{"id":35767,"date":"2023-02-20T07:51:14","date_gmt":"2023-02-20T12:51:14","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=528758"},"modified":"2023-02-21T09:23:23","modified_gmt":"2023-02-21T14:23:23","slug":"cyber-security-today-feb-20-2023-business-email-scam-group-is-broken-in-europe-godaddy-hit-again-and-more","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-feb-20-2023-business-email-scam-group-is-broken-in-europe-godaddy-hit-again-and-more\/","title":{"rendered":"Cyber Security Today, Feb. 20, 2023 \u2013 Business email scam group is broken in Europe, GoDaddy hit again and more"},"content":{"rendered":"<p data-ar-index=\"0\">A business email scam group is broken in Europe, GoDaddy\u2019s IT system hit again and more.<\/p>\n<p data-ar-index=\"1\">Welcome to Cyber Security Today. It\u2019s Monday, February 20th, 2023. I\u2019m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.<br \/>\n<iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/25980540\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\" rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p data-ar-index=\"2\"><strong>On Friday\u2019s podcast<\/strong> I reminded listeners that business email compromise scams \u2014 where a threat actor pretends to be an executive by email or phone \u2014 happen in all countries. The goal is to convince an employee to transfer money to an account controlled by a crook. After I recorded that podcast <a href=\"https:\/\/www.europol.europa.eu\/media-press\/newsroom\/news\/franco-israeli-gang-behind-eur-38-million-ceo-fraud-busted\" rel=\"noopener\">police in Europe announced<\/a> they had cracked a gang in January doing just that. The gang was made up of French and Israeli residents. In one case a suspect impersonated the CEO of a French metallurgy company and convinced an accountant to make two urgent and confidential transfers of hundreds of thousands of euros. In another case the gang pretended to be lawyers for an accounting company. They convinced the chief financial officer of a Paris real estate developer to transfer about 40 million euros. Listeners should note that to make the scams work victims didn\u2019t question large transfers of money from a superior. And they were persuaded by two demands: The transfers had to be done quickly and in confidence \u2014 two signs that should have aroused suspicion. Employees in finance departments have to regularly be warned about those signs.<\/p>\n<p data-ar-index=\"3\"><strong>Website hosting provider<\/strong> GoDaddy<a href=\"https:\/\/aboutus.godaddy.net\/newsroom\/company-news\/news-details\/2023\/Statement-on-recent-website-redirect-issues\/default.aspx\" rel=\"noopener\"> has admitted<\/a> its system was again compromised, this time late last year. In December a hacker was able to access the control panel linked to servers and install malware that redirected visitors to some of GoDaddy\u2019s customers\u2019 websites to infected sites controlled by the threat actor. Going deeper <a href=\"https:\/\/d18rn0p25nwr6d.cloudfront.net\/CIK-0001609711\/e4736ddb-b4c7-485b-a8fc-1827691692c9.pdf\" rel=\"noopener\">in a regulatory filing<\/a>, GoDaddy said it believes this is the latest in a multi-year campaign by a sophisticated threat actor group. The filing mentions several previous successful attacks. In 2021 hackers used a compromised password to access the provisioning system for GoDaddy\u2019s 1.2 million managed WordPress customers. In 2020 a threat actor compromised the hosting login credentials of approximately 28,000 hosting customers.<\/p>\n<p data-ar-index=\"4\"><strong>Last December<\/strong> I told listeners about a ransomware attack at a U.S. hospital chain called CommonSpirit Health. <a href=\"https:\/\/www.scmagazine.com\/news\/ransomware\/commonspirit-health-cyberattack-network-outage-cost-150m\" rel=\"noopener\">Last week the company said<\/a> that attack has cost the chain at least US$150 million \u2014 so far \u2014 in recovery costs. Some of that may be covered by cyberinsurance.<\/p>\n<p data-ar-index=\"5\"><strong>The public school board<\/strong> of Des Moines, Iowa <a href=\"https:\/\/www.desmoinesregister.com\/story\/news\/education\/2023\/02\/17\/des-moines-public-schools-confirms-ransomware-caused-cyberattack\/69882337007\/\" rel=\"noopener\">says those behind last month\u2019s ransomware attack<\/a> were able to copy data it holds. However, it\u2019s not saying how much data, and whether it\u2019s student, teacher or employee information. The board had to close schools for two days as staff started to restore servers. According to researchers at Emsisoft, at least nine American school districts with 242 schools have been hit by ransomware so far this year.<\/p>\n<p data-ar-index=\"6\"><strong>Attention<\/strong> network administrators using SolarWinds Platform: Due to the discovery of several vulnerabilities the company will issue a security update by the end of the month. Until then make sure the suite\u2019s website is not exposed to the public internet. If access is needed, create a strict allow list and block other traffic. Disable unnecessary ports, protocols and services on your host operating system and on applications like SQL Server. For more instructions <a href=\"https:\/\/www.solarwinds.com\/trust-center\/security-advisories\" rel=\"noopener\">see the SolarWinds Security Vulnerabilities page here.<\/a><\/p>\n<p data-ar-index=\"7\"><strong>VMware is warning<\/strong> administrators <a href=\"https:\/\/kb.vmware.com\/s\/article\/90947?lang=en_US&amp;queryTerm=90947\" rel=\"noopener\">to not install<\/a> a Windows Server 2022 update if they are also running certain earlier versions of the vSphere ESXi hypervisor with secure boot enabled. There\u2019s a conflict that prevents the operating system from booting. This involves versions 6.7 and 7.x of the hypervisor. Version 8 is not affected.<\/p>\n<p data-ar-index=\"8\"><strong>Remember<\/strong> the 2020 hacking of 130 Twitter accounts of people including Barack Obama, Joe Biden and Bill Gates? A British man arrested in Spain <a href=\"https:\/\/www.securityweek.com\/spain-orders-extradition-of-british-alleged-hacker-to-u-s\/\" rel=\"noopener\">has been ordered extradited<\/a> to <strong>the U.S. to face 14 criminal charges relating to those attacks.<\/strong><\/p>\n<p data-ar-index=\"9\"><strong>People are still hoping<\/strong> to make billions on cryptocurrency. And crooks are still trying to trick those people into downloading malware. The latest example was <a href=\"https:\/\/blog.talosintelligence.com\/new-mortalkombat-ransomware-and-laplas-clipper-malware-threats\/\" rel=\"noopener\">discovered by researchers at Cisco Systems<\/a>. Victims are being sent phishing emails pretending to be from a crypto payment site called CoinPayments. The victim is asked to click on a ZIP file that allegedly has details about a failed transaction. The file really downloads ransomware or malware. Be careful with any messages involving cryptocurrency and downloading attachments.<\/p>\n<p data-ar-index=\"10\"><strong>Finally,<\/strong> if you use the Firefox browser make sure it\u2019s running the latest version. Mozilla last week released a new version that patches 10 high-severity vulnerabilities.<\/p>\n<p data-ar-index=\"11\">Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p data-ar-index=\"12\">The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-feb-20-2023-business-email-scam-group-is-broken-in-europe-godaddy-hit-again-and-more\/528758\">Cyber Security Today, Feb. 20, 2023 \u2013 Business email scam group is broken in Europe, GoDaddy hit again and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on ransomware, a coming SolarWinds Platform update, a warning from VMware of a conflict with a WinServer updat<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-35767","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/35767","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=35767"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/35767\/revisions"}],"predecessor-version":[{"id":35807,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/35767\/revisions\/35807"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=35767"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=35767"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=35767"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}