Feb 22 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that delivers more value than a Costco member’s card.
Today’s hottest cyber security stories:
‘User error’ left an exposed U.S. Department of Defense server spilling secrets (potentially) for two weeks before a good Samaritan gave the Pentagon a nudge and they… Well, added a password to the offending cloud email server. “You had one job” springs to mind.
We like to celebrate what the cybersphere calls ‘good-faith security researchers’ here at Gone Phishing. So, let’s hear it for Anurag Sen, who’s made a habit of detecting these sorts of oversights and doing the honourable thing before the pesky scammers happen across them and deploy their dreaded ransomware.
Drop and give me 20!
Our guess is that someone is firmly in the doghouse following this rather embarrassing bit of friendly fire. I mean, it’s one thing when a business drops the ball in this manner, but when we’re talking about sensitive data pertaining to matters of national security, it’s a wee bit more hair-raising.
‘Sensitive’, not ‘classified’
Let’s cut them a little bit of slack though, as the exposed data was merely ‘sensitive’ and not ‘classified’. So, don’t worry, Kim Jong Un hasn’t got his chubby mitts on the nuclear launch codes just yet. Rest easy, America.
Still, the server was packed with internal military email messages, dating back years, some of which contained sensitive personnel information. Not ideal.
So, what’s the takeaway from this story? Well, when it comes to cybersecurity: a good place to start is ensuring your servers are password-protected. Even ‘password123’ is better than nothing at all, folks. Indeed, all you’d have needed to hack this server is an internet connection and the IP address. Whoops a daisy!
Coinbase fell victim to a targeted phishing attack on its employees who were urged by SMS to log into their company accounts to read an important message. Doing so required their credentials and the rest, well, you can pretty much guess.
Funnily enough, however, this has arguably ended up being good PR for Coinbase, the popular US-based cryptocurrency exchange. How so?
Well, although one of its employees was admittedly a bit thick and clicked through to the fake login page and entered their details, this allowed for a real-world test of Coinbase’s cybersecurity. And it didn’t disappoint.
Coinbase – 6, Hackers – Nil
Coinbase said: “What happened next was that the attacker […] made repeated attempts to gain remote access to Coinbase.”
These attempts to log in to the systems using the captured credentials proved to be unsuccessful owing to the multi-factor authentication protections that were enabled for the account. Coinbase FTW.
This will no-doubt reassure the 110 million verified Coinbase users, who collectively store a mind-boggling $21.3 billion on the exchange.
Coinbase was alerted within the first 10 minutes of the attack and once its incident responders reached out to the victim to inquire about the suspicious activity from their account, the person unhooked themselves, so to speak, and severed contact with the adversary.
Today was a good day for cybersecurity, friends!
Samsung is singing a new song when it comes to protecting its users from malware attacks. It just announced a new feature called Message Guard which it claims will pre-emptively secure users’ devices by “limiting exposure to invisible threats disguised as image attachments”. Clever stuff.
Zero-click attacks are highly targeted and sophisticated attacks that exploit previously unknown flaws in software to trigger execution of malicious code without requiring any user interaction. Hence the ‘zero clicks’ part.
Another good Sam(sung)aritan
Thank God Samsung appear to be ahead on the game on this because the idea of phishing attacks that don’t even require a ‘bite’, if you catch our drift, are a gamechanger for scam artists and an absolute nightmare for the rest of us.
Samsung’s Message Guard works against lots of image formats, including PNG, JPG/JPEG, GIF, ICO, WEBP, BMP, and WBMP, and essentially acts as a sandbox that’s designed to quarantine images received via the app from the rest of the operating system.
To be fair, Apple launched a similar “optional protection” setting (dubbed Lockdown Mode) last year which allegedly helps safeguard iPhones, iPads, and Macs against “extremely rare and highly sophisticated cyberattacks.”
So, stick that in your pipe and smoke it, scammers! Peace out.
So long and thanks for reading all the phish!