Cyber Security Today, May 28, 2021 – Another warning for users of Fortinet devices; A scam on a movie site; Don’t be fooled by search engine ads
Another warning for Fortinet device users, movie site scam and don’t be fooled by search engine ads.
Welcome to Cyber Security Today. It’s Friday May 28th. I’m Howard Solomon, contributing cybersecurity reporter for ITWorldCanada.com.
Another warning goes to network administrators using Fortinet’s Fortigate firewalls. This comes from the FBI, which said that an advanced threat actor recently “almost certainly” exploited a Fortigate appliance to access a web server hosting a US city government domain. There have been warnings since April that attackers are exploiting vulnerabilities in FortiOS operating systems. Those using devices running FortiOS should make sure they are patched. Additionally, administrators should monitor new user accounts on domain controllers, servers, workstations, and directories. Creating new accounts like this is a technique of the municipal hacker. Looking for signs like this is of course true for any IT defense strategy.
People hate being victimized by companies. The crooks therefore take advantage of their concerns by developing fear campaigns. One of the last was seen by Proofpoint. It works like this: Victims receive an unexpected email stating that their trial period for a service called BravoMovies is about to expire. If they do nothing, they will be charged for a subscription. To cancel the service, call this number. Well, who likes auto-billing, especially for something you’ve never ordered. But call the number and the person answering the phone tells victims to download a spreadsheet from the BravoMovies website. BravoMovies is a fake website created by crooks with copied movie posters designed to appear believable if someone is suspicious. And they should be. The file that the victim has to download is infected.
If you can’t cancel something over the phone without giving a credit card or some personal information, it’s a scam. Never download a file to cancel a service. Never download a file from an organization you’ve never heard of.
To finish, here is another example of why you need to slow down before clicking and downloading anything. Attackers were recently caught taking advantage of internet searches for an application called AnyDesk. This is an application that allows someone to remotely access another computer. With many people working from home, applications like this are generating interest, especially from IT departments. Until recently, anyone who searched Google for the word “anydesk” stumbled upon a Google ad at the top of the app’s search results. Clicking on the link takes you to a web page that appears to offer a copy of AnyDesk. In fact, whoever downloaded the file was infected with malware. Security firm Crowdstrike noticed this scam and notified Google. One tip that this was a scam was that the download web page had the address “domohop.com”. Of course, it also says “download-anydesk”, but you would expect the address to be “anydesk.com”. The reason this scam and others like it work is that the first few returns on a Google search can be ads. And in fact, they say the word “Announcement” next to them. But these don’t necessarily come from real companies. So the way to make sure you are going to a legitimate site that you are looking for is to be wary of any link that has the word “Listing” next to it. Go further down the list. Google will display the legitimate sites linked to your search.
That’s all for the moment. But later this afternoon, the Week in Review edition will be available. Today’s discussion will focus on the pros and cons of publicly released ransomware decryptors. Does it help ransomware victims or gangs? Listen on the way home or on weekends.
Remember, links to details on podcast stories can be found in the text version at ITWorldCanada.com. This is where you will find other stories of mine as well.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts, or add us to your Flash Briefing on your smart speaker.