Friday Five: Cloud Security Concerns, LinkedIn Users and Young Gamers Targeted, & More
Hacks, social engineering, and phishing dominated this week’s headlines, but cloud security is at the forefront of government officials’ minds. Catch up on all the latest in this week’s Friday Five!
CYBER SAFETY REVIEW BOARD TO ANALYZE CLOUD SECURITY IN WAKE OF MICROSOFT HACK BY AJ VICENS
The U.S. Cyber Safety Review Board will investigate a suspected Chinese cyberespionage operation that breached Microsoft's email system and accessed American officials' emails, according to a recent statement. Established after the SolarWinds breach, the board will analyze the incident, focusing on cloud computing security, identity management, and authentication. This operation, which targeted top U.S. government officials' emails, triggered criticism of Microsoft for premium log access. The board's findings aim to enhance cloud cybersecurity practices and maintain trust in critical systems. Lawmakers, including Sen. Ron Wyden, have called for a review of Microsoft's "negligent practices," but some critics question the board's accountability and the integrity of its approach in such an investigation. Meanwhile, cybersecurity experts worry the report might lack depth, echoing past issues in similar incidents.
KARMA CATCHES UP TO GLOBAL PHISHING SERVICE 16SHOP BY BRIAN KREBS
INTERPOL shut down 16Shop, a phishing platform that facilitated sophisticated scams since 2017, which was marked by the arrest of its 21-year-old creator and two associates by authorities in Indonesia. The platform sold phishing kits and domains, enabling over 70,000 users across 43 countries--including novices--to conduct convincing phishing attacks. McAfee revealed it gathered various sensitive information like ID numbers, passport details, and more. 16Shop's API allowed control of user access, while its localized pages targeted victims with appropriate content, and the platform successfully evaded security measures with a blacklist of security-related IPs and the blocking of entire address ranges. Although one admin was apprehended, the service likely had multiple operators.
BEWARE MALWARE POSING AS BETA VERSIONS OF LEGITIMATE APPS, WARNS FBI BY PIETER ARNTZ
The FBI recently warned of cybercriminals embedding malicious code in mobile beta-testing apps to deceive victims, often via dating sites or social media, promising incentives. These apps, resembling legitimate versions, contain hidden malicious code that steals personally identifiable info (PII), financial access, or the means for device takeover. Criminals exploit "beta-testing" as a reason for victims to download from untrusted sources, disguising their intentions. A separate scam involves fraudsters claiming to recover lost cryptocurrency, demanding fees for tracing services. Potential victims are being told to avoid online payments, verify app legitimacy, avoid suspicious apps for investing, and not fall for vague recovery services.
LINKEDIN ACCOUNTS HACKED IN WIDESPREAD HIJACKING CAMPAIGN BY BILL TOULAS
LinkedIn is facing a surge of account hacks, leading to lockouts and takeovers by attackers. Victims report unhelpful LinkedIn support and some being coerced to pay ransoms after being threatened with losing their accounts, as LinkedIn accounts hold value for phishing, social engineering, and scams. Attackers are said to be exploiting leaked credentials or using brute force to target accounts. Well-protected accounts face temporary locks while victims verify ownership and update passwords. In less-secure accounts, however, hackers often change emails to "rambler.ru" and set 2FA after hijacking accounts, complicating recovery. As a result, Google Trends reflects a 5,000% increase in searches related to LinkedIn account hacks or recovery. Users are advised to review security settings, enable 2FA, and use strong passwords.
A HUGE SCAM TARGETING KIDS WITH ROBLOX AND FORTNITE ‘OFFERS’ HAS BEEN HIDING IN PLAIN SIGHT BY MATT BURGESS
New research has found that over the past five years, thousands of US government, university, and organization websites have been hijacked for scam offers, many of which aim to defraud children by promoting nonexistent rewards in games like Fortnite and Roblox. Security researcher Zach Edwards linked this activity to an advertising company, CPABuild, whose affiliates compromise websites using malicious PDFs that lead to scam landing pages and manipulate users into completing offers for rewards. Despite warnings and investigations, CPABuild's fraud continues, underlined by numerous compromised sites. The scams are significant, targeting children and exploiting gaming platforms.