Canadian SMBs facing increasing fraud losses, Google offers AI enabled security to businesses of all sizes, a new infostealer malware affects Google Chrome users and critical vulnerabilities in fuel storage technology is danger in the physical world.
This is Cyber Security Today. I’m your host, Jim Love.
Canadian small and medium-sized businesses are facing an increasing threat from fraud, according to a new report.
The study reveals that half of business owners experienced attempted or successful fraud in the past year. The transportation sector was hit hardest, with 61% reporting fraud attempts, followed by finance, insurance, real estate, and leasing at 59%.
Email scams and phishing were the most common attack methods, reported by 85% of businesses. However, fraudulent payments and chargebacks posed the greatest risk, with almost 20 percent of businesses falling victim.
The financial impact is significant. Among businesses that experienced fraud, 36% suffered losses within the past year, with an average cost of $7,800. But the consequences go beyond money. Three-quarters of affected businesses reported wasted time dealing with fraud, and half noted negative emotional impacts.
In response, businesses are taking action. Half have implemented stricter payment verification processes, while over a third have increased cybersecurity investments.
Despite these efforts, concerns remain high. Four in five businesses report feeling more worried about fraud than ever before. And there’s a new concern on the horizon – 90% of business owners fear artificial intelligence could lead to more sophisticated fraud attempts.
For IT professionals and business leaders, these findings underscore the need for continued vigilance. As the threat landscape evolves, particularly with concerns about AI-driven fraud, it’s essential to stay ahead of emerging risks.
There’s a link to the full study in the show notes.
Sources include: Canadian Federation of Independent Business fraud report
Headline: Google Enhances Gmail Security with AI-Powered Tools for Businesses of All Sizes
Google has announced significant security improvements for Gmail, leveraging its Gemini AI technology to protect users across organizations of all sizes. The new “security advisor” tool, set to roll out in the coming weeks, aims to bring enterprise-grade protection to smaller businesses using paid Google Workspace accounts.
The security advisor will provide tailored intelligence and actionable guidance directly to IT administrators’ inboxes, helping them defend against evolving cyber threats. Key features include a security sandbox that scans email attachments in a virtual environment and enhanced safe browsing capabilities to detect malicious content before delivery.
This move builds upon Google’s existing AI-powered anti-spam and malware filtering, which the company claims has led to “one of the most dramatic security improvements in Gmail’s 20-year history.” The AI model, trained on various email abuse patterns, can review 1000 times more user-reported spam daily, significantly enhancing threat detection capabilities.
While this could apply to organizations of any size, this may be very attractive to smaller organizations who would gain access to advanced security features previously available only to large enterprises, potentially levelling the playing field in email protection.
Businesses using Google Workspace should prepare to integrate these new tools into their security strategies, while those considering a switch to Google’s ecosystem may find this enhanced security offering compelling.
Sources include: Forbes article by Davey Winder, Google announcements.
Infostealer Malware Developers Claim to Bypass Chrome’s New Cookie Protection Feature
Several infostealer malware developers have reportedly found ways to circumvent Google Chrome’s recently introduced App-Bound Encryption feature, designed to protect sensitive data like cookies and stored passwords. This development poses a significant threat to user privacy and security across millions of Chrome installations.
App-Bound Encryption, introduced in Chrome 127, uses a Windows service with system privileges to encrypt cookies and passwords. However, researchers g0njxa and RussianPanda9xx have observed multiple infostealer tools, including MeduzaStealer, Whitesnake, and Lumma Stealer, claiming to have implemented working bypasses.
G0njxa confirmed that the latest variant of Lumma Stealer can successfully bypass the encryption feature in Chrome 129, the most recent version. This bypass appears to work without requiring administrative privileges, simplifying deployment and potentially increasing infection rates.
For IT professionals and business leaders, this situation highlights the ongoing cat-and-mouse game between security measures and malware developers. It underscores the need for multi-layered security approaches, regular software updates, and user education about phishing and malware threats.
Organizations should closely monitor this development, ensure their security tools are up-to-date, and consider additional measures to protect sensitive browser data, especially in corporate environments where infostealers could compromise valuable information.
Sources include: BleepingComputer article by Bill Toulas, statements from security researchers g0njxa and RussianPanda9xx.
We are aware of the disruption that this new defense has caused to the infostealer landscape and, as we stated in the blog, we expect this protection to cause a shift in attacker behavior to more observables technique such as injection or memory scraping. This matches the new behavior we have seen.
We continue to work with OS and AV vendors to try and more reliably detect these new types of attacks, as well as continuing to iterate on hardening defenses to improve protection against infostealers for our users. – A Google spokesperson
Sources include: Bleeping Computer
Headline: Critical Vulnerabilities in Fuel Storage Tank Systems Expose Thousands to Cyberattacks
Cybersecurity researchers have uncovered ten severe software bugs in Automatic Tank Gauge (ATG) systems used to monitor fuel levels in storage tanks across critical infrastructure facilities. These vulnerabilities potentially expose thousands of devices to cyberattacks, with the United States facing the highest risk.
The flaws, discovered by Bitsight and reported to the US Cybersecurity and Infrastructure Security Agency (CISA), affect products from major vendors including Dover Fueling Solutions, OPW Fuel Management Systems, Franklin Fueling Systems, and OMNTEC. Seven of the ten vulnerabilities are rated critical, allowing attackers to gain full administrator privileges over the affected devices.
Despite a six-month coordination effort between CISA, Bitsight, and vendors, an estimated 1,200 to 1,500 devices remain vulnerable. The bugs could enable remote attackers to cause physical damage, such as tank overflows or disabling critical alarms, posing significant environmental and safety risks.
Pedro Umbelino, Bitsight’s principal research scientist told The Register that : It’s an exploit that moves something, so you have an impact on the physical world,”, Specifically, vulnerable ATGs can be abused to cause real-world, physical, and environmental damage, and Bitsight has seen these vulnerable products in use at gas stations, airports, government systems, manufacturers, and utility companies, he added.
This situation highlights the urgent need to conduct thorough audits of industrial control systems for potential vulnerabilities and if possible, update affected systems to the latest patched versions where available.
And regardless of whether these vulnerabilities affect your organisation it is a reminder to develop and maintain robust incident response plans for potential breaches in critical industrial control systems. There are potential real-world consequences of cybersecurity vulnerabilities in critical infrastructure and it is being attacked more and more frequently.
https://www.cisa.gov/news-events/alerts/2024/09/24/cisa-releases-eight-industrial-control-systems-advisories
Sources include: The Register article by Jessica Lyons, CISA advisories, Bitsight research findings.
That’s our show for today. There are links from some of the stories at our news site technewsday.com I’m your host Jim Love, Thanks for listening.