This week’s roundup discusses the potential threats of a new video maker app, TikTok Pro, that steals your credentials, how information gets leaked on booking websites, how Pay2Key is carefully targeting Israeli companies, and much more.
Don’t Use TikTok Pro
TikTok Pro is a maliciously-disguised workaround to TikTok, but it’s not safe: When a hacker tries to penetrate a system or device, he just has to play a trick and you are in the trap. In short, he exploits your pleasure points.
Picture this: You are a TikToker who lives in the United States and can’t use the app anymore because it is banned. So what do you do? You will search for another app like TikTok on the PlayStore and install TikTok Pro because it sounds legit. Right? But it turns out, you are making a fool out of yourself because malware-driven apps like these are designed to exploit you and gather your private information. This is how a hacker wins the game and we continue to lose.
TikTok Pro is a type of malware (apk file) that steals your Facebook credentials but disguises itself as a harmless Android app. And if you lose your Facebook credentials, private phone number, or messages because you are installing an unreliable apk file, then it is your fault and yours alone. We don’t want to point fingers but it is the truth. This is what happens when you install unverified apk files and have no digital awareness whatsoever.
Let us break it down even further. Installing TikTok Pro means you are receiving a link to an Android apk file, and upon installing the file, simply entering all your information which is then sent over to hackers—and then the app will “start” working. This is like a burglar who rings your bell and asks your permission to steal all your stuff. Do you say yes to that? Of course not!
In the cybersecurity world, we call this a slam dunk. Don’t fall for these things and never install mobile apps from anywhere except the Play Store or iOS store.
Travel Websites Exposed Your Data
You can’t trust travel websites, even the popular ones like Booking.com, Sabre, Expedia, Omnibrees, or Hotels.com. The data you share on these booking websites is roaming around in public forums and sometimes sold. In fact,a misconfigured AWS S3 bucket was recently discovered and the researchers found up to 10 million files containing 24 GB of customer data that was shared on these travel websites.
We are not just talking about your name here. Your full name, phone number, hotel reservation number, and credit card details were exposed. The scary part is this isn’t the full extent of stealing private data from multiple travel websites because we have no clue whether or not the information was sold online. It’s your credit card number…. and who knows, one (or several) of us might be on that list.
The main culprit behind this crime circles back to a Spanish company, Prestige Software, which offers an online booking platform service to several hotels. Little does everyone know that this cloud-based platform is actually a backdoor for Prestige Software to pluck out the credit card details of millions of users. Not very plucky we must say!
🤦🏽♂️ “The exposed database was originally identified by researchers at Website Planet who noticed a misconfigured AWS S3 bucket owned by Prestige Software was left open for public access without any security authentication.” https://t.co/aHLiJFYHr3— Rob Prew (@rprew) November 8, 2020
Yes, we know not many people are planning to travel in 2020 or even early 2021, but taking online security precautions is a must. We don’t want any of you to end up explaining to the credit card company or the bank that it was not you who bought 25 Adidas Yeezys and someone else got a hold of your credit card number.
This is preposterous! Like the pandemic wasn’t bad enough for the travel industry and now they have to deal with this problem.
Pay2Key Targets Israeli Companies
Do you know what’s common between ransomware groups and cool guys? They love to get rich.
Pay2Key is a ransomware attack that is specifically targeting Israeli companies and large corporations since the start of October 2020.
While we don’t know why Israel is getting all the love and attention here, Pay2Key is crippling systems with imperious encryptions and leaving a side note for everyone to see. This is a sideshow that ransomware groups create so you know you are paying ransom to the right guy.
By using Remote Desktop Protocol (RDP), the ransomware actors have found a way to take control of the systems to spread its malicious payload. Rumor has it that it took the perpetrators an hour to launch a ransomware attack; it usually happens during the night when IT teams are a bit sluggish. But they are getting faster and more efficient over time.
In the US, the FBI issued a warning to hospitals that they are the prime target of ransomware attacks in 2020 and likely even beyond. Like we discussed in our previous roundups, how the ransomware attack has become the new norm in the cyber underworld and victimizing medical organizations is now easier for them.
But we have to ask: what kind of a person targets hospitals? A greedy one, perhaps! This might be an unpopular opinion right now but you know the root of all evil is money. So, ransomware attackers will continue to spread in numbers and keep hashing out Bitcoin from these attacks. You can do this: Instead of giving attackers a lecture on moral high ground, we should focus on creating systems that protect our private data.
RMS and TeamViewer Flaws Allowed Hackers to Penetrate Energy Companies
It’s TeamViewer, guys, everyone knows they suck but anyways. Cyber attackers are more intelligent than ever with their novel approaches toward getting in the minds (and systems) of, well, just about anyone. By using legit-looking documents and memos (that were believed to have been stolen during a previous cyberattack), hackers have been targeting most energy organizations in Russia for no apparent reason.
Using TeamViewer for a combination of business and personal is a total nightmare. It constantly flags the personal connections as related to the business account and times them out as "commercial use." Sucks.— Chris Ostertag (@videograndpa) December 13, 2019
But where do RMS and TeamViewer come into play?
The hackers have been cleverly disguising themselves, using a platform like TeamViewer to interact with the systems they are infecting at the enterprise level. Say what you want about the utter and low-end security of TeamViewer, hackers can still penetrate remote systems and steal important credentials using these communication streams.
This can be a heads up and wake up call for energy companies to make their systems water-tight (secure, we mean).
Besides large corporations, hackers can use TeamViewer to manipulate you and steal your money. How can they do that? Cyberattackers are now sending emails to individuals saying they have made a PayPal transaction and when someone clicks on that malicious link, they could either be a victim of a phishing scam or end up talking to a real hacker.
We should warn you: hackers are smarter than you, and they’re well prepared, too. You might think you are talking to a real customer service representative, but he might be your next-door hacker lord trying to scam you and bleed you dry.
RansomEXX is Active and Linux Users Must be Wary of it
Attackers are now infecting Linux with malicious payloads because they realized that most companies are running internal systems on a Linux server instead of a Windows server, so why not?
In English, attackers are now deploying malware for Linux rather than hacking a Windows server. This is how the attackers are making progress and capitalizing on the lack of knowledge (or we must say common sense) of company workers.
This is how RansomEXX affects systems. A Linux user installs a random binary from an unreliable source and tries to execute it. No one installs an unreliable apk file whether you are using Linux or not. You are asking for trouble when doing this, as you’re putting your whole company server at risk of manipulation.
To make a long story short: Company workers need cyber training against such growing threats. As in most cases where the attackers trigger an attack using company devices, you have to ensure the IT teams are well-equipped with the latest encryption protocols and knowledge to circumvent system shutdown.