ALVARO'S CYBER SECURITY COLUMN - INFORMATION THEFT, THE ORDER OF THE DAY
Written on 06/10/2022

INFORMATION THEFT, THE ORDER OF THE DAY

Data is the oil of our century, not only for large corporations, but also for criminals, and if access to this data requires stealing credentials, then criminals will try by all means. 

Threats use emails to spread, and certain types of templates that have been tried and tested to trick users.  Numerous campaigns aimed at Spanish users and companies have used hooks such as alleged invoices, purchase orders or budgets pending approval.

Emails have also been detected pretending to be delivery companies to infect the victim's system and steal the credentials stored in everyday applications such as email clients, internet browsers or FTP clients, to give a few examples. This is a fairly common modus operandi when we talk about threats such as Agent Tesla or Formbook, but we cannot forget that banking Trojans originating in Latin America such as Mekotio are still very present in our country.

As if that were not enough, the impersonation of recognized companies and brands is still frequently used to obtain the data of private users and subscribe them to expensive services.  September has been the month in which false surveys have been observed using the names of Decathlon and Heineken and that promised succulent prizes in exchange for paying a small amount for shipping costs.

Two of the most prominent examples were Uber and Rockstar, which made headlines in the middle of the month after being attacked by what was supposed to be a member of the Lapsus$ group, which had already been arrested by the British authorities.

Vulnerabilities in Apple and Microsoft systems

As usual, new security holes are discovered every month in all kinds of applications and operating systems. September has been no exception, although some of the vulnerabilities discovered may have a significant impact in the coming weeks and months if they are not fixed quickly.

Microsoft reported a vulnerability in MS Teams related to the fact that the application stores, without proper protection, authentication tokens in plain text.  In this way, an attacker could use these authentication tokens to log into the victim's account, even if they have multi-factor authentication (MFA) enabled. Also, since the attacker does not need elevated permissions to read these files, it can be exploited in any attack where they have gained physical or remote access to the system.  If using teams, try and delete confidential messages after sending them.

All news