Friday Five: 7/17 Edition
US Secret Service forms a cyber fraud task force, Twitter deals with the hacking of high-profile Twitter accounts, and more - catch up on all the week's news with the Friday Five.
1. TrickBot Malware Mistakenly Warns Victims that they are Infected by Lawrence Abrams
TrickBot, the notorious malware infection that is commonly distributed via malicious spam emails, has mistakenly left a test module that is warning victims that they are infected. Typically, the malware runs quietly on a victim’s machine after it is installed as it downloads various modules that perform different tasks on the infected computer. The modules allow TrickBot to spread laterally throughout a network, harvest browser passwords and cookies, and steal a domain’s Active Directory Services database. The malware often finalizes their attacks by giving access to ransomware operators such as Ryuk and Conti. TrickBot actors have recently distributed a test version of their password-stealing grabber.dll module by accident, which alerts victims that the program is gathering information and that they should contact their system administrator. Security experts believe the threat actors were testing a new version of their password and cookie-stealing module and forgot to remove the test warning when it went live. Victims who come across this warning message should immediately disconnect their computer from the network and then perform a scan with their installed security software.
2. Amazon Says Email to Employees Banning TikTok was a Mistake by Tali Arbel
Last Friday, Amazon sent an internal email to employees instructing them to delete the video app TikTok from their phones, and then less than five hours later, backtracked on the statement and called the ban a mistake. The online retailing giant has not made a public statement regarding the ban, but the second internal email stated that, “this morning’s email to some of our employees was sent in error”. The initial email had cited TikTok’s “security risks” and addressed the national-security and geopolitical concerns because of its Chinese ownership. As the second-largest U.S. private employer, Amazon moving against TikTok could have escalated pressure on the app in a big way. TikTok commented on Amazon’s initial email, saying they were not notified before it was sent out and that they don’t understand the company’s concerns.
3. US Secret Service Forms Cyber Fraud Task Force by Akshaya Asokan
The U.S. Secret Service is creating a unified task force that will focus on cyber-enable financial crimes, such as email compromise schemes and ransomware attacks, by combining its electronic and financial crimes units. According to the assistance director of the Secret Service Michael D’Ambrosio, the U.S. has witnessed a spike in cyber-related crimes and scams since the start of the COVID-19 pandemic. D’Ambrosio says that the new Cyber Fraud Task Force (CFTF) will “lead the effort to hold accountable all those who seek to exploit this perilous moment for their own illicit gain”. The newly merged force will contain specialized agents and analysts who are trained in the latest analytical techniques and equipped with the most cutting-edge technologies. Some lawmakers in Washington are currently trying to move legislation forward that would take the Secret Service from its current position within the Department of Homeland Security and move it back under the Treasury Department to better help investigate cyber-related financial crimes.
4. Twitter Says Hacking of High-Profile Twitter Accounts was a “Coordinated Social Engineering Attack” by Li Cohen
If you follow any celebrity twitter accounts and noticed some strange activity lately, you are not alone. Some of the world’s most influential politicians, celebrities, tech moguls and companies were the target of a massive Twitter hack on Wednesday. The hackers pushed out similar tweets across all accounts, asking millions of followers to send money to a Bitcoin address. In a public statement, Twitter said they detected what they believed to be “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.” After becoming aware of what happened, Twitter immediately locked down hacked accounts and removed the tweets sent on their behalf. The company is still investigating the incident to see what other malicious activity the hackers may have conducted, or what information they may have accessed. They have taken “significant steps” internally to limit access to internal systems and tools while the investigation proceeds.
5. US Actor Casting Company Leaked Private Data of over 260,000 Individuals by Charlie Osborne
New Orleans-based MyCastingFile.com, a popular website used to cast US talent in movies and television shows, exposed the data of roughly 260,000 individuals online. Security researches discovered an open Elasticsearch server, hosted by Google Cloud, that was no secured by any more of authentication. The database was 1GB in size and exposed close to 10 million records. Upon further investigation, the researchers found that over 260,000 MyCastingFile profiles were leaked, including aspiring actors and members of staff. The personally identifiable information contained in the leak included names, addresses, email addresses, phone numbers, dates of birth, heigh and weight, ethnicity, and physical features such as hair color and length. Some photos of faces and bodies were also included in the breach. The agency was notified of the breach on June 11th and secured the server on the same day.