Categories


Authors

BTH News 01May2020

BTH News 01May2020

This Week In Cybersecurity

This week Between the Hacks reports on movie files infected with malware, the NSA shares tips for teleworkers, a gif hijacks Microsoft Teams, and for the third time in 7 years, the iPhone has a word of death! Also bolster your security and privacy by changing DNS servers and proof that robots can lie.


Movies Infected With Malware

With so many people in self-isolation at home, streaming movies is very popular, but not all of that streaming is through proper channels. Pirated streaming services and pirated movies are also in high demand during the COVID-19 pandemic and threat actors are taking advantage of this trend.

Researchers at Microsoft Security Intelligence Tweeted, “With lockdown still in place in many parts of the world, attackers are paying attention to the increase in use of pirate streaming services and torrent downloads. We saw an active coin miner campaign that inserts a malicious VBScript into ZIP files posing as movie downloads.”

The good news is that if you are streaming through Netflix, Hulu, Apple TV, Amazon Video or other paid streaming services, this attack does not apply. However, if you are illegally downloading movies via a torrent, you are at risk of falling for this attack.

Bleeping Computer reports that the Kaspersky researchers who discovered those phishing attacks, "found more than 20 phishing websites and 925 malicious files that were presented as free movies, only to attack the user." They also reported, "To avoid being tricked by criminals, stick to legal streaming platforms and subscriptions to ensure you can enjoy a nice evening in front of the TV without having to worry about any threats."


NSA Shares Cybersecurity Advice For Teleworkers

As much of the wold is still working from home, teleworking attacks are still on the rise and so are the number of articles that advise on work from home cybersecurity. Between the Hacks has written on the topic a number of times recently (links are below), but this week the NSA released a six-page document entitled, Selecting and Safely Using Collaboration Services for Telework. The document, “provides a snapshot of best practices and criteria based on capabilities available at the time of publication and was coordinated with the Department of Homeland Security (DHS).”

The document also provides a checklist of nine questions to answer when evaluating a collaboration tool and then assesses 13 of the most popular tools against the NSA’s checklist. The list assesses Cisco’s WebEx, Dust, Google G Suite, GoToMeeting, Mattermost, Microsoft Teams, Signal, Skype for Business, Slack, SMS Text, What’sApp, Wickr, and Zoom.

Between The Hacks posts related to securely working from home are below.


Microsoft-Teams-1024x683.jpg



How a GIF Was Used To Hijack Microsoft Teams

Researchers from CyberArk reported that a vulnerability in the Microsoft Teams collaboration tool that would allow an attacker to use a, “a malicious GIF to scrape user’s data and ultimately take over an organization’s entire roster of Teams accounts.”

CyberArk reported the security flaw to the Microsoft Security Response Center (MSRC) under the Coordinated Vulnerability Disclosure (CVD) program on March 23. “On the same day, the Redmond giant corrected the misconfigured DNS records of the two subdomains required to trigger the takeover of accounts. On April 20, Microsoft also released a patch to mitigate the risk of similar bugs in the future” reported ZDNet.


Another iPhone Word of Death

Researchers have found a string of characters that will crash your iPhone, “by confusing the iOS operating system when it tries to figure out how to display the ‘word’”, reports Sophos. if this sounds familiar, it’s because the iPhone has had similar issues in 2013 and 2018.

While the crash apparently does not cause any damage to the phone, it seems that a hard reboot is the only way to recover. The next release of iOS (13.4.5) is reported to have a fix for this, so hopefully you won’t be “attacked” before then. As always, be sure to install patches as soon as they come out.


Tip of the Week

More Secure and Private DNS

This tip is a little technical for some people but it’s important and easy to do. I’ll give a brief overview and some recommendations here but promise to create a full post on changing DNS in the future.

DNS stands for Domain Name System and it works like a directory or phone book of the Internet. Humans use domain names, like betweenthehacks.com, to navigate the Internet but computers need to use IP addresses. DNS takes the domain names that we enter into our computers, and turns them into the correct IP address. Cloudflare has a good explanation here if you want more detail.

By default, your Internet Service Provider (ISP) gives your computer access to their DNS servers. This means that your ISP can see all of the websites that you look up. So while you might have an encrypted https connection to many sites, your ISP still knows where you go on the Internet. Many people don’t like this, so they replace the DNS servers on their home networks and their devices, to point to alternate DNS servers.

Some of these services will also block known malicous IP addresses so you get some additional security and privacy benefits. And the best part is that it’s free! Two of the more popular services today are Cloudflare’s 1.1.1.1 and IBM’s Quad 9 DNS services. You can follow those links to find out more information about how they work and how to use them.

Before you decide on a DNS service, you may want to see who provides the fastest DNS service to your home or office. You can test this by using Gibson Research Corporation’s free DNS Benchmark tool.


Picture of the Week

notarobot.gif
Phishing

Phishing

Phishing Websites Use ReCAPTCHA To Thwart Detection

Phishing Websites Use ReCAPTCHA To Thwart Detection