Christmas Fraud or How to Defend Your Money and Business During Sales Time and After

Black Friday is behind with all new online sales and cybercrime records (thanks to COVID-19). The Christmas time has come and new sales seasons are to come so there is no good time to forget about cybersecurity risks of every holiday season. Below are some recommendations from Trilight experts.

If you are a buyer, think twice before trusting e-mails and websites during your deals. While millions of buyers go to online shops for pleasant emotions hackers search for confidential personal and financial data.

A popular fraud scheme is based on phishing letters are messages faking well known online brands and online sellers. Take some simple proactive steps to avoid a catch like this:

1. Before trusting the email which you seem to have received from your favourite retail brands or online platforms, make sure you've read its contents attentively. Unusual grammatical or spelling mistakes make a first hint. A good example here are numerous phishing sites gone online during recent Amazon sales on Prime Day. Study sender's email to find more proofs to your suspicions.

2. Do not succumb to temptation of downloading special holiday seasonal subscription or promo codes from suspicious letter. And, of course, never follow the links from such messages. Fraud phishing messages might contain malware or links to wrong URL-addresses which will download to your device zero day malwares or extortion software putting financial and private data at serious risk.

3. If you are not sure about specific messages, try to correlate link in email address with the target link address by pointing to it. If they lead to different addresses, you may inform your Internet access or security service provider of this email to put an end to spreading potential vulnerability among online buyers.

4. And last but not least. Be careful entering URL-addresses manually. One error and you get to erroneous domain with misprint (similar, yet fake URL-address is often a phishing site). To avoid such risks, think about password manager. They are not only a good line of defense from weak passwords, but they also will not be fooled by malicious URL-addresses often overlooked by human eye prone to errors.For sellers: keep your security systems active, duly protected and compatible with PCI DSS.

As we mentioned above not only buyers can become victims of cybercrimes. Below are the action points for sellers to increase their cybercrime resilience.

1. Start with the security training to introduce latest phishing attacks to your team, including data types hunted for by cybercriminals, as well as cunning fraud emails. Give your team a simple way to inform your cybersecurity personnel of such suspicious emails or similar activities.

2. If you plan to keep your physical shops running, make sure all operating systems used at your points of sale have latest security updates. Consider additional security measures such as effective defense against malwares, NGFW, server protection and encryption to protect critically important systems of your retail network. Network segmentation will also help create limited and isolated zones managed with more refined access control.

3. If your retail business uses cloud applications and you have an extended multisite network of branches, franchise and delivery partners then zero trust philosophy becomes critically important. Basic principle is to trust nothing and check everything. It will help establish reliable access to distributed retail network with higher privacy of card holders.

4. Go through mandatory audit to make sure your existing cybersecurity system meets PCI DSS recommendations.

If your retail business does not have sufficient internal experience with cybersecurity or your IT team is not big enough then it is a good reason to engage a cybersecurity partner which will establish continuous monitoring and protection of your retail network, online system etc. from suspicious activities.

Microsoft says it identified 40+ victims of the SolarWinds hack

The Security Magazine reports on notorious SolarWinds disaster.

Microsoft said it identified more than 40 of its customers that installed trojanized versions of the SolarWinds Orion platform and where hackers escalated intrusions with additional, second-stage payloads.

The OS maker said it was able to discover these intrusions using data collected by Microsoft Defender antivirus product, a free antivirus product built into all Windows installations.

Read more on the Security Magazine

Phishing campaign spoofs Microsoft domain. Is lack of DMARC enforcement to blame?

SCMagazine reported on phishing campaign involving Microsoft domain.

An email security company says its researchers observed a spear phishing campaign that exactly spoofed a Microsoft email domain to trick Office 365 users. This suggests Microsoft's servers were not enforcing protective DMARC authentication protocols when communications were received and perhaps still are not.

The campaign, according to a blog post published by the company Ironscales, uses a lure that suggests the recipient has important email messages that have been quarantined, and must click a link to salvage them. The phishing email reportedly alludes to a hosted email security feature that Microsoft introduced last September as a way to salvage emails that are wrongly labeled as spam, or phishes by the company's Exchange Online Protection filtering service.

Read further on the SCMagazine

TrickBot Malware Gets UEFI/BIOS Bootkit Feature to Remain Undetected

The Hacker News reports on the features of TrickBot, one of the most notorious and adaptable malware botnets in the world.

The new functionality, dubbed "TrickBoot" by Advanced Intelligence (AdvIntel) and Eclypsium, makes use of readily available tools to check devices for well-known vulnerabilities that can allow attackers to inject malicious code in the UEFI/BIOS firmware of a device, granting the attackers an effective mechanism of persistent malware storage.

"This marks a significant step in the evolution of TrickBot as UEFI level implants are the deepest, most powerful, and stealthy form of bootkits," the researchers said.

Read further on The Hacker News