Hackers Are Targeting United States Port Facilities with Malicious Typosquatting WebsitesAccording to the US Coast Guard Cyber Command, there has been an increase in targeted typosquatting attacks in 2022, directed against United States port facilities. The command issued an official Maritime Cyber Alert. While this appears to be only related to ports, the problem is widespread amongst every industry segment. Typosquatting is an illegal practice, whereby similar domains are purchased, but there is either a misspelling, added word or the top-level domain is different. The intention is to capture web traffic off a URL spelling error. The end user may be fooled into thinking the website is legitimate, when it is fake. The practice is an active hacker tactic. Here is a good example of what the Coast Guard is warning about. There are two registered domains for the Port of Houston. Clicking on the first you will notice a professional site with multiple verifiable links. Their security certificate shows the Common Name as PortHouston. But if you click on the second link and peruse their security certificate you will notice the Common Name is tropicalpunchimprov.com. The second site is an example of typosquatting. Why a comedy improv group is interested in the Port of Houston is a mystery. Fortunately, the domain owner has multiple disclaimers on the site indicating it is not affiliated with the port but is interested in helping develop business interest. Additional information on the port situation is available here. SSL.com Response: Website authenticity is a critical component of internet safety. Typosquatting is a unique hack and is serious. The fair and objective use of domain names has been under scrutiny since the initial days of the internet. The US Government enacted legislation early in 1999 passing the Anti-Cybersquatting Consumer Protection Act, under the enforcement of the Federal Trade Commission. One of the ways to ensure a website is legitimate, is to check the entity information in a site’s SSL certificate. SSL.com offers a wide variety of certificates ensuring the safety and well-being of websites and end users.
A TikTok Challenge is Spreading Malware: Known as The Invisible ChallengeThere is a unique challenge moving around TikTok. It is referred to as the Invisible Challenge. Invoking it applies a filter to an image of a person leaving only the silhouette of their body. While it seems harmless, it is not. The filter software is a front end to deploy WASP aka W4SP Stealer malware. Its purpose is to steal passwords, cryptocurrency wallets and a variety of personal and sensitive information. WASP is typically embedded in Python packages, which appear to be innocent. Attempts have been made to remove the suspected videos, but the threat actors resurface with different names, while making modifications to the code. It is estimated the code has been downloaded by over a million users. This is another example of how threat actors are getting more creative and targeting open-source code, CI/CD repositories and social media platforms. Specific information regarding the hack is available here. SSL.com Response Social media’s benefits are widespread, enjoyable, and informative. However, social media is also an ongoing target for hackers and those wishing to gain unauthorized access, steal your credentials, mimic your identity, plus impose other types of threats. It is critical to identify and practice a set of safeguards to protect your identity. A few things to consider are setting unique passwords and changing them often, utilizing multi-factor authentication, and making sure your account security settings are set to meet your needs and not just set at default values. While SSL.com does a lot to provide security for websites, it also focuses on digital trust for eSigning documents and code. Additional information regarding personal safety practices can be found here. More information regarding SSL.com can be found here.
The Chrome Extension SearchBlox is a Backdoor for RobloxKids are notorious for downloading games and various browser extensions. Many times they are legitimate, but some are potentially fronts for malware and backdoors. Roblox, the online game server is a very legitimate platform, however it has been targeted. Recently, the Google Chrome Extension SearchBlox was discovered to contain a backdoor targeting Roblox user credentials and various account container items. It is unclear how SearchBlox became infected or whether there was an unintended code mistake. It is possible, SearchBlox was the victim of having bad code injected into its update release while it was under development or being tested via a CI/CD repository. Users are advised to remove SearchBlox as a Chrome Extension and to immediately change passwords and user identifications. Additional information is available here. SSL.com Response Malware scanning for code signing is soon to be released by SSL.com. This will help ensure that code being signed with SSL.com cloud code signing service, eSigner, is free of malware. The combination of the scan plus the use of a code signing certificate will help eliminate this problem for SSL.com customers and partners.
The World of Physical and Cybersecurity Is Quickly ConvergingBringing together physical and cyber security improves both crime prevention, interdiction and investigations. There have been multiple situations involving critical infrastructure where cyber and physical security overlapped. Using both organizations as a collective security unit is the trend moving forward. According to Homeland Security Today the past attacks on the Nord Stream pipeline, the Colonial Pipeline and most recently the Moore County power station in North Carolina, the need for combined expertise is evident. With physical security, we think about camera surveillance, security guards, locks and various access controls. With cybersecurity we think about connectivity, data centers, endpoints, storage and software. The gap between the two has been reduced due to improved analytics, advancements in software-defined security controls and AI driven operations. But with the digitization of process controls, valves, railway track switches and environmental controls, these devices are now network connected and are vulnerable to cyber attack. With recent developments and attention to IoT (Internet of Things) the relationship between physical and cyber has accelerated. Here is an article explaining the convergence. SSL.com Response As the two industries grow together, it is imperative that underlying security is applied to all network devices. The SSL.com commitment to IoT is to optimize device certificate generation, installation, and certificate lifecycle with secured consistent practices. The SSL/TLS protocol authenticates anonymous parties on computer networks, extending confidence that the website owner has domain control. With the protocol, client to server communications takes place with confidence that a chain of trust is established, providing a needed level of machine to machine secured communications. With client and server authentication certificates in place, an extra layer of security is provided, supplementing password protection. SSL.com offers a suite of client certificates designed to operate with multiple protocols within the IoT space. Read more about the SSL.com IoT strategy here.
From the SSL.com team, we wish you a safe and joyous holiday season!