Get trending information on exploits, and vulnerabilities every week to help your organisation to be better equipped to avoid being victim of cybercrimes. Anglo African brings you the weekly cyber-attack news wrap-up and remedy tips to support your business to defend against hackers.
A new active Angler phishing social media scam campaign has been identified by security researchers, which is targeting all major UK banks and their customers. The scam campaign involves hackers creating fake Twitter accounts, posing as customer support staff, in efforts to hoodwink customers into divulging credentials.
Paypal has patched a boneheaded two factor authentication breach that allowed attackers to switch off the critical account control in minutes by changing a zero to a one. British MWR InfoSecurity consultant Henry Hoggart (@_mobisek) discovered and quietly reported the flaw to the payment giant. Attackers with username and passwords in hand need only mess with post requests changing securityquestion0 to securityquestion1 for two factor authentication to be bypassed.
Netskope Threat Research Labs published a report digging into the CloudFanta malware campaign, which is suspected to have stolen more than 26,000 email credentials since it began operation in July 2016. CloudFanta leverages the Sugarsync cloud storage app to distribute malware capable of stealing user credentials and observing online banking activity to obtain users’ information.
Corero Network Security has disclosed a new DDoS attack vector observed for the first time against its customers last week. The technique is an amplification attack, which utilizes the Lightweight Directory Access Protocol (LDAP): one of the most widely used protocols for accessing username and password information in databases like Active Directory, which is integrated in most online servers.
What to do if you are a victim of a cyber attack
Over the past two decades, the Internet has evolved from something of a novelty to a tool most of us heavily rely upon every single day. The Internet has completely changed the way we do things, from how we work to how we communicate, socialise, shop and learn. When we think about how much we depend on the Internet in our daily lives, it’s hard to imagine life without it.
If you are a victim of an attack, here are the steps you can take in response to the incident.
- Crimeware
Disconnect- If you’re a victim of a crimeware attack you should disconnect from the Internet immediately. If you’re connected via Wi-Fi, phone or Ethernet cable, you need to disable the connection as soon as possible to prevent data being transmitted to the criminal. Breaking your network connection is the best way to put an immediate stop to the attack.
- Scan your PC
It’s good practice to have antivirus software, such as Norton™ AntiVirus or Norton™ Internet Security, installed and up-to-date in case this kind of incident occurs. Antivirus and antispyware software are the best tools to protect against crimeware.
As well as being able to detect crimeware threats from your PC, which might otherwise go unnoticed, antivirus and antispyware programs can often remove the threats as well.
In some instances, the software may detect the crimeware but might not be able to remove it. In this case, you can consult Symantec’s removal tool listings to see if there’s a separate tool which can be downloaded to remove the threat.
- Create a backup
It’s good practice to create regular backups of your files and folders. While the aim of crimeware is largely to steal information or data, there’s a good chance that files may be lost or destroyed during the recovery process.
You can make backups by using backup software, using another hard drive or removable media such as a CD, DVD or flash drive.
- Reinstall your operating system
Depending on the severity of the attack, it might be necessary to reinstall the operating system of your computer. Some threats are very sophisticated and can hide deep in the system using rootkit techniques, meaning they’ll go unnoticed by antivirus software.
- Close all accounts
If you find that you are the victim of online fraud or identity theft, the first thing you should do is close all affected accounts immediately. If you work quickly, you should be able to close accounts before the thief has time to access them.
- Set up fraud alerts
Set up a fraud alert with the three national consumer reporting agencies (Equifax, Experian and TransUnion). Contacting just one of these companies will set up the alert for all three. The fraud alert will tell creditors to contact you directly before making any changes to existing accounts or allowing you (or someone using your identity) to open up new ones.
- Keep an eye on your credit reports
Keep an eye on your credit reports from each of these agencies as the information in the reports might differ somewhat. It might take some time for fraudulent activity to appear on your reports, which is why some agencies offer all-in-one reports or just-in-time alerting services for an additional fee.
In some cases, it might be worth considering one of these quick turn-around reports, depending on the level of threat and the potential impact.
- Look for signs of identity theft
It’s a good idea to be extra vigilant following an incident of identity theft. Look out for things arriving in the post such as credit cards you haven’t applied for, or anything else that seems suspicious. You should also make sure that you’re receiving all your utility and other bills that are sent to your home address. In some circumstances, you might be contacted by vendors regarding accounts you haven’t opened or debt collectors may contact you regarding purchases made by someone else.
- Taking precautions
Security risks online are common and can cause massive amounts of damage when an attack takes place. While we can’t control the actions of cybercriminals, we can take the necessary steps to protect ourselves and minimise the risk of becoming a victim of cybercrime by installing good Internet security software, backing up our data and being vigilant.
