Malicious Wallpapers, Phishing Trends, Zoom Backgrounds & more!

September 18, 2020 by
Malicious Wallpapers, Phishing Trends, Zoom Backgrounds & more!
Lighthouse IT Solutions, Matthew Almendinger

The Lighthouse IT Podcast - September 18th, 2020

Matt and Griffin discuss Malicious Wallpapers, Phishing Trends, Coors wanting to send you to your Zoom background, Labor Day deals actually focusing on jobs, and the fabled TikTok deal coming to a close!

Listen here! Want to get straight to the news? Go to the 5:05 minute mark.

Security News

Could your wallpaper be trying to steal your credentials?

Well it turns out that new rubber-ducky theme you downloaded for your Windows 10 computer might just be an attempt to steal your credentials. Our friends over at Bleeping Computer and Sophos have both published similar findings that the Windows 10 theme files can be used to pass credentials to a third party. In the Sophos study, they setup a server to spoof or "phish" credentials by requesting files (such as the wallpaper background) from a remote resource and using an authentication prompt to look similar to a normal Windows credential prompt. By trying to convince you that you need to enter your local credentials to continue, the remote server stores and serves the files appropriately - but now your account has been compromised.

In the Bleeping Computer study, they stepped it up another notch and were able to use a Pass-the-Hash attack using an remote SMB server. SMB is used by Windows for sharing files between computers and is largely trusted. When your computer attempts to access an SMB share, it will automatically pass a hash of your credentials to the other computer to attempt to login. In normal circumstances, this makes connecting to SMB shares painless, but in this example, the hash is stored by the remote server and can be used later by de-hashing tools to attempt to determine your username and password.

While right now these both show great ways to determine your username and password, image files have also had some history in the past of remote code execution issues - meaning it could be possible that if another vulnerability is found in an image library, it could be a one stop shop for installing a malicious payload AND getting your account information to install itself.


Top Ten Treacheries for Phishing in 2020

It's no surprise we've seen a ton of major phishing scams this year with COVID19 and the new Work From Home movement. Sophos has published the Top Ten Treacheries for 2020. On that list?

1. Rules of Conduct from HR - new guidelines for WFH

2. Delayed Year-end Tax Summary

3. Scheduled Server Maintenance - again a WFH social exploit. Users are paying more attention to when outages are happening

4. "A task has been assigned to you" - "Sign in to see your task"

5. New Email System Test - Just click and test out our new email system!

6. Vacation Policy Update

7. Car Lights on - with link to 'photo'

8. Courier Service Failed Delivery - longtime favorite still on top

9. Secure Document - again favorite

10. Social Media Message - impersonates your favorite platforms

Check out the links to the article below on how to protect yourself - but in a nutshell: Look deeper before clicking and ask if this is normal to enter credentials. And if in doubt - call (not email) the sender to verify.


Marketing News

Oracle Wins Bid for TikTok in U.S., Beating Microsoft

Oracle Corp. won the bidding for the U.S. branch of TikTok. They have now officially beat Microsoft and a few others interested in the new social media sensation. This deal, which is likely not to be structured as an outright sale, will face White House review still since it does not technically meet the White House's requirements they put in place earlier. ByteDance rejected Microsoft's bid to buy TikTok's U.S. assets, as Microsoft confirmed Sunday, so Oracle plans to become a "trusted technology partner", which would still allow ByteDance to be majority owner. Oracle also won't have access to TikTok's algorithm, which could cause problems as well.

Assuming this is all fine, advertising on TikTok could become a lot easier and more effective. Oracle owns marketing analytics and data management platforms, so this really feels like a smart move for them.


Coors Light Wants to Send You To Your Zoom Background

With Zoom being so big and travel being so cheap, the beer company is running a contest to choose 5 people to win. "Coors Light is giving drinkers across the country a chance to win a trip to the IRL versions of the travel destinations they've been staring at on their video chat backgrounds for months, where they will finally be able to Chill with a Coors Light in the great outdoors." - PRNewswire

The beer company released great video where a business man in sweatpants and a dress shirt sings, beer in hand, in a mountain range so familiar to the Coors brand. It's time to start embracing the chill.


Brands Swap Labor Day Sales Promos for Job Listings

Usually Labor Day ads bring with them deals and discounts, but this Labor Day, since it has been hard for many to find a job , jobs may have found you. More than 50 brands joined a campaign but Red Wing Shoes and Droga5 to promote job openings rather than traditional Labor Day sales promotion. #LaborDayOn aligned with what consumers want in our COVID world which is for a shift of money and resources to producing products that help people meet pandemic-related challenges. This campaign took something that is usually oriented at selling products for home/entertainment, to getting people jobs. Excellent.