The purpose of the campaign was to infect users with a new multi-stage malware called “Chaes.” This threat used Living Off the Land binaries (LOLbins), or binaries natively supplied by the operating system, along with other open-source tools to evade detection by anti-virus tools.
Such stealth augmented Chaes’ ability to steal sensitive information including login credentials, credit card numbers and other financial data from MercadoLivre customers’ browsers. It also helped the threat to covertly take screenshots of victims’ infected machines.
The Chaes campaign is likely just one of many sophisticated threats online shoppers could encounter during the 2020 holiday season. In support of that viewpoint, here are some specific recommendations that individuals can follow to ensure their digital safety and security.
Be Wary Around Email-Based Offers
It’s not uncommon for customers to receive emails advertising special offers and sales from retailers and e-commerce platforms during the holidays. The issue is that these emails might not be legitimate.
Indeed, the messages might originate from attackers masquerading as trusted entities. These types of attack emails could carry malicious links that redirect recipients to fake login portals designed to steal customers’ account credentials or financial data. They could also carry malware that steals users’ information and/or holds it for ransom.
Acknowledging that threat, users should exercise caution around clicking links in unsolicited emails from retailers and e-commerce platforms. That’s especially the case if those emails claim to advertise special offers and sales. Customers can instead cut and paste promo codes that might be included in the emails and use them after visiting the retailer or e-commerce platform website.
Exercise Payment Card Prudence
Threats like Chaes give attackers the opportunity to steal users’ payment card information. With those details, malicious actors can make fraudulent purchases in the customer’s name. They can also monetize that information on the dark web by offering it in a sale or auction of stolen data.
In response, users should consider protecting themselves against credit card fraud by enabling alerts on their payment card accounts and by reviewing their payment card bills for suspicious activity. They might also think about augmenting their financial security by developing a payment card strategy for the holidays.
For instance, they could choose to use one card for holiday purchases and temporarily suspend all of their other cards. That way, they can limit the damage (and the recovery time) in the event that malicious actors compromise the details of a user’s holiday payment card. Users can then take things one step further by placing fraud alerts or security freezes on their credit reports to prevent malicious actors from using stolen information to open new payment card accounts in their victims’ names.
Spoil Yourself with a Password Vault
As they hop from website to website during the holidays, customers might be inclined to make things easier for themselves by setting easy-to-remember passwords on their web accounts. They might even be tempted to reuse the same password across multiple web accounts. In doing so, however, users could potentially expose themselves to account takeover attacks where malicious actors use brute forcing, online data dumps and other resources to try to authenticate themselves on a user’s account.
If successful, nefarious individuals could then use a working set of credentials to try to conduct password reuse attacks and thereby authenticate themselves across some of the user’s other web accounts that might be protected by the same set of credentials.
Users can protect themselves against the threats listed above by protecting each of their services with a strong, unique password. Remembering each of those passwords might get difficult if they have multiple accounts online, however. In response, users can splurge before Black Friday and Cyber Monday by buying themselves a subscription to trusted password vault software. Such tools not only store account credentials for customers, but they also help users generate strong passwords for each of their accounts.
Wishing You A Secure and Happy Holidays
Exercising caution around email links, locking down payment cards and investing in a password vault can help users stay safe and happy online during the holidays.
Sam Curry is CSO at Cybereason and is a Visiting Fellow at the National Security Institute. Previously, Sam was CTO and CISO for Arbor Networks (NetScout) and was CSO and SVP R&D at MicroStrategy in addition to holding senior security roles at McAfee and CA. He spent 7 years at RSA, the Security Division of EMC as Chief Technologist and SVP of Product. Sam also has over 20 patents in security from his time as a security architect, has been a leader in two successful startups and is a board member of the Cybersecurity Coalition, of SSH Communications and of Sequitur Labs.