Gmail users phished by ‘Online Reward Program’ scam.

May 03 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s under siege like Buckingham Palace.

Today’s hottest cyber security stories:

  • Don’t take the bait! Gmail users phished by ‘Online Reward Program’ scam
  • Five year old flaw in TBK DVR devices remains unpatched, is actively being exploited
  • Bitmarck plundered by unidentified cyber-pirates

EPIC GFAIL

“Congratulations! You are a lucky Google user!” Don’t be fooled, folks. This is what’s been greeting Gmail users in their inboxes recently, appearing as an email with the tantalising subject line: ‘Online Reward Program’.

As tempting a proposition as the above is, whatever you do, don’t click! Because if you do, you’ll find yourself in a world of malware-infused hurt.

Indeed, if you have a gmail account, please heed Google’s warning which reads, in part: “It’s possible that the pop-up may also ask you to enter your email or other personal information.

“Google does not offer spontaneous prizes in this format and you will not win a prize by completing the survey or entering your personal information. Close out of the pop-up window and do not enter your personal information.”

The line ‘Google does not offer spontaneous prizes’ made us chuckle and it’s rather amusing they were forced to clarify this. That alone is a win for the scammers, in our book, wretched nuisances though they are.

Not to make light of this latest phishing attempt, but the idea of the 1,000,000th customer being rewarded is rather quaint and dare we say passé in 2023. It reminds us of a supermarket giveaway from an American movie or TV show. “You’re a WINNER!” That sort of thing.

Not one of the most sophisticated phishing attempts though note-worthy thanks to its scale. It’s estimated that millions worldwide have received one of these emails. And for some, the urge to click will be simply too overwhelming to resist.

So, what exactly happens if, against better judgement, you do click through?

Well, this button will whisk you away, not to the holiday destination of your dreams but instead to a shady site that aims to steal your personal and financial information. Charming.

Don’t worry though, our friends at Google have provided us with a few tips to help us stay safe on the interweb.

Slow it down – Scams are often designed to create a sense of urgency. Take time to ask questions and think it through.

Spot check – Do your research to double-check the details you are getting. Does what they’re telling you make sense?

Stop! Don’t send – No reputable person or agency will ever demand payment or your personal information on the spot.

Thanks guys! 🤓

NO PATCH OF THE DAY?

This one’s a wee bit embarrassing to be perfectly honest.

So, threat actors (cyber villains!) are actively exploiting an unpatched five-year-old flaw impacting TBK digital video recording (DVR) devices, according to an advisory issued by Fortinet FortiGuard Labs.

The vulnerability in question is CVE-2018-9995 (CVSS score: 9.8), a critical authentication bypass issue that could be exploited by remote actors to gain elevated permissions. Huh? Dw it’s just bad and is long overdue a patch. Okay 👍

“The 5-year-old vulnerability (CVE-2018-9995) is due to an error when handling a maliciously crafted HTTP cookie,” Fortinet said in an outbreak alert on May 1, 2023.

“A remote attacker may be able to exploit this flaw to bypass authentication and obtain administrative privileges eventually leading to access to camera video feeds.”

Did you say FIVE-YEAR-OLD?! Yep, we’re afraid so. Time to pull your fingers out, lads. Smh.

The network security company said it observed over 50,000 😳 attempts to exploit TBK DVR devices using the flaw in the month of April 2023. Despite the availability of a proof-of-concept (PoC) exploit, there are no fixes that address the vulnerability.

The flaw impacts TBK DVR4104 and DVR4216 product lines, which are also rebranded and sold using the names CeNova, DVR Login, HVR Login, MDVR Login, Night OWL, Novo, QSee, Pulnix, Securus, and XVR 5 in 1.

We’re not angry, we’re just disappointed.

BITMARCKS THE SPOT 🏴‍☠️

German IT service provider Bitmarck has confirmed that it’s bringing all of its customer and internal systems offline. That’s right, it’s a SYSTEM DOWN. Everybody hit the deck!

Why, you ask? Well, it’s all because of another ruthless cyber-attack that was perpetrated on the tech giant and discovered over the weekend.

But don’t worry, folks, Bitmarck is on top of things (or so they say!) They’ve got early warning systems and a security protocol in place, so they were able to take down the systems in a controlled manner.

Phew, crisis averted! Maybe. In case you were wondering, Bitmarck wants you to know that they don’t think your precious customer data was impacted. Hmm, how reassuring 😬

The problem with that, of course, is that according to Coalfire vice president, Andrew Barratt (and many others), signs of data theft are often challenging to determine, especially in the immediate aftermath of an attack.

This attack has some of the hallmarks of a dreaded ransomware attack, wherein users are either locked out or data is stolen and the cybercriminals demand a ransom of cryptocurrency to put things right.

Watch this space for updates, true believers.

So long and thanks for reading all the phish!

Recent articles