Security Fridays: Week TwelveMichael Urgero 19/06/2020, Industry News
Why no firm, small or large is safe from cyber-attacks and what’s needed to protect your business
We all consider a company as massive as Google to be on top of security threats. Frankly, we expect it, and that's why I was personally shocked and amazed when I saw a recent report sighting that more than 111 Google Chrome extensions were either malicious or fake.
The article appeared in CNN's Business section, just after 4:00 PM ET here in North America on the 18th of June, 2020, and so far, it's light on details of exactly which Chrome extensions they're talking about. I would expect that there will be a list published, or that Google may push an update taking care of the issue, but it's already too late for 32 million people that have been victims.
Google Chrome extensions are helpful little tools that can provide additional functionalities to the browser and are very popular.
The issue of these Chrome extensions being found to be malicious is really two issues wrapped into a single package. First, Google Chrome does not 'vet' or certify many of these third-party extensions. They only 'sweep' them every so often. I personally never knew that. I was quite surprised since they do such an excellent job on the Google Play Store, I naturally thought they'd do a good job here as well – but I was apparently incorrect. Second, the malicious extensions have been found to capture screenshots (yikes) as well as user names, passwords, and collect other valuable data from a user.
So far, the malicious spying browser extensions have been traced back to a company called Galcomm, based in Israel. They host over 250,000 web sites, and so far, 15,000 of them were malicious or suspicious. Leadership at Galcomm have issued a statement, denying any involvement – which may be true – they could also be a victim of a coordinated attack on sites hosted by them.
Regardless of how this happened or who it happened to, the main take away here is; start turning on Multi-Factor Authentication everywhere you see it. If you enter credentials to a site that's important to you, like a financial, healthcare, or government – make sure to use the Multi-Factor tools they have. And, if they don't have it, you should consider taking your business elsewhere that does.
Having MFA on your important accounts is a critical first step to keeping hackers like this at bay; you simply never know where or how you're going to get hit.
In this case, it’s very likely a Foreign hacking group targeting an ISP that hosts a Web Site for a Bank that you do business with. With so many things happening, the last thing you need is to get your credentials stolen and used by someone else.
MFA All Day.
Read the article that was analysed here: https://www.cnn.com/2020/06/18/tech/google-chrome-extensions-spyware/index.html