Author Archives: TecAdmin

Cybercriminals are using malicious Google Ads to deliver the ZLoader banking Trojan, ZDNet reports. Researchers at Microsoft stated on Twitter that attackers are purchasing Google Ads that point to compromised websites, then redirect the user to a malicious website that delivers the malware. The criminals use the ads to target people who search Google for certain keywords.

“While analyzing ZLoader campaigns in early September, we observed a notable shift in delivery method: from the traditional email campaigns to the abuse of online ad platforms,” Microsoft said. “Attackers purchased ads pointing to websites that host malware posing as legitimate installers.”

The attackers also registered a phony company to cryptographically sign the malware files, making them more likely to appear benign to antivirus products.

“In addition to creating malicious installers, this shift in delivery method required to register a fraudulent company so they can sign the malicious files,” Microsoft said. “These files purport to install legitimate apps but instead deliver ZLoader, which provides access to an affected device.”

ZLoader is a remote access Trojan that serves as an initial foothold for additional malware, including ransomware.

“The operators of this campaign can then sell this access to other attackers, who can use it for their own objectives, such as deploying Cobalt Strike or even ransomware,” Microsoft said.

ZDNet notes that the US Cybersecurity and Infrastructure Security Agency (CISA) warned last week that ZLoader is being used to distribute Conti ransomware.

“[CISA] and the Federal Bureau of Investigation (FBI) have observed the increased use of Conti ransomware in more than 400 attacks on U.S. and international organizations,” CISA stated. “In typical Conti ransomware attacks, malicious cyber actors steal files, encrypt servers and workstations, and demand a ransom payment.”

New-school security awareness training can give your employees a healthy sense of suspicion so they can avoid falling for these types of attacks.

Scammers are taking advantage of the launch of iPhone 13, according to researchers at Zscaler. The launch event was streamed live last week on Apple’s official YouTube channel, and scammers set up phony channels that impersonated Apple’s broadcast. One of these fraudulent channels had 1.3 million subscribers and over 16,000 live viewers, which added legitimacy to the scam. The channel had a link to a phishing page, stating, “Special Event for you taking place NOW: www.2021apple[.]org.”

The link leads to a convincingly spoofed version of Apple’s website, with a page that says, “Hurry, and take part in our giveaway of 1,000 BTC! Apple have allocated a total of 1,000 BTC to be given away. Learn how to participate, and don’t miss out on your chance to get some!”

If the user clicks the button to participate, they’ll be asked to send between 0.1 BTC and 20 BTC to a Bitcoin address in order to receive double in return. The site says that 819 BTC have already been given away, which adds urgency to the scam. Zscaler notes that this scam alone was very successful before it was taken down.

“This wallet has received 1.48299884 bitcoins till now (worth around $69K),” the researchers write. “Currently, the site is taken down, and we believe it to be a short-lived attack. The huge sum collected in the bitcoin wallet in such a short period of time shows a sophisticated and highly successful attempt by the scammers. Scammers are becoming smart and observant, and whenever such hyped events happen, they try to take advantage of this to target mass audiences. Stay away from such unofficial giveaways and do not fall for such hype-driven scams.”

New-school security awareness training can enable your employees to avoid falling for these types of social engineering scams.

A new poll from Deloitte shows organizations are all too aware of the problem of ransomware, but aren’t ready to respond to the specific ransomware scenario given that the attackers have the upper hand.

This is a serious problem.

If you’ve been reading my blogs, I’ve repeatedly made it known that ransomware is dangerous, pervasive, and costly. But this new data from Deloitte makes it clear that a material number of organizations are going to realize one click too late that they have no real ability to respond to a ransomware attack.

According to the Deloitte data:

• 87% of organizations expect the number of cyberattacks targeting their organization to increase over the next 12 months
• 65% of execs feel ransomware is the greatest threat concern in the next 12 months
• 54% have incident response plans, but nothing specifically for ransomware
• Only 33% of organizations have simulated an attack, testing response plans

According to Kieran Norton, Deloitte Risk & Financial Advisory’s infrastructure security solution leader and principal in Deloitte’s press release, “Strong executive and board level oversight of and support for the cyber risk management program is a critical part of event preparedness. Leaders at the highest levels need to understand the crucial role they play in prevention — by providing oversight, governance and tone from the top — as well as direct support for attack response.”

The fact that half have an IR plan and only a third of organizations ever simulate an attack, you better have a strong preventative security posture – one that includes Security Awareness Training – to stop an attack. Otherwise, you’re going to feel the pain of having no plan or idea of how to respond.

The seemingly benign quizzes asking personal details take advantage of individuals’ willingness to share and could be used to establish passwords, password hints, and more.

We’ve all seen them – quizzes on Facebook asking everything from which Harry Potter character are you, to what state were you born in, to what was your first pet’s name. It seems that none of the people answering these questions saw the scene in the movie “Now You See Me” where the main characters tricked Arthur Tressler into divulging personal information to be used later against him.

According to security vendor Avast, the new wave of social media quizzes may very well be intent on doing the same thing. “They’re meant to seem so light and fluffy that anyone looking for a boredom-killer might be amused by them. And that’s the point. The creators of these quizzes want them to appear meaningless and harmless. They want everyone to engage whimsically with them. Because in truth, many are phishing attempts at your personal data.”

Because of the seemingly innocent (and entertaining) nature of the quizzes, threat actors using such tactics can easily capture information that is often used as the source of passwords or password reset questions.

Security Awareness Training will help keep employees vigilant against such social engineering tactics, helping to minimize your organization’s threat surface and keep attacks from being successful.

The Hill reported 9/14/2021: “Gen. Paul Nakasone, the head of U.S. Cyber Command and director of the National Security Agency (NSA), is working to “surge” efforts to respond to the mounting ransomware attacks on critical U.S. organizations.

“Even six months ago, we probably would have said, ‘Ransomware, that’s criminal activity,’ ” Nakasone said as part of an interview with The Associated Press published Tuesday. “But if it has an impact on a nation, like we’ve seen, then it becomes a national security issue. If it’s a national security issue, then certainly we’re going to surge toward it.”

Nakasone told The Associated Press that there was “an intense focus” on the part of government specialists to tackle cybersecurity threats and to “impose costs when necessary,” including through publicly calling out countries behind major cyberattacks.

His comments came on the heels of months of attacks on both U.S. government groups and private industry.

These have included those linked to foreign governments, such as the SolarWinds hack, which allowed Russian-government linked hackers to compromise nine federal agencies and 100 private sector groups for much of 2020. President Biden imposed sanctions on Russia in connection with the attack in April.

The incidents have also included major ransomware attacks on companies including Colonial Pipeline, which provides 45 percent of the East Coast’s fuel supply, and on meat producer JBS USA, both of which were linked to Russian-based cyber criminal groups. Full article continued at The Hill:

https://thehill.com/policy/cybersecurity/572203-general-promises-surge-in-effect-to-fight-ransomware-attacks

People need to work to overcome their inherent biases in order to avoid falling for social engineering attacks, according to Heidi Mitchell at the Wall Street Journal.

“Criminals lure smart people into their traps by taking advantage of the unconscious, automatic processes that act as shortcuts to make our decision-making more efficient,” Mitchell explains. “These cognitive biases—arising from what’s often referred to as our ‘lizard brains’—can cause us to misinterpret information and make snap judgments that may be irrational or inaccurate.”

Professor Cleotilde “Coty” Gonzalez from Carnegie Mellon University told the Journal that criminals take advantage of human psychology to make their attacks more effective, explaining that “if something is presented as a loss, we are more willing to take a risk [to avoid it]; if it’s presented as a gain, we are OK with taking a safe option.”

As a result, people are more likely to fall for a scam that tells them they’re going to lose money, as opposed to one that offers to give them money.

Mitchell adds, “Or a scammer might send a message to your work email, claiming that there is a problem with an account at one of your corporate suppliers, and warning that your shipment—one that your boss is counting on—will be delayed unless you verify your account information in a link provided by them. The fake link leads to a fake website that looks like the real thing. By playing on your fear of losing access to your account, the scammer gets your credentials.”

Scammers also take advantage of authority bias and urgency bias to compel their victims to act. Authority bias can be seen in business email compromise (BEC) attacks, in which an attacker impersonates a person of authority within an organization and sends a request to a lower-level employee. Urgency bias is often tied into these attacks, and involves making the victim believe they must act quickly to fulfill a request.

New-school security awareness training can give your employees a healthy sense of suspicion so they can spot red flags associated with social engineering attacks.