Cyber criminals abuse US Postal Service Informed Delivery for ID theft

Cyber criminals are abusing the US Postal Service's Informed Delivery for ID theft and credit card fraud. Meanwhile, vulnerabilities were found in Oracle's VirtualBox, WordPress and Adobe ColdFusion servers.

Crooks abuse US Postal Service Informed Delivery service for ID theft
Thinkstock

The U.S. Secret Service issued an internal alert to law enforcement partners about identity thieves abusing the U.S. Postal Service’s Informed Delivery, a service that allows you to digitally preview your mail and manage package delivery. ID thieves have been using the Informed Delivery service “to identify and intercept mail, and to further their identity theft fraud schemes.”

The Secret Service's warning, according to Krebs on Security, also stated, “Fraudsters were also observed on criminal forums discussing using the Informed Delivery service to surveil potential identity theft victims.”

Some victims had no idea they had been signed up for Informed Delivery, since the crooks had signed them up in order to keep track of photo scans of the victims’ mail. The crooks could sign up victims for credit cards and then steal those cards from their mailboxes.

Brian Krebs added that the USPS relies on an unreliable authentication method for sign-up and has created a potential new security issue by allowing third parties “to advertise interactive content in Informed Delivery communications.” 

Vulnerabilities and zero-day flaws

Here is a security roundup about some of the vulnerabilities — even zero-days flaws — that came to light last week:

  • Attackers had been exploiting a zero-day in the popular WordPress plug-in WP GDPR Compliance, which has more than 100,000 active installs. After numerous critical vulnerabilities, including a privilege escalation flaw, were patched, WordPress reinstated the plugin in its repository.
  • After one Russian researcher had enough frustration, he published details about a zero-day in Oracle’s popular VM app VirtualBox.
  • Adobe ColdFusion servers are actively being exploited by a nation-state APT group. The attackers seem to have reverse-engineered a recently patched vulnerability and started targeting unpatched ColdFusion servers in order to upload the China Chopper backdoor.
  • Apps based on the Ruby programming language are vulnerable to serialization/deserialization attacks. Researchers published proof-of-concept code that achieves arbitrary command execution in versions 2.0 to 2.5.
  • A new variant of the banking malware Trickbot has some nasty new tricks, such as stealing usernames and passwords from apps and browsers, as well as browsing history, cookies and autofill data from Chrome, Firefox, Internet Explorer, and Microsoft Edge. This new TrickBot variant is spread by opening a Microsoft Excel file after the victim enabled the embedded macro by clicking on the “Enable Content” button.
  • A new version of the GandCrab ransomware downloader also contains “anti Sandbox/VM technique’ function,” can bypass “firewall and Windows Defender,” and can embed “itself to rar archive files.” It has “worm capabilities via removable drives” and many more unpleasant tricks.
  • Researchers from Qihoo 360’s Netlab warned that a botnet has been exploiting a 5-year-old vulnerability to hijack routers. The botnet, dubbed “BCMUPnP_Hunter,” was built on a security hole in Broadcom UPnP SDK — a vulnerability that was first discovered in 2013. Thus far, 116 different router models, including D-Link, Linksys, NetComm, TP-Link, and CenturyLink, are part of the botnet, which turns infected routers into email spamming machines.

Phishing attacks top 137 million in Q3

According to Kaspersky Lab’s Spam and Phishing Q3 report, its anti-phishing system stopped more than 137,382,124 attempts to visit fraudulent sites. That’s up nearly 28 percent from Q2. The two most-targeted industries hit by phishing in Q3 were internet portals and banks. The top three leading source countries for spam were China, the U.S., and Germany.

Bankers Life data breach, attackers obtained PII of 566,217 people

Fortune 1000 company CNO Financial Group Inc. submitted a report to the U.S. Department of Health and Human Services admitting to a data breach that affected 566,217 Bankers Life members.

“Unauthorized third parties used improperly obtained employee information to gain access to certain company websites, potentially resulting in unauthorized access to personal information of policyholders and applicants,” it says.

This breach is the fifth largest incident added to the HIPAA Breach Reporting Tool website in 2018.

SUBSCRIBE! Get the best of CSO delivered to your email inbox.