At a glance.
- Problems with browser bars.
- Results of a survey on password practices are discouraging.
- Australian gas company compromised.
- Effects of the Blackbaud ransomware incident continue to spread.
- Darkside says they're Robin Hood.
Is your browser bar lying to you?
When the average mobile user goes to a website, if the URL displayed in the browser bar is correct and sports a padlock icon, they feel they’re on a legitimate, secure site. However, that’s not always the case. TechCrunch reports, Cybersecurity researcher Rafay Bloch has uncovered browser bar spoofing bugs -- vulnerabilities that make it easier for attackers to mimic legitimate URLs -- in many leading mobile browsers including Apple’s Safari, Opera, and Yandex, despite anti-phishing protections. In the brief moment between the time the victim clicks on a malicious link and when the malicious site is loaded, the bug allows for code hidden on a fake site to swap the malicious address with a legitimate one. Though the researchers have reached out to the browser makers to inform them of the bug, only Apple, Yandex, and Opera have implemented or plan to implement patches.
Passwords are only as safe as we make them.
Your account password is often the first safeguard against a data breach, but if the recent survey conducted by PasswordManager.com is any indication, many American users don’t do all they can to protect it. They resist using password managers, and they reuse passwords across multiple accounts. It should be common knowledge that using a variation of the same password across multiple websites is a security risk, and though 85% of those surveyed were aware of this, 25% admitted to falling into this bad habit. Despite the fact that six out of ten people have suffered a security breach, perhaps the reason many choose not to create unique passwords is because they don’t want to use a password manager to keep track of them all. Nearly 65% of those surveyed said they don’t feel password managers are safe: 34% are concerned the manager itself could get hacked, and 30.5% don’t feel password management companies can be trusted with their info. Almost half of those surveyed said nothing could convince them to use a password manager.
Australian gas company compromised.
Kleenheat energy company discovered during a recent security check that their systems had suffered a data breach in 2014, ZDNet reports. The Australian company stated that the breach occurred in a third-party system, not from within the company itself, and that the data compromised was limited to customer contact information, leaving more sensitive information like dates of birth and payment credentials unaffected. The impacted individuals and the Office of the Australian Information Commissioner have been notified.
Yet another Blackbaud victim.
US healthcare foundation AdventHealth Hendersonville is the latest addition to the long list of victims in the Blackbaud data breach that occurred this past summer, WLOS reports. While no medical records or financial data was leaked, donor information might have been compromised. Hopes that the effects of the Blackbaud breach might be contained have faded, and customers are increasingly disclosing compromise.
Ransomware gangs do disingenuous PR, too. (In fact, all their PR is disingenuous.)
Darkside, the ransomware gang that came to prominence in August as a "big-game hunter" that went after deep-pocketed corporations, has apparently donated some of its proceeds to two charities, Children International and the Water Project, each of which ZDNet says have received $10,000 in Bitcoin. This isn't unknown in the history of organized crime, from the Yakuza to the Chicago Outfit to the Gulf Cartel, so let's hold off before we elevate Darkside to the status of a modern Robin Hood.
Comment from the security industry has been as skeptical as we are. Katie Nickels, director of intelligence at Red Canary, emailed us to say, “This latest 'donation' effort by ransomware operators is just an attempt to improve their image publicly," she wrote. "When the pandemic first started, we saw ransomware operators claim that they wouldn't target hospitals - yet we know many of them have. If ransomware operators truly cared about making the world a better place, they would stop ransoming victims, not make donations.”
Javvad Malik, Security Awareness Advocate at KnowBe4 points out that this sort of thing is a problem for the recipients of the donations as well. "It's strange to see charities receiving such acts of philanthropy through stolen money and it can pose quite the dilemma to organizations receiving the funds. However, one should not look past the fact that the money was obtained illegally through criminal actions - and therefore, no amount of charitable contributions can erase that. Whenever an organization is extorted via ransomware or other means, that money impacts actual individuals. Many people have lost their jobs over the years, there have been organizations that have ceased to exist, and there has even been some talk recently of the role ransomware had to play in the unfortunate death of a patient transported to a different hospital. Criminals need to understand that there is a very real impact of their actions, and simply giving an amount to charity cannot make up for that."
And we also heard from Chris Clements, VP of Solutions Architecture at Cerberus Sentinel, who believes we should be troubled by the amount of money the gangs are taking in. "The most troubling realization here is that the cyber criminals have made so much money through extortion that donating twenty thousand dollars is chump change to them," he wrote. "Altruism isn’t a common trait in criminal extortion gangs, so it’s difficult to take their motivations at their word. It’s tempting to speculate on other reasons this might have happened, including being targeted themselves by rival cybercrime organizations or compromised by a state intelligence agency. Without outside verification, it’s very likely we’ll never really know the true reasons."