AlertCon – Open Source Cyber Security 4/2/2020

Cyber Actors take advantage of COVID-19 Pandemic to exploit government agencies, the private sector, private organizations, and individuals. Cyber actors continuously scan the Internet, especially the social media to find sensitive information. Limit sharing sensitive information to the public, make it harder for these malicious users to get these information. Be cyber smart.

Open Source Cyber Security that you need to know.

Federal court data breach sees names of protection visa applicants made public

The names of hundreds of people seeking protection visas have been published on the website of the Federal Court in a catastrophic data breach that potentially puts asylum seekers at risk of harm.

The ABC has confirmed that for years, the Federal Court, through the searchable Commonwealth Courts database, has disclosed the names of people who have said they have been persecuted in their home countries.

In a statement, a Federal Court spokesman described the disclosure as a “major systemic failure” and said the court had identified 400 asylum seekers, so far, whose names had been published.

Source: https://www.abc.net.au/news/2020-03-31/federal-court-in-protection-visa-data-breach-published-names/12102536

Data on almost every citizen of Georgia posted on hacker forum

Personally identifiable information (PII) belonging to more than 4.9 million people from the country of Georgia – including full names, home addresses, dates of birth, ID numbers, and mobile phone numbers, including that of dead people – was published on a hacking forum on Saturday.

One respondent to the Twitter post from Under the Breach said that this is “very old data” that’s been “shared several times on many open/closed forums” and that whoever shared it “is probably a leecher”.

continue reading: https://nakedsecurity.sophos.com/2020/03/31/data-on-almost-every-citizen-of-georgia-posted-on-hacker-forum/

Are ransom payers fueling ransomware?

A new CyberEdge Group report uncovered two trends that are stimulating record-setting ransomware attacks:

• More ransom payers are successfully recovering their data. In 2018, only 49 percent of ransom payers successfully recovered their data. That number rose to 61 percent in 2019. Today, 67 percent of ransom payers have recovered their data.
• More payments are incentivizing the ransomware industry. In 2018, only 39 percent of ransomware victims actually paid the ransom. In 2019, that number rose to 45 percent. Today, an alarming 58 percent of victimized organizations have paid ransoms.

continue reading: https://www.helpnetsecurity.com/2020/04/01/ransom-payers/

‘Secure’ Backup Company Leaks 135 Million Records Online

A company claiming to provide “the world’s most secure online backup” leaked metadata and customer information in over 135 million records after misconfiguring an online database, Infosecurity has learned.

The team at vpnMentor discovered the privacy snafu as part of its ongoing web mapping project that has already uncovered major cloud data leaks at brands including Decathlon, PhotoSquared and Yves Rocher.

It was traced to Californian-headquartered SOS Online Backup, which claims to be a multi-award winning provider with 12 data centers around the globe. The firm was contacted on December 10 and again seven days later. Although it never replied to the researchers, the incident was mitigated on December 19.

continue reading: https://www.infosecurity-magazine.com/news/secure-backup-company-leaks-135/

FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic

As large numbers of people turn to video-teleconferencing (VTC) platforms to stay connected in the wake of the COVID-19 crisis, reports of VTC hijacking (also called “Zoom-bombing”) are emerging nationwide. The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language.

Within the FBI Boston Division’s area of responsibility (AOR), which includes Maine, Massachusetts, New Hampshire, and Rhode Island, two schools in Massachusetts reported the following incidents:

• In late March 2020, a Massachusetts-based high school reported that while a teacher was conducting an online class using the teleconferencing software Zoom, an unidentified individual(s) dialed into the classroom. This individual yelled a profanity and then shouted the teacher’s home address in the middle of instruction.
• A second Massachusetts-based school reported a Zoom meeting being accessed by an unidentified individual. In this incident, the individual was visible on the video camera and displayed swastika tattoos.

As individuals continue the transition to online lessons and meetings, the FBI recommends exercising due diligence and caution in your cybersecurity efforts. The following steps can be taken to mitigate teleconference hijacking threats:

• Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
• Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
• Manage screensharing options. In Zoom, change screensharing to “Host Only.”
• Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
• Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.

If you were a victim of a teleconference hijacking, or any cyber-crime for that matter, report it to the FBI’s Internet Crime Complaint Center at ic3.gov. Additionally, if you receive a specific threat during a teleconference, please report it to us at tips.fbi.gov or call the FBI Boston Division at (857) 386-2000.

Source: https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic

Beware of the PhishingCon

Top Email Protections Fail in Latest COVID-19 Phishing Campaign

Threat actors continue to capitalize on fears surrounding the spread of the COVID-19 virus through a surge in new phishing campaigns that use spoofing tactics to effectively evade Proofpoint and Microsoft Office 365 advanced threat protections (ATPs), researchers have found.

The Cofense Phishing Defense Center (PDC) discovered new phishing attacks that use socially engineered emails promising access to important information about cases of COVID-19 in the receiver’s local area, according to a blog post published Tuesday by Cofense researcher Kian Mahdavi.

continue reading: https://threatpost.com/top-email-protections-fail-covid-19-phishing/154329/

Social Engineering Based on Stimulus Bill and COVID-19 Financial Compensation Schemes Expected to Grow in Coming Weeks

Given the community interest and media coverage surrounding the economic stimulus bill currently being considered by the United States House of Representatives, we anticipate attackers will increasingly leverage lures tailored to the new stimulus bill and related recovery efforts such as stimulus checks, unemployment compensation and small business loans. Although campaigns employing themes relevant to these matters are only beginning to be adopted by threat actors, we expect future campaigns—primarily those perpetrated by financially motivated threat actors—to incorporate these themes in proportion to the media’s coverage of these topics.

continue reading and see example of Malware distribution: https://www.fireeye.com/blog/threat-research/2020/03/stimulus-bill-social-engineering-covid-19-financial-compensation-schemes.html