Criminals spread malware using website contact forms with Google URLs

 Criminals spread malware using website contact forms with Google URLs

Crooks are using social engineering to exploit workers' efforts to do their jobs.

If you are using a contact form on your company website please be aware that criminals are now using website contact forms to spread an info-stealing Trojan called IcedID.  The ploy the crooks are using is to include legitimate Google URLs, and then requiring users to supply their Google username and password.

IcedID is a banking trojan and information stealer and can be used as an entry point for subsequent attacks, such as manually operated ransomware for high-value targets. Human-operated ransomware attacks are increasingly common and require the attacker to sit at the keyboard and orchestrate the attack, in contrast to an automated attack.

In recent weeks, one of my clients experienced a rise in spam and phishing emails from their WordPress based website.  They implemented a CAPTCHA challenge to thwart the phishing and scam emails, however this new threat has the ability to bypass the CAPTCHA protection.

Microsoft considered the threat serious enough to report the attacks to Google's security teams to warn them that cyber criminals are using legitimate Google URLs to deliver malware. The Google URLs are useful to the attackers because they will bypass email security filters. The attackers appear to have also bypassed CAPTCHA challenges that are used to test whether the contact submission is from a human. 

The crooks are using social engineering to exploit workers' efforts to do their jobs, using language that applies pressure on the employee to respond.

One trick used is to falsely claim that the website is using copyrighted images.  We have already experienced this at one client.

This is an old ploy however with a new twist.  The email contains a link to a sites.google.com page.  If the link is followed a ZIP file containing a JavaScript file will automatically download and it in turn downloads the IcedID malware as a .DAT file.  A remote control component Cobalt Strike is installed as well which allows the attacker to control the device over the internet.

To read the full article at ZDNet click on the following link;

Criminals spread malware using website contact forms with Google URLs | ZDNet

Facebook Data Breach exposes 533 million users data on Dark Web, Elon Musk's StarLink satellite internet coming soon to an area near you.

Facebook data on 533 million users posted online

Data of 533 million Facebook users including phone numbers, Facebook IDs, full names, birth dates and other information have been posted online.

Of the 533 million users whose data was leaked, 32.3 million US users and 11.5 million in the UK are affected.

The data was posted on a Dark Web site for free.  User information posted included; 

"The information that was exposed includes profile information, Facebook identification numbers, emails, location data and more, according to a report in The Record, which is published by cyber-threat intelligence firm Recorded Future."

Facebook has reported that the information collected was done in 2019 and they have since found and patched the issue.  However as reported on ZDNet news, how many users have changed their associated email and phone numbers since 2019?... not many.  Fortunately, SSNs are not required on Facebook and credit card info is hopefully outdated by now.

This "regurgitation" of an old, massive hack shows how vulnerable data can be once it's stolen.

On the Dark Web there is a massive market for buying and selling personal information  You can expect this data to be used in future phishing and hack attacks.

For more info read;

https://www.zdnet.com/article/facebook-data-on-533-million-users-posted-online/?ftag=TRE-03-10aaa6b&bhid=2219791&mid=13323985&cid=716603217

https://www.thestreet.com/latest-news/facebook-data-for-half-billion-users-emerge-on-dark-web

How to Check if Your Phone Number Is in the Huge Facebook Data Leak

https://gizmodo.com/how-to-check-if-your-phone-number-is-in-the-huge-facebo-1846617849

Starlink - Internet alternative

The Starlink satellite communications network moves closer to being a viable alternative as an internet provider replacement with each launch of SpaceX.  On each SpaceX mission, up to 60 satellites are being launched.  Starlink currently has 1321 in orbit with 12,000 more already approved and 30,000 more licenses applied for but not yet approved.

Elon Musk is accomplishing his goal at a cost much less than conventional satellites and Starlink's satellites are located in an orbit 60 times closer than conventional satellites.

I have signed up for the service which is expected to be available in mid to late 2021.  It costs an initial $99.00 and will be available on a first come, first serve basis.

When signing up I had to find my location Plus Code which was something new to me.  Plus Codes are based on latitude and longitude, and displayed as numbers and letters. With a Plus Code, people can receive deliveries, access emergency and social services, or just help other people find them.  I have included a link to find your plus code below.

To read more;

With Starlink, Elon Musk Is Once Again Showing How To Make Economies Of Scale Work (forbes.com)

https://www.upi.com/News_Photos/view/upi/9561217701bca2fdc4eb07d2bceca2f6/SpaceX-Launches-Starlink-Satellites-From-the-Cape-Canaveral-Space-Force-Station-Florida/

https://maps.google.com/pluscodes/

Starlink

Shameful Plug DForce Intel based Workstations

SSD equipped, Generation 9, 10 and 11

PDF - View or Download