Weekly Security Roundup with Clinton Pownall

By Clinton Pownall
 President & CEO
 Computer Business

“Three Billion Spoofed Emails Sent Each Day.” That’s the headline in a recent BetaNews article about adoption of authentication technology aimed at curbing email spoofing: The Domain-based Message Authentication, Reporting, and Conformance (DMARC). The story covers a study from Valimail that found that email remains a favorite attack route, implicated in over 90 percent of all cyberattacks with the pandemic providing a new focus. BetaNews notes “The report shows the US federal government leading with DMARC usage, with 74 percent of domains protected, while global media companies and US healthcare companies have the lowest rates of DMARC deployment and protection.”

“Instagram Scams and How to Avoid Them.” For all you Instagram users out there—and for everyone who has kids—Naked Security carries an excellent article on how to identify and avoid the rapidly growing realm of Instagram scams. The story reads: “But Instagram is not all happy videos and photos, showing off your new outfit, or boasting where you’re out eating dinner with your friend. Unfortunately, the popularity of the platform makes it an ideal place for cybercriminals to operate large-scale scams.” The COVID-19 pandemic boosted the problem, with Instagram fraud reports up by 50% since the beginning of the outbreak. The top scams reported are: 1) Phishing scams, 2) Fake influencer sponsors, 3) Romance scams, 4) Giveaway scams, 5) Loan scams, 6) Fake investment scams, 7) Job scams, and 8) credit card fraud. Makes for good reading, as we all need to stay current on how scamsters are trying to cheat us all.

Beware of Phishing Scams as We Head Back to Work. Each day more people in the U.S. are getting vaccinated against the COVID-19 virus, which is great news. As we begin to see light at the end of what has been a very long tunnel, more workplaces have begun to—or are preparing to—bring people back to the office. Unfortunately, but not surprisingly, hackers and scammers are using the opportunity to launch new forms of phishing attacks. Phishing, the term given to fake emails sent to trick people into clicking on a link or going to a URL to trigger download of malicious code, is often carefully engineered to appear real and reasonable. Help Net Security carries an article “Phishers’ perfect targets: Employees getting back to the office,” which warns against fake emails from HR, fake employee  surveys asking about returning to work, phony sites to click on for COVID-19 information . . . the list goes on and on. The article warns: “The emails will contain design elements related to the company (logos, etc.). Links will point to credential harvesting or malware-serving sites on a hijacked domain, and will look like they point to legitimate tools (e.g., Google, Basecamp, SharePoint, etc.). Phishers will try to create a sense of urgency, obligation, and even threaten employees with sanctions to get them to follow the links.”

UK Armed Forces Going Robotic. Sometimes I take a look at other forms of security—as in national—so it was interesting (in a kind of science fiction way) to see a recent story from the Associated Press that reports: “Britain plans to cut the size of its army and boost spending on drones, robots and a new ‘cyber force’ under defense plans announced by the government on Monday.” The story, which was reprinted in Security Week, reports that Britain is the second-biggest military spender in NATO, after the United States, but that the British Army would shrink from 76,500 soldiers to 72,500 by 2025 and that it “hadn’t been at its ‘established strength’ of 82,500 for several years.” UK Prime Minister Boris Johnson is quoted as saying that going high-tech would give the military “the kit now that they will need to make themselves all the more useful, all the more, I’m afraid, lethal, and effective around the world.”

Microsoft Exchange Server Attacks: “They’re Being Hacked Faster than We Can Count.” For a couple of weeks, I’ve been noting a story that will likely be with us for a painful while. Last week the compromised servers were referred to a “A Ticking Time Bomb.” This week ZDNet carries a report from researchers at security company F-Secure that unpatched Exchange Servers are being attacked on a massive scale. “Tens of thousands of servers have been hacked around the world. They’re being hacked faster than we can count. Globally, this is a disaster in the making,” said Antti Laatikainen, senior security consultant at F-Secure. The article notes: “Even if organizations have already applied the relevant security updates, there’s no guarantee they were not compromised by malicious hackers before the patches were applied—so it’s important to analyze the network to examine if it has already been accessed by cyber criminals.”

Clinton A. Pownall is the President & CEO of Computer Business Consultants and has been in the IT field since 1990. Pownall served in the U.S. Navy for six years as a Weapons Systems Technician and has a Bachelor of Science in Computer Engineering. Through Computer Business, he was one of the first to pioneer VoIP technology using satellite communications. Pownall serves on several boards and committees and has a strong affiliation with various education groups, local school districts, and served in regional efforts of the Bill & Melinda Gates NextGen Foundation. He serves as a Vice President of the Board of Director for the Orlando Shakes Theater and is heavily involved in the South Lake Chamber of Commerce, West Orange Chamber of Commerce, and the Orlando Economic Partnership.