Cyber Security Today, August 26, 2022 – Protect your Active Directory servers, huge text phishing scam discovered and more
Protect your Active Directory servers, huge text phishing scam found and more.
Welcome to Cyber Security Today. Today is Friday, August 26, 2022. I’m Howard Solomon, contributing cybersecurity reporter for ITWorldCanada.com.
Microsoft urges Windows administrators to limit and tighten access to Active Directory servers. This comes after discovering that the Russian-based threat group Nobelium is able to penetrate systems and bypass multi-factor authentication. If attackers manage to gain administrative privileges on an Active Directory Federated Services server, they deploy a new tool called MagicWeb. They do this by replacing a legitimate DLL file with one of their own. The tool then allows manipulation of authentication tokens generated by Active Directory, allowing hackers to log in as any user and bypass multi-factor authentication. Administrative access to domain controllers and crucial servers like Active Directory has long been the goal of every hacker. Microsoft says these should be isolated, accessible only by dedicated administrator accounts, and regularly monitored for any changes. It is also necessary to keep servers patched with the latest security updates and to take steps to prevent lateral movement of an attacker.
Recently discovered The SMS phishing attacks against Twilio and Cloudflare employees are part of a massive campaign of smartphone attacks. Nearly 10,000 people across 130 organizations have fallen for the scam to steal their credentials, according to Group-IB researchers. Most of them were in the United States. Three targeted companies were in Canada. Most organizations use Okta’s identity and access management solution. Victims received text messages containing links to fake websites that mimicked their organization’s Okta authentication page. When they logged in, the hackers got their usernames and passwords. It remains unclear how the attackers obtained a list of targets and their cell phone numbers. There seem to be two lessons to be learned from this: first, employees need to be repeatedly warned about the dangers of logging into sites from links in text messages and emails. And the second companies that use multi-factor SMS authentication are taking a big risk.
Here is a similar recent scam, discovered by email security provider Trustifi. This involved creating a fake website that mirrored the login page of an anonymous global voice and email service provider. Employees of one of this provider’s customers received an email message asking them to log in and confirm their credentials. Over 200 usernames and passwords were captured in the scam. In an interview, Zack Schwartz, VP of Business Development at Trustifi, told me that email security solutions that analyze the context of attachments and links are critical for defense. IT administrators should also follow proper email hygiene procedures to prevent their email systems from being used by hackers to send poisonous messages. This means using DKIM, DMARC, and SPF authorization and authentication protocols on domains to prevent spoofing.
The kids are going back to schooll in a few days. Parents who want to talk to their kids about cyber hygiene can now take advantage of a website set up by Trend Micro for tips on how to have an ongoing conversation about safety. And young people can learn a few things online by going to the Cyber Academy for interactive lessons.
That’s all for this morning. But later today, the Week in Review edition will come out. This week’s guest commentator will be David Shipley of Beauceron Security, who will talk about trends in cyber insurance and whether the cyber security programs of critical infrastructure providers like pipelines should be heavily regulated.
Remember that links to podcast story details are in the text version on ITWorldCanada.com.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.