security news
Black Friday, Cyber Monday scams are on the loose, businesses need to prepare
Consumers
stumbling to the couch in a turkey-induced coma with their laptop or phone in
hand ready to hit the cyber-holiday sales are not alone in being targeted by
cybercriminals.
Retailers and
businesses also may be affected by the dramatic increase in malicious threats that
target shoppers looking for buys on Black Friday and Cyber Monday. This can
include being hit with ransomware and having to make the decision whether or
not to pay up or risk losing sales during the busiest shopping period of the
year.
For
retailers much of the damage done may be to their reputation as malicious actors
generate hundreds of brand and website-specific email scams and fake websites
designed to confuse and entice anxious shoppers.
A study by
Zerofox’s Alpha Team has already identified 61,305 potential scams spread across
26 brands. Brick and mortar retailers are the primary focus with 92 percent of
the campaigns spotted using a store brand in some manner.
“Scammers
likely target brick and mortar retailers in such high quantities because these
kinds of scams will be attractive to a larger pool of consumers and thereby
potential victims. Fewer consumers are in the market for luxury goods and high-end
jewelry than are shopping at large brick and mortar stores that appeal to
multiple price points. Brick and mortar stores also carry a wide range of
goods, from electronics to jewelry, versus stores that only sell one kind of
good,” the report
stated.
The threats
are generally centered on email campaigns that use the one lure every shopper
is interested in, something for nothing. This is usually in the form of a gift
card or coupon, but to obtain these items the shopper/victim is required to
enter some level of information, at the very least an email or physical
address.
The
permanent members of Santa’s naught list also use social media to attract victims.
This is done by creating fake accounts and then loading posts with hashtags
designed to catch a shopper’s eye, such as #blackfriday or #cybermonday.
Some of the
more technical threats involve typsquatting or creating domains based on popular shopping
sites like Amazon, Apple and Target.
“ZeroFOX
Alpha Team found 124,000 domains that contain the brand name out of the list of
26 selected for this report. The team filtered the 124,000 domains by
Certificate Issuer for legitimate domains,” the security company said.

The massive
uptick in internet traffic also presents an opportunity for attackers and a
danger to corporate entities whose workers may use either company equipment or
its network to make purchases. Tim Erlin, vice president of product management and strategy at Tripwire,
cited a recent Tripwire Twitter survey that found 84 percent of security
professionals are concerned there is not enough security awareness for
consumers to keep them safe online during the holiday shopping season.
“For
businesses, there are two ways to look at cyber risks around Black Friday. The
first is that, simply because it’s a busier time and more money is flowing
through their systems, attackers will be more likely to target them, hoping for
the busyness to serve as a diversion. The second way to look at it is from an
employee perspective: staff may be shopping online from business-owned assets,
thus potentially opening them up to Black Friday scams. For this reason, it
would be worth it for business to focus on education and training on how to
recognize scams and phishing attempts,” Erlin said.
Then there
are the direct threats to business. A retailer, delivery company or distributor’s
worst fear is not being able to operate during this time.
“Ransomware
and other types of malware are also a concern for businesses around this time
of the year. Those that are targeting the business itself ultimately just want
the organization to pay the ransom, which can be avoided by having good
incident response measures in place and secure, up-to-date backups,” Erlin
said.
In addition
to being shut down another huge potential headache is discovering credit card
skimming malware like Magecart residing in a chain’s POS system, noted a Sucuri
study. It could also mean a retailer could be held liable for any fraudulent charges
made on a customer’s card in cases where the cards was not present for the
purchase.
“New
consumer habits, such as buy online, pick up in store (BOPIS), now allow
customers to pick up products at a physical locations after purchasing them on
the retailer’s website – so these transactions become classified as
card-not-present. Unfortunately,
there are still retail merchants that have little to no authentication process
for in-person pickups, making them likely targets for abuse due to a lack of
security controls,” Sucuri said.
There are steps e-commerce
sites and retailers with an online presence can take to protect themselves not only
during the holiday season, but all year long, said Kaspersky.
- Use
a reputable payment service and keep your online trading and payment platform
software up to date. Every new update may contain critical patches to make the
system less vulnerable to cybercriminals. - Use
a tailored IT and cybersecurity solution to protect your business and customers. - Pay
attention to the personal information used by customers who buy from you. Use a
fraud prevention solution that you can adjust to your company profile and the
profile of your customers.
The post Black Friday, Cyber Monday scams are on the loose, businesses need to prepare appeared first on SC Media.
Fin7 behind DiBella’s data breach affecting 305,000 cards
Fifteen
months after DiBella’s Old Fashioned Submarines was notified by the FBI and
credit card companies of a data breach the sandwich shop chain has issued a
notice informing its customers of the incident.
The company
reported its stores in Connecticut, Indiana, Michigan, Ohio, New York and
Pennsylvania may have had the information on as many as 305,000 payment cards
compromised. DiBella’s said it was informed by the FBI and its credit card
firms on August 27, 2018 of the data breach and that Fin7 were the likely
actors behind the attack gaining access to the company’s payment card data and
computer system.
The majority
of the locations were victimized between March 22, 2018 and December 28, 2018
with its Cranberry, Penn. store possibly being hit as early as September 2017.
The customer data involved included individual names, payment card numbers,
expiration dates, and CVV numbers, DiBella’s
stated.
DiBella’s
has not yet returned an SC Media inquiry into why the company waited until now
to disclose the issue.
The company
does not know which individuals were impacted and said it has not received any
customer complaints about their payment cards being misused. But it is warning
anyone who visited the locations in questions to
The leaders
behind FIN7,
aka the Carbanak gang, were caught by law enforcement starting in January and
June of 2018. In August 2018 the U.S. Department of Justice made public arrests
of the three Ukrainian men who allegedly were key players in the cyber gang. However,
the arrests did not stop other members of the gang from continuing their activities.
The security
notice said the malware found on the company’s system ties the attack to Fin7.
The post Fin7 behind DiBella’s data breach affecting 305,000 cards appeared first on SC Media.
Facebook, Twitter ban malicious SDK that removed member info
Finland agency launches smart device infosec certification program
The National Cyber Security Centre Finland (NCSC-FI) within Finnish regulatory agency Traficom today kicked off a smart device certification program designed to inform consumers if certain products meet basic information security standards.
Devices that meet certification criteria, which are based on consumer Internet of Things standards from the European Telecommunications Standards Institute (ETSI), will receive an official label designating it as NCSC-FI-approved. In a press release, Traficom claims the program makes Finland the first European country to issue certificates for safe smart devices.
“The security level of devices in the market varies, and until now there has been no easy way for consumers to know which products are safe and which are not,” said Jarkko Saarimaki director of the National Cyber Security Centre Finland (NCSC-FI) at Traficom, in the release. “The Cybersecurity label launched today is a tool that makes purchase decisions easier by helping consumers identify devices that are sufficiently secure.”
The NCSC-FI commenced development of its Cybersecurity label in late 2018 in a pilot project involving smart device manufacturers Cozify Oy, DNA Plc and Polar Electro Oy. A label was granted to Cozify’s Hub for smart homes, DNA’s Wattinen smart heating system and Polar Ignite’s fitness smartwatch, the release states.
The post Finland agency launches smart device infosec certification program appeared first on SC Media.
Stantinko botnet’s monetization strategy shifts to cryptomining
Sen. Kennedy reverses course, says Russia, not Ukraine hacked DNC
Sen. John Kennedy, R-La., Monday walked back claims he made during an on-air interview that Ukrainians could have been behind the hack of the Democratic National Committee (DNC) and Clinton campaign during the 2016 presidential election cycle.
“I was wrong. The only evidence I have and I think it overwhelming
is that it was Russia who tried to hack the DNC computer,” the senator told
CNN’s Chris Cuomo regarding remarks he had made Sunday to Fox News host Chris
Wallace.
After Wallace asked him who he thought was responsible for
hacking the DNC and Clinton campaign and pilfering emails, Kennedy replied, “I
don’t know. Nor do you. Nor do any of us.” When the news host pointed out that
the whole intelligence community agreed the culprit was Russia, Kennedy said, “Right.
But it could also be Ukraine. I’m not saying I know one way or the other.”
On Monday, though, Kennedy said he misheard Wallace, believing
he was speaking about election interference. On the more narrow issue of the
DNC and Clinton campaign hacks, the senator said, “I’ve seen no indication that
Ukraine tried to do it.”
Kennedy’s initial remarks came after Fiona Hill, the former
senior White House adviser on Russia, asked lawmakers during
an impeachment hearing to stop spreading “a
fictional narrative” about Ukraine meddling in the 2016 U.S. presidential
election and report revealed that senators and their aides recently were told
by U.S. intelligence officials that the tale was part of a multiyear Russian
disinformation campaign.
“The Russians have a
particular vested interest in putting Ukraine, Ukrainian leaders in a very bad
light,” Hill said. “Based on questions and statements I have heard, some
of you on this committee appear to believe that Russia and its security
services did not conduct a campaign against our country — and that perhaps,
somehow, for some reason, Ukraine did. This is a fictional narrative that has
been perpetrated and propagated by the Russian security services themselves.”
But that warning has not stopped many GOP lawmakers from
repeating the narrative in defense of President Trump’s pressure on Ukraine to
investigate political foe former Vice President Joe Biden and his son Hunter,
who sat on the board of a Ukrainian energy company.
The post Sen. Kennedy reverses course, says Russia, not Ukraine hacked DNC appeared first on SC Media.