[ This article was originally published here ]
by John Weiler
Timeshare scams in Mexico, the DoppelPaymer ransomware gang is arrested, and a major data breach rocks Oakland, California. Here are the latest threats and advisories for the week of March 10, 2023.
Alerts and warnings of threats
The US Federal Bureau of Investigation (FBI) has issued an advisory regarding timeshare scams in Mexico, which affected more than 600 people and resulted in victim losses of approximately $39.6 million last year. How does the scam work? Timeshare owners in Mexico receive an unexpected email or phone call from scammers asking to sell or rent their timeshare. When owners agree to sell, they pay an upfront fee to cover alleged closing costs, advertising fees, and similar expenses. Not surprisingly, this is usually the last time victims hear from the scammers. Owners can protect themselves by treating unexpected phone or email inquiries about their timeshare with caution and by researching the timeshare resale companies they are considering.
Twitter’s recent removal of two-step SMS verification for non-Twitter Blue subscribers may leave some users wondering how to protect their accounts. The UK’s National Cyber Security Center (NCSC) recently published an article addressing the issue. If a service changes its two-step verification offerings, users still have options. For example, by using an authenticator app, backup code, or security key.
Emerging threats and research
Two suspected members of the notorious DoppelPaymer ransomware group were detained last week when police from Germany, Ukraine and the Netherlands joined forces with Europol and the US Federal Bureau of Investigation (FBI). On February 28, agents from Police raided the home of a suspect in Germany while simultaneously questioning another suspected DoppelPaymer member in Ukraine. Since its first appearance in 2019, DoppelPaymer ransomware has left a trail of devastation, extorting €40 million from US victims and attacking the University Hospital in Düsseldorf, Germany, resulting in the death of a patient.
A new report from the research and advisory firm Forrester reveals that more than two-thirds of European organizations are developing a strategy to use zero-trust security. The public sector leads the way in adoption, with 79% of German organizations prioritizing technology, with the UK (68%) and France (66%) not far behind. “Among European security decision makers in government or public sector organizations, 82% believe their enterprise architecture is inverted and support zero trust in their organization,” the report noted.
The February 8 ransomware attack in the city of Oakland, California escalated and the perpetrators are now leaking sensitive data. The Play ransomware group is behind the attack and began leaking data last week, consisting of a 10 GB multipart RAR file reportedly containing employee information, confidential documents, passports, and other private information. .
As America’s critical infrastructure faces an increasing number of cyberattacks, the Environmental Protection Agency (EPA) released requirements for public water systems (PWS). in English) to safeguard drinking water supplies. A survey prior to the new requirements found that many of the country’s PWS are vulnerable, relying on outdated and unprotected systems. The program is part of the Biden administration’s ICS Cybersecurity Initiative to protect critical infrastructure.
To stay up-to-date on the latest cyber security threats and advisories, check out the (ISC) blog for weekly updates². Share other alerts and threat discoveries you’ve encountered and join the conversation in the (ISC) community² board.