Researchers have discovered a phishing campaign targeting over a hundred executives at an international company that is part of a German task force creating coronavirus protective equipment. The malicious emails in the campaign redirect users to a phony Microsoft login page, from where attackers harvest any credentials that are entered. According to Threatpost, suspicious activity was detected on the very day the task force was assembled – March 30, 2020. The name of the specific company targeted is being withheld, but the nine-company task force includes major organizations such as Volkswagen, Bayer, Lufthansa, and DHL. About half of the phishing emails were sent to executives at the larger company while the other half were sent to executives at the company’s third-party partners, bringing the total number of companies targeted to about 40.
Researchers traced the suspicious activity to a Russian IP address and believe the intent of the attack is to take advantage of the new government-led purchasing and logistics structure of the process by compromising the procurement operations of one of its leading players. However, nobody knows for sure. “There is not enough evidence yet to know who might be behind the attack,” commented Avast security evangelist Luis Corrons. “It seems it could be a state-sponsored attack looking for industrial secrets or looking for capabilities to disrupt the multinational company’s production. In any case, this doesn’t look like an attack carried out by regular cybercriminals.”
Cybersecurity lessons from the pandemic
The U.S. bipartisan watchdog group the Cyberspace Solarium Commission has released its first white paper, entitled “Cybersecurity Lessons from the Pandemic,” in which it connects learnings from the pandemic to cybersecurity wisdom. In addition to highlighting certain previous recommendations, the commission added several new suggestions for the nation at this time, including urging Congress to pass an IoT Security Law and establishing a Social Media Data and Threat Analysis Center.
This week’s quote
“The FBI expects cyber actors to attempt to exploit new mobile banking customers using a variety of techniques, including app-based banking trojans and fake banking apps,” the FBI states in a report as hackers aim to take advantage of increased banking app usage while most continue to primarily use online banking.
Babylon Health breach leaks patient videos
A rising player in the UK telehealth market, Babylon Health, has admitted that a software flaw in their service enabled a data breach whereby users could view each other’s consultation videos. The Verge reported that the breach became public when one user tweeted that he had access to over 50 videos of other patients’ recordings. A spokesperson for Babylon Health said the problem had been identified and resolved, reminding people that this was the result of a software error and not a malicious attack.
This week’s stat
That’s the revised number of Nintendo players affected by a major privacy breach – updated after the company discovered another 140,000 to add to their initial estimate of 160,000. Read more at CNET.
Honda halts production due to cyber incident
Honda suspended some of its production operations in Ohio this week, claiming it had been targeted by a cyberattack. While the company has not confirmed the type of attack, NBC News reported that researchers suspect ransomware due to the discovery of Snake Ransomware samples customized to lock up Honda servers. Further indication that ransomware may be the cause is the fact that Honda says they discovered the attack on Sunday – ransomware actors tend to strike on weekends when they know there are fewer security personnel on duty.
Will privacy “nutrition” labels catch on?
At the IEEE symposium last month, researchers from Carnegie Mellon presented a novel idea to the industry – a security and privacy label for hardware and software products. The label is meant to provide consumers with key facts about the product in the same way a nutrition label informs consumers about food products. Info on security updates, tech support, data collection, third-party sharing, and more are included on the proposed labels. The researchers say the label idea has generated interest in the private sector and in Congress, but they need a manufacturer to pilot the program in order for it to really take off. More on this at Wired.
This week’s ‘must-read’ on The Avast Blog
Wondering what new tricks scammers have up their sleeves? Learn more about scammers using SEO to lure victims into giving up their personal information or financial information.
Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN. Get advertisers off your back and disguise your online identity for greater privacy with Avast AntiTrack.
*** This is a Security Bloggers Network syndicated blog from Blog | Avast EN authored by Avast Blog. Read the original post at: https://blog.avast.com/phishing-attack-targets-coronavirus-task-force-avast