BBB Warns of Health Insurance Open Enrollment Scams

With health insurance open enrollment season just around the corner, US consumers preparing to change or add to their health coverage should watch out for scammers, the Better Business Bureau (BBB) warns.

According to the consumer protection organization, fraudsters call unsuspecting citizens and pose as official Medicare agents or “health care benefits advocates.”

During the phone call, these so-called agents will try to “sell” you a better Medicare program by offering the same benefits at a lower price.
What do you need to do? Provide your personal information alongside your Medicare ID number, and you’re all set.

To assure success, some scammers deploy petty scare tactics by insisting that your health insurance will be canceled unless you re-enroll. The advisor also provides a quick fix – share your personal information, and you will be set up with a renewed health insurance plan.

By offering your Medicare ID number and additional personal identifiable information, consumers may fall victim to identity theft.

How to protect against open enrollment scams

A seasoned fraudster can be very convincing, both in person and over the phone. However, you can safeguard your personal and financial information by paying attention to the most common red flags:

• Unsolicited emails or phone calls from individuals representing Medicare or ACA (Affordable Care Act) that ask for personal information. Usually, individuals already enrolled in a health insurance plan will not be contacted by Medicare advisors

• Professional health insurance providers will not threaten or seek to scare you into registering for specific health insurance plans

• Refuse any promotional gifts or free health screenings in exchange for your personal information

• Never provide your Medicare ID number, Social Security number, health plan details, or financial information by phone or email to unverified individuals

• When in doubt, hang up the phone and visit the official website of your health insurance provider for guidance

Having Saved Credit Card Details in Plaintext Since 2015, British Airways Is Fined £20 Million

Having Saved Credit Card Details in Plaintext Since 2015, British Airways Is Fined £20 Million

  • British Airways broke data protection laws, and failed to detect attack for more than two months
  • Sensitive information left exposed with no encryption

British Airways has been fined £20 million (US $26 million) following a data breach which saw its systems hacked and the personal and payment card information of 400,000 customers stolen.

It’s the biggest fine ever handed out by the UK’s Information Commissioner’s Office (ICO), which – by comparison – smacked Facebook’s wrist for a mere £500,000 over the Cambridge Analytica scandal.

But many will consider that British Airways got away lightly, having initially faced a £183 million ICO fine over the breach which occurred in 2018.

British Airways’ fine may be the biggest on record, but it’s still a 90% drop from what it could have been.

Announcing the final penalty, the ICO explained that it had taken into account representations from British Airways and “the economic impact of COVID-19 on their business.”

Reading between the lines, if British Airways’ fortunes hadn’t been hit so hard by the global pandemic then the fine it would have been walloped for its enormous security failure.

And British Airways’ failure was monumental.

Amongst the airline’s blunders identified by the ICO’s redacted report on the incident included:

  • a failure to enforce the use of multi-factor authentication (MFA) on accounts that provided remote access to British Airways’ internal systems.
  • a failure to prevent the exploitation of a Citrix vulnerability that allowed the attacker to launch unauthorised tools and scripts to conduct network reconnaissance.
  • the storage of login details (username and password) for a privileged domain administrator account in plaintext, giving the attacker “virtually unrestricted access to the relevant compromised domain.”

And perhaps most astonishingly of all, British Airways recklessly stored customers’ payment card details – including CVV numbers – as plaintext files.

Approximately 108,000 payment cards were available to the attacker because the data had been stored by British Airways with no encryption whatsoever.

This security breach, alongside the planting of malicious Magecart skimming code on the airline’s payment webpage which stole the personal and payment card details of hundreds of thousands of travellers as they made bookings via BA’s website and mobile app, leads ultimately to today’s record fine.

Yes, £20 million is nothing like as big as the £183 million fine that British Airways was originally facing. But it’s still the largest fine ever meted out for a data breach in the UK, and will hopefully go some way to make other companies put more effort into securing their systems better.

Credit Card Details of 3 Million Dickey’s BBQ Customers Up for Sale on Dark Web Marketplace

Bad actors are selling access to 3 million Dickey’s Barbecue Pit customer credit cards, cyber-security researchers disclosed earlier this week.

On October 12, the dark web marketplace known as Joker’s Stash uploaded a collection of millions of compromised credit cards, most of them belonging to US-based customers.

According to Gemini Advisory researchers, who analyzed the data, the data appears to have originated from compromised point-of-sale (POS) systems used at Dickey’s restaurants.

A Gemini analysis indicates that 156 out of 456 current Dickey’s Barbecue Pit locations were compromised in the breach. Specifically, locations across 30 states, “with the highest exposure in California and Arizona.”

“Gemini sources have also determined that the payment transactions were processed via the outdated magstripe method, which is prone to malware attacks,” the report said. “It remains unclear if the affected restaurants were using outdated terminals or if the EMV terminals were misconfigured; either of these possibilities may hold serious liability for Dickey’s.”

The company also established the exposure window between July 2019 and August 2020, giving cybercriminals 10 months to steal payment records.
While Dickey’s has yet to release an official report, the company said it has started an investigation with the FBI.

“We received a report indicating that a payment card security incident may have occurred,” Dickey’s said. “We are taking this incident very seriously and immediately initiated our response protocol and an investigation is underway.

“We are currently focused on determining the locations affected and time frames involved,” the company added. “We are utilizing the experience of third parties who have helped other restaurants address similar issues and also working with the FBI and payment card networks.”

Zoom Is Finally Testing Full End-to-End Encryption

Zoom finally announced that it’s starting to roll out end-to-end encryption (E2EE) for all users, marking a significant change in the security deployment of one of the most famous video-conferencing apps.

The Zoom platform has had its share of problems amid its rise to fame, mostly due to the coronavirus pandemic. Because the company allowed users without premium accounts to join and use the platform, the number of people on the platform increased substantially.

This generated unintended side effects, as security researchers started to scrutinize the platform. They found numerous vulnerabilities and discovered that the company is not really encrypting conversations as they were claiming, or least not by using an industry standard.

“Zoom’s end-to-end encryption (E2EE) offering will be available as a technical preview, which means we’re proactively soliciting feedback from users for the first 30 days,” said Max Krohn, head of security and engineering at the company. “Zoom users – free and paid – around the world can host up to 200 participants in an E2EE meeting on Zoom, providing increased privacy and security for your Zoom sessions.”

For now, only a handful of people will benefit from the Zoom features, but the encryptions should make their way to the general public soon.

Zoom has made some progress in recent months, dealing with malevolent users entering open meetings and abusing participants and to more zero-day severe vulnerabilities, some of which threat actors used in the wild.

Beware COVID-19 Charity Fraudsters, Warns the FBI

Scammers have no qualms about exploiting the pandemic to steal from the unwary

Don’t just look out for yourself, warn vulnerable friends and family of scams too

From the as-if-you-didn’t-have-enough-to-worry-about-in-2020 department, the FBI has warned that scammers are attempting to defraud the public by exploiting the COVID-19 pandemic.

Scams can, of course, arrive via all manner of routes – face-to-face on the doorstep, via phone calls or text message, but it’s even easier for fraudsters to target a larger pool of victims by making their initial contact via email or social media.

And with so many people more reliant than ever on the internet for staying in touch with friends, family, and work colleagues, there’s danger that more people than ever before are being exposed to the risk of being scammed.

And what better lure might there be than by exploiting an individual’s anxiety about the Coronavirus? Or plucking on heartstrings through an emotional appeal to help others who might have had their lives turned upside down by the pandemic?

As early as April 2020, the UK’s National Computer Security Center (NCSC) revealed that in just a one month period they had taken down more than 2,000 online scams related to the Coronavirus pandemic.

That statistic included hundreds of fake online shops selling masks, hand sanitiser, and other fraudulent items. In addition, 555 malicious Coronavirus-related webpages had been found designed to distribute malware, and 200 phishing pages attempting to steal passwords, payment card details, and other personal information.

And, most common of all, over 800 online scams related to advance-fee fraud scams which claimed to offer large windfalls if a setup payment was made.

Here’s an example of one Covid-19 charity scam, first spotted by Bitdefender’s Liviu Arsene earlier this year:

Part of the email reads:

Help rush life-saving medical care to families an children in China, neighboring countries and beyond. Your girt will ensure that these vulnerable individuals receive coronavirus vaccines to the medical services they desperately need.

The email goes on to ask for a Bitcoin payment to be made to “contribute towards this noble cause.”

There’s a simple way to help you and your loved ones spot the tell-tale signs that something may be a scam: apply the simple SCAM test:

S – seems to be too good to be true.

C – contacted out of the blue.

A – asked for personal details.

M – money is requested.

To be honest, I’m not too worried about you falling for one of the Coronavirus-related charity scams. You’re reading the Hot for Security blog, so you’re already demonstrating much more security savviness than the typical internet user.

But you may have vulnerable friends and family who could be tricked by a convincing scammer to donate money, or hand over personal information, in the belief that they were doing good or going to benefit personally.

For their sake, get clued up about the scam techniques used by fraudsters and help educate them to spot threats for themselves.

Because sick-minded scammers themselves have no qualms about taking advantage of the most vulnerable, and exploiting the biggest global health crisis of our lifetime.

For more tips on how to protect yourself against scams and charity fraud, check out the tips from the FBI.

Law Firm Seyfarth Shaw Hit by Apparent Ransomware Attack

Seyfarth Shaw fell victim to a crippling malware attack over the weekend, the global law firm disclosed earlier this week.

According to an official statement, unauthorized activity was detected by the company’s monitoring systems on Saturday.

“On Saturday, October 10, 2020, Seyfarth was the victim of a sophisticated and aggressive malware attack that appears to be ransomware,” the company said. “We understand that a number of other entities were simultaneously hit with this same attack. Our monitoring systems detected the unauthorized activity, and our IT team acted quickly to prevent its spread and protect our systems.”

Although Seyfarth stressed that it found no evidence that client or internal data was removed or accessed, many computer systems were encrypted, forcing the IT team to “shut them down as a precautionary measure.”

The latest update suggests the company has not been able to bring its systems back online. However, it is coordinating with the FBI to track down the culprits.

“Our team continues to work around the clock to resolve this incident,” Seyfarth said on October 13. “As reported earlier, we have found no evidence that any of our client or firm data was accessed or removed.”

Headquartered in Chicago, Illinois, the Am Law 100 firm serves more than 300 of the Fortune 500 companies with a fleet of over 900 lawyers spread across 18 offices worldwide.

Barnes & Noble Cyberattack May Have Exposed Personal Information of Shoppers

Barnes & Noble has fallen victim to a cyberattack, which resulted in unauthorized access to company networks and exposure of customer information, the bookstore giant disclosed earlier this week.

The attack also affected the entire NOOK system, and customers still can’t sync recent purchases to their e-readers or access e-book content on their devices.

The systems outage began on October 10, and customers quickly turned to social media platforms inquiring about the sudden disappearance of their NOOK library.

“Hey, what gives? My app updated and now the 3 books I paid for have still not come in for days, there’s no updated info on the website,” one customer said in a tweet.

Unfortunately, NOOK servers are still down, and the bookseller has yet to say when the issue will be fixed.

“We are continuing to experience a systems failure that is interrupting NOOK content,” reads an alert posted by the company. “We are working urgently to get all NOOK services back to full operation.”

The attack did more than cripple Barns & Noble corporate network. According to a notice sent to customers, the security incident may have exposed email addresses, billing, shipping information and telephone numbers of shoppers.

“Firstly, to reassure you, there has been no compromise of payment card or other such financial data,” the email reads. “These are encrypted and tokenized and not accessible. The systems impacted, however, did contain your email address and, if supplied by you, your billing and shipping address and telephone number.”

Although there is not enough evidence to suggest data exfiltration at this time, the possibility cannot be ruled out. If confirmed, the attackers could have also viewed customer transaction history, such as purchase information related to products purchased from Barnes & Noble online store.

Until further notice, shoppers are advised to look out for any unsolicited emails. Despite these drawbacks, the company expects that NOOK will soon be fully operational once their systems are back online.

“We expect NOOK to be fully operational shortly and will post an update once systems are restored. Thank you for your patience,” reads the latest update from October 14.

Norway Accuses Russia of Cyber Attack on Parliament

Norway this week said it has reason to believe Russia was behind an August cyber attack targeting the email system of the country’s parliament, according to an AFP report.

In August, Norway announced hackers had gained access to some lawmakers’ emails. Today, the country believes Russian actors were behind the hack. Despite not specifying what information prompted its conclusions, the country’s foreign ministry is convinced of its findings. So much so that it encouraged businesses to follow guidelines on cyber security, the AFP reports.

“Based on the information the government has, it is our view that Russia is responsible for these activities,” foreign minister Ine Eriksen Søreide said in a statement.

“This is a very serious incident, affecting our most important democratic institution,” she added.

Norway’s government made similar accusations in 2017 when the country’s Labour Party claimed Russian actors conducted covert intelligence activities on its parliament. The attack was believed to be in line with the hacking of the Democratic National Committee the year prior, which US intelligence agencies pinned on the Kremlin.

COVID-19-Related Emails Remain Prevalent in Phishing Campaigns

Coronavirus-related email subjects continue to dominate phishing campaigns, remaining the primary threat, with more than half of phishing emails containing some information related to the COVID-19 pandemic.

Phishing campaigns represent a primary attack vector for cybercriminals looking tosteal personal information or infect devices with malware. The pandemic proved to be a gold mine for these criminals, as people’s thirst for information regarding this subject increases from one day to the next.

“Covering the entire third quarter, simulated phishing tests with a message related to the coronavirus were the most popular, with a total of 50%,” states the report. “Social media messages are another area of concern when it comes to phishing, and LinkedIn phishing messages dominate as the top social media email subject to watch out for, holding the number one spot at 47%.”

Of course, remote working also offers fertile ground for phishing campaigns, as people relax too much at home and don’t watch out for emails that mimic official ones from colleagues or the IT department.

The KnowBe4 gathered a top 10 of email subjects, and it’s clear that many of them are actually directed at employees and not regular users:

  • Microsoft: View your Microsoft 365 Business Basic invoice
  • HR: Pandemic Policy Update
  • IT: Remote Access Infrastructure
  • Facebook: Account Warning
  • Check your passport expiration date
  • TeleMed Appointment Reminder
  • Twitter: Confirm your identity
  • Apple: Take part in our iPhone 12 trial and enter for the chance to win a FREE iPhone12
  • Exchange ActiveSync service disabled for [[email]]
  • HR: Benefit Report

Of course, people working from home should always be cautious when opening emails seemingly coming from inside the company. If an email looks suspicious, report it immediately to the IT department so other people won’t make the mistake of opening it, if it proves to be fake.

CISA and FBI Observed APT Groups Targeting State Networks Related to US Election Systems

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued an advisory after spotting advanced persistent threat (APT) actors exploiting multiple legacy vulnerabilities combined with a newer privilege escalation vulnerability—CVE-2020-1472—in Windows Netlogon.

Less than a month before the November 3 elections in the United States, law agencies have detected APT actors trying to exploit known vulnerabilities, attacking federal and state, local, tribal and territorial (SLTT) government networks. The two agencies stated the attackers chose these targets because of their proximity to elections information.

So far, CISA has no evidence that election data integrity has been compromised, but the agency noticed some instances where this activity resulted in unauthorized access to elections support systems.

“CISA is aware of multiple cases where the Fortinet FortiOS Secure Socket Layer (SSL) VPN vulnerability CVE-2018-13379 has been exploited to gain access to networks,” states the advisory. “To a lesser extent, CISA has also observed threat actors exploiting the MobileIron vulnerability CVE-2020-15505. While these exploits have been observed recently, this activity is ongoing and still unfolding.”

These vulnerabilities are useful in conjunction with the recent critical Netlogon vulnerability, tracked as CVE-2020-1472 , which attackers use to compromise all Active Directory (AD) identity services. When these credentials become available to threat actors, they use legitimate remote access tools, such as VPN and Remote Desktop Protocol (RDP), to access the environments.

Of course, the first course of action for any private or state entity is to ensure that allvulnerabilities are patched. Secondly, if security professionals observe any activity related to CVE-2020-1472, they should immediately assume that APT actors have compromised AD administrative accounts and take the appropriate action.

This new campaign is still ongoing and will likely cause problems as long as CVE-2020-1472 remains active in unpatched systems.

Posts navigation

1 2 3 4 66 67 68
Scroll to top