Cyber Security Today, August 26, 2022 – Protect your Active Directory servers, a huge text-based phishing scam found and more

Share post:

Protect your Active Directory servers, a huge text-based phishing scam found and more. Welcome to Cyber Security Today. It’s Friday, August 26th, 2022. I’m Howard Solomon, contributing reporter on cybersecurity for
Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts
Microsoft is urging Windows administrators to limit and tighten access to Active Directory servers. This comes after it discovered the Russian-based Nobelium threat group is able to get into systems and bypass multifactor authentication. If the attackers are able to get administrative privileges to an Active Directory Federated Services server they deploy a new tool dubbed MagicWeb. They do it by replacing a legitimate DLL file with one of their own. The tool then allows authentication tokens generated by Active Directory to be manipulated, allowing hackers to sign in as any user and get around multifactor authentication. Administrative access to domain controllers and crucial servers like Active Directory has long been a goal of any hacker. Microsoft says these have to be isolated, accessible only by dedicated admin accounts and regularly monitored for any changes. Keeping servers patched with the latest security updates and taking measures to prevent lateral movement by an attacker are also necessary. Recently discovered SMS text-based phishing attacks on employees of Twilio and Cloudflare are part of a massive smartphone attack campaign. According to researchers at Group-IB, almost 10,000 people in 130 organizations have fallen for the scam to steal their credentials. Most of them were in the United States. Three targeted firms were in Canada. Most of the organizations use Okta’s identity and access management solution. The victims received text messages with links to phony websites that mimicked the Okta authentication page of their organization. When they logged in the hackers got their usernames and passwords. It still isn’t known how the attackers got a list of targets and their mobile phone numbers. It appears there are two lessons from this: First, employees need to be repeatedly warned of the dangers of logging into sites from links in text messages and emails. And second companies that use SMS-based multifactor authentication are taking a big risk. Here’s a similar recent scam, discovered by email security vendor Trustifi. It involved the creation of a fake website that mirrored the login page of an unnamed global provider of voice and email services. Employees at one of this providers’ customers were emailed a message asking them to log in and confirm their credentials. More than 200 usernames and passwords were captured in the scam. In an interview Zack Schwartz, Trustifi’s vice-president of business development, told me email security solutions that do context analysis on attachments and links are essential for defence. IT administrators also need to follow proper email hygiene procedures to eliminate their email systems from being used by hackers to send poisoned messages. That means using the DKIM, DMARC and SPF authorization and authentication protocols on domains to prevent spoofing. Kids will be going back to school in a few days. Parents who want to talk to their children about cyber hygiene now can take advantage of a website set up by Trend Micro to get advice on how to have an ongoing conversation about security. And youngsters can learn a few things online by going to the Cyber Academy for interactive lessons. That’s it for this morning. But later today the Week in Review edition will be out. this week’s guest commentator will be David Shipley of Beauceron Security, who will talk about cyber insurance trends and whether cybersecurity programs of critical infrastructure providers like pipelines should be heavily regulated. Remember links to details about podcast stories are in the text version at Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. The post Cyber Security Today, August 26, 2022 – Protect your Active Directory servers, a huge text-based phishing scam found and more first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Cyber Security Today, June 21, 2024 – US to ban Kaspersky for businesses, consumers

U.S. to ban the sale of Kaspersky products to consumers and businesses. Welcome to Cyber Security Today. It's Friday...

Why Jensen Huang in the Taylor Swift of tech. Hashtag Trending for Friday, June 21, 2024

Hashtag Trending is brought you with the generous sponsorship of Zoho Canada. We thank them for making it...

Biden administration to ban US sales of Kaspersky software over ties to Russia

The Biden administration is set to announce a ban on the sale of Kaspersky Lab's antivirus software in...

Security bug may allow anyone to spoof Microsoft employee emails

A security researcher claims to have discovered a bug that enables anyone to impersonate Microsoft corporate email accounts,...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways