Friday Five: 5/29 Edition
Costa Rica's state bank deals with hackers, North Dakota's contact tracing app causes controversy, Google issues warnings of government-backed attackers - catch up on all the week's news with the Friday Five.
1. Hackers Leak Credit Card Info from Costa Rica’s State Bank by Ionut Ilascu
The hackers behind the Maze ransomware strain are claiming to have breached the Bank of Costa Rica (BCR). When the bank denied the intrusion, the group published what it claims is stolen credit card information on its “leak” site this week. The attackers said they shared the 2GB spreadsheet of payment card numbers because they are not looking to make any profit from it but instead are trying to draw attention to the bank’s security lapses. Screenshots from the database contain data for 50 to 100 cards, some with the last four digits removed, along with expiration data and verification codes for each. Maze operators on April 30 claimed to have more than 11 million cards from BCR, four million being unique and 140,000 belonging to US citizens. The group said they gained access to the bank’s network in August 2019 and again in February 2020, but the bank issued a public statement saying that after thorough investigation from internal and external specialists, they firmly confirm that the institutions systems had not been violated.
2. North Dakota’s Contact Tracing App Sends User Data to Third Parties by Sarah Coble
3. New Fuzzing Tool Finds 26 USB Bugs in Linux, Windows, MacOS and FreeBSD by Catalin Cimpanu
A research team of academics created a new “fuzzer” tool, USBFuzz, that's specifically designed to test the USB driver stack of modern-day operating systems. The application allows security researchers to send large qualities of random data as inputs to other programs and then analyze how the tested software behaves in order to discover new bugs. After investigating the USB driver stack employed by operating systems such as Linux, MacOs, Windows, and FreeBSD with USBFuzz, the researchers discovered 26 new vulnerabilities. Specifically, one bug was found in FreeBSD, three were in MacOS, four in Windows 8 and Windows 10, and a whopping 18 were found in Linux. Hui Peng and Mathias Payer, the researchers behind the project, reported the bugs to the Linux kernel team and plan to present their research at the Usenix Security Symposium virtual security conference, scheduled for August 2020.
4. Google Sees Resurgence in State-Backed Hacking, Phishing Related to COVID-19 by Anurag Maan and Kanishka Singh
Amid the coronavirus outbreak, researchers have seen a clear resurgence in hacking and phishing attempts related to the pandemic, and Google is no exception to that trend. Security experts from Google have sent over 1,700 warnings in the month of April to users whose accounts were being targeted by government-backed attackers. The company’s Threat Analysis Group has observed “hack-for-fire” firms creating Gmail accounts posing as the World Health Organization. These groups have been targeting business leaders, mostly in the financial services, consulting, and healthcare industries, in numerous countries including the United States, Slovenia, Canada, India, UK and more. Medical and healthcare professionals, including WHO employees themselves, have also been the targets of these attacks.
5. Riding the State Unemployment Fraud ‘Wave’ by Brian Krebs
The U.S. Secret Service is warning of a “massive fraud” campaign against state unemployment insurance programs as many U.S. states struggle to combat a flood of fake Pandemic Unemployment Assistance (PUA) claims. The warning noted that false filings from a well-organized Nigerian crime ring could cost U.S. states and the federal government hundreds of millions of dollars in losses. After the Secret Service published the warning, various underground forums and chat networks related to financial fraud lit up with activity. Many people are selling tutorials and “methods” on how to siphon unemployment insurance funds from different states and avoid getting the phony request flagged as suspicious. Unfortunately, many states have few controls in place to detect and stop suspicious behavior such as multiple payments going to the same bank account, or filings made for different people from the same internet address.