Tag Archives: Security

Posted on Author Atlantic Computer Services Categories Blog

New Phishing Attack Targets Amex And Netflix Users

If you do business with either American Express (AMEX) or Netflix, be on the alert.  Windows Defender Security Intel has recently reported the detection of two major new phishing-style campaigns aimed at the customers of both businesses.

Recipients have been receiving emails that appear identical to official Netflix and American Express communications.

In both cases, the ultimate goal is to convince customers to hand over their credit or debit card information. Microsoft has sent a couple of different tweets out about the issue.  One of them assures customers that “Machine learning and detonation-based protections in Office 365 ATP protect customers against both campaigns.”

And another warned that “The Netflix campaign lures recipients into giving away credit card and SSN info using a ‘Your account is on hold’ email and a well-crafted payment form attached to the email.”

The unfortunate truth is that emails like the ones currently in play are extremely easy to craft and very compelling.  The hackers simply play on the fears of the customer, making it sound as though if they don’t take immediate action they’ll lose access to a valued service they’ve come to rely on.

There’s essentially no cost to the hacker for pushing out hundreds, or even thousands of emails like the ones currently being used. For each victim that falls prey to the tactic, the costs can be enormous.

As ever, the first best line of defense is education and awareness.  In addition to that, if there’s ever any question at all about the status of your account, the best thing you can do is to address the issue via another channel.

In other words, don’t simply reply to the email you received.  Open a new tab, look up the company’s customer support number and call to verify.  Doing so will tell you in short order whether the email you received was legitimate, or someone trying to separate you from your hard-earned money.

0
Posted on Author Atlantic Computer Services Categories Blog

Millions Of Facebook Usernames And Passwords Stored By Accident

Are you a Facebook user?  If you are, it may be time to change your password.  KrebsOnSecurity recently reported that it found hundreds of millions of Facebook user account names and passwords stored in plain text and searchable by more than twenty-thousand Facebook employees. At present, there is no official count, but Facebook says the total number of records was between 200,000 and 600,000.

That’s a big number, which makes this a serious incident, but in truth, it represents only a fraction of the company’s massive user base.

Although there’s no indication that any Facebook employee abused their access to the information, the fact remains that it was accessed regularly.  The investigation to this point has revealed that no less than 2,000 engineers and developers made more than nine million internal queries to the file.

Facebook software engineer Scott Renfro, interviewed by KrebsOnSecurity, had this to say about the issue:

“We’ve not found any cases so far in our investigations where someone was looking intentionally for passwords, nor have we found signs of misuse of this data.

In this situation, what we’ve found is these passwords were inadvertently logged but that there was no actual risk that’s come from this.  We want to make sure we’re reserving those steps and only force a password change in cases where there’s definitely been signs of abuse.”

This is just the latest in an ongoing series of security-related issues Facebook has found itself in the midst of.  While the company is wrestling with making changes to prevent such incidents in the future, that’s small comfort to the millions of users that have been adversely impacted over the last year.

According to the official company statement, unless you receive a notification from them, there’s nothing you need to do and no need to change your password. But given the importance of data security, if you’d rather be safe than sorry, it certainly couldn’t hurt.

0
Posted on Author Atlantic Computer Services Categories Blog

Recent Breach Targeted MyPillow And Amerisleep Customer Data

If you’ve purchased bedding from either MyPillow or Amerisleep, your data may have been compromised. These companies are two popular mattress and bedding merchants operating in the US. This is according to a recent report coming to us from RiskIQ. The hacking group Magecart appears to be behind both breaches, which is bad news for both companies and their customers.

That is because Magecart is one of the most talented and active hacker groups on the scene today, having launched a number of successful attacks against high profile targets that have included Ticketmaster, Feedify, Shopper Approved, Newegg, and British Airways.

MyPillow entered into Magecart’s crosshairs in October 2018, when the group compromised MyPillow’s e-commerce and sales platform and began skimming credit card information submitted by the company’s customers. The group also registered a similar domain, mypiltow.com and utilized ‘Let’s Encrypt’ to implement an SSL certificate.  Unsuspecting visitors to the site had no idea they were on a domain controlled by the hacking group.

According to RiskIQ researcher Yonathan Klijnsma, “…this type of domain registration typosquatting means that the attackers had already breached MyPillow and started setting up infrastructure in its name.”

Within a month’s time, the hacking group moved onto the second phase of its attack, registering a new website called livechatinc.org, which mimicked the Live chat used by MyPillow.  With a poisoned script already running inside the company’s infrastructure, Magecart was able to mimic the genuine tag used by the live support service. This was so that by all outward appearances, customers believed they were chatting with an actual MyPillow employee.

The attack on AmeriSleep dates back a bit further to April 2017, but followed a similar pattern.  The skimmer remained in operation between April through October of 2017.  The company rid themselves of Magecart’s malicious software, only to come under attack again in December 2017.

In both cases, the skimmer domains have been taken offline, but both companies are still dealing with the malicious code injection issues. RiskIQ notes that given Magecart’s history, even when both companies clear their servers of malicious code, they’re likely to be re-infected in short order.  Watch your credit card statements if you’ve made a purchase from either company.

0
Posted on Author Atlantic Computer Services Categories Blog

Hackers Continue To Attack POS Transactions And Systems

Have you heard of DMSniff?  If you’re in the restaurant, entertainment, or retail business and you haven’t heard of it, this article is likely to dismay you. It’s the latest threat being deployed against those industries.

Researchers from the cybersecurity company Flashpoint now believe that DNSniff malware has been lurking in the wild since at least 2016.

It has proved to be notoriously hard to detect, which explains why we’re just now hearing about it. Even worse, the hackers behind the software have been specifically targeting small to medium-sized companies that rely heavily on credit card transactions to survive, These companies don’t typically have the resources to deploy state of the art security measures.

One of the key features of this malware strain is that it uses a DGA (Domain Generation Algorithm) to create command and control domains on the fly, which makes it incredibly resistant to blocking mechanisms and takedowns.  For instance, if law enforcement officials raid a site, confiscate servers, and shut down a domain, DNSniff keeps doing its thing.  It will simply spawn a new command and control domain and continue to transmit stolen data.

Although DGA’s are employed by other forms of malware, finding it built into the core functionality of code designed to be injected and run on POS machines is a new twist the researchers hadn’t seen coming.

In addition to that, DNSniff also utilizes a string-encoding routine, which enables it to hide even when actively searched for. This makes it more difficult for security personnel to uncover the inner workings of the code.

The goal for the hackers, of course, is to siphon off as many credit card numbers and as much other payment information as they can. They then bundle the stolen data and resell it on the Dark Web.  The group behind DNSniff has been wildly successful.  If you’re in any of the businesses we mentioned at the start, make sure your staff is aware of this latest threat, and stay on your guard.

0
Posted on Author Atlantic Computer Services Categories Blog

Hundreds Of Apps Loaded Adware Onto Millions Of Android Phones

How many malicious apps would you need on the Google Play Store to infect more than one hundred and fifty million Android devices? Unfortunately, we have a good answer to that question, courtesy of SimBad adware, which can be found in 210 different Android apps.

Taken together, they’ve made their way onto nearly 150 million devices.

If that was the only strain of adware in existence it would be bad enough. Of course, SimBad is only one form of malware.  Granted, it’s a significant strain with a hefty footprint, but the statistics above only demonstrate the sheer scope and scale of the problem. The internet is awash in malware of all types, and the problem is only getting worse.

On top of that, hackers are getting increasingly sophisticated in the way they deploy their poisoned code. Even worse, they’re sharing secrets and adopting each other’s most effective strategies. They’re creating a kind of ‘Black Hat Best Practices’ that enable even hackers with only a moderate level of skill to cause real damage.

If all of the above wasn’t bad enough, even worse is the fact that the larger hacking groups have begun serving as hired guns.  On the Dark Web, it’s easy to find a massive botnet for hire, or to rent out someone else’s malware and leverage their resources to launch your own devastating campaign.

Arrayed against these forces are a motley collection of industry insiders, independent researchers, corporate IT staff members, and security company professionals. They are all trying gamely to keep up with the ever-shifting threat matrix.

Unfortunately, it’s a battle these forces are losing.  2018 was another record setting year in terms of the number of successful data breaches, and 2019 will almost certainly beat last year.  Stay vigilant.

0
1 150 151 152 153 154 155