Security Update: URSNIF
Just some news from the security front. The information below does not require you to take action, but is meant to serve to increase your awareness of what’s going on in the world.
This week we are seeing the spread of a new variant of URSNIF spreading through infected word documents. The document makes it look like you need to enable macro’s to be able to view it as shown below. Unsuspecting users then get infected by clicking enable content in an attempt to see what is in the document.
Hopefully you are not clicking on email attachments that you were not expecting, but you should always be careful of any document that wants you to enable content!
Last week we also saw State Farm report a credential stuffing attack. This makes use of breach data of previously known usernames and passwords to login. People most at risk are those that reuse the same password at more than one site. It is currently unclear if the hackers gained any data from this attack, but the hacker was able to gain access to some accounts. State farm said they have reset the passwords of those accounts detected and have notified affected customers. If you happen to use the same password on more than one site, especially any that contain banking info or card numbers, you should fix that, and enable 2FA everywhere that supports it.
New attacks targeting gamers as well as a zero-day vulnerability in Steam, a game delivery platform. Steam is used on multiple platforms and this vulnerability affects Windows installs. I have not seen a response from Valve (the company that runs Steam) yet.
We saw an announcement of a breach at Capital One exposing over 100 million US customer accounts/credit applications, and 6 million people in Canada. In the reports, no credit card account numbers or login credentials were compromised. Capital one also said they will contact customers affected by the breach and will make credit monitoring and identity protection available. Some of the data taken includes information on credit applications, credit scores/limits/balances/payment history, contact info, some linked bank account numbers, etc.
We saw attacks appearing to originate from Russia gaining access to networks around the world via poorly configured printers and VOIP phones. Details shared online say that the attacks were using default credentials for such devices. This is a reminder to ALWAYS change the default logins for any network connected devices.
A new ransomware called MegaCortex is seeing an uptick as a replacement for the previous dominate variant called GandCrab. The ransom demands seem to be getting larger with the dollar amounts ranging from $20k to $5.8million. There appears to be a focus on enterprise, cities and other units of government and not end users.
Director of Security Services
Mainstream Technologies Inc