Gallery

New analysis of published data from ransomware attacks puts the spotlight on the potential that some of your most critical data stolen puts you materially at risk of another attack.

Anyone feel like publishing their usernames and passwords, IP addresses, remote service details, asset tags, original equipment manufacturer (OEM) information, or network diagrams? No one in their right mind would put any of this information out for public consumption.

But, according to the security analysts at Mandiant Intelligence, 1 out of every 7 ransomware attacks that include the theft of sensitive data as part of an extortion scheme that gets published includes much of the data I just mentioned. We’ve recently seen a massive jump of 953% (not a typo!) in ransomware attacks that publish victim data, which only helps make this including of sensitive operational technology information more dangerous to victim organizations.

This is truly concerning.

The information above can easily be used by hackers intent on infiltrating your network and moving laterally within it. The data types I mentioned above were found by Mandiant when they searched through published data in 2021.

This news makes it clear that organization cannot afford a ransomware attack and the assumed aftermath of exfiltrated data – something that occurs in 83% of all ransomware attacks. Phishing still remains a primary initial attack vector, putting Security Awareness Training at the top of the list for security initiatives that empower users to play a role in stopping attacks that make it past security solutions all the way to the Inbox.

New data shows a massive increase between October 2021 and January 2022 in phishing attacks focusing on one of the world’s current concerns for home and in-office testing.

We’ve seen a recent alert from the U.S. Department of Health and Human Services’ Office of the Inspector General about scams focused on “offering COVID-19 tests, HHS grants, and Medicare prescription cards in exchange for personal details, including Medicare information.” So, it’s no surprise to see new data coming in from security vendor Barracuda highlighting a massive increase in the number of COVID-19-related scams.

According to Barracuda, a number of common themes are being seen:

• Sales of tests, masks, and gloves
• Fake notifications of unpaid test orders (providing a Paypal account to send payments)
• Impersonation of testing labs or providers

From what Barracuda is seeing, these attacks are focused on the usual bounty:

• Personal details
• Payment / Credit Card information
• Microsoft 365 credentials

Regardless of the ultimate goal, any of these scams are potentially dangerous; the recent availability of insurance paying for home test kits puts the testing for COVID-19 front and center in the minds of everyone.

But, at the end of the day, these scams still show the usual signs of being fraudulent: impersonated brands, poorly-written email content, and mismatched sender email addresses. Organizations concerned about such scams should consider Security Awareness Training to ensure users are continually vigilant against both the obvious and no-so-obvious COVID-19 scams.

Attackers are exploiting pandemic-related supply-chain disruptions to launch phishing campaigns, according to Troy Gill, senior manager of threat intelligence at Zix. In an article for Threatpost, Gill describes a phishing attack that impersonated a major shipping company.

“[R]ecently the Zix Threat Research team uncovered a spoofing attack where the threat actors posed as one of the largest container-shipping lines in the world,” Gill says. “The email encouraged the recipient to download a shipping document confirmation by clicking on a malicious link. If the user compiled, they would be directed to a very convincing phishing page that cycled through different realistic-looking company backgrounds, with a sign-in screen overlay meant to steal the user’s email credentials.”

Gill points out that these phishing emails, like many social engineering attacks, instill a sense of urgency to compel users to click the link.

“Another continuing trend involves generating a feeling of pressure and urgency to keep recipients from giving it too much thought before responding or following the link,” Gill writes. “Of late, this tactic has become more convincing and subtle, such as stating individuals will lose access to a valuable account if they do not respond immediately.”

Gill concludes that organizations need to use a combination of employee training and security technologies to defend against phishing attacks.

“Although spoofing attacks are continuing to evolve, the burden on organizations can be lessened by implementing the right training and adopting the most effective technology solutions to keep email, employees and the company as a whole protected,” Gill writes. “Shipping and logistics companies are dealing with a lot of uncertainty right now, and so are their customers. The strength of companies’ cybersecurity posture doesn’t need to be another question mark.”

External stressors like the COVID pandemic can have important implications for the threats a business faces. New-school security awareness training can give your organization an essential layer of defense by enabling your employees to spot phishing attacks.

Sixty-five percent of organizations report that their employees have been contacted by ransomware attackers in an attempt to recruit insider threats, according to researchers at Pulse and Hitachi ID.

“Since our last survey conducted in November, there has been a 17% increase in the number of employees and executives who have been approached by hackers to assist in ransomware attacks,” the researchers write. “To combat this rising threat, businesses must take a proactive offensive approach to cybersecurity or face financial and reputational damage.

To gain a better understanding of the different types of ransomware threats, Pulse and Hitachi ID surveyed 100 IT and security executives on how hackers are approaching employees, how ransomware is impacting an organization’s cybersecurity approach, and how prepared businesses really are to combat these attacks.”

The majority (59%) of these requests came through emails, while 27% were made through phone calls. 21% arrived via social media messages. Most of the employees were offered more than $500,000 for assisting the attackers, and some were offered up to $1,000,000.

Meanwhile, 38% of respondents said their organization had fallen victim to a ransomware attack, while 18% were unsure. Additionally, 49% of the organizations whose employees had been approached ultimately fell victim to a ransomware attack, although it’s not clear how many of these were due to insider attacks.

Forty-two percent of the victims said the ransom request was between $300,000 and $600,000, sixteen percent said the ransom was between $600,000 and $1,000,000, and 24% preferred not to disclose the amount.

Your employees are an essential layer of defense against ransomware attacks. The vast majority of these attacks are accomplished via social engineering or technical vulnerabilities like exposed RDP ports. New-school security awareness training can teach your employees to follow security best practices so they can protect your organization against these threats.

Ireland’s Teaching Council has been fined €60,000 by the country’s Data Protection Commission (DPC) over a breach of nearly ten thousand teachers’ data, the Irish Examiner reports. An attacker gained access to two employees’ Gmail accounts by sending credential-harvesting phishing emails, then set up auto-forwarding rules to forward incoming emails to the attacker’s email address.

“[A]s part of the successful phishing campaign on two email accounts of Council staff, over 323 emails were forwarded to an external Gmail account, by a malicious actor,” the DPC said “One of the emails identified as being forwarded to the Gmail account was a spreadsheet containing the vetting status details of almost 10,000 teachers. The Council was asked to provide information on this spreadsheet, including details as to whom and from whom this spreadsheet was being sent and for what purpose.”

Notably, the two victims have denied entering their passwords on a phishing site, which the DPC says is probably because the victims don’t know when the attack happened.

“This would be expected as they would have perceived this to be normal activity and an advanced phishing campaign would capture details without the user being aware,” the DPC says.

The breached data included teachers’ names, addresses, Personal Public Service (PPS) numbers, and vetting clearance status. The DPC notes that the Teaching Council didn’t discover the breach immediately because they found no malware on their systems.

“The commission noted that the Teaching Council had been made aware via an alert that a forwarding rule had been created within its staff email servers,” the Examiner says. “However, the council ‘did not discover at that time’ that the breach had occurred due to ‘no evidence of malware’ being noted. Four alerts were sent to the council’s IT section before the problem was recognised.”

New-school security awareness training can give your organization an essential layer of defense by teaching your employees how to recognize phishing attacks.

The Irish Examiner has the story.

Younger and older people differ in their susceptibility to different types of social engineering attacks, according to researchers at Avast. Younger people tend to fall for scams distributed through social media apps, while older people are more likely to fall for banking and tech support scams.

“The most important internet activity for 18-24 year olds is using social media (37%),” Avast said in a press release. “For 25-34 year olds, it’s staying in contact with friends and family via messenger services and emails (40%), and for 35-44 year olds, it’s banking and finance activities (40%). This shows why the younger generation are targeted on their smartphone with scams on Instagram and TikTok, FluBot SMS and email phishing scams that look like they’ve come from friends or family, and mobile banking Trojans.”

The researchers explain that older users tend to be targeted by attacks that affect desktop computers.

“In comparison, the most important activities for the older generation are banking and finance activities (55-64: 55%, 65+: 70%), followed by staying in contact with friends and family via messenger services and email (55-64: 47%, 65+: 56%), and using a search engine (55-64: 33%, 65+: 38%),” Avast adds. “This helps to explain why they are more likely to be targets for key threats on computers including ransomware, email phishing scams and spyware/Trojans targeting their finances, and tech support scams.”

Jaya Baloo, Chief Information and Security Officer at Avast, noted that despite these trends, anyone of any age can fall for social engineering scams.

“Of course, younger generations are also susceptible to desktop-related threats as they use desktop devices as their secondary tool to go online, and vice versa older generations also use smartphones, but it’s important that New Zealanders understand the different types of online threats that are targeted at different devices and that you discuss all of these threats as a family so each person is up to date and aware of how to stay safe whatever device they happen to be using,” Baloo said. “Different generations may see the internet with different eyes and have different online experiences, which is something to keep in mind when having conversations about online safety at home.”

New-school security awareness training can help employees of all ages avoid falling for phishing and other social engineering attacks.

Using mailed out “BadUSB” drives as the initial attack vector, cybercriminals are attempting to infiltrate sensitive networks and infect them with BlackMatter or REvil ransomware strains.

The FBI recently released a notice about cybercriminal group FIN7, according to a Bleeping Computer article, warning defense contractors to be wary of USB drives being sent through the mail. According to the notice, FIN7 is impersonating Amazon and the Department of Health & Human Services (depending on the target victim) in an effort to get them to plug in the USB drive.

The USB drives are ‘BadUSB’ or ‘Bad Beetle USB’ devices with the LilyGO logo, and are commonly available for sale on the Internet. The drives register with the victim computer as a keyboard and include a wealth of hacker tools, including Metasploit, Cobalt Strike, Carbanak malware, the Griffon backdoor, and PowerShell scripts.

The goal of these drives is to infect networks with either BlackMatter or REvil ransomware.

This is a real-world form of targeted attack that uses the same social engineering we commonly see in phishing attacks. Users that undergo continual Security Awareness Training are already aware they should not be plugging in unknown USB drives – especially those sent unsolicited.

These attacks could just as easily be turned into an access for sale attack, given the amount of control hackers have over the compromised endpoint. Be on guard.