ISA is committed to keeping the security community up to date with the latest cybersecurity news.
New Instagram Phishing Scam Targets Users’ Personal Information
Instagrammers are reminded to be on the alert for a phishing scam aimed at users of the popular social media site. According to a report by Trend Micro, a recent campaign has been targeting hundreds of celebrities, startup business owners, and other entities with large followings on Instagram.
Messages are being sent from within the Instagram platform, pretending to come from the Instagram Help Centre, and claiming that the user’s account may be deleted because of a supposed copyright violation complaint filed against the account owner. The messages contain a link that purportedly connects users to an appeal process, but actually re-directs users to a fake site. “Opening the link leads to a page where the user will be requested to provide their username. As of writing, the form has no data validation, meaning that any input — even a non-existent account or no input at all — would be accepted,” according to the report posted on August 28. The bogus form encourages the user to enter their name, password, email address, and email password; upon entering this personal information and clicking “Continue”, the user is directed back to a legitimate Instagram login page. “If the user was already logged in to the social media site before tapping the said button, the form then redirects to their homepage [giving] the illusion that the form they filled out is officially connected to Instagram,” continued the report.
This kind of “scare tactic” phishing scam provides an opportunity to review tips for protecting oneself. Always be cautious and skeptical of unexpected emails, especially those containing a login link or attachment. Be on the lookout for obvious grammatical errors or style/tone that differs from the usual correspondence from the service. Double check the domain of the email sender, and of any links in the received email. Better yet, if you are unsure whether an email is genuine, contact the service through a completely independent method (for example, open a new browser window and connect directly to the service’s home/contact page, or contact the service by an independently validated telephone number).
Ongoing cyber attacks on New Zealand Stock Exchange
The New Zealand Stock Exchange (NZX) started this week as it ended last week: under assault by a distributed denial of service (DDoS) attack. Throughout the week of August 24, the exchange suspended trading at various times because investors were unable to see current corporate announcements and updates. The day’s trading on August 28 was delayed by three hours due to the attacks; another outage on August 31 took down the NZX website again, but trading has continued despite the system problems.
“NZX has been advised by independent cyber specialists that the attacks last week are among the largest, most well-resourced and sophisticated they have ever seen in New Zealand,” said Mark Peterson, CEO at NZX since January 2017.
The source and motivation of the attacks remain unconfirmed. “We can see the internet traffic was coming through the global gateway, therefore we know it originated offshore, but it’s near impossible to identify where it originated from,” according to Spark, New Zealand’s largest Internet Service Provider (ISP). Tech magazine ZDNet, however, has reported that the attacks are part of an even larger extortion campaign on a number of financial service companies, including Paypal, Braintree, and MoneyGram. In an effort to stem the attacks on its services, NZX has switched its ISP from Spark to Akamai in the United States.
Alert Employee Prevents Ransomware Attack at Tesla
According to a report by The New York Times and a complaint filed with the United States District Court (Nevada), a conspirator attempted to convince a Tesla employee to install malware at one of the electric vehicle manufacturer’s plants. The attempted attack fell through, however, when the employee reported the situation to his supervisors. The employee agreed to pretend to continue discussions regarding the extortion when, all the while, representatives from Tesla and the FBI were monitoring the plan as it unfolded.
The scheme, hatched in mid-July, continued through until late August when the authorities swept in to arrest the suspected mastermind of the attack. A reported $1 million (USD) was offered to the employee to act as an insider and allow the installation of the malware at Tesla’s 1.9 million-square-foot battery construction facility in Sparks, Nevada, just east of Reno.
Too often we have reported bad news regarding ransomware attacks, compromised systems, and site outages. It is refreshing to have a good news item, thanks to the honesty and alertness of the Tesla employee.
Virtual Cybersecurity Conference Resources
As September arrives, cybersecurity conference season is gearing up. With the ongoing pandemic, most events are virtual, but there’s a lot of interesting content available for those interested in seeing the latest thought and innovation in the industry. Many of the events are free or available for a modest enrolment fee, and most offer access to the recorded presentations even after the conference has concluded. Here’s a guide to a few popular ways to source conferences in your area:
+ Infosec Conferences provides an extensive listing of conferences, sortable by category or area of specialization.
+ Eventbrite offers a listing of local conferences and training opportunities. Granular filtering for category, location, price, and keyword is available. Eventbrite coordinates all types of conferences, not just tech or cybersecurity.
+ 10times is a more recent aggregator of conferences and events, and they offer the opportunity for email alerts when new conferences are added. In addition, they provide a networking aspect, showing you others in your field that may be interested in attending selected events.
+ Data Connectors bill themselves as North America’s largest cybersecurity community. They feature a listing of upcoming conferences and newsworthy events throughout the continent.
+ The SANS Institute has a tremendous amount of reference material and resources, including a section listing free training and upcoming events.
Finally, Google Search is an effective way to generate a list of upcoming conferences and symposia. For example, simply type “cybersecurity events Ottawa” and (after a few ads), Google will generate a sorted and linked calendar listing of activities scheduled in Canada’s capital region. Try it on your local city.
Have a favourite event aggregator or one-stop registration site that we haven’t included? Contact us to share your insights.