Cybersecurity Newsletter - Issue 20
Keeping an eye on cyber news and threats
Hi all, this week's edition contains information about a QuickBooks phishing campaign that's delivering malware, some patches to fix security flaws in macOS and Nvidia graphics cards, and a virus spreading via text message to Android phones.
New QuickBooks phishing campaign is infecting users with malware
A new phishing campaign has been identified by Bitdefender Antispam Lab that is sending QuickBooks users fake invoices via email, which is infecting them with the Dridex banking Trojan.
It appears the majority of the spoofed emails are originating from Italian IP addresses, but the emails have been seen in countries all over the world.
The email header has been spoofed to look like a genuine QuickBooks email (email@example.com) and the subject lines are being varied to avoid detections, such as ‘Invoice XXXXX’, ‘Payment Notification – Invoice XXXXX’ or ‘Reminder: Invoice XXXX’. The emails look convincing too, and the message body is being tailored to appear more genuine.
The Trojan being used, Dridex, has been around for some time and is primarily used to steal banking credentials and other sensitive information to make fraudulent transactions, but it has also been tailored recently to deliver ransomware. It usually masquerades as a Word or Excel file.
Users of the accounting software should exercise extreme caution, if you receive emails for invoices or payments you not expecting it’s highly likely to be spam; log into your account directly to confirm if the activity exists or not.
Accountants should also be aware of the ongoing campaign and warn their clients if they use QuickBooks.
Apple patch zero-day vulnerability that allows bypassing of anti-malware security
Apple has released a patch for a severe bug in macOS that can allow viruses to bypass the anti-malware defences, which has already been exploited by a variant of the Shlayer adware.
macOS users should update to the latest version as soon as possible to protect themselves from malware that would take advantage of this loophole.
Android malware Flubot spreading via courier SMS messages
Android users are being targeted by text messages containing links to a spyware virus known as Flubot. The messages look like notifications from parcel couriers informing you of a missed delivery or that your parcel is on its way.
The links direct you to a website that downloads the virus which then starts to gather information and give itself permissions, it will then start sending text messages to numbers in your contact list to further spread the virus.
I actually received a couple of these myself recently, the images below are screenshots of the text messages I received.
As you can see, they haven’t done a great job of disguising the links so it’s pretty obvious that they aren’t legitimate courier websites such as DHL as these claim to be.
High-severity security flaws reported in Nvidia graphics drivers
Nvidia has reported some security vulnerabilities in the graphics processing unit (GPU) display drivers, which could allow privilege escalation, arbitrary code execution (remotely exploiting computer code) and denial of service.
They have released patches for these bugs, so if you have Nvidia graphics cards, I suggest downloading the latest updates from their website.
If you would like technical details such as the nature of the vulnerabilities and their associated CVE’s, you can read about it here.
Tip of the week – Classify and encrypt your documents
This week I’d like to talk about an important feature of Microsoft Office – document classification. This tip is particularly pertinent for business and their employees, as it is a fantastic way to protect sensitive data in emails and documents.
Microsoft’s Office 365 now gives IT admins the ability to create classifications that can be added to documents and emails that determine how they should be handled if they hold sensitive information, and encrypt them if necessary, so that only the intended recipient or certain people can view the contents. We call this protecting the data at its source.
It also protects sensitive company data should a hacker gain access to the system, as they still won’t be able to view the contents of encrypted documents, unless of course, they have managed to log in as a user with explicit access.
Encrypting them in this way also means that if documents are sent outside of the organisation, to a client, for example, the document will remain secure and encrypted and visible only to those who have been granted access. The encryption is embedded in the file, so even if it is copied or forwarded, the data remains safe. You can also impose restrictions such as not allowing the document to be copied or printed.
That’s all for now, see you next week.