This Week In Cybersecurity

HAPPY APRIL! While I was looking forward to adding an April Fools joke this week, it just doesn’t seem like the right time to trick people, so I’ll wait until all of this is over and sneak something in when life is a little more normal. Stay safe and well!

Zoom sees rapid growth with lots of growing pains, the FBI warns of teleconference hijacking, a data breach exposes GE employee data, for the third week in a row we saw a rapid increase in COVID-19 Coronavirus phishing and cyberattacks, and Marriott reports a data breach…again.

Zoom and COVID-19 continued to dominate the news this week. The massive increase in the number of people who are working from home in order to slow the spread of the COVID-19 coronavirus has translated into a boon for video conferencing platform Zoom. Zoom’s daily active users jumped from 10 million to over 200 million in 3 months.

With that growth, Zoom is feeling some growing pains. In addition to an FBI warning, Zoom has been found to have some security and privacy issues. From a lawsuit over sending data to Facebook, to Windows credential leakage, to vulnerabilities in its MacOS client, and false claims of end-to-end encryption, this rapid success has been a bit painful for Zoom. Earlier this week, Zoom’s founder, Eric Yuan has apologized and frozen all feature updates so Zoom developers can focus on security and privacy fixes for the next 90 days. If you are a Zoom user, check for updates at least once per day and ideally before each use. There are also some tips in the next story that you should follow.

The FBI warned of teleconferencing and online classroom hijacking during the COVID-19 pandemic. With so many people staying home to slow the spread of the COVID-19 coronavirus, many are using teleconferencing tools like Zoom and Houseparty, to work and visit with friends and relatives. This rapid adoption has also greatly increased the number of Video Tele-Conferencing (VTC) hijacking attacks, also known as zoom-bombing, to the point where online forums are being set up for attackers to meet and coordinate their attacks. There are a number of things that you can do to prevent being the victim of a Zoom-bombing attack. Below are a few to get you started.

1. Check for software updates in your teleconference tool before every meeting.

2. Create a unique session ID for each teleconference.

3. Create a unique and difficult-to-guess password for each teleconference.

4. Don’t publicly post the link or password to your teleconference.

5. If you receive a specific threat during a teleconference in the U.S., please report it to the FBI.

Fortune 500 company General Electric (GE) employee data was exposed in the data breach of a third-party business partner Canon Business Process Services, according to Tripwire reporter, Graham Cluley. In early February, the email account of a Canon employee was compromised and gave attackers access to, “a treasure trove of information which could be sold on underground forums to other criminals and fraudsters, or used to target individuals with convincing scam emails and phishing attacks,” according to Cluely. GE released a Data Breach Notification which outlined the events and remediation efforts and stated, “the issue did not affect GE’s own systems” and explained that, at the request of GE, Canon will offer two years of identity protection and credit monitoring to affected employees.

A 667% rise in COVID-19 coronavirus-based phishing attacks has occurred since the end of February according to Barracuda Networks researchers. In addition to sharing some examples of the latest phishing attacks, Barracuda Networks also gave some recommendations to protect yourself from those attacks.

• Be wary of any emails attempting to get users to open attachments or click links. 

• Watch out for any communications claiming to be from sources that you normally would not receive emails from. 

• Use caution with emails from organizations you regularly communicate with. 

• Find credible charities and donate directly. 

Marriott was breached… again. This week Marriott disclosed that two employee accounts were used to log into a guest services application and used to access, “an unexpected amount of guest information.” While the investigation continues, Marriott has shared that the attackers could have accessed the information for up to 5.2 million customers. The data that was potentially accessed includes, “…name, mailing address, email address, phone number, loyalty account number and point balance, company name, gender, birth day and month, information on the customer’s preferences (e.g. room and language preferences), and details on partnerships and affiliations (e.g. linked airline loyalty programs),” according to SecurityWeek. There is no evidence that the attackers accessed data from customer BonVoy accounts, however Marriott is forcing customers to reset their passwords as a precaution. Marriott has also set up a dedicated website for affected customers to register for one year of free credit monitoring.

Tip of the Week

Podcasts have become an important part of many people’s lives. Increasing numbers of people enjoy tuning in to podcasts during a commute to work (back in the good ‘ole days) or when they’re going for a run or just trying to mentally escape from the reality of staying at home all the time. While not everyone is into cybersecurity, Darknet Diaries is a podcast that everyone can enjoy.

After listening to 62 episodes, I’m still hooked and can’t wait for the next one. Jack Rhysider is an experienced cybersecurity professional, but his humble approach to storytelling shines the spotlight on his guests and his riveting stories. You don’t have to be a cybersecurity expert to listen to this podcast, but you may feel like one after you finish!

Picture of the Week