By Howard Solomon -July 16, 2021
U.S. offers bounty for cybercrooks, Facebook cuts links to spy group and beware of this LinkedIn scam.
Welcome to Cyber Security Today. It’s Friday July 16th, I’m Howard Solomon, contributing writer on cybersecurity for ITWorldCanada.com.
Washington has warned other governments not to allow cybercriminals to operate in their territories. Now it’s offering millions of dollars to people for tipping it off about nation-state supported attackers. A reward of up to $10 million is available for information leading to the identification or location of anyone acting at the direction or under the control of a foreign government who participates in malicious cyber activities against the U.S. That would include people who send phishing messages or handle stolen data. It would also include software developers who create malware and ransomware. The comes under a program called Rewards for Justice, which is aimed at catching terrorists.
Facebook has removed access of a group in Iran that used the social media platform to distribute malware and conduct espionage against a number of people, primarily in the U.S. The group targeted military personnel and companies in the defense and aerospace industries in the U.S., the United Kingdom and Europe. Called ‘Tortoiseshell’ by researchers, the group created sophisticated fake online personas to contact people, build trust and trick them into clicking on malicious links that would deposit spyware on victims’ computers. Group members posed as recruiters and employees of defense and aerospace companies from the countries their targets were in. Other personas claimed to work in hospitality, medicine, journalism, non-governmental agencies and airlines.
Crooks pretending to be from LinkedIn are out to get your password to the site. According to research from security firm Armorblox, an attack starts with a victim getting an email that claims to be from LinkedIn. It asks them to log in by clicking on a link and verify their account because of unusual activity. The reason why some people might fall for this is the link goes to a web page hosted on Google Forms. This is a common trick by crooks, because email security systems often trust links to Google Forms, Google Docs and Google Firebase. One tip-off this is a scam is where the email comes from: linkedin[[at]]pauluniversity.edu.ng. That’s a real university in Nigeria, which has obviously been hacked. This is another example of how closely reading email will often reveal signs of a scam.
Finally, the maker of the WooCommerce plugin for WordPress is urging administrators to install the latest patch. This fixes a critical vulnerability in the plugin and WooCommerce Blocks.
Later today the Week In Review edition will be available. Terry Cutler of Cyology Labs and I will talk about the mysterious and sudden disappearance of websites used by the REvil ransomware gang.
That’s it for now Remember links to details about these podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other cybersecurity stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.