Spoofing emails: The trickery costing businesses billions

The email came in like any other, from the company chief executive to his finance officer.

“Hey, the deal is done. Please wire $8m to this account to finalise the acquisition ASAP. Needs to be done before the end of the day. Thanks.”

The employee thought nothing of it and sent the funds over, ticking it off his list of jobs before heading home.

But alarm bells started to ring when the company that was being acquired called to ask why it had not received the money.

An investigation began – $8m was most definitely sent, but where to?

We will never know.

Some of the money was clawed back by the banks, but most was lost to hackers who may have cashed out using an elaborate money-laundering network or simply moved on to the next victim.

Meanwhile, the finance officer is left feeling terrible and the company is left scratching its head.

After all, the email had come ostensibly from the boss’s address and his account had not been hacked.

It was left to cyber-security experts to break the bad news to the firm: emails are not to be trusted.

CEO Fraud

This is a real-life example of a cyber-attack known as Business Email Compromise, or CEO Fraud.

The attacks are relatively low-tech and rely more on social engineering and trickery than traditional hacking.

Cyber-criminals simply spoof the email address of a company executive and send a convincing request to an unsuspecting employee.

The message looks just as though it has come from the boss – but it has been sent by an imposter.

There is usually a sense of urgency to the order, and the employee simply does as they are told – maybe sending vast amounts of money to criminals by mistake.

These scams are on the rise and according to the FBI in the US, they have resulted in worldwide losses of at least $26bn (£21bn) since 2016.

Earlier this month, 281 suspected hackers were arrested in 10 different countries as part of a massive takedown operation of global cyber-crime networks based on the scams.

Ryan Kalember, executive vice-president of cyber-security strategy at Proofpoint, said: “Business Email Compromise (BEC) is the most expensive problem in all of cyber-security. There is not a single other form of cyber-crime that has the same degree of scope in terms of money lost.”

Proofpoint was appointed to deal with the CEO Fraud incident described in this article.

Mr Kalember and his team have seen the tactics evolve during the past year and have some interesting observations and warnings for potential victims.

Non-executive targets

The traditional targets for BEC attack are the “C-suite” figures of major companies, such as chief executive officers or chief finance officers.

But recently, criminals have been going for lower-hanging fruit.

“The ‘very attacked people’ we now see are actually rarely VIPs. Victims tend to have readily searchable emails or easily guessable shared addresses.

“VIPs, as a rule, tend to be less exposed as organisations are generally doing a fairly good job of protecting VIP email addresses now,” Mr Kalember added.

The trend has also been noticed by cyber-security company Cofense.

In some cases, employees’ emails are spoofed and the attacker asks the human-resources departments to send a victim’s wages to a new bank account.

“A smaller but much wider reward system will be a deliberate attempt to fly below the radar to target financial processes that are likely to have weaker controls, yet still produce attractive returns,” said Dave Mount, from Cofense.

Monday warning

Another method being seen more regularly is scam emails sent on Monday morning.

According to Proofpoint, more than 30% of BEC emails are delivered on Mondays as hackers try to capitalise on weekend backlogs.

They hope “social jetlag” will mean employees are more easily fooled by fake emails and other social-engineering tricks.

“Attackers know how people and offices work. They depend on people making mistakes and have a lot of experience with what works. This is not a technical vulnerability, it’s about human error,” said Mr Kalember.

Fake Forward

Fake email threads are part of another technique that has evolved.

Attackers start the subject lines of their emails with “Re:” or “Fwd:” to make it look like their message is part of a previous conversation.

In some cases, they even include a bogus email history to establish apparent legitimacy.

According to researchers, fraud attempts that use this technique have increased by more than 50% year-over-year.

Mr Kalember says all these trends follow a predictable pattern based on our own behaviour.

“One of the reasons why this is a particularly difficult problem to stamp out is that it relies on the systemic risk of all of us trusting email as a means of communication,” he said.

Unfortunately for businesses and unwitting employees, BEC is unlikely to go away.

Email spoofing is technically very simple, and free-to-use online services offer a low barrier to entry.

But there are lots of things companies and employees can do – including being vigilant and aware of the attacks.

Companies could insist on so-called two-factor verification before a payment is sent.

All of this, of course, relies on people taking a step back from what is often strived for in the workplace – speed and efficiency.

Action Fraud and the UK’s National Fraud Intelligence Bureau (FNIB) operate a 24/7 hotline on 0300 123 2040 for businesses to report live cyber-attacks.

Go to Source

Unpatchable iOS flaw used to jailbreak older iPhones

A security researcher has released a new jailbreak which impacts all of Apple’s mobile devices released between 2011 and 2017 including iPhone models from the 4S up to the iPhone 8 and even the iPhone X.

However, this jailbreak differs from those released in the past because it utilizes a new unpatchable exploit called Checkm8 that exploits vulnerabilities in Apple’s Bootrom (secure boot ROM) to give iOS users full control over their devices.

The Checkm8 vulnerability was published by a security researcher called AxiomX who explained to ZDNet that he had worked on the jailbreak all year. 

AxiomX said on Twitter that Checkm8 is “a permanent unpatchable bootrom exploit” which means this jailbreak is far more extensive and efficient than those previously released for Apple’s iPhone.

Bootrom jailbreak

In addition to being quite rare, bootrom jailbreaks are also permanent and can’t be fixed with a patch. To fix a Bootrom vulnerability permanently would require a silicon revision and even a company as large as Apple would not want to issue a mass recall for iPhones just to modify device chipsets.

This means that the Checkm8 jailbreak is permanent and will work in perpetuity on the devices that have installed it. The last time a Bootrom-based jailbreak was released was back in 2009 and many believed that Apple had managed to secure its boot-up process and make these types of jailbreaks impossible since that time.

AxiomX’s jailbreak is currently available on GitHub as a beta release though technical skills are required to install it as it has the potential to easily brick devices.

While a jailbreak of this kind could be used to install unofficial apps on iPhones, the Checkm8 vulnerability could also be exploited by hackers to root devices but this would require physical access to a device.

Via ZDNet

Go to Source

The refined Samsung Galaxy Fold is officially available in the US

After delaying its April launch date due to serious reliability concerns, the refined Samsung Galaxy Fold is back and finally, finally up for sale in the US.

The much-publicized problems centered around the folding display, which had malfunctioned when press peeled the protective plastic off the screens of their review units. Some screens simply stopped syncing on their own. 

In any case, the new versions have added a protective plastic lip around the edges of the screen (to keep anyone from removing the plastic cover) and heavily refined the hinge. To be safe, there are copious warnings for new buyers, especially for the plastic folding center screen, which is more fragile than typical glass screens. 

Press are already seeing new broken pixel issues crop up, from TechCrunch to JerryRigEverything – though the latter found the hinge to be far more durable than expected.

You can pick up a brand-new Galaxy Fold for $1,980 (£1,800 / €2,000), though certain carriers are also selling it for $66/month for 30-month contracts. Yes, that’s twice the price of the flagship Apple iPhone 11 Pro and even Samsung Galaxy Note 10 – but at least the company is packing a pair of Samsung Galaxy Buds in the box for good measure.

  • Foldables? In this economy? Here’s a list of all the foldable phones we know about

Go to Source

Windows malware turns PCs into zombies

A new malware campaign responsible for infecting thousands of Windows PCs worldwide has been discovered by Microsoft.

The Microsoft Defender ATP Research Team found the malware, dubbed Nodersok, and explained in a blog post that it is distributed through malicious adverts which force a Windows system to download HTZ files that are used in HTML apps.

Once a user finds and clicks on the HTZ files on their system, this starts a process that opens Powershell scripts, Excel and JavaScript to download and install the Nodersok malware.

According to Microsoft, the malware is fileless and utilizes living-off-the-land binaries (LOLBins) to tap into exiting tools and functionalities in a Windows System. Nodersok then downloads legitimate modules such as Windivert.dll/sys and Node.exe from the Node.JS framework to carry out its work. However, malicious files and executables are never written to an infected machine’s disk.

Nodersok malware

After a system has been fully infected, Nodersok can then turn it into a zombie-like proxy machine used to launch other cyberattacks and even create a relay server that can give hackers access to command and control servers as well as other compromised devices. This helps hackers hide their activity from security researchers looking for suspicious behavior.

In addition to Microsoft, Cisco’s security division Talos also discovered the malware and named it Divergent. Security researchers at the company found that the infected machines were being used to commit click fraud on targeted corporate networks.

In its blog post, Microsoft researchers explained how they discovered the Nodersok malware campaign, saying:

“The campaign is particularly interesting not only because it employs advanced fileless techniques, but also because it relies on an elusive network infrastructure that causes the attack to fly under the radar. We uncovered this campaign in mid-July, when suspicious patterns in the anomalous usage of MSHTA.exe emerged from Microsoft Defender ATP telemetry.”

For those concerned about their systems being infected by Nodersok, Microsoft has updated its free antivirus software Microsoft Defender to detect the malware.

Via The Inquirer

Go to Source

The best Samsung watch: our top choices for Tizen smartwatches in 2019

Samsung is one of the very best smartwatch makers on the planet competing against the greatest devices on the market including the Apple Watch 4 and Fitbit Versa.

The company has been making smartwatches since 2013 when it introduced the square-faced and (by today’s standard) woefully lacking Samsung Galaxy Gear. We’ve seen various iterations of its wristwear over those last five years, and the company has since come into its own with its latest few wearables.

Below we’re going to talk you through the very best Samsung smartwatches that you can buy right now, which includes the likes of the Samsung Galaxy Watch, Galaxy Watch Active and the Gear series from a couple of years ago.

We’ll also mention the Samsung fitness trackers the company has created. Note that they’re all ranked in terms of functionality, so we take into account what you can do with each watch, its design, the price and much more when curating this ranking.

You should also note that we have yet to properly try the recently announced Galaxy Fit series of activity bands. We expect those wearables to feature in this list in the coming months.

Image 1 of 5

Image credit: TechRadar

Image credit: TechRadar

Image 2 of 5

Image credit: Samsung

Image credit: Samsung

Image 3 of 5

Image credit: Samsung

Image credit: Samsung

Image 4 of 5

Image credit: TechRadar

Image credit: TechRadar

Image 5 of 5

Image credit: TechRadar

Image credit: TechRadar

1. Samsung Galaxy Watch

The sporty Samsung watch gains some style

OS: Tizen OS | Compatibility: Android, iOS | Display: 1.2″ or 1.3″ 360 x 360 Super AMOLED | Processor: Dual-core 1.15GHz | Band sizes: 22mm or 20mm | Onboard storage: 4GB | Battery duration: 4 days on 46mm / less on 42mm | Charging method: Wireless | IP rating: 50m | Connectivity: Wi-Fi, Bluetooth

Fitbit price cut: deals on the Fitbit Versa, Charge 3, Alta HR and more

If you’re looking to score an affordable smartwatch deal before Black Friday, then you’ve come to the right place. We’ve collected the best Fitbit deals from Walmart and Amazon that are happening right now. You find discounts on popular models that include the Fitbit Alta HR, Charge 3, and Ionic smartwatch. Thanks to the recent release of the Versa 2, you can also now find the best-selling the Fitbit Versa on sale at Walmart for $169. That’s a $30 discount and the best price we’ve found for the activity tracker.

The Fitbit Versa is loaded with fitness-focused features while also keeping you connected. The Versa tracks all-day activity, distance, calories burned, and offers 24/7 heart rate monitoring. The smartwatch even offers personalized workouts with on-screen coaching that will give you real-time stats conveniently on your wrist. You’ll be able to enjoy your favorite music on the Versa with 300+ songs that you can store, or connect to Bluetooth headphones so you can listen to music wire-free. The Versa provides an impressive four-day battery life and keeps you connected with ability to receive notifications, make calls, send messages, and more.

The Fitbit Versa 2 currently retails for $199, which is $30 more than the original Versa smartwatch. The Versa 2 has a slightly bigger screen size and battery life, so if these features don’t matter to you, then you should snag the Versa smartwatch on sale while you can.

Fitbit deals: 

You can find more Fitbit Versa offers with the best Fitbit Versa prices and sales that are currently available.

You can also learn more about the above activity trackers by checking out our Fitbit Versa 2 review,  Fitbit Alta HR review, and Fitbit Charge 3 review.

Go to Source

Google Chrome, Firefox and Cloudflare add HTTP/3 protection

Cloudflare, Google Chrome and Mozilla Firefox have all added support for the next major iteration of the HTTP protocol, HTTP/3.

Cloudflare announced that beginning today, customers will be able to turn on HTTP/3 support for their domains by enabling an option in their dashboards. Now when users visit a Cloudflare-hosted website using an HTTP/3-capable client, the connection will be automatically upgraded to the new protocol.

When it comes to browsers, the experimental version of Google Chrome, Chrome Canary added support for HTTP/3 earlier this month though to enable it, users will have to use a Chrome command-line flag. Mozilla also announced that it would roll out support the new protocol in an upcoming Firefox Nightly version later this fall.

While neither Chrome Canary or Firefox Nightly are intended for average users, both of these experimental releases can be utilized by experienced users that want to test out HTTP/3 for themselves.

HTTP/3

HTTP/3 is the next major version of the HTTP protocol which allows content to move from servers to clients. HTTP/3 differs from previous versions of HTTP because it uses the QUIC protocol instead of TCP and also includes built-in TLS support for encryption.

To create the QUIC protocol, Google engineers combined the reliability of TCP with the speed of UDP to create an entirely new protocol. QUIC stands for Quick UDP Internet Connections and the protocol takes the best features of TCP and UDP to build an even faster layer 4 transport protocol.

However, the big news here is that Cloudflare is making HTTP/3 generally available to its customers. The content delivery network (CDN) is a huge force on the web and is used to power around 10 percent of all internet sites.

By rolling out HTTP/3 support to all of its customers, Cloudflare is helping the new protocol gain adoption faster.

Via ZDNet

Go to Source