Router maker admits extortion attempt, a phone scam and another COVID con.
Welcome to Cyber Security Today. It’s Friday April 2nd. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
Network equipment maker Ubiquiti has responded to a news report that the cyber attack it suffered in January was more serious than initially described. An unidentified source who says they have knowledge of the incident told security reporter Brian Krebs this week that the attack on the company was “catastrophic.” Ubiquiti played down the impact of the attack, the source alleged. What really happened, it is claimed, is that the attacker got into Ubiquiti data on servers hosted on Amazon through the password manager of a Ubiquiti IT employee. Then the attacker set up a back door into the system. When Ubiquiti’s IT security shut the backdoor the hacker demanded 50 bitcoin in exchange for a promise to be quiet about the breach. In a statement Thursday, Ubiquiti acknowledged an attacker tried unsuccessfully to extort the company. But, it said, the hacker never claimed to have accessed customer information. It repeated its January advice to users to change their Ubiquiti passwords and to enable two-factor authentication to protect their logins.
There’s mixed news on how well people and companies protect themselves online. According to a global survey by data backup firm Acronis, 67 per cent of respondents said they install security updates on their devices either within an hour or the same day as it’s available. Another 22 per cent said the update is installed within a week. On the other hand, only 45 per cent said they use multifactor authentication, and only 67 per cent said they use an antivirus product. And listen to this: 40 per cent of respondents said they either never or rarely backup their computers and mobile devices.
On the corporate side, only 13 per cent of IT professionals said their organization backs up data in the cloud as well as on-site. That’s risky. There’s a best practice of having three copies of corporate data, each stored in different places just in case of disaster.
On my Wednesday podcast as part of World Backup Day I talked a bit about corporate backup procedures. The ZDNet news service has an interview with the new head of Britain’s National Cyber Security Centre who mentions a related and important thing: When you create a backup and recovery plan, don’t keep it only on a computer. She’s talked to organizations hit by a cyberattack that couldn’t find phone numbers to call for help. Why? Because no one bothered to print out a copy of the plan, which couldn’t be accessed from the computer.
Here’s the latest in cyberattacks: A group is spreading malware by tricking corporate victims into phoning a call centre to cancel a subscription they never ordered. According to the news site Bleeping Computer, the scam works like this: The victim gets an email with a subject line like, “Thank you for your free trial.” The message says, “Your free trial period is over,” and you’ll automatically be charged a fee unless you cancel. The scam in part takes advantage of people’s fear of being charged for something they didn’t order. And lots of people do test free applications and forget they have them. Note the message doesn’t say which thing’s free trial is running out. That’s one tip this is a scam. The message includes a phone number victims should call to cancel the trial. A real person answers and asks for the customer ID included in the email. Then the victim is told to go to a fake web site to enter some information. But the site gets the victim to download an infected file.
Here’s the latest in COVID vaccine scams: Crooks are emailing and texting fake surveys they hope victims will fill out on the promise of getting a free prize. But, the U.S. Justice Department warns, the catch is they have to provide a credit card number to pay for shipping and handling to get the prize. That’s what the crooks want. If you get a message like this, send it to the Canadian Anti Fraud Centre or the FBI.
Finally, don’t forget later today the Week In Review edition of the podcast with a guest commentator Dinah Davis of Arctic Wolf will be available. We’ll be talking about recent trends in ransomware. Listen on your way home or on this long weekend.
Remember links to details about these stories are in the text version of this podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at cybersecurity professionals.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.