19.12.20 Cyber News Updates

This is the transcript of the latest news related to cyber intelligence and proactive cyber security podcast.

The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world.

The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand.

Visa – in a recent security alert highlighted the “continued targeting of POS (Point of Sale) systems” as well as targeted interest in fuel station pumps to obtain data.

In one incident, Visa’s fraud department said a bad actor used a phishing e-mail sent to a merchant employee to install a remote access trojan on the merchant’s network. They were then able to move laterally into the point-of-sale environment and install a scraper to harvest payment card data.

In another incident, Visa observed the same sort of behaviour – a hacker that breached a target’s network and moved into the POS environment to steal card data. In this instance, Visa said, the bad actor specifically went after data from magnetic stripe transactions at fuel pumps.

Visa warning is joining to other warnings and incidents happened in the past related to fuel pumps. Cybercure which monitors hacking attempts around the world mentioned that in the recent years multiple variations of malware that tries to exploit vulnerabilities in network connected fuel pumps have been discovered.

In some cases that have been observed the malware was spreading by phishing emails that looks they were sent from the same organisation and tricked the users into installing the malware inside the network allowing it access to secured parts of the networks like the POS or the fuel pumps.

In other sightings, hackers were trying to exploit vulnerabilities of internet connected fuel pumps that were mis-configured.

Not long ago we covered how hacker was able to control remote Internet connected devices of smart homes and communicated with the owners inside the house.

This time we will cover Ring, Ring Inc.is a home security and smart home company owned by Amazon. Ring manufactures a range of home security products that incorporate outdoor motion-detecting cameras, such as the Ring Video Doorbell and other home internet connected cameras.

Ring is an increasingly popular product in American households. 

If a hacker gains access, they would be able to watch the camera output in real time, while also take control of other features, such as floodlights, alarms and a two-way voice chat. In the last weeks Ring products making headlines about ordeals of families who found themselves being harassed by strangers.

In Mississippi, USA, an 8-year-old girl was left terrified after a hacker infiltrated a bedroom device, played music and claimed to be Santa Claus. 

In Georgia another state in the USA, a woman who installed a Ring camera heard a voice that said: “I can see you in the bed, wake up,”.

In Nebraska, a man disabled a Ring device after a hacker broke into a kitchen camera and attempted to strike up a conversation with his child.

This are only some of the incidents were reported in less than one week by different TV stations and there have been several others. 

Ring has stressed that its own internal systems have not been compromised, and there is nothing to suggest a wider breach. They noted that “We have investigated this incident and have no evidence of an unauthorized intrusion or compromise of Ring’s systems or network”.

Ring released tips for its customers to ensure accounts are better protected. 

It said users should enable two-factor authentication, add shared users, use different passwords for each account, create strong passwords and be sure to regularly update them.

So the next time you might be considering installing a camera enabled product that is also connected to the internet, remember that you can never really know who is watching it in addition to you.

That’s it for this podcast, stay safe and see you in the next podcast.

Don’t forget to visit www.cybercure.ai for the latest podcasts on cyber intelligence.

Leave a Reply