Welcome to the May edition of Upfort’s Threat Matrix. It’s been another busy month on the security front as the criminals continue to use well-worn attacks, and try out a few new ones.

Want to help keep your business safe? Take two minutes to fill out our interactive cybersecurity checklist or take a free cyber security risk assessment, which taps Upfort’s state-of-the-art AI to surface exploitable vulnerabilities in your digital network. 

Dropbox’s eSignature service breached

Cloud storage service Dropbox has reported a data breach after a threat actor accessed customer credentials and authentication data of Dropbox Sign (formerly HelloSign), an auxiliary service used for signing and storing documents online. 

The breach took place when the perpetrator gained access to a Dropbox Sign automated system configuration tool compromising account details such as emails, usernames, phone numbers, and hashed passwords along with the service data including API keys, OAuth tokens, and multi-factor authentication details. Dropbox confirmed that the contents of its customers' accounts or payment information were not accessed by the malicious actor, and no other Dropbox entities were breached. 

How to defend yourself: Change passwords often across all services and systems, and be sure to use different strong passwords for each and every service. This can offer a level of protection when one password is compromised.

>> Read more

Cybersecurity consultant arrested after allegedly extorting firm for $1.5m

A Missouri-based cybersecurity consultant, was arrested for allegedly trying to extort an IT company for $1.5 million by threatening to release confidential data that he illegally accessed and downloaded from a company-issued laptop after he was terminated. The data included architectural maps, trade secrets, and lists of potential vulnerabilities. The consultant reportedly demanded the settlement fee in exchange for a non-disclosure agreement, threatening that disclosure of the stolen data publicly would harm the company's reputation and investor confidence.

How to defend yourself: Be sure to implement strong security protocols when separating from employees to prevent them from having access to systems and data.

>> Read more

‍

"Dirty Stream" vulnerability leaves “billions” of Android devices exposed

Research by Microsoft has discovered vulnerabilities in numerous Android apps, including four with over 500 million installations each, due to a common security weakness. Among them were Xiaomi Inc.'s File Manager product, which has more than 1 billion installations, and WPS Office with some 500 million downloads. These vulnerabilities present risks such as remote code execution attacks, token theft, and other security issues. 

Microsoft informed Google's Android security team of the vulnerability, prompting Google to publish new guidance for Android app developers on how to identify and fix the issue. The underlying issue is in how files are shared between apps, causing many apps to not validate the content received from other apps. Microsoft has shared these findings with the vendors of the apps on Google's Play store, many of whom have remedied the issue. However, Microsoft believes more apps can be exploited due to the same weakness.

How to defend yourself: Cybercriminals are always evolving their attacks and finding new digital inroads into your systems. Be sure to download the latest version of apps and software to make sure they have been fortified against the latest security vulnerabilities.

>> Read more

Panda Restaurant Group corporate systems hacked

Panda Restaurant Group recently revealed a March data breach of their corporate systems, compromising employee, but not guest, information. This includes Panda Express, Panda Inn, and Hibachi-San. The breach resulted in access and theft of personal data such as names, driver's license numbers, and non-driver identification card numbers of an undefined number of associates. The exact number of affected individuals and potential ransom demands remain unclear.

How to defend yourself: There’s a very high chance that you and/or your employees’ data has been included in a third-party data breach (public repositories such as Have I Been Pwned can offer insights into your business’ exposure). Criminals can use this information to attack other systems through the re-use of common passwords or social engineering attacks. Be sure to implement robust security protocols including multi-factor authentication and strong password hygiene to keep your organization safe. 

>> Read more

‍

Police shut down multiple fraud call centers, arrest 21 suspects

On April 18, an international law enforcement operation led to the closure of 12 phone fraud call centers across Albania, Bosnia and Herzegovina, Kosovo, and Lebanon. “The callers' playbooks would range from shocking fake police calls, persuasive investment fraud or heart-wrenching romance scams," according to Europol. The crackdown, executed by German authorities with help from other nations, identified 39 suspects and led to 21 arrests. 

The operation, deemed "Operation PANDORA", began in December 2023, over which more than 1.3 million conversations were monitored and 80% of all financial fraud attempts were blocked, thus preventing damage of more than €10 million.

How to defend yourself: Phone conversations are not proof of legitimacy—particularly with emerging AI-powered audio technologies. If you are doubtful about a phone call or message, do independent research, e.g., look up the number or see if you can find additional resources (not via information provided by the caller). Be aware that many scammers will use urgency to compel action from victims–this is often a telltale sign of a scam.

>> Read more

‍