Cyber Security Today, May 31, 2021 – Canadians Still Fear Windows Support Scams, New Nobelium Attacks, and Another Warning to Pulse Secure VPN Users
Canadians Still Fear Windows Support Scams, New Nobelium Attacks, and Another Warning to Pulse Secure VPN Users
Welcome to Cyber Security Today. It’s Monday May 31st. I’m Howard Solomon, Contributing Cyber Security Journalist for ITWorldCanada.com.
It’s a US vacation weekend so if you’re listening, thank you for listening.
Canadians are getting smarter by refusing to fall for Windows tech support scams. These are scams where callers claiming to be from Microsoft or its partners claim that your computer is infected. Or they pop up messages asking users to call a Windows support number. The goal is to make victims pay for bogus Windows patches. According to a briefing to reporters last week by Microsoft’s Digital Crimes Unit, Microsoft receives 6,000 complaints per month from people around the world about these scams. In Canada last year it received just under 2,200 complaints. The good news is that this is almost half of the number of complaints filed in 2018. This is partly because cybersecurity awareness education is successful. The bad news is that of the complaints Canadians filed last year, 14% – around 300 people – got scammed and paid money to scammers. So a lot of people haven’t learned: Microsoft won’t call you. Microsoft partners will not call you. Microsoft will not bring up any alerts on your screen asking you to call them.
Microsoft threat group nicknames Nobelium is again. It is believed to be a Russian-based gang behind the SolarWinds hack last year. In a report last week, Microsoft said it discovered a new round of Nobelium attacks. These target more than 150 organizations, mainly in the United States. One of the tactics used a mass messaging service called Constant Contact to send 3,000 emails with infected attachments claiming to be from an employee of the United States Agency for International Development, known as from USAID. The messages sounded compelling as they appeared to come from a real USAID email address. Microsoft has said that many targeted organizations are involved in international development, humanitarian work and human rights, so it appears that this campaign was aimed at compromising computers to gather intelligence. Organizations need good anti-phishing solutions on their emails to detect this type of attack before an employee clicks on an attachment.
Attention IT administrators: If your business uses Pulse Secure VPN appliances to secure remote access, make sure it has the latest patches. FireEye has issued another warning that nation-state-backed attackers are targeting devices used in government departments, tech companies and the defense industry for data theft and intelligence. The report states that attackers created 16 malware families specifically to infect Pulse Secure VPNs, four of which are new. FireEye suspects these attackers are based in China. Once inside a network, attackers try to create their own local administrator accounts outside of the established security mechanism, as well as steal user passwords from memory.
To finish, Hewlett Packard Enterprise has released a patch for users of its Systems Insight Manager software for Windows. This is a tool that enables remote support management for a number of HPE servers.
That’s all for now Remember that the links to details on the podcast stories are in the text version at ITWorldCanada.com. This is where you will find other stories of mine as well.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts, or add us to your Flash Briefing on your smart speaker.