This month in security: November 2020
Aussie Netflix users being targeted by a wave of phishing scams
Hackers are spamming Netflix users with highly-convincing fake emails to try and nab their payment details.
Unsuspecting Netflix users are getting emails asking them to “please update your payment details,”, complete with a convincing Netflix branded email banner. “We’re having some trouble with your current billing information. We’ll try again, but in the meantime, you may want to update your payment details,” it adds, complete with a bright red ‘UPDATE ACCOUNT’ button. If you receive an email like this, do NOT press that button, and never enter your payment details from a link in an email. Open a separate browser window and log in to your Netflix account from there. Binge-watch responsibly.
Microsoft suspects Russian and North Korean hackers behind cyberattack on COVID-19 vaccine researchers
The software giant says seven leading pharmaceutical companies and researchers across the US, Canada, France, India, and South Korea were targeted.
“Among the targets, the majority are vaccine makers that have COVID-19 vaccines in various stages of clinical trials,” according to the blog post by Tom Burt, Microsoft corporate vice president of customer security and trust. It looks like the hackers used a variety of tactics, including brute force login attempts and spear-phishing attacks, where they posed as recruiters looking for job candidates, or as representatives from the World Health Organization. It’s clear the hackers see a lot of value in nabbing data on a potential vaccine, and given the state of cybersecurity in healthcare, there’s not a whole lot standing in their way.
Illicit access to 7,500 educational organisations up for sale on Russian hacker forums
An unknown seller is auctioning off hacked details collected from educational and corporate networks located in the US, Canada and Australia.
The seller’s ad has been posted on at least two Russian hacker forums, claiming to offer “convenient access” to the networks in question through a Remote Desktop Protocol (RDP). The initial bid for the entire package starts at 25 BTC (roughly $330,000) with a “Buy now” option at 75 BTC (about $1,000,000). Let’s hope the organisations involved are aware of the breach and have taken the right precautions.
Dodgy video call invite forces Aussie hedge fund out of business
Sydney hedge fund Levitas Captial has collapsed after a cyberattack triggered by a fake Zoom invitation saw its management mistakenly approve $8.7 million in fraudulent invoices.
Cybersecurity investigators determined a fake Zoom invite was accidentally opened by one of the fund’s co-founders. The fake invite inserted malicious software into the Levitas network, allowing the hackers to take control of their email systems. The hackers used that access to fire off fraudulent invoices to companies the fund had no previous dealings with. By the time their management realised what was happening and took action, considerable sums had already been lost. Incidents like this demonstrate why human error is the single biggest cyber risk any organisation will face.
Australian media-monitoring company Isentia targeted by cyberattackers
The Sydney-based media monitoring and analytics firm, which boasts a large portfolio of government and corporate clients, announced they were hit by a ransomware attack.
Isentia’s media-monitoring work requires clients to share information on sensitive topics, but it’s not known whether any information was compromised in the incident. Some of Isentia’s services have been disrupted since the attack. The firm is continuing to investigate, while many of its staff have switched to manual processes to continue operations. The company’s share price fell 2.7 per cent following the announcement.
City of Port Phillip leaks personal details in data.gov.au blunder
The Council revealed that 859 phone numbers and 764 email addresses and the names of people who had reported graffiti were accidentally published on the data.gov.au website.
The breach occurred when work to automate a graffiti management dataset resulted in the wrong version being selected for publication. The Council said the data has been taken down from the website and they are trying to contact those affected. Since the data was open to the public, the council is unable to say who has accessed it. The Council has published 29 open datasets and this is the first data breach since making this data available in 2017.