BTH News 19June2020
This Week In Cybersecurity
This week on Between the Hacks, breachstortion joins the family of phishing attack methods, a teen surfer and influencer’s Instagram account is hacked and used to share sexually explicit material, attackers are using MFA to lock people out of their hijacked accounts, an Israeli cybersecurity firm discloses zero-day vulnerabilities that affect hundreds of millions of devices, and a great deal on cybersecurity e-books.
Breachstortion
Sextortion and other “I know your password” scams have been a favorite phishing attack method for years. This week, the Sophos Naked Security blog revealed how some attackers have changed tactics by creating a similar email extortion campaign that Naked Security is calling ‘breachstortion.’
A breachstortion attack consists of a malicious email which claims that the sender has breached the victim’s website or company network, copied data from their databases and moved that data to an offshore server. The email then threatens to post the data publicly unless the victim pays the ransom. To learn more and see an example, read this Between The Hacks blog.
Photo from blaze_angel Instagram account
Teen Surfer and Instagram Influencer’s Hacked Account Serves up sexually Explicit Content
Blaze Roberts is a popular surfer from Sydney, Australia. She is also an influencer on Instagram, earning money for promoting businesses on the platform. With over 40,000 followers on Instagram, she was seeking the coveted blue check mark that indicates an account is verified as an authentic public figure or brand. So when Ms. Roberts received an email offering her verification, she clicked on the link and logged in. Unfortunately, this was a phishing email and the attackers who sent her the email, used her credentials to hijack her popular Instagram account. To ensure that they kept control of the account, the attackers enabled multi-factor authentication (MFA). Once Ms. Roberts was locked out of her account, the attackers began sharing sexually explicit material to her followers.
Blaze Roberts tried working with Instagram to regain access to her account but in the end she lost her 40,000 followers and had to create a new account. “All too often it seems Instagram is unable or unwilling to assist, and hacked users find their only remaining option to be to set up a new Instagram account from scratch” reports Graham Cluley. In 2018, Cluley wrote about another Instagram account who lost more than 100,000 followers after the account was hacked.
Ms. Roberts’ new Instagram account is up and running and currently has over 5,600 followers so it may take some time to get back to her previous 40,000 followers and influencer status.
To protect your Instagram account from being taken over by attackers, enable multi-factor authentication (MFA) on your Instagram account and everywhere you can.
Protect Your Accounts with MFA Before It’s Used Against You
Between The Hacks has been a long-time proponent of multi-factor authentication (MFA) use for everyone. The main reason you want MFA (also known as two-factor authentication or 2FA) is to protect your accounts from compromise if someone gets, or guesses, you password. This week, Brian Krebs tells a story that underscores yet another reason that we all should enable MFA everywhere we can. Krebs explains how the son of a privacy executive had re-used a password for his Xbox account, making him vulnerable to a credential stuffing attack. When the attackers gained control of his account, they enabled MFA on the compromised account which made account recovery a long and difficult process.
The lesson here is that while MFA is a great way to make it difficult for attackers to gain access to your account, it also gives you more control over that account. On the flip side, if you don’t enable MFA and an attacker does, you not only lose access to your account but the attacker could impersonate you or even make purchases on your credit card through the compromised account.
To learn more about MFA, read this Between The Hacks article and visit twofactorauth.org to see which of your accounts support MFA and how to set it up on each of those accounts.
Ripple20
The research lab at Israeli cybersecurity company, JSOF, has discovered and disclosed a series of zero-day vulnerabilities in a widely used low-level TCP/IP software library. In their report on the vulnerabilities, JSOF states, “The 19 vulnerabilities, given the name Ripple20, affect hundreds of millions of devices (or more) and include multiple remote code execution vulnerabilities.”
The JSOF report also states that Ripple20 has reached a wide range of critical IoT devices. “Affected vendors range from one-person boutique shops to Fortune 500 multinational corporations, including HP, Schneider Electric, Intel, Rockwell Automation, Caterpillar, Baxter, as well as many other major international vendors suspected of being vulnerable in medical, transportation, industrial control, enterprise, energy (oil/gas), telecom, retail and commerce, and other industries” states the report.
Treck, the company who developed this TCP/IP library, has created patches for these vulnerabilities but the challenge is that many of the companies who are using this library in their products, likely will never know about the vulnerabilities or the patches.
Tip of the Week
Humble Bundle: Secure Your Stuff
If you are trying to break into the world of cybersecurity or are just interested in the topic, there are a lot of great resources. Podcasts, websites and free online courses are good but sometimes you need a deep dive into a topic that only a book can deliver. While books are great, they can get very expensive so keep an eye on Humble Bundle for a great deal on e-books. Below are two e-book bundles that may interest you.
Bundle #1: Humble Bundle has teamed up with Apress for their newest bundle! Get e-books like Securing Office 365, Firewalls Don't Stop Dragons, Practical Cyber Forensics, Cybersecurity for Space, Personal Cybersecurity, and Open Source Intelligence Methods and Tools. Plus, your purchase will support Race Forward! 17 days left for this offer.
$717 worth of security books
Pay $1 or more
DRM-free
Multi-format
Bundle #2: If you are studying for technical certifications, you may be interested in this Humble Bundle of certification e-books. Study up for certifications in SSCP, Salesforce, Google Cloud, CompTIA, and more. Your purchase supports Child's Play on its mission to improve the lives of children through the power of play!! Hurry if you’re interested, only 3 days left on this offer.
$1,330 worth of awesome stuff
Pay $1 or more
DRM-free
Multi-format
NOTE: This section contains some affiliate links. When making a purchase, you have the option to donate part of that purchase price to Between the Hacks. Donations are used support the upkeep of this blog and are appreciated but not required. Happy reading!
