Weekly Security Roundup with Clinton Pownall

By Clinton Pownall
 President & CEO
 Computer Business

Beware of Unsolicited Job Offers—Might be a Golden Chicken. CSO Online reports on criminal groups using LinkedIn profiles to offer people jobs identical to or similar to their current positions. The job offers ask you to click on a zip file to learn more. Don’t do it. As the zip file opens, it unleashes malicious code that creates a back door to your computer that is sold to others for access. Healthcare workers and those working in the banking sector are among those being targeted, but it could happen to anyone.

Should You Smile as You Pay? That might  become a common question if this headline from ZDNet proves true: “Billions of Smartphone Owners Will Soon be Authorizing Payments Using Facial Recognition.” The article reads: “In addition to facial features, Juniper Research’s analysts predict that a host of biometrics will be used to authenticate mobile payments, including fingerprint, iris and voice recognition. Biometric capabilities will reach 95% of smartphones globally by 2025, according to the researchers; by that time, users’ biological characteristics will be authenticating over $3 trillion-worth of payment transactions—up from $404 billion in 2020.” Researchers say that biometrics are required to stem the fraud currently occurring in the growing area of mobile payments.

“Dutch Supermarkets Run Out of Cheese After Ransomware Attack.” That’s a recent headline in a Bleeping Computer article about a ransomware attack against conditioned warehousing and transportation provider Bakker Logistiek, and the resultant empty cheese shelves in many Dutch supermarkets. The attack provides yet another glimpse into the chaos that comes when bad actors disrupt supply chains. Bakker Logistiek Director Toon Verhoeven describes the difficulty of even locating product within their own warehouse, let alone shipping product. He said: “We could no longer receive orders from customers. And in our warehouses, we no longer knew where products were. These are very large warehouses, you don’t just go looking for a pallet. We also couldn’t plan our transports anymore. We have hundreds of trucks, which was not done by hand either.” Cheese should soon be flowing. Bakker Logistiek has said that they could restore affected systems from backups and have begun coordinating with customers to begin deliveries again.

Android Play Store Hit with Phony Security Scanners Offering to “Update” Apps. We’ve mentioned several times the need to go directly to the source rather than accepting a pop-up window offering to update an app on your phone or computer. The Hacker News reports that a new set of malicious Android apps have been caught posing as app security scanners on the official Android Play Store to distribute a backdoor capable of gathering sensitive information. The article, about a report from cybersecurity firm McAfee, reads: “These malicious apps urge users to update Chrome, WhatsApp, or a PDF reader, yet instead of updating the app in question, they take full control of the device by abusing accessibility services.” Underscoring the danger of such attacks, the article notes: “By stealing the PIN, Password or Pattern, combined with the ability to record the screen, click on any button and intercept anything that is entered in an editable field, malware authors can virtually get any data they want, including banking credentials via phishing web pages or even directly from the apps themselves, while also hiding all these actions from the user.”

Biden Nominates Former NSA Officials for Top Cybersecurity Roles. President Biden has formally nominated former NSA official Jen Easterly to become director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). In addition, he reportedly plans to name former NSA deputy director Chris Inglis as the United States’ first-ever national cyber director, according to an article in Dark Reading. The article quotes Kelvin Coleman, Executive Director of the National Cyber Security Alliance, as saying: “That role at CISA is all about partnerships, not only across the United States but across the globe. You cannot have a mission of protecting the US and not have these robust partnerships.” Coleman also spoke to the need for concerted government action to protect against cybercrime, saying: “We are constantly under attack by nation states, by nation-state-sponsored organizations, and by criminal groups. The urgency to make this happen is not today, it’s not tomorrow—it’s yesterday. And [the administration] has the urgency to do this soon, and it’s coming from the top.”

Clinton A. Pownall is the President & CEO of Computer Business Consultants and has been in the IT field since 1990. Pownall served in the U.S. Navy for six years as a Weapons Systems Technician and has a Bachelor of Science in Computer Engineering. Through Computer Business, he was one of the first to pioneer VoIP technology using satellite communications. Pownall serves on several boards and committees and has a strong affiliation with various education groups, local school districts, and served in regional efforts of the Bill & Melinda Gates NextGen Foundation. He serves as a Vice President of the Board of Director for the Orlando Shakes Theater and is heavily involved in the South Lake Chamber of Commerce, West Orange Chamber of Commerce, and the Orlando Economic Partnership.