Another warning to Fortinet administrators, beware of free Netflix offers, credentials to streaming services stolen and another big cloud mistake
Welcome to Cyber Security Today. It’s Friday April 9th. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
I started the week alerting users of Fortinet security devices that hackers are actively looking to exploit several vulnerabilities in its products. Unfortunately, IT administrators have been slow to patch them. Well, on Thursday security company Kaspersky said one of those vulnerabilities is being exploited on Fortinet VPN Gateways to launch ransomware attacks. The initial malware steals usernames and passwords, which an attacker uses to get into the computer network through the Fortinet device. Then the ransomware is downloaded. IT administrators that haven’t learned from the earlier warnings from Fortinet to install the latest patches may be sorry.
By the way, in one case that Kaspersky investigated the victim firm’s antivirus was also behind in its database updates. So remember, for best protection every corporate application has to be updated.
That’s not all. Also contributing to the success of the attack Kaspersky looked at were other failures: For some reason, some of the modules of the anti-malware protection were turned off. The idea of anti-malware is to protect the company. Why some features were turned off is a mystery. In addition, all employees at this firm could access any data the company had. One of the prime defences of any organization is limiting employee access to sensitive data to only those who need it. That can be hard in small firms. But if you allow everyone to access everything, then a hacker only needs to steal one person’s password and they can easily spread malware – and easily access any data for theft.
In the cybersecurity world sometimes the worst things are free – especially if offered through social media. Such is the case of a link to a fake app that offers two months of Netflix Premium free for 60 days. Sure some companies offer promos, but look carefully. Safe promos come directly from a company or are offered on its website. Security vendor Check Point Software recently found a scam offering a phony Netflix deal to users of WhatsApp, with a link going to an Android app on the Google Play Store. The fact that the app was there made it look legit. It even used the Netflix logo. But the app was called FlixOnline. The 500 people who downloaded it got infected with malware that stole data and passwords. The app also spread by sending messages to the victims’ WhatsApp contact list. Google has now deleted the app.
Speaking of Netflix, usernames, passwords and possibly credit card numbers of hundreds of thousands users of that streaming service as well as others such as Spotify, Amazon Prime, Hulu have been found by security researchers on the dark web. According to NordVPN, which was one of those involved in the discovery, the data had been stored by users in their browsers for easy logins or filling in forms. But somehow they downloaded malware that infected their browsers. Crooks will sell stolen credentials for streaming services to unwitting victims who think they’re getting a deal. The streaming service passwords were part of information on 16 million people around the world researchers found in that database.
Finally, later today on the Week In Review podcast I’ll be talking about a report on cybersecurity mistakes organizations make using cloud services. Here’s an example revealed this week: Someone at a Jordanian nonprofit online education provider called Edraak accidentally uploaded information on tens of thousands of student subscribers to one of the company’s unprotected cloud storage servers. Anyone could have copied the data had they found it.
There were spreadsheets with students’ names, email addresses, dates of birth and country of nationality. The British company that came across this tried unsuccessfully for two months to get the attention of Edraak. It had to turn to reporters at the TechCrunch news service to get action. The chief executive of Edraak said the cloud server was supposed to be open for course material, but not student data. But due to what he called a configuration bug the student data was put in the wrong place. An initial scan after the first warning failed to find what was called the misplaced data.
The lesson is employees have to be carefully trained in procedures for safely placing and protecting data uploaded to cloud services.
That’s it for this morning. Remember later today the Week In Review edition will be out, with commentary by Terry Cutler of Cyology Labs. Listen on your way home or on the weekend.
Links to details about podcast stories are in the text version at ITWorldCanada.com. Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.