23Dec

Wedbush Analyst: “Cybersecurity spending will increase 20% in 2021 Due To SolarWinds.”

December 23, 2020By 0 comment

Wedbush senior tech analyst Dan Ives says cybersecurity spending will increase by 20% in 2021 as more companies ramp up protection following the SolarWinds hack that compromised state agencies and corporations including Microsoft.

Ives said he’s very bullish on cybersecurity stocks given a “perfect storm of demand” in the field. He raised price targets for several cybersecurity stocks in a Sunday note. Names specifically in advanced threat detection, zero trust architecture, data security, and identity security will see a near-term surge of budget allocation based on the nature of the SolarWinds hack, said Ives.  Story at BusinessInsider:

https://markets.businessinsider.com/news/stocks/cybersecurity-stock-outlook-impact-of-solarwinds-attack-further-acceleration-wedbush-2020-12-1029912129

READ MORE
08Dec

New “Back to Work” HR-Themed Phishing Scam Works to Steal Internal User Credentials

December 8, 2020By 0 comment

Using a fake internal memo from HR, per-user custom-named email attachments, SharePoint Online, and a realistic-looking HR form, this phishing attack has all the ingredients to trick your users.

This far into the pandemic, there are groups of users within your organization begging to come back to the office, as well as those that never want to set foot in the office again. This emotional attachment to either sentiment is the basis for this newest scam, documented by security researchers at Abnormal Security.

The scam appears to come from internal HR, informing users of dates that the offices are expected to reopen and when employees should return to the office to work. Each contains an HTML attachment with the victim’s name on it (see below).

b7tr7p0_mjM14Cdj0gUkOPMwyj1Ejb5ZDjFBbueyQfFIOJr51baKZ6_4otFOw1dPoyiyKAgpX_dP7BeHbfqsnW-6h0pau6KerBHtpHR_AvmusmWCTj-CWCuBBVNfInLBXyNOzl_A

Unlike most html attachments, the link doesn’t take the user to a malicious webpage; instead it takes them to a SharePoint Online document that appears to be an HR document the user is required to acknowledge. This use of a legitimate Office 365 SharePoint site helps these attacks bypass security and find their way to the user’s Inbox.

The most dumbfounding part of this attack is how the user is tricked out of their credentials. At the end of the HR form, they are simply asked for their email address (which is presumed to be their username) and then asked to enter in their password as a means to establish identity as part of agreeing to the presented HR policies. Anyone who understands when and where passwords would be used can easily see this isn’t one of those times.

The scam is a good one – it uses evasive techniques to ensure delivery, establishes legitimacy and urgency, and quickly seeks to reach its malicious goal. Users that have undergone Security Awareness Training should be able to spot this as being a scam, keeping their credentials – and your organization – secure.

READ MORE
04Dec

How Are Credential-Theft Phishing Websites Avoiding Detection? They Just Invert the Website Background

December 4, 2020By 0 comment

Sometimes the easiest solution is the best solution. And in the case of phishing attacks intent of stealing credentials using a fake logon page, it appears that background inversion does the trick.

Plenty of security solutions use crawlers to spot phishing sites before allowing users to navigate to them. And one of the more identifiable aspects of legitimate logon pages to sites such as Office 365 is the background. So, it makes sense that anytime a background image traditionally associated with a well-known authentication process shows up on some other website, it’s a sign there may be something suspicious afoot.

Well, it appears the bad guys have figured this out and have used the simplest of techniques to avoid detection: inversion. By simply inverting the picture background image (see below) using Cascading Style Sheets (CSS) when a crawler visits, the bad guys avoid detection.

Original next to inverted background

Source: PhishFeed

But what about when a human visits? It’s obvious something’s wrong. No problem. The CSS code automatically reverts the image to its normal presentation when an actual user visits, making them feel they’ve arrived at the appropriate page.

This one is so tricky, no user will ever know just by looking at the familiar background. But through new school Security Awareness Training, users can be taught to be mindful of the website URL, making certain it’s actually the legitimate vendor’s logon page and not a lookalike website.

READ MORE
03Dec

Think Tanks Targeted by APT Actors

December 3, 2020By 0 comment

The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory warning that nation-state advanced persistent threat (APT) actors are targeting US think tanks. The advisory says APTs are particularly interested in think tanks that focus on international affairs or national security policy.

“APT actors have relied on multiple avenues for initial access,” the advisory states. “These have included low-effort capabilities such as spear phishing emails and third-party message services directed at both corporate and personal accounts, as well as exploiting vulnerable web-facing devices and remote connection capabilities. Increased telework during the COVID-19 pandemic has expanded workforce reliance on remote connectivity, affording malicious actors more opportunities to exploit those connections and to blend in with increased traffic. Attackers may leverage virtual private networks (VPNs) and other remote work tools to gain initial access or persistence on a victim’s network. When successful, these low-effort, high-reward approaches allow threat actors to steal sensitive information, acquire user credentials, and gain persistent access to victim networks.”

CISA says leaders should “Implement a training program to familiarize users with identifying social engineering techniques and phishing emails.” For employees, the advisory offers the following recommendations:

  • “Log off remote connections when not in use.
  • “Be vigilant against tailored spear phishing attacks targeting corporate and personal accounts
  • (including both email and social media accounts).
  • “Use different passwords for corporate and personal accounts.
  • “Install antivirus software on personal devices to automatically scan and quarantine suspicious
  • “Employ strong multi-factor authentication for personal accounts, if available.
  • “Exercise caution when:
    • “Opening email attachments, even if the attachment is expected and the sender appears to be known. See Using Caution with Email Attachments.
    • “Using removable media (e.g., USB thumb drives, external drives, CDs).”

New-school security awareness training can help organizations of all types defend themselves against cyberattacks by enabling employees to recognize social engineering tactics.

READ MORE
01Dec

Fake Zoom Invite Leads to one Australian Company’s Downfall

December 1, 2020By 0 comment

We’ve previously written blog posts to be cautious of suspicious Zoom meeting links, and we even reported a huge increase in phishing attacks using Zoom of August this year. The heads-up is that these attacks are happening right now in high volume.

Unfortunately, one hedge fund company based in Australia did not get the message.

The Australian Finance Review reported that Levitas Capital’s largest institutional client, Australian Catholic Super, had pulled a planned $16 Million investment following the September incident and the fund would be closing down. It was later reported that this was due to a fake Zoom meeting invite phishing link that was opened by one of the co-founders of the organization.

Fraudulent invoices were then sent to other companies that the fund had previously worked with. “There were so many red flags which should have been spotted … It makes you wonder where else in the system could this happen?” said Michael Fagan, co-founder of Levitas Capital.

Here is the screenshot of the Zoom invite to show just how realistic the invite looked:

Fake Zoom Invite Link

Let this be a warning for other companies not taking new-school security awareness training seriously. It’s important to continually educate your users of common social engineering tactics like this one.

READ MORE
30Nov

Ransomware Downtime Costs for SMBs Are 50 Times More than the Ransom Itself!

November 30, 2020By 0 comment

No one has less cash on hand to spend on dealing with a cyberattack than the small business. New data shows ransomware is a challenge for SMBs and they aren’t prepared for the costs.

No other malware type has evolved as much over the last 12 months as ransomware. The sheer number of attacks, the improvements in sophistication and efficacy are unmatched, and the ransoms are only getting larger.

But most still think this is an enterprise problem; nothing could be farther from the truth. In Datto’s Global State of the Channel Ransomware Report, we find that the SMB is just as much a target of opportunity as the enterprise. And in many cases, despite it being impactful to the business, SMB’s simply aren’t aware of the danger.

According to the report:

  • 70% of MSPs report ransomware as the most common malware threat to SMBs
  • Only 30% report that their clients feel ‘very concerned’ about ransomware
  • 62% of MSPs said clients’ productivity was impacted due to attacks
  • 39% said their clients experienced business-threatening downtime

What’s interesting is how the costs of ransomware has fluctuated over time. While the average reported ransom stayed largely flat – $5,900 in 2020 versus $5,600 in 2019 – the average ransom is 50 times higher – $274K!!!

According to Datto, the leading cause of ransomware attacks is successful phishing email attacks. This means that despite most SMBs having security solutions in place (e.g., 59% have anti-malware filtering solutions implemented), it’s not enough. MSPs need to add Security Awareness Training to their security solution offering to improve their client’s security stance by incorporating the user as part of the security strategy.

From the looks of things, the SMB needs to step up their game and MSPs need to lead the way; Security Awareness Training is the answer to improve their client’s security posture.

READ MORE
26Nov

The Risk of the “To” Line

November 26, 2020By 0 comment

Micropayments company Coil accidentally exposed at least a thousand of its customers’ email addresses by including their addresses in the “To” field of an email, BleepingComputer reports. The email in question concerned updates to the company’s privacy policy (many observers have noted the irony). It’s not clear how many email addresses were exposed, but BleepingComputer suspects it was more than a thousand.

“On taking a closer look, BleepingComputer noticed at least 1,000 emails were included in the announcement,” the publication says. “It is likely other users saw a different set of email addresses listed in the To or CC fields, assuming the mass announcement was emailed in batches of 1,000.”

Coil’s founder and CEO Stefan Thomas apologized in a statement, saying the incident was caused by human error.

“Earlier this evening we sent you an email updating you on changes to our Terms & Privacy Policy,” Thomas said. “Unfortunately, due to a human error related to how we interface with our mailing list provider, a number of users’ email addresses were populated alongside yours. This mistake is especially painful as we take privacy extremely seriously — it is the cornerstone of our values. We’re deeply sorry and hope you can forgive us for this mistake. We’re here to help you with any concerns or issues you may have as a result of this error.”

BleepingComputer notes that these types of privacy breaches are fairly common, with at least two other incidents occurring in the past few weeks.

“Last week, Rakuten had erroneously emailed multiple customers, stating the customers had earned cashback, only to recall their words later,” BleepingComputer says. “In October, a Home Depot email blunder had exposed hundreds of customer orders and personal information to strangers CC’d in emails.”

It’s not just the incoming mail that can be a problem. The outgoing mail carries its own risks. New-school security awareness training can reduce the risk of both malicious and accidental incidents by teaching your employees to be vigilant when dealing with emails and other forms of communication.

READ MORE
25Nov

How Many Phishing Sites? Over 2 Million in 2020 (so far)

November 25, 2020By 0 comment

Google has flagged 2.02 million phishing sites since the beginning of the year, averaging forty-six thousand sites per week, according to researchers at Atlas VPN. The researchers note that the number of phishing sites peaked at the start of the year, which correlates with the start of the pandemic.

“Data also reveals that in the first half of 2020, there were two huge spikes in malicious websites, reaching over 58 thousand detections per week at the peaks,” the researchers write. “The second half of the year seems more stable, which is not a positive thing, as there are around 45 thousand new copy-cat websites registered every seven days.”

Atlas VPN says the number of new phishing sites has been steadily increasing each year since 2015, but it’s now higher than it’s ever been.

“To take a look at the wider perspective, Atlas VPN analyzed phishing site data since the first quarter of 2015,” the researchers explain. “Our findings revealed that the year 2020 is, in fact, the year with most new phishing sites to date. Even though 2020 is not yet at an end, it already has a record-high number of scam websites detected, amounting to 2.02 million sites, according to Google’s data. This was a 19.91% increase from 2019 when malicious site volume reached 1.69 million. The average year-by-year change in phishing websites reveals a 12.89% growth since 2015. Also, in 2020, all three quarters had more malicious site detections than any of the previous year’s quarters. The second quarter of 2020 has the highest number of phishing sites ever recorded, at over 635 thousand.”

The researchers attribute the spike in 2020 to the COVID-19 pandemic, as people are spending more time online and emotions are running high.

“It is quite easy to correlate the pandemic with the increase in phishing attacks, not only because of the increased internet usage but also due to the panic,” they write. “Panic leads to irrational thinking, and people forget basic security steps online. Users then download malicious files or try to purchase in-demand items from unsafe websites, in result becoming victims of a scam.”

Google and other companies do a good job of tracking down malicious sites, but attackers can easily scale their operations and set up new sites to stay ahead of efforts to shut them down. New-school security awareness training can enable your employees to spot these sites on their own.

READ MORE
23Nov

One-Third of Employees Say Their Company Has No Cybersecurity Measures in Place While Working from Home

November 23, 2020By 0 comment

At a time when organizations should be implementing additional security measure to ensure the logical perimeter of their network is protected, new research shows companies aren’t prepared.

You’d think everyone would have this figured out by now; the bad guys have been stepping things up to take advantage of users working remotely making it necessary to increase your cybersecurity stance.

But according to new research covering how organizations are managing their cybersecurity risk around remote work during COVID paints a very disturbing picture. According to the report, an average of about one-third of organizations are mandating any of the obvious security measures for employees when working remotely:

  • 65% of organizations are not mandating a secure WiFi be used
  • 69% aren’t requiring Multi-Factor Authentication (MFA)
  • 69% aren’t using a VPN

The most disturbing is that 34% of employees say their employer hasn’t implemented any of these measures.

This isn’t good.

Organizations with a remote workforce need to double down on implementing a layered security strategy that takes into account the specific areas of risk that exist when a user works from home. Most importantly is the need for Security Awareness Training. According to the research, 68% of organization’s provided no training to their remote workforce. But, given the nature of cyberattacks, the use of social engineering, and the prevalent need for users to engage with malicious content before it can be weaponized, training them to be watchful for such attacks and maintain a state of vigilance is a key step towards keeping your remote workers – and the organization – secure.

READ MORE
21Nov

Remote Workers Continue to Put Organizations Critically at Risk of Cyberattack

November 21, 2020By 0 comment

The Insecurity of the remote worker, their devices, personal networks, and bad cybersecurity habits create a massive threat surface for cybercriminals to easily take advantage of.

We already are seeing projections that the current remote workforce isn’t going anywhere and a majority of workers will remain remote in the future. So it’s critical that organizations make certain their remote workers are secure using the same standards as would be used if the worker was in the office. But new data from security vendor Bitdefender paints a rather bleak picture about the stat of cybersecurity for remote worker and their working environment. In their report, The ‘New Normal’ State of Cybersecurity, it’s found that the remote worker is anything but secure:

  • 87% have the WinRM service still enabled (allowing remote session attacks)
  • 64% have unpatched vulnerabilities that are older than 2018 on their devices
  • 56% of attacks on remote workers involve port scanning
  • Covid-related attacks are on the rise, with 4 in 10 emails on the topic are fraud, phishing, or malware

There’s one last stat that makes it clear where the source of this insecurity lies: 93% of employees are still using old passwords. This and the preceding stats directly point to a lack of the organizations communicating with and educating the user on cybersecurity issues like the need to patch personal devices, properly securing their device with even the OS firewall, and good password hygiene.

Organizations wanting to significantly reduce this massive threat surface should be investing in Security Awareness Training for their users to train them on the need for having a security mindset, the importance to themselves and the organization, and ways to better secure their device, network, email, and employer.

READ MORE