Canadians still fall for Windows support scams, new Nobelium attacks and another warning to Pulse Secure VPN users
Welcome to Cyber Security Today. It’s Monday May 31st. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
It’s a holiday weekend in the U.S., so if you’re tuning in thanks for listening.
Canadians are getting smarter in refusing to fall for Windows tech support scams. These are scams where callers pretending to be from Microsoft or its partners claim your computer is infected. Or they cause messages to pop up asking users to phone a Windows support number. The goal is to get victims to pay for fake Windows fixes. According to a briefing for reporters last week by Microsoft’s Digital Crimes Unit, Microsoft gets 6,000 complaints a month from people around the world about these scams. In Canada last year it got just under 2,200 complaints. The good news is that’s almost half as many complaints filed in 2018. That’s partly because cybersecurity awareness education is succeeding. The bad news is that of the complaints Canadians filed last year, 14 per cent – about 300 people — fell for the scam and paid money to crooks. So a lot of people haven’t learned: Microsoft won’t phone you. Microsoft partners won’t phone you. Microsoft won’t make alerts pop up on your screen asking you to phone them.
The threat group Microsoft nicknames Nobelium is at it again. This is believed to be a Russian-based gang behind the hack last year of SolarWinds. In a report last week Microsoft said it discovered a new series of Nobelium attacks. These target more than 150 organizations, mostly in the United States. One of the tactics used a mass email service called Constant Contact to send 3,000 emails with infected attachments pretending to be from an employee of the United States Agency for International Development, known as USAID. The messages looked convincing because it looked like they came from a real USAID email address. Microsoft said many targeted organizations were involved in international development, humanitarian and human rights work, so it seems this campaign was aimed at compromising computers to gather intelligence. Organizations need good anti-phishing solutions on their email to detect this kind of attack before an employee clicks on an attachment.
Attention IT administrators: If your organization uses the Pulse Secure VPN appliances for securing remote access make sure it has the latest patches. FireEye has issued another warning that nation-state-backed attackers are going after these devices used in government departments, high-tech companies and the defence sector for data theft and intelligence. The report says attackers have created 16 malware families specifically to infect Pulse Secure VPNs, four of which are new. FireEye suspects these attackers are based in China. Once inside a network the attackers try to create their own local administrator accounts outside of the established security mechanism, as well as steal passwords of users from memory.
Finally, Hewlett Packard Enterprise has issued a patch for users of its Systems Insight Manager software for Windows. This is a tool that enables remote support management for a number of HPE Servers.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.