Attackers pile on Travelex w/ DDoS scam

Hello Readers,

In today's SECURITY TRENDS, I explore how cybercriminals are taking advantage of the COVID-19 resurgence to increase attacks on remote workers. Meanwhile, my PODCAST NOTES feature summarizes an interview with Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, who spoke about the dangers of stalkerware.

Don't miss my weekly CISO CORNER feature, which includes exclusive interviews with CISOs, for premium subscribers. If you'd like to read this special content, Inside Security is offering a 14-day free trial. To sign up, click here.

Thank you for supporting Inside Security.

Fred

SECURITY TRENDS: Attackers exploit COVID-19 resurgence

The recent resurgence of the COVID-19 pandemic is keeping pressure on companies to keep their workers at home. And cybercriminals are taking advantage of the situation to target remote workers with phishing attacks and other cyberattacks.

In fact, 63% of U.S. companies have seen a recent spike in phishing/social engineering attacks, 52% have seen an increase of credential theft, and half have reported a rise in account takeovers.

Damages to IT infrastructure cost 41% of U.S. firms to lose...

To read more, sign up for our 14-day free premium content trial!

For more of my Security Trends article, as well as my CISO Corner, Cyber Breach Monday, Patch Watch, Security Funding, By The Numbers, and Cybersecurity Masterclass features, please sign up for our 14-day FREE premium content trial today.

UPGRADE NOW

The hack of high-profile Twitter accounts in July was the result of poor cybersecurity by Twitter, concluded a report by the New York State Department of Financial Services. The regulator said that the hackers accessed Twitter's internal systems and pretended to be from the company's IT department. The hackers, led by a 17-year-old, were able to compromise the accounts of former President Barack Obama, Amazon CEO Jeff Bezos, and others and run a bitcoin scam that netted them $118,000 as a result.

More from the report:

The attacker did not use any sophisticated attack methods such as malware or backdoors.
Instead, the hackers said that they were responding to problems with the employee's virtual private network and harvested credentials when the employee visited a bogus Twitter VPN website.
The Twitter attack underscores the need for strong cybersecurity to provide social media platforms from being weaponized during the election.

CNN

Zoom is launching phase 1 of its end-to-end encryption (E2EE) offering next week, the videoconferencing service announced. Both free and paid Zoom users will be able to host up to 200 participants in an E2EE meeting. Phase 2, scheduled for next year, will include better identity management and single sign-on integration.

More:

Zoom explained that with E2EE encryption the meeting host generates the encryption keys and uses public-key cryptography to distribute them to participants.
In May, Zoom announced its E2EE plans in response to security issues, such as Zoombombing, experienced by users.
In September, Zoom added two-factor authentication to all user accounts to stop zoombombing and other cyberattacks.

DARK READING

Barnes & Noble has suffered a cyberattack that exposed customer personal data, including mail addresses, billing and shipping addresses, and telephone numbers. The attack disrupted customer access to the online Nook library.

More:

The company at first blamed the problem on a "system failure" but later admitted that it suffered a cyberattack that resulted in unauthorized access to corporate systems, including customer data. It stressed that payment data is encrypted and was not at risk.
A recent leak of credentials for vulnerable Pulse Secure VPN enterprise servers contained accounts belonging to Barnes & Noble.
Ransomware attackers have exploited Pulse Secure VPN vulnerabilities in other attacks, suggesting that the bookseller was hit by ransomware.

BLEEPING COMPUTER

Currency exchange firm Travelex is once again in the crosshairs of cybercriminals, who this time are threatening to launch distributed denial of service (DDoS) attacks unless a 20 bitcoin ransom is paid. Travelex was hit by a devasting ransomware attack around New Year's that took the company's systems offline for weeks. Several other prominent companies have received the DDoS threats from attackers unless the bitcoin ransom is paid.

More:

Travelex was hit by DDoS attack on four IP addresses serving the company subdomains and another attack using Google DNS servers.
The currency exchange did not pay the ransom to the DDoS attackers, according to a report by Intel471.
As a result of the ransomware attack and other financial issues, Travelex was forced into administration in August.

THREATPOST

PODCAST NOTES:

Every Thursday, I summarize a podcast about cybersecurity so you can read it in about five minutes or less. This week features Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, who spoke with Janne Kauhanen of Cyber Security Sauna (#45) about stalkerware. [Note: Questions and answers were edited for brevity and clarity.]

Janne Kauhanen: Could you talk about the dangers that stalkerware poses?

Eva Galperin explained that stalkerware is installed without the knowledge of the person whose device it is. It’s designed to convince the person who’s being spied on that they’re not being spied on. So they cannot give their consent.

For example, even if you want to know where your kids are with the phone that you bought for them, you should let them know “This is the phone that I bought for you. This is the software that I have installed on this device. These are its capabilities, and I do this in order to look after you”...

To read more, please sign up for our 14-day FREE premium content trial today.

Check out my earlier Podcast Notes features with Rachel Tobac, CEO and co-founder of SocialProof Security, who examined the fall-out from the Twitter attack, and with Rich Stever, IT security auditor at Pivot Point Security, who spoke about optimizing your information security management system.

To read these Podcast Notes, as well as my CISO Corner, Cyber Breach Monday, Patch Watch, Security Funding, By The Numbers, and Cybersecurity Masterclass features, please sign up for our 14-day FREE premium content trial today.

UPGRADE NOW

QUICK HITS:

TikTok is teaming with HackerOne to create a bug bounty program for the social media platform.
Members of cybercrimes group QQAAZZ have been charged with providing money-laundering services to several high-profile malware operations.
Iranian state hacker group MuddyWater has been targeting Israeli organizations with ransomware.
A data leak at Broadvocie cloud-based VoIP platform has exposed 350 million customer records.
As Apple device adoption grows in the enterprise, organizations are looking for ways to seamlessly manage and secure devices while extending the world-class Apple experience users expect.*

*This is a sponsored post.

We're hiring! Check out our available positions:

THE HILL

Fred Donovan is a professional writer, editor, and content specialist with decades of experience, most recently in the areas of information technology and cybersecurity. He has written for such publications as HealthITSecurity.com, FierceITSecurity, InfoSecurity Magazine, Report on Patient Privacy, TechGenix, and NetDefense. Fred has a B.A. from Harvard University in government and an M.S. in national security from Georgetown University.

Editor

Sheena Vasani is a journalist and UC Berkeley, Dev Bootcamp, and Thinkful alumna who writes Inside Dev and Inside NoCode.