Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Be Cyber Secure on Amazon Prime Day
Amazon Prime Day hits Canada July 11-12: make sure that you are taking all precautions to be cyber safe. Some key best practices:
- Ensure that your Amazon password is “long and strong,” and not used for any other services or apps. If your password is ever compromised, hackers will attempt to pivot to use that password to try to break into other sites you may use.
- Review the instructions for setting up two-step authentication (2FA) on your Amazon Canada account.
- Avoid using public Wi-Fi when handling personal or sensitive information like online purchases.
- If you’re using a mobile device, consider using the Amazon app instead of using a browser for added security.
- If you receive an email or SMS that contains spelling mistakes or tries to scare you into immediate action, remain calm: chances are that this is a phishing attempt.
- Exercise healthy skepticism if you receive any emails that purport to come from Amazon about account updates, balance problems, or delivery issues. Carefully inspect the sender’s email address and any links in the message; better yet, log into your Amazon account separately and check your order status there.
- Report any site that seems fraudulent, and use the “suspected phishing” or “flag as spam” buttons in your mail client if you receive an attempted phishing attack. Your vigilance might help others.
Amazon Canada also has additional resources and examples of current phishing scams.
Report: Hackers are preparing for Amazon Prime Day
In a July 5 report, researchers from Check Point outline some of the preparations that hackers are making in an attempt to exploit Amazon Prime Day in Canada. According to the report:
- Phishing campaigns related to Amazon Prime increased dramatically in June, 16 times higher than in May.
- Almost 1,500 new domains related to the term “Amazon” were registered in June 2023, 92% of which were found to be either malicious or suspicious.
- One out of every 68 new domains related to “Amazon” was also related to “Amazon Prime”. About 93% of those domains were found to be malicious or suspicious.
The report provides a number of examples of known Amazon phishing campaigns, and practical tips administrators can use to help their teams identify and avoid fraud due to email and SMS phishing.
Report: Insights from a Trustwave honeypot test
A new report from Trustwave provides interesting insights from a six-month “honeypot” test (“honeypots” are systems or resources deliberately left lightly defined in order to attract the attention of hackers for the purpose of analyzing their techniques, tactics, and procedures (TTPs)).
The test involved collecting “vast amounts of data from over 38,000 unique IPs” and inspecting “more than 1,100 unique payloads served during exploitation attempts.”
The researchers found that nearly one fifth of the total recorded web traffic was malicious, and that botnets were responsible for over 95% of that malicious traffic. The researchers found that the primary objective of most attacks was “to upload a web shell, enabling attackers to carry out further actions against the potential victims.”
The report provides a summary of the most highly-targeted vulnerabilities, along with IOCs and helpful technical information for security teams to evaluate and strengthen their defences.
Ten privacy takeaways on the first anniversary of the Tim Hortons ruling
In a June 29 blog post entitled “One year later: 10 takeaways for businesses from the Tim Hortons investigation,” the Office of the Privacy Commissioner of Canada (OPC) published a helpful list of 10 tips to help businesses improve their data privacy practices.
In a high-profile investigation that concluded in June 2022, the OPC found that the restaurant chain had not followed best practices in a number of key areas of data privacy. The list of “10 takeaways” focuses on three key areas: appropriate purposes of data collection, consent for data collection, and setting future expectations for the handling of data collected.
Canadian and U.S. agencies issue advisories regarding Netwrix software
According to parallel July 6 alerts issued by the CCCS and CISA, there has been a marked increase newly-identified Truebot malware variants exploiting a vulnerability in Netwrix Auditor software – a vulnerability that was actually patched months ago. The recent infections have reportedly enabled some threat actors to gain access to computer networks and steal sensitive data for financial gain from organizations in Canada and the U.S.
Netwrix also issued a statement in the wake of the security advisories. In it, Gerrit Lansing, Chief Security Officer at Netwrix, reminded users that “the vulnerability may permit an attacker to execute arbitrary code on a Netwrix Auditor system that is exposed to the internet, contrary to deployment best practices. In turn, an attacker will be able to run enumeration attacks and conduct privilege escalation attempts in an infiltrated network. Both activities – enumeration and privilege escalation – are at the core of any cyber attack.”
The company encourages “all Netwrix Auditor customers to upgrade to version 10.5.10977.0 and to ensure that no Netwrix Auditor systems are exposed to the internet.”
The vulnerability itself is actually more than a year old. Netwrix issued a security advisory and patch for the CVE-2022-31199 in June 2022, followed up by supplementary patches and guidance in October and December 2022. According to Netwrix, more than 7,000 organizations use Netwrix Auditor software, including clients from the insurance, financial, healthcare, and legal sectors.
UW report casts doubt on security of voice authentication
In a June 27 media release entitled “How secure are voice authentication systems really?,” researchers at the University of Waterloo (UW) challenged the efficacy of voice authentication systems after their testing revealed that “attackers can break voice authentication with up to 99 per cent success within six tries.”
According to the release, “In a recent test against Amazon Connect’s voice authentication system, they achieved a 10 per cent success rate in one four-second attack, with this rate rising to over 40 per cent in less than thirty seconds. With some of the less sophisticated voice authentication systems they targeted, they achieved a 99 per cent success rate after six attempts.”
“Our results call into question the security of modern VA systems and urge users to rethink their trust in them, in light of the real threat of attackers bypassing these measures to gain access to their most valuable resources.”
The full report, authored by Andre Kassis and Urs Hengartner from UW, is available online.
