company only discovered the breach in late April and filed a breach notice with California’s Attorney General’s Office earlier this week.

An “unauthorized individual had access to your login information used to connect to SSH on your hosting account,” said Demetrius Comes, the company’s CISO. “This incident is limited in scope to your hosting account. Your main GoDaddy.com customer account, and the information stored within your customer account, was not accessible by this threat actor.”

Although the breach is said to be limited to hosting accounts, excluding customer accounts and personal information, GoDaddy also reset passwords and usernames for some of their customers.The company gave no additional details of the incident, so it’s unknown how the bad actor gained access to customer login credentials. However, the cybercriminal may have managed to steal credentials or use brute force attacks to guess the password of customers.

“We have proactively reset your hosting account login information to help prevent any potential unauthorized access,” the company said. After apologizing to customers, GoDaddy pledged to provide website security and malware removal services free of charge.

“On behalf of the entire GoDaddy team, we want to say how much we appreciate your business and that we sincerely regret this incident occurred,” the company said. “We are providing you one year of Website Security Deluxe and Express Malware Removal at no cost. These services run scans on your website to identify and alert you of any potential security vulnerabilities. With this service, if a problem arises, there is a special way to contact our security team and they will be there to help.”

This is not the company’s first security incident this year. In early March, a spear-phishing campaign targeted a GoDaddy employee, leading to the threat actors gaining access to customer records. The attackers were also able to change DNS settings for some hosted websites.

For the moment, the two incidents have not been linked, and users are advised to closely monitor their accounts, making sure not to use recycled passwords.

Attackers Try to Deploy Remcos Malware with COVID-19-related Messages

A new phishing campaign targeting U.S. users is trying to
deploy Remcos, a powerful trojan that allows an attacker to gain full control
of a victim’s computer, according to research from Microsoft Security
Intelligence.

A multitude of phishing and spam campaigns directly
related to the situation created by the COVID-19 pandemic are active right now.
Bad actors try different approaches in their efforts to trick people into
sharing credentials or downloading malware.

With the economy directly affected by the pandemic,
people pay more attention to emails pretending to offer solutions, loans and
other types of financial support. Another effective approach is to scare people
with threats of account closures or company furloughs.

In this new campaign, the attackers are not interested in
phishing, but in deploying Remcos malware. If successfully deployed, the
malware can be used to steal credentials, control the PC remotely or even transform
the PC into a bot.

“We’re seeing pockets of Remcos campaigns targeting
specific sectors using various COVID-19 themed lures and atypical email
attachments,” said the Microsoft team on Twitter.
“Unlike more prominent malware, Remcos campaigns appear to be limited and
short-lived, an attempt to fly under the radar.”

In one message, the attackers pretended to represent the
US Small Business Administration, offering small businesses disaster loans. The
message contained an IMG file, which mounts as an image in Windows. The only
file was an executable that deployed Remco if run.

In a similar message, the attached file had a misleading
PDF icon, but was still an executable. In a third example, the message was
titled “COVID-19 related updates” and was directed at the members of the
American Institute of CPAs.

Among these messages, one was designed for South Korean
users and sought to impersonate the CDC’s Health Alert Network (HAN).

As usual, the best practice is never to open emails or attachments from unknown sources, and always make sure to have a security solution installed on the PC.

Here, at Bitdefender, we focus on protecting your devices from malicious activity and threats of all kinds. Now more than ever, we need autonomy and safety as we interact with the world through our internet-enabled devices. That’s why we have extended the trial for our best security suite, ensuring that you can take care of your family’s devices for up to 90 days. If you’re already set up, why not make an unexpected gift to your loved ones who might not be aware of emerging cyber threats?

HMRC Removes 292 COVID-19 Phishing Websites in Less Than 2 Months

Governments across the globe have been struggling to block the ongoing fraud attempts and attacks that have proliferated amid the coronavirus lockdown.

According to official data, Her Majesty’s Revenue and Customs (HMRC) has formally asked UK Internet Service Providers (ISPs) to remove 292 websites exploiting the coronavirus outbreak since the national lockdown began on March 23.

The information, gathered by legal firm Griffin Law under the Freedom of Information Act, shows that, out of nearly 300 fraudulent webpages, 237 were proactively identified by HMRC, while the remaining 55 were flagged directly by consumers via phishing@hmrc.gov.uk.

The statistics also revealed that HMRC identified 62 active coronavirus-related phishing scams seeking to take advantage of consumers, mainly through text messages or vishing.

“These typically take the form of an automated voice call claiming to represent HMRC and threatening legal action unless payment is made immediately,” HMRC officials said. “The calls spoof a valid HMRC telephone number in the caller ID field and provide a return number for victims to call to make a payment.”

Last month, fraudsters impersonating the HMRC were sending out phishing emails exploiting the government’s Coronavirus Job Retention Scheme (CJRS) in an attempt to steal personal information from small business owners. The phony email sent via no-reply@ncryptedprojects.com included several typos, and business owners were quick to report their findings to local authorities.

The measures are reinforced by the recent launch of the Suspicious Email Reporting Service (SERS) by the National Cyber Security Centre. The platform allows Brits to report any phishing or suspicious emails they receive in their Inboxes — including those related to Covid-19.

On the day of its christening, SERS received more than 5,000 hits of suspicious emails that helped authorities interrupt more than 80 malicious attacks. Part of the Cyber Aware campaign teaching good cyber hygiene, SERS allows security-minded citizens to spot phishing emails and actively participate in blocking cybercrime.

The ongoing crisis has created new opportunities for cybercriminals to profit off our fears and uncertainty by deploying an unprecedented number of cyber attacks, scams and misinformation. Consumers are advised to remain vigilant and continue reporting any suspicious email or fraudulent attempt they might encounter while browsing the Internet.

Ransomware Operators Hit Major Healthcare Supplier in Europe as COVID-19 Continues to Take Lives

Ransomware attackers have breached Europe’s largest private hospital operator, affecting not just its European branches, but every part of the company’s operations around the globe, sources say.

Infosec journalist Brian Krebs reported yesterday that Fresenius Group, Europe’s largest private hospital operator and a major provider of dialysis products and services, had been hit by ransomware, affecting operations worldwide.

The tip arrived from an anonymous reader who apparently works at Fresenius Kabi’s U.S. operations. He told Krebs that “computers in his company’s building had been roped off,” and that the apparent culprit was the Snake ransomware strain.

Snake recently joined the onslaught of big-name ransomware families like Ryuk, BitPaymer, DoppelPaymer, Sodinokibi, Maze, MegaCortex and LockerGoga, targeting enterprises and critical infrastructures. Snake is designed to pinpoint enterprise management processes and large-scale industrial control systems (ICS).

Fresenius spokesperson Matt Kuhn confirmed to Krebs that the company was indeed battling a cyber-attack.

“I can confirm that Fresenius’ IT security detected a computer virus on company computers,” Kuhn said. “As a precautionary measure in accordance with our security protocol drawn up for such cases, steps have been taken to prevent further spread.

“We have also informed the relevant investigating authorities and while some functions within the company are currently limited, patient care continues,” he said. “Our IT experts are continuing to work on solving the problem as quickly as possible and ensuring that operations run as smoothly as possible.”

It is unclear if Fresenius management will pay Snake operatives ransom, but according to Krebs’ tipster, this is not the firm’s first ransomware contagion. In fact, it allegedly paid $1.5 million to recover from a previous ransomware infection. The source also stressed that “This new attack is on a far greater scale.”

In March, Bitdefender announced that healthcare organizations worldwide could apply to receive enterprise-grade security at zero-cost as cyber-attacks quadrupled amid the emerging COVID-19 pandemic.

Healthcare organizations of all sizes, from small dental and ophthalmic practices to large hospitals, can visit http://www.bitdefender.com/freehealthcaresecurity to request free access to Bitdefender’s products. For large organizations, Bitdefender also offers professional services and advanced technologies like network traffic security and analytics.

Bitdefender hopes this initiative will help healthcare providers work at full capacity on delivering care without worrying about opportunistic attacks capitalizing on the Coronavirus crisis.

Posts navigation

1 2 3 4 5 6 7
Scroll to top