Friday Five: 12/27 Edition
A phishing attack targets PayPal customers, two bugs are discovered in the Twitter Android app, and a cyber attack causes flight cancellations in Alaska - catch up on the week's news with the Friday Five.
1. PayPal Phishing Attack Promises to Secure Accounts, Steals Everything by Sergiu Gatlan
PayPal customers are being targeted by an ongoing phishing campaign, one that's sending emails camouflaged as alerts warning customers of suspicious logins from unknown devices. The threat actors are attempting to gain access to customers’ credentials and financial information by luring them to click a link that brings them to a company branded phishing site. To further persuade victims into clicking, the attackers tell them their PayPal account is limited until they can confirm their identity. Victims are brought to a series of fake login pages that require them to verify their account by updating their information such as their billing address, name, phone number, date of birth, and credit/debit card data. The phishing campaign takes a final step of sending victims to a page that congratulates them for restoring access to their accounts in order to ease their minds. Currently, there is no evidence that the phishing campaign results in installation of malware on victims’ systems. Customers are urged to tread carefully with any emails, especially those that have a manufactured sense of urgency, an odd URL, substandard English, chopped-off letter, and the use of a CAPTCHA.
2. Two Information-Disclosing Bugs Found in Twitter Android by Bradley Barth
Over the past week, it was discovered that the Twitter Android app contained two different vulnerabilities that could potentially expose private user information. One bug could cause attackers to view nonpublic account information or control accounts, and the other bug allowed a researcher to look up details on 17 million accounts. Twitter is working on updating the app to fix the bugs and have publicly noted that there is no evidence that any attackers have successfully taken advantage of the bugs. If successful, a malicious actor could possibly gain access to direct messages, protected tweets and location information. The researcher who exposed the second bug was able to retrieve records, phone numbers in specific, from users all around the world, including some belonging to politicians and officials. Twitter has taken steps to notify and provide instructions to people that may have been exposed to the bug.
3. Businesses Keep a Lid on Number of Cybersecurity Vendors by James Rundle
Thirty tech executives responded to The Wall Street Journal’s end-of-year questionnaire that asked about cybersecurity defenses and other issues. The results show that even though corporate technology executives are increasing their budgets due to the developing threat environment, they are maintaining the number of cybersecurity vendors they use. Several executives said they had more than a dozen cybersecurity suppliers, and those vendors may have changed but the number of suppliers has not. According to Sunil Kurkure, a managing director at Intel Capital, there are over 3,500 vendors that service the cybersecurity market. Experts in the industry expect that the number of vendors will likely drop as they consolidate over the next year. Still, CIOs and chief information security officers are becoming overwhelmed with the amount of pitches from companies. They need to see the value in the product and make sure there’s not a lot of overlap between their cybersecurity vendors.
4. Cyber Attack Forces Airline to Cancel Flights in Alaska by The Associated Press
At the peak of holiday travel, Alaska-based airline, RavnAir, was forced to cancel at least a half-dozen flights in Alaska on Saturday, Dec. 21, due to a malicious cyber attack on its computer network. Around 260 passengers were affected by the cancellations, and the airline was working hard to re-book passengers on different flights and to add extra flights to their schedule, wherever possible. The cancellations happened before noon and all involved its Dash 8 aircraft, its maintenance system and its backup capabilities. The company was working with the FBI and other cyber experts to restore systems and return to a normal flight schedule. PenAir and RavnAir Connect, which are part of RavnAir Alaska, were able to operate normally on their back-up systems.
5.New Orleans to Boost Cyber Insurance to $10M Post-Ransomware by Dark Reading Staff
Following the ransomware attack that forced the shutdown of the city’s major computer systems, New Orleans is taking steps to strengthen its cybersecurity by increasing its cyber insurance policy to $10 million. After a phishing email was able to penetrate the city’s systems, officials took around 4,000 computers offline, which forced employees to conduct operations manually. Many city computers are still in the process of being cleaned up and investigated, but the city's Fire Department, Police Department, and Emergency Medical Services are fortunately completely up and running. Although the city most likely incurred heavy costs to restore their systems, officials say they did not receive a ransom request and that all data was able to be recovered. Many experts believe that the Ryuk strain of ransomware was responsible for this attack, as memory dumps of suspicious files containing references to Ryuk and New Orleans were uploaded the day after the attack. US cities should follow in New Orleans footsteps by increasing cybersecurity as municipalities have become a very popular target of ransomware attacks.