03Dec

Think Tanks Targeted by APT Actors

December 3, 2020By 0 comment

The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory warning that nation-state advanced persistent threat (APT) actors are targeting US think tanks. The advisory says APTs are particularly interested in think tanks that focus on international affairs or national security policy.

“APT actors have relied on multiple avenues for initial access,” the advisory states. “These have included low-effort capabilities such as spear phishing emails and third-party message services directed at both corporate and personal accounts, as well as exploiting vulnerable web-facing devices and remote connection capabilities. Increased telework during the COVID-19 pandemic has expanded workforce reliance on remote connectivity, affording malicious actors more opportunities to exploit those connections and to blend in with increased traffic. Attackers may leverage virtual private networks (VPNs) and other remote work tools to gain initial access or persistence on a victim’s network. When successful, these low-effort, high-reward approaches allow threat actors to steal sensitive information, acquire user credentials, and gain persistent access to victim networks.”

CISA says leaders should “Implement a training program to familiarize users with identifying social engineering techniques and phishing emails.” For employees, the advisory offers the following recommendations:

  • “Log off remote connections when not in use.
  • “Be vigilant against tailored spear phishing attacks targeting corporate and personal accounts
  • (including both email and social media accounts).
  • “Use different passwords for corporate and personal accounts.
  • “Install antivirus software on personal devices to automatically scan and quarantine suspicious
  • “Employ strong multi-factor authentication for personal accounts, if available.
  • “Exercise caution when:
    • “Opening email attachments, even if the attachment is expected and the sender appears to be known. See Using Caution with Email Attachments.
    • “Using removable media (e.g., USB thumb drives, external drives, CDs).”

New-school security awareness training can help organizations of all types defend themselves against cyberattacks by enabling employees to recognize social engineering tactics.

READ MORE
02Dec

South African Post Office Issues Warning on Postal Phishing Attack

December 2, 2020By 0 comment

The South African Post Office recently issued a warning about a phishing attack. The post office advised everyone to delete the email immediately.

“The SA Post Office continues to receive enquiries from members of the public who receive an email stating that a package could not be delivered to them because of outstanding customs duties,” the Post Office released in a statement. “The mail contains a link that leads them to a payment page not operated by the SA Post Office, and refers to a fraudulent tracking number not issued by the Post Office.”

The post office also disclosed that the sender’s name was changed to show that it was sent from the post office rather than the true email address of the cybercriminal. This is a typical social engineering tactic for the bad guys to utilize.

With the pandemic showing an increase in attacks all around the world, it’s important for your users to consistently be vigilant of any email communication that is out of the norm. New-school security awareness training can train your users how to spot and report any suspicious email activity.

READ MORE
01Dec

Fake Zoom Invite Leads to one Australian Company’s Downfall

December 1, 2020By 0 comment

We’ve previously written blog posts to be cautious of suspicious Zoom meeting links, and we even reported a huge increase in phishing attacks using Zoom of August this year. The heads-up is that these attacks are happening right now in high volume.

Unfortunately, one hedge fund company based in Australia did not get the message.

The Australian Finance Review reported that Levitas Capital’s largest institutional client, Australian Catholic Super, had pulled a planned $16 Million investment following the September incident and the fund would be closing down. It was later reported that this was due to a fake Zoom meeting invite phishing link that was opened by one of the co-founders of the organization.

Fraudulent invoices were then sent to other companies that the fund had previously worked with. “There were so many red flags which should have been spotted … It makes you wonder where else in the system could this happen?” said Michael Fagan, co-founder of Levitas Capital.

Here is the screenshot of the Zoom invite to show just how realistic the invite looked:

Fake Zoom Invite Link

Let this be a warning for other companies not taking new-school security awareness training seriously. It’s important to continually educate your users of common social engineering tactics like this one.

READ MORE
30Nov

Ransomware Downtime Costs for SMBs Are 50 Times More than the Ransom Itself!

November 30, 2020By 0 comment

No one has less cash on hand to spend on dealing with a cyberattack than the small business. New data shows ransomware is a challenge for SMBs and they aren’t prepared for the costs.

No other malware type has evolved as much over the last 12 months as ransomware. The sheer number of attacks, the improvements in sophistication and efficacy are unmatched, and the ransoms are only getting larger.

But most still think this is an enterprise problem; nothing could be farther from the truth. In Datto’s Global State of the Channel Ransomware Report, we find that the SMB is just as much a target of opportunity as the enterprise. And in many cases, despite it being impactful to the business, SMB’s simply aren’t aware of the danger.

According to the report:

  • 70% of MSPs report ransomware as the most common malware threat to SMBs
  • Only 30% report that their clients feel ‘very concerned’ about ransomware
  • 62% of MSPs said clients’ productivity was impacted due to attacks
  • 39% said their clients experienced business-threatening downtime

What’s interesting is how the costs of ransomware has fluctuated over time. While the average reported ransom stayed largely flat – $5,900 in 2020 versus $5,600 in 2019 – the average ransom is 50 times higher – $274K!!!

According to Datto, the leading cause of ransomware attacks is successful phishing email attacks. This means that despite most SMBs having security solutions in place (e.g., 59% have anti-malware filtering solutions implemented), it’s not enough. MSPs need to add Security Awareness Training to their security solution offering to improve their client’s security stance by incorporating the user as part of the security strategy.

From the looks of things, the SMB needs to step up their game and MSPs need to lead the way; Security Awareness Training is the answer to improve their client’s security posture.

READ MORE
28Nov

[Heads-Up] A Hacker Is Selling Access To The Email Accounts Of Hundreds Of C-Level Executives

November 28, 2020By 0 comment

ZDNet’s Zero Day column just reported one of the best reasons why you should step your users through new-school security awareness training yet:

“A threat actor is currently selling passwords for the email accounts of hundreds of C-level executives at companies across the world. The data is being sold on a closed-access underground forum for Russian-speaking hackers named Exploit.in, ZDNet has learned this week.  The threat actor is selling email and password combinations for Office 365 and Microsoft accounts, which he claims are owned by high-level executives occupying functions such as:

  • CEO – chief executive officer
  • COO – chief operating officer
  • CFO – chief financial officer or chief financial controller
  • CMO – chief marketing officer
  • CTOs – chief technology officer
  • President
  • Vice president
  • Executive Assistant
  • Finance Manager
  • Accountant
  • Director
  • Finance Director
  • Financial Controller
  • Accounts Payable

Access to any of these accounts is sold for prices ranging from $100 to $1,500, depending on the company size and user’s role. A source in the cyber-security community who agreed to contact the seller to obtain samples has confirmed the validity of the data and obtained valid credentials for two accounts, the CEO of a US medium-sized software company and the CFO of an EU-based retail store chain.

The source, which requested that ZDNet not use its name, is in the process of notifying the two companies, but also two other companies for which the seller published account passwords as public proof that they had valid data to sell. These were login details for an executive at a UK business management consulting agency and for the president of a US apparel and accessories maker.

I don’t have to tell you the risks that this brings related to CEO Fraud, also known as Business Email Compromise. ZDNet has the full story:

https://www.zdnet.com/article/a-hacker-is-selling-access-to-the-email-accounts-of-hundreds-of-c-level-executives/

READ MORE
27Nov

Credential-Stealing VPN Exploits

November 27, 2020By 0 comment

A hacker has published an exploit for a critical vulnerability in Fortinet VPN devices, along with a list of 49,577 vulnerable devices, BleepingComputer reports. Fortinet released a patch for the flaw in May 2019, but many devices remain vulnerable. The flaw (CVE-2018-13379) can allow an unauthenticated attacker to download system files, including passwords, from vulnerable Fortinet VPNS. In fact, the hacker in this case claims to have already obtained the login credentials for the vulnerable devices on the list. BleepingComputer says this access will most likely be exploited by ransomware operators to gain access to networks.

BleepingComputer adds that a number of well-known public and private sector organizations are on the hacker’s list.

“After analyzing the list, it was found that the vulnerable targets included government domains from around the world, and those belonging to well-known banks and finance companies,” BleepingComputer says. “As observed by BleepingComputer, out of the 50,000 domains, over four dozen belonged to reputable banking, finance, and governmental organizations.”

The hacker’s post was discovered by a threat intelligence analyst known on Twitter as “Bank_Security,” who told BleepingComputer that thousands of companies around the world were on the list.

“This is an old, well known and easily exploited vulnerability,” Bank_Security said. “Attackers already use it for a long time. Unfortunately, companies have a very slow patching process or an uncontrolled perimeter of exposure on the internet, and for this reason, attackers are able to exploit these flaws to compromise companies in all sectors with relative simplicity.”

In cases where patching these devices isn’t possible or can’t be accomplished quickly, implementing multi-factor authentication can at least mitigate this vulnerability. (And multifactor authentication should be enabled wherever possible, even after the flaw has been patched.) New-school security awareness training can create a culture of security within your organization, enabling your employees to keep up with the latest security threats.

READ MORE
26Nov

The Risk of the “To” Line

November 26, 2020By 0 comment

Micropayments company Coil accidentally exposed at least a thousand of its customers’ email addresses by including their addresses in the “To” field of an email, BleepingComputer reports. The email in question concerned updates to the company’s privacy policy (many observers have noted the irony). It’s not clear how many email addresses were exposed, but BleepingComputer suspects it was more than a thousand.

“On taking a closer look, BleepingComputer noticed at least 1,000 emails were included in the announcement,” the publication says. “It is likely other users saw a different set of email addresses listed in the To or CC fields, assuming the mass announcement was emailed in batches of 1,000.”

Coil’s founder and CEO Stefan Thomas apologized in a statement, saying the incident was caused by human error.

“Earlier this evening we sent you an email updating you on changes to our Terms & Privacy Policy,” Thomas said. “Unfortunately, due to a human error related to how we interface with our mailing list provider, a number of users’ email addresses were populated alongside yours. This mistake is especially painful as we take privacy extremely seriously — it is the cornerstone of our values. We’re deeply sorry and hope you can forgive us for this mistake. We’re here to help you with any concerns or issues you may have as a result of this error.”

BleepingComputer notes that these types of privacy breaches are fairly common, with at least two other incidents occurring in the past few weeks.

“Last week, Rakuten had erroneously emailed multiple customers, stating the customers had earned cashback, only to recall their words later,” BleepingComputer says. “In October, a Home Depot email blunder had exposed hundreds of customer orders and personal information to strangers CC’d in emails.”

It’s not just the incoming mail that can be a problem. The outgoing mail carries its own risks. New-school security awareness training can reduce the risk of both malicious and accidental incidents by teaching your employees to be vigilant when dealing with emails and other forms of communication.

READ MORE
25Nov

How Many Phishing Sites? Over 2 Million in 2020 (so far)

November 25, 2020By 0 comment

Google has flagged 2.02 million phishing sites since the beginning of the year, averaging forty-six thousand sites per week, according to researchers at Atlas VPN. The researchers note that the number of phishing sites peaked at the start of the year, which correlates with the start of the pandemic.

“Data also reveals that in the first half of 2020, there were two huge spikes in malicious websites, reaching over 58 thousand detections per week at the peaks,” the researchers write. “The second half of the year seems more stable, which is not a positive thing, as there are around 45 thousand new copy-cat websites registered every seven days.”

Atlas VPN says the number of new phishing sites has been steadily increasing each year since 2015, but it’s now higher than it’s ever been.

“To take a look at the wider perspective, Atlas VPN analyzed phishing site data since the first quarter of 2015,” the researchers explain. “Our findings revealed that the year 2020 is, in fact, the year with most new phishing sites to date. Even though 2020 is not yet at an end, it already has a record-high number of scam websites detected, amounting to 2.02 million sites, according to Google’s data. This was a 19.91% increase from 2019 when malicious site volume reached 1.69 million. The average year-by-year change in phishing websites reveals a 12.89% growth since 2015. Also, in 2020, all three quarters had more malicious site detections than any of the previous year’s quarters. The second quarter of 2020 has the highest number of phishing sites ever recorded, at over 635 thousand.”

The researchers attribute the spike in 2020 to the COVID-19 pandemic, as people are spending more time online and emotions are running high.

“It is quite easy to correlate the pandemic with the increase in phishing attacks, not only because of the increased internet usage but also due to the panic,” they write. “Panic leads to irrational thinking, and people forget basic security steps online. Users then download malicious files or try to purchase in-demand items from unsafe websites, in result becoming victims of a scam.”

Google and other companies do a good job of tracking down malicious sites, but attackers can easily scale their operations and set up new sites to stay ahead of efforts to shut them down. New-school security awareness training can enable your employees to spot these sites on their own.

READ MORE
24Nov

2021 Prediction: Expect Ransomware Attacks Will Increase in Frequency and Variety

November 24, 2020By 0 comment

A new forward-looking report from security vendor FireEye Mandiant predicts the greatest single cyber threat today is only going to become a greater menace next year.

With 2020 being a dumpster fire of a year, we’re all looking for some good news to shed some light at the end of this tunnel we’re living in. But with the bad guys evolving their tricks and growing more greedy by the day, there’s apparently no good news on the cybersecurity forefront.

According to the FireEye Mandiant report A Global Reset: Cyber Security Predictions 2021, you should expect to see ransomware grow and develop in scale, scope, effectiveness, and impact. FireEye Mandiant’s chief cyberthreat consultant Jaimie Collier expects ransomware to evolve and expand. “We’re seeing the affiliate models expand, where different threat actors combine leading to a huge amount of specialization within the overall process. Some of the actors develop the ransomware, but work with others that specialize in gaining the initial access, and post-compromise exfiltration; all leading to a broader criminal ecosystem.”

We’ve already seen massive growth in the frequency of ransomware attacks this year, as well as previously unthinkable ransom amounts both demanded and paid. So, hearing that it’s only going to get worse next year is as big a warning as you’re ever going to get.

READ MORE
23Nov

One-Third of Employees Say Their Company Has No Cybersecurity Measures in Place While Working from Home

November 23, 2020By 0 comment

At a time when organizations should be implementing additional security measure to ensure the logical perimeter of their network is protected, new research shows companies aren’t prepared.

You’d think everyone would have this figured out by now; the bad guys have been stepping things up to take advantage of users working remotely making it necessary to increase your cybersecurity stance.

But according to new research covering how organizations are managing their cybersecurity risk around remote work during COVID paints a very disturbing picture. According to the report, an average of about one-third of organizations are mandating any of the obvious security measures for employees when working remotely:

  • 65% of organizations are not mandating a secure WiFi be used
  • 69% aren’t requiring Multi-Factor Authentication (MFA)
  • 69% aren’t using a VPN

The most disturbing is that 34% of employees say their employer hasn’t implemented any of these measures.

This isn’t good.

Organizations with a remote workforce need to double down on implementing a layered security strategy that takes into account the specific areas of risk that exist when a user works from home. Most importantly is the need for Security Awareness Training. According to the research, 68% of organization’s provided no training to their remote workforce. But, given the nature of cyberattacks, the use of social engineering, and the prevalent need for users to engage with malicious content before it can be weaponized, training them to be watchful for such attacks and maintain a state of vigilance is a key step towards keeping your remote workers – and the organization – secure.

READ MORE