January 2020 will forever go down as a tumultuous time in American history, with Donald Trump’s departure and Joe Biden becoming the USA’s 46th President. Whatever your politics, Trump was regularly mired in some kind of scandal, and was certainly not immune from salacious accusations involving porn stars and other personal peccadillos. It really should come as no surprise therefore that cybercriminals are jumping on this gossip bandwagon to try to hijack your time and your computer.
Targets are sent an email with an attachment of TRUMP_SEX_SCANDAL_VIDEO.jar, which let’s face it, sounds like something worth watching. When the victim opens the .jar (Java Archive) file, it installs the Qnode Remote Access Trojan (QRAT) onto their computer, allowing the attackers to control the victim’s machine.
If you are targeted, there is plenty here already that should inform you that this is not legitimate, not least the fact that unknown senders are delivering the damning evidence of a Trump sex scandal direct to your inbox. Not only that, but in their rush to take advantage of the Trump lollapalooza of the moment, the criminals forgot to change the subject of the standard email they usually send, leaving it as “GOOD LOAN OFFER!!”.
This is one attack you really shouldn’t be falling for.
In a salutary tale whose headline writes itself, the Get Schooled not-for-profit based in the USA was quite literally “schooled” by hackers who stole tens of thousands of school-age students’ personal details. It appears that the data was made insecure as a result of Get Schooled updating their website and failing to secure the database correctly during the process.
Many of us aren’t involved in the administration of websites and databases, so this may not seem interesting per se. However, it highlights how quickly attackers can discover errors in the way websites and, more importantly, file shares are configured. It means we all need to be careful about how we handle the data that passes in front of us, and be mindful of how we further share it or even where we save it.
Always use the file-sharing services and storage locations that your IT team have instructed you to use. Using non-authorised sites means that they may not know where the data is; and should the data be lost or stolen, the incident will be that much harder to help deal with.
In 2020, there were (according to some sources) roughly 4,000 security breaches resulting in the loss of data, and a significant number of those were down to human error.
One advantage of modern cloud computing is the flexibility it grants to organisations and their employees, giving many the ability to work from anywhere and still access all of the services required to do business. Collaboration tools are everywhere, and we can share files between ourselves at the click of a button. Unfortunately, that click of a button means that mistakes are all the easier to make.
In North America, Nissan recently announced it had lost source code and other confidential information that had been placed into a popular collaboration tool used by software developers called Github. This is an accepted practice, and ordinarily secure. But in this instance the username and password for the repository were left as the default “admin/admin”, meaning criminals were able to download all of the data before the mistake was discovered.
If you are unsure about how to share information with other people securely, always contact your IT team; the danger of doing it wrong is all too real.