15Jan

Vaccine Research Companies are the Target of New Ransomware Attacks

January 15, 2021By 0 comment

The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) warns financial organizations to be aware of campaigns actively targeting vaccine companies.

If you’re a ransomware gang and you want to maximize your ransom, who do you attack? An organization working feverishly to potentially make billions of dollars via a desperately needed vaccine, of course! Take away their ability to operate and even access intellectual property and you have yourself a very captive audience that needs to rectify the mess you’ve caused.

In a recent notice, FinCEN warned of two expected types of attacks:

  • Ransomware attacks targeting “vaccine delivery operations as well as the supply chains required to manufacture the vaccines.”
  • Phishing schemes luring victims from financial institutions and their customers with fraudulent information about COVID-19 vaccines.

This notice coincides with attacks we’ve seen on the COVID-19 “cold supply” chain (the part responsible for maintaining temperature-controlled environments for the vaccines), as well vaccine-themed phishing attacks attempting to stead personal information or payment details.

While the first type of attack focuses on a specific sector of business, the second applies to every organization. It’s just as easy for an attacker to impersonate your HR department and send out an email stating that free vaccines will be distributed… and to fill out a form (conveniently a Word doc that needs macros enabled…).

It’s critical that with tensions high and people wanting to get the vaccine, you need to educate your users via Security Awareness Training of these kinds of social engineering scams designed to trick them into engaging with the embedded malicious content.

READ MORE
14Jan

Employees Are Too Trusting of Workspace Tools

January 14, 2021By 0 comment

A study by Avanan has found that users tend to trust workplace communication tools such as Microsoft Teams, Slack, and Google Hangouts, even though these platforms are subject to many of the same risks as traditional email. For example, if an attacker phishes a user’s Office 365 credentials, they can then access the user’s Teams account and message the victim’s contacts. Avanan’s CEO Gil Friedrich told SC Media that many organizations have third-party partners tied into their Teams environment, which increases the level of risk.

“[Y]ou should be more careful in those environments with data you share as well as that with the things you download, etc., because you can’t really control the security of your partners,” Friedrich said.

Avanan’s report describes one incident in which an attacker gained access to one employee’s Teams account, then sent a malicious GIF to another employee. When the other employee clicked the GIF, the attacker received their session token, which enabled the attacker to impersonate that employee and gain access to their files. The attacker continued using this technique to impersonate additional users and gain access to more content.

In another instance, a hacker lurked within an organization’s Teams environment for nearly a year before sending a malware-laden file.

“[U]nlike traditional spray-and-pray campaigns we see in compromised email accounts, this hacker acted differently on Teams,” the report says. “For that year, the hacker did not contribute once in the channel. Instead, the hacker listened, collected data and waited for an opportunity. This is a new revelation. In order to evade detection in this new medium, hackers would rather wait for when they can make the biggest impact with the least possible detection. When an opportunity arrived and sharing a file was part of a natural chat conversation, the hacker shared a zip file, which included a version of a malware kit designed for desktop monitoring and configured to install silently upon clicking the file. This Remote Access Trojan would have given the attacker full access to monitor and control the victim’s desktop.”

New-school security awareness training can give your employees a healthy sense of suspicion so they can identify red flags, no matter which online service they’re using.

READ MORE
13Jan

How Crime Pays, Ransomware Edition

January 13, 2021By 0 comment

The Ryuk ransomware operators have raked in more than $150 million from their attacks, researchers at Advanced Intelligence and HYAS have found. The researchers describe how these operators are able to demand such large ransoms and then successfully launder the money into fiat money.

“Our research involved tracing payments involving 61 deposit addresses attributed to Ryuk ransomware,” they write. “The Ryuk criminals send a majority of their Bitcoin to exchanges through an intermediary to cash out. The two primary (known) exchanges are Huobi and Binance, both of which are located in Asia. Huobi and Binance are interesting choices because they claim to comply with international financial laws and are willing to participate in legal requests but are also structured in a way that probably wouldn’t obligate them to comply.”

The researchers also note that, unlike some other, more lenient, ransomware operators, the Ryuk gang is merciless when its victims are unable to pay. This group is also known for intentionally targeting hospitals.

“With the limited visibility available to analysts, it is painfully clear that the criminals behind Ryuk are very business-like and have zero sympathy for the status, purpose, or ability of the victims to pay,” the researchers say. “Sometimes the victims will attempt to negotiate with Ryuk and their significant offers are denied with a one-word response. Ryuk did not respond or acknowledge one organization that claimed to be involved in poverty relief and lacked the means to pay.”

The researchers conclude that technical defenses are often insufficient to thwart a ransomware attack once the attackers have gained a foothold within a network.

“Something that becomes glaringly apparent in analyzing ransomware incidents is that the current industry and government-accepted approaches and frameworks for dealing with malware problems aren’t effective,” the researchers write. “Enterprises that suffer from ransomware aren’t infected because they lack up to date antivirus software or because they chose the blue vendor instead of the red vendor. They’re encountering ransomware because they haven’t considered developing countermeasures that will prevent the initial foothold that is obtained by precursor malware like Emotet, Zloader, and Qakbot (to name a few).”

The researchers recommend that organizations restrict the execution of Microsoft Office macros, secure all remote access points with two-factor authentication, and lock down Citrix and Remote Desktop Protocol tools. Most ransomware attacks are a result of unsecured remote access tools or an employee being tricked into enabling macros in an Office document. New-school security awareness training can enable your employees to follow security best practices and thwart social engineering attacks.

READ MORE
12Jan

How to Spot the (Phish) Hook

January 12, 2021By 0 comment

Users should act as quickly as possible after they realize they’ve fallen for a phishing attack, according to Mallika Mitra at Money. The faster your IT department can contain a malware infestation or a compromised account, the less damage an attacker can cause.

“If you do fall for a phishing scam on your work email, immediately alert your IT department so they can mitigate the damage on their end and stop it from spreading,” Mitra writes. “If the phish happened on your personal email, run an antivirus scan on your computer by downloading and installing antivirus software to ensure no malware has been installed.”

Mitra also offers useful advice to people who may have handed over personal or financial information to a scammer.

“The FTC lists additional steps to take based on what kind of information you gave the scammer,” Mitra says. “If he got your Social Security number, the agency advises, sign up for regular credit reports, file your taxes early to get a jump on the scammer trying to do the same and consider placing a credit freeze on your report. If he got your banking information, call your bank and ask to close your account and open a new one. Keep a close eye on future transactions: monitor your bank statement for charges you don’t recognize or set up alerts for account balance changes.”

Obviously, it’s still best to avoid falling for a phishing attack in the first place. Mitra says users can thwart these attacks by keeping an eye out for known warning signs as well as being wary of suspicious requests for information.

“The best thing you can do to protect yourself against phishing emails is to be vigilant,” she says. “We’re not telling you to double-check for every red flag we’ve listed in every email you receive, but trust your instincts. If an email seems at all fishy—or makes you panic—take those extra precautions to ensure you’re not giving bad actors free rein over your personal information or compromising your computer system. Keep in mind that Amazon, Target or any of the other organizations scammers pretend to be from probably aren’t going to ask you for details like financial information via an email.”

New-school security awareness training can give your employees a healthy sense of suspicion so they can recognize phishing and other social engineering attacks.

READ MORE
11Jan

It’s Time for Organizations to Begin Propping Up the Human Firewall

January 11, 2021By 0 comment

Modern thinking about a comprehensive cybersecurity strategy includes a holistic approach that equally involves your users as a “human element” within your cyber defenses.

I’m guessing your cybersecurity strategy already includes a number of different software solutions that monitor, analyze, authenticate, audit, and report activity on your network and access to internal resources. But I’m glad to see more industry experts discussing the need to include users as part of the strategy to become the “human firewall”.

In the article titled “The human firewall’s role in a cybersecurity strategy”, author Jessica Groopman does a great job defining what the term means (“the line of defense people constitute to combat an organization’s security threats”), as well as offer advice on where organizations need to place their focus to have this part of a solid defense in depth security strategy be as strong as those parts using software solutions.

At the core of building a strong human firewall, Groopman advises that organizations “provide extensive education, simulation, training and relevance to workers”. In other words, Security Awareness Training and Phishing Testing.

READ MORE
08Jan

[HEADS UP] Australian Cyber Security Centre is Being Used in Malware Campaign

January 8, 2021By 0 comment

A warning was recently issued by the Australian Government of cybercriminals impersonating the Australian Cyber Security Centre (ACSC) to infect with malware.

These cybercriminals are using social engineering tactics to convince potential victims to install remote desktop software. If successful, these criminals will steal your banking information.

The government issued the following statement, “The Australian Cyber Security Centre (ACSC) warns some Australians are receiving phone calls or emails from scammers claiming to be ACSC employees and that the receiving person’s computer has been compromised.”

The cybersecurity agency has also reported that besides email there has been a number of reports that state a spoofed Australian phone number with a request to download the remote desktop software ‘TeamViewer’ or ‘AnyDesk’. The agency adds in their statement, “The scammer then attempts to persuade recipients to take actions, such as enter a URL into a browser and access online banking services, which then compromises their computer to reveal banking information.”

If you or your users have been targeted in this campaign, please reach out to the ACSC by contacting 1300 292 371 (1300 CYBER 1). It’s also important to train your users of the latest threats. New-school security awareness training can teach your users how to spot and report any suspicious activity with continual user education.

READ MORE
08Jan

Welcome to The InfoSec Neighborhood!

January 8, 2021By 0 comment

It looks like KnowBe4 has a new cybersecurity “neighbor” here in Tampa, helping create an even larger presence of tech companies headquartered in Florida.

I’m super excited to see a more tech companies coming to the Tampa area. Since my days with WServerNews and Sunbelt Software, I’ve always felt Tampa was a great place to start a tech company – good weather, near the beach, and a wealth of great people I’ve leaned upon to help grow all of my tech ventures, including KnowBe4.

It appears that my new neighbor is OPSWAT, a tech company focusing on protecting critical infrastructure from cyberattacks. According to recent reports, OPSWAT has chosen Tampa as the location to open up its 10th office, marking Tampa as their East Coast headquarters. Part of the impetus is likely to be the recent acquisition of Tampa-based network security firm Impulse.

OPSWAT plans on hiring 100 new positions at the Tampa office, adding to its 350-person global workforce. The addition of OPSWAT only helps solidify Tampa’s position as a regional tech hub.

This is great news for Tampa Tech and Tampa in general. I look forward to seeing great things from OPSWAT!

READ MORE
06Jan

A Close Look at a Banking Scam

January 6, 2021By 0 comment

phishing campaign is targeting customers of Portugal’s Banco Millennium BCP (Portuguese Commercial Bank), according to Tomas Meskauskas at PCRisk. The emails inform recipients that their bank accounts have been frozen for security reasons, and they’ll need to either confirm their banking credentials or pay a €455 fine in order to regain access. The email contains a button that will take the user to a spoofed BCP login page designed to steal their bank account credentials.

While this campaign relies on users entering their credentials manually, Meskauskas explains that many other phishing attacks try to trick users into installing banking malware. This is usually accomplished by tricking the user into opening an attached Microsoft Office document. The document, when opened, asks the user to click the “Enable content” button in order to view the contents. This button will enable a macro to install malware on the user’s computer.

Meskauskas also stresses the importance of keeping software up-to-date, since older versions of Microsoft Office can run macros automatically.

“It is worthwhile to mention that malicious MS Office documents infect computers only when recipients open them and enable editing/content (macros commands) in them,” Meskauskas says. “However, it applies only to malicious documents that users open with Microsoft Office versions that were released after year 2010. If malicious documents are opened with older versions, then they install malware once they are opened. It is because older versions do not include the ‘Protected View’ mode.”

Meskauskas adds that users should be careful about where they go to download programs and updates.

“Files, programs should be downloaded only from legitimate, official web pages and via direct links,” Meskauskas writes. “It is not safe to use Peer-to-Peer networks, unofficial sites, third party downloaders (and installers), etc. Installed programs that need to be updated and/or activated should be updated and/or activated with tools that are provided by their official developers. Third party updating and activation tools can be (and often are) designed to install malware.”

New-school security awareness training can create a culture of security within your organization by teaching your employees to follow security best practices.

READ MORE
29Dec

Cybercriminals Attempt to Exploit Australian Fears on COVID-19

December 29, 2020By 0 comment

The bad guys are attempting to take advantage of Australian fears of COVID-19 in 2021. The National Identity and Cyber Support Service of Australia and New Zealand ID Care recently warned of COVID-19 phishing attacks using deepfakes that is set to launch in 2021.

ID Care analysts stated that the cybercriminals will likely use COVID-19 vaccine as a target through the first half of 2021. “This is likely to lead to an increase in phishing scams, with the intent of scaring people into clicking on harmful links,” stated the service provider.

The bad guys could also take advantage through check-ins with QR codes. “And when you think of the information stored on there – your name, address and phone number – this information could be a honeypot for cyber criminals,” the service stated. It’s important to also be vigilant about deepfakes – a realistic video or audio recording of someone well-known that is computer generated. “And don’t believe every video clip you see of a famous person, whether it be a celebrity endorsing cryptocurrency or a President giving a “speech” via YouTube,” ID care said.

Fortunately, vaccine providers Pfizer and Moderna are already working in tandem with America’s Homeland Security department to prepare for incoming vaccine scams. It’s important to not open any links in email or reply to texts that you are unfamiliar with. ID Care is expecting the scammers to portray as health officials or government agencies, so do not release any personal information whatsoever.

With the new year already facing potential attacks, it’s important to continually educate your users of the latest threats. New-school security awareness training can teach your users how to analyze and report any suspicious activity in their day to day job functions.

READ MORE
24Dec

Private Online Shopping Risks Affect Businesses, Too

December 24, 2020By 0 comment

Consumers aren’t the only ones who can be victimized by social engineering attacks while shopping online, according to Arab News. Employees who use work devices for personal shopping are at risk of falling for scams and potentially letting attackers into the company’s network. Arab News quotes Werno Gevers, regional manager at Mimecast Middle East, discussing the findings of Mimecast’s recent report on how employees use company-issued devices.

“The research showed that 81 percent of participants had received specific work-from-home cybersecurity training, yet 61 percent still admitted to opening emails they thought were suspicious,” Gevers said. “This shows that while there is a lot of awareness training offered, the content and frequency is completely ineffective at winning the hearts and minds of employees to reduce today’s cybersecurity risks. Training needs to be regular and memorable if organizations are to protect workers and company systems from compromise.”

Cybersecurity expert Abdullah Al-Jaber told Arab News that employees should avoid using company devices for personal matters.

“Don’t use a work laptop for personal use, such as emails and surfing the Internet,” he said. “Make sure to enable two-factor authentication whenever available on any platform and use complex passwords that cannot be guessed easily. And, of course, report any suspicious emails or calls.”

In addition to attacks that affect an organization directly, phishing campaigns that impersonate a company’s brand can impact the company’s reputation.

“As part of its regular security research, Mimecast monitored 20 leading global retail brands and found almost 14,000 suspicious, recently registered website domains using names related to those brands,” Arab News says.

While these attacks aren’t the fault of the impersonated organization, Gevers explained that they can still have an impact on the organization’s reputation.

“The damage to a company’s reputation following a successful online brand exploit can take a long time to repair, so it’s in the best interest of the organization and its customers to take preventative measures,” Gevers said.

New-school security awareness training can enable your employees to follow security best practices and avoid falling for social engineering attacks.

READ MORE