This is an old scam but has been updated to be more dangerous so remind your users to be on the lookout. The old version ‘just’ installed a keylogger but this new version installs ransomware on your system.
You receive an email message from ‘Voicemail Service’ with subject like ‘New voice message from <some number>. There’s a bit of standardized-looking text in the body of the message which tells you that ‘you might want to check it when you get a chance.’
There’s a compressed attachment which if you click on it will play an audio file with embedded code that will encrypt files to [original file name].crypted.
Send a reminder to all your users: Do not click on links in “voice mail” emails from someone you do not know, and certainly do not open any attachments!
And if you have an IT department, in addition to good firewall and endpoint security management, make sure they are stripping compressed attachments from all incoming email messages from whatever email vendor you use.
A survey just published by The Business Journals has some sobering statistics. Only 28 percent of owners of small and mid sized businesses responded that they are very concerned about ‘the safety and security of their firm’s technology, email and documents.’
What makes that particularly concerning is that it runs directly counter to the potential impact for small companies should they suffer a data breach. The Insights report said 60 percent of U.S. businesses with between 1 and 499 employees that suffer a data breach shut down within six months.
As a business owner or manager, if IT security isn’t one of your highest priorities, change your thinking and get some help. Proper IT security usually isn’t hugely expensive but it does require an understanding of the issues, threats and environment, and then implementing a comprehensive plan.
If you’re not sure where to start MicroData is offering a free, no-obligation IT assessment of your business. You’ll get detailed, specific information about the security of your IT environment along with recommendations for corrective actions. And of course we can handle all aspect of implementing and managing IT security for your business. Click here to learn more.
Cyber criminals want access to sensitive data. But rather than a brute-force attack to get it, they’ve figured out its much easier to simply go after users that already have access to the data. One scheme that’s popping up everywhere in the last few weeks is the CEO W2 Request Scam.
This appears as a phishing attack directed at someone in HR or Finance that has already access to this information. The individual receives an email with a spoofed sender address of the CEO (faked address) asking if they would ‘kindly forward PDF copies of all W2s’. It might even be followed up with a text message or another email and sometimes an additional request to have money wired somewhere.
W2s are selling for between $4 and $20 out on the Dark Web. The information on the W2s is used to file bogus tax returns, open financial accounts, apply for loans and credit cards, etc. And once this information is out, there’s no getting it back. It’s a major, long-term headache for anyone affected. And small and large companies are being hit, so no one is immune.
So tell your users to be careful and remember to not send personal or financial information via email and if they are ever unsure, stop and pick up the phone and verify any requests for information that are unusual or uncharacteristic.
Sun Tzu, the famous 5th century BC Chinese general and philosopher has been credited with the statement ‘know yourself, know your enemy and you shall win a hundred battles without loss.’ This applies to cyber-criminals, too. A critical part of your organization’s defense is understanding the extent and nature of the threat. Here’s an example of what I mean.
We recently installed a server for a client which communicates directly to and from the Internet. While it’s a given that adequate security needs to be in place, many business people don’t realize the extent to which the bad guys will go to gain access to a system like this. Cybercriminals deploy automated systems to silently scan for computers, routers, and other IT-related devices which are connected to the Internet and once found, automatically and continuously attempt to exploit configuration mistakes, default or ‘easy’ passwords, and unpatched vulnerabilities.
After only 1 day, here’s a summary of the individual attempts to hack this single system:
Russian Federation (18)
Note that because of the software we installed, after an attack was attempted 3 times that address was blocked from further access. So the above total of 168 individual attempts in 24 hours – if not stopped by the software we had installed – would have likely been continuous attempts every few seconds by each attacker. This would likely have put the daily total at close to 300,000 – 400,000 attempts.
The takeaway? Don’t underestimate the enemy. They have resources to find your systems, exploit vulnerabilities, and make your life miserable.
Invest in good quality security, keep systems and hardware up to date, and monitor everything.
A new strain of ransomware is making its way around the Internet and what’s so nefarious about this version is that it disguises itself as a Windows update.
What happens is that an attachment in a phishing email, when clicked, actually launches a process that brings up a prompt advising the user that an important Windows update is available. People go along with it thinking that they are doing the right thing by keeping their computer up to date.
The ransomware itself is called “Fantom” and the actual executable that starts the process is “CriticalUpdate01.exe.” Once executed it extracts “WindowsUpdate.exe,” and the screen that displays as it begins to encrypt your files looks very much like the modern blue screen that Windows 8, 8.1 and 10 users are familiar with.
But what’s actually happening is that your files are being encrypted. The next thing you’ll see is a screen telling you all your data has been encrypted:
At this point your only options will be to restore all data from a backup or pay the ransom.
So what can you do to stay safe? Here are 5 basic steps to take.
Remind all your users never to open or click on links in messages they are unsure of
Don’t run Windows in Administrative mode
Make sure you have a good and up-to-date antivirus/anti-malware product installed
Be sure your Windows firewall is working and up to date
Don’t run old, out-of-date software. It often contains known vulnerabilities that cyber-criminals exploit
Cybercriminals are now using references to the popular VoIP/efax service RingCentral in an attempt to trick users into taking actions that will infect their computers with malware.
Users receive an email message displaying the sending address ‘RingCentral’, a subject line that contains their name and the text ‘you have a new fax from 314-521-2722’ (or some other number), and the message body telling the user they can view the new fax message ‘on our website.’ Clicking the hyperlink will take the user to a web page that will infect the computer with a Trojan.
Make sure you just delete the message without clicking on any links.
Remind your users to stop and think before they act.
Tell your users to be on the lookout for a new email scam – the subject line is “RE: IRS Form 6642” and the apparent reply address is from a law firm.
The body simply contains Can you print this? and a link labelled “IRS Portal.” Click the link and you download and install malware on your computer that looks for and steals financial account information and passwords.
What makes this scam somewhat different is that it doesn’t threaten or attempt to scare the user to action but instead asks a simple, innocent sounding question.
Just delete the message without clicking on the link or interacting with it in any way. And remind your users to stop and think before acting.
My wife and I were out on the back roads this past weekend and saw a man with what was clearly his 6 year old daughter stopped beside the road. When we saw him holding up his iPad for the little girl we turned to each other and said ‘Pokemon Go!’
It was cute, but like every popular trend cybercriminals have found a way to use it to try and extort money from you. In this scam, you receive an email with a Pokemon Go game icon as an attachment. If you click on the attachment it installs two pieces of malware that encrypt your files and then demands (in an arabic text file it leaves on your desktop) that you respond to an email address to receive instructions for paying a ransom to decrypt your files.
We haven’t seen any confirmation as to whether or not it will encrypt network files across a LAN or VPN connection but you should assume it will. Yet another good reason not to mix personal computing with work resources!
So spread the word that if anyone receives an email messages that’s Pokemon Go related, they should just delete it.
Starting in 2011, a Chinese citizen named Su Bin who lived in Canada orchestrated an elaborate hacking operation that stole over 50TB of classified data about the F35, B2, and other highly classified U.S. weapon systems. How did he do it?
It wasn’t elaborate technical penetration of firewalls or middle-of-the-night Mission Impossible-style burglary. It was simple email phishing.
With email phishing, a message is sent to employees appearing to be from a colleague or friend. The message contains a link and when the recipient clicks on the link, they are taken to a bogus website which then infected their computers with malware to harvest passwords and data.
While your company may not have top-secret information, you are almost 100% certain to be targeted in this same way by ransomware – software that encrypts your data – both local and Cloud – and you won’t get it back unless you pay a ransom to the cybercriminals.
The takeaway? Of course you need to implement all the best-practice technical safeguards and monitoring for your network, but equally important is that you need to train your employees to recognize phishing email messages so they don’t act on them.
If you’d like to learn more, click here to download our free Executive Report; Ransomware Prevention Checklist for your Business.
Cybercriminals are increasingly targeting Mac users and the latest is a backdoor malware app which has been identified as ‘Eleanor’ by Bitdefender. This malware installs a backdoor that gives the bad guys almost complete access to the infected machine including all data and control of the built-in webcam.
Mac’s running OS X 10.6 or later can be affected – that’s would be circa 2007 or later.
This malware installs itself disguised as a fake file converter called ‘Easy Doc Converter’ and available on MacUpdate although not at the Mac App Store according to Apple.
Apple says they’ll be releasing an update to Xprotect to block the app but they haven’t detailed how they will patch the underlying vulnerability that permits Eleanor to do its mischief (execution of a script registered to system startup that allows an anonymous attack of the system). But in the meantime if you’ve already installed this app, the free Malwarebytes scanner has already been updated to remove it.
With phishing email messages, the key for cybercriminals tricking you into divulging passwords and account information is to make a plausible-looking message that gets you to click on a link. Then you’re taken to a bogus website where you are asked to ‘log in’ and boom, they have full access to your account.
The latest is a fake eBay message supposedly from a user demanding to know why you haven’t sent them info about something they allegedly purchased from you. They threaten to contact the police and PayPal if you don’t respond.
Remind your users to stop and think. Note that the message isn’t personally addressed to you. A threat in a message is another giveaway as is poor grammar. Tell your users just to delete the message without clicking on anything.
There’s a rash of email messages appearing where the cyber criminals are trying the less-is-more approach. The subject line just has the word ‘Order’ or ‘Case’ and a string of letters/numbers. The message body references a ‘Total Amount’ or $30,000+, a ‘Timestamp’, and a ‘State’ reference. The message then asks you ‘Please open the enclosed Doc file’ – referencing an attached Microsoft Word file.
Opening the file will run a macro infecting systems that haven’t been updated and patched.
Remind your users to stop and think before they act on messages they receive, especially if it’s from someone they don’t know, contains an attachment, or uses fear or greed to try and encourage action.
Tell your users to be alert for an email message with a subject of ‘Fuel E-bill’ and a Microsoft Word attachment. Opening the attachment causes execution of some code which, on an unpatched computer, infects your system with malware. Just delete the message.
Make sure your systems are updated and that your firewall and workstations all have current antivirus and malware protection.