Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Fake YouTube announcements
The support team at YouTube has issued an alert warning of a new scam seeking to steal user information under the guise of a “Changes in YouTube rules and policies” announcement.
The scam comes in the form of phishing emails warnings users that they must agree to the service changes described in the email announcement within seven days in order to continue using the service.
The emails appear to come from the email address “no-reply@youtube[.]com” – an authentic YouTube account – which makes the emails seem legitimate. The threat actors appear to be abusing the “Share Video by Email” feature in YouTube, which allows users to share videos via messages coming from YouTube’s email domain.
The undue urgency, awkward phrasing in the email, and the unexpected link out to Google Drive are the key red flags in this scam. Do not click on any links in these messages, and report them to your system administrator.
ISA Cybersecurity named one of Canada’s Top Small & Medium Businesses
For the second year in a row, ISA Cybersecurity has been named one of Canada’s Top Small & Medium Businesses.
The honour is a result of a national competition that identifies employers in the SMB space that foster outstanding workplace environments, forward-thinking human resources policies, and lead the industry with innovative programs that attract and retain world-class talent. The annual competition by Mediacorp Canada ranks companies in terms of performance in eight categories (1) Physical Workplace; (2) Work Atmosphere & Social; (3) Health, Financial & Family Benefits; (4) Vacation & Time Off; (5) Employee Communications; (6) Performance Management; (7) Training & Skills Development; and (8) Community Involvement. ISA Cybersecurity was recognized among the top SMBs in the 2022 survey as well.
The formal announcement in the Globe & Mail came on April 4. An interactive version of the winners’ guide is available on the Canada’s Top 100 website.
Dark web marketplace shut down by law enforcement
Good news in the fight against criminal elements on the dark web: Genesis Market, one of the leading criminal websites for selling stolen data, has been shut down.
In an April 5 press release, the RCMP announced that Canada had participated in a “global day of action against Genesis Market,” reporting that 28 police services across the country – as well as a team of international partners from 17 countries in Europe and North America – had launched a coordinated operation “resulting in domain seizures and enforcement actions against users identified across the world”.
Genesis Market was notorious not just for selling stolen data, but also as a provider of ransomware-as-a-service and other hacking tools. “Genesis Market had over 1.5 million bots and over 2 million identities listed when it was shut down, making it one of the largest online criminal facilitators,” according to the press release. Since its inception in March 2018, Genesis Market has offered access to data stolen from over 1.5 million compromised computers around the world containing over 80 million account access credentials.
In a companion press release, the European police service agency Europol reported that 119 arrests had been made. Meanwhile, the FBI’s announcement about the takedown described the scope of the illegal activities on Genesis Market: “Account access credentials advertised for sale on Genesis Market included those connected to the financial sector, critical infrastructure, and federal, state, and local government agencies. Genesis Market was also one of the most prolific initial access brokers (IABs) in the cybercrime world.” The FBI also explained that they had seized 11 domain names used by Genesis in a campaign dubbed “Operation Cookie Monster”.
This is the latest success in the continuing global battle against cyber criminals, coming on the heels of shutting down Hydra Market in April 2022, and forcing the closure of the Breached forum in March 2023 after the arrest of its founder and owner by the FBI.
Patch Alert: Veritas Backup
On April 7, the Cybersecurity & Infrastructure Security Agency (CISA) added three known vulnerabilities in Veritas Backup Exec software to its catalog of mandatory patches.
The issues were reported and resolved by Veritas in March 2021. However, research by Mandiant showed that a number of exploits of the vulnerability are currently being seen in the wild, ramping up the urgency to get the security gaps closed as soon as possible.
“Veritas urges all customers to immediately update to Backup Exec version 21.2 or later if they have not already done so,” urges the updated security bulletin by Veritas. Federal agencies in the United States have until April 28 to check if their systems are affected by the vulnerabilities and to apply the necessary updates.