December 28, 2020
David Redekop

This Week In Nerd News – December 28, 2020

Last one this year… enjoy!

Your weekly top 5 technical and security issues Nerds should pay attention to:

YouTube video

SolarWinds Hack Infected Critical Infrastructure, Including Power Industry

At least 15 critical infrastructure firms in the electric, oil, and manufacturing industries were running the backdoored SolarWinds Orion software (per @kimzetter).

The companies involved used compromised software, but it’s not clear if hackers entered their networks. Finding out could be difficult.

 

Read More: SolarWinds Hack Infected Critical Infrastructure, Including Power Industry

 

Suspected Russian hackers used Microsoft vendors to breach customers.

Reuters says that the hackers behind the SolarWinds breach used access to Microsoft resellers to penetrate targets that weren’t backdoored by SolarWinds at all. The hackers used access to the reseller, which sells Office licenses but also has access to client systems for maintenance and customer support, to try to read the Office 365 cloud email belonging to cybersecurity giant CrowdStrike. Luckily, CrowdStrike only uses Office desktop apps and not Office 365 for its email. Had it been, it would’ve been “game over,” per a source speaking to Reuters. (per @ZackWhittaker)

WASHINGTON (Reuters) – The suspected Russian hackers behind the worst U.S. cyber attack in years leveraged reseller access to Microsoft Corp services to penetrate targets that had no compromised network software from SolarWinds Corp, investigators said.

 

Read More: Suspected Russian hackers used Microsoft vendors to breach customers

 

Law enforcement take down three bulletproof VPN providers.

VPN technology is an important resource. Choosing your vendor is like navigating a minefield.

The three VPN services provided safe haven for cybercriminals to carry out ransomware attacks, web skimming operations, spearphishing, and account takeovers.

 

Read More: Law enforcement take down three bulletproof VPN providers

 

Amazon Gift Card Scam Delivers Dridex This Holiday Season.

We all need reminders that something too good to be true, probably is.

The operators behind Dridex have a nefarious trick up their sleeves this holiday season: A widespread phishing scam promises victims a $100 Amazon gift card but instead delivers the prolific banking Trojan to target machines.

 

Read More: Amazon Gift Card Scam Delivers Dridex This Holiday Season

 

GoDaddy Employees Were Told They Were Getting a Holiday Bonus. It Was Actually a Phishing Test.

Interesting twist in this story: normally staff are educated, but here it’s the execs who did some learning.

Roughly 500 employees failed the test, which claimed they would receive a $650 bonus.

 

Read More: GoDaddy Employees Were Told They Were Getting a Holiday Bonus. It Was Actually a Phishing Test.

 

Did you know?

Zoom update adds support for Apple’s Arm silicon M1-based Macs. Finally, a long-lasting battery on a light-weight laptop for long remote zoom meetings 🙂

Need an IT professional? Request service today.