Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

They’re not super villains!

Some good points in this article. At the end of the day the fundamentals of cybersecurity outperform cyber criminals. It isn’t glamorous work but it is effective.

Instead of going deep into the weeds of who is behind cyberattacks, experts say organizations and defenders should prioritize the most practical ways to reduce risk, including vulnerability and patch management, network perimeter and endpoint security and multifactor authentication.

Small Towns still have big problems

In a town of less that 13,000 people a small hospital breach has affected ~62,000 people.

The hospital attributed the 10-month-long lag between discovery of the incident and notification to difficulties in identifying the individuals and the information affected in the hack.

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

Tech Support Scams with a Twist

Malicious web search ads have drastically increased as the delivery mechanism for the top 10 malware over the last year.

…brazen malvertisers went as far as impersonating Google’s entire product line and redirecting victims to a fake Google home page

Most ransomware attacks happen at night

This isn’t surprising considering the normal workday across the globe and lack of an IT presence in the US. On call staff, automation, and SOC Services are important security components to keep organizations safe overnight.

The majority of ransomware attacks now occur between the hours of 1am and 5am in an attempt to catch cybersecurity teams off guard, according to a new report from Malwarebytes.

Why C-suite leaders are prime cyber targets

BEC (business email compromise) attacks are extremely effective. With ease of creating AI Deep Fakes to impersonate executives, out of band verification policies will need to commonplace in all organizations of any size.

The frequency of attacks is also escalating. 69% of US companies that have previously had attacks report an increase in attacks over the past three years–above the global average of 58%. This uptick coincides with the rise in complexity of attacks. Notably, incidents involving AI-assisted deepfakes and phishing schemes have surged, with senior executives as primary targets.

This article was last updated @ 3:00 PM 08/26/2024

Consumer data broker National Public Data has been breached and has exposed hundreds of millions of consumer records. These consumer records include information that is often used to verify consumer identity. The breached data also includes 272M social security numbers of living and deceased US citizens.

You can read more about the breach here:

https://krebsonsecurity.com/2024/08/nationalpublicdata-com-hack-exposes-a-nations-data

and here:

https://krebsonsecurity.com/2024/08/national-public-data-published-its-own-passwords/#more-68428

You can check if your information was part of the breach here:

https://npd.pentester.com

or here:

https://www.npdbreach.com

Now that the data is in the wild, what can you do about it? Even if your info was not part of this breach the following steps are still important to keep your credit and identity safe.

1. Place a credit freeze with all three of credit bureaus. This will prevent new credit inquiries and new credit card and some loan accounts. This freeze will need to be lifted when establishing new accounts.

https://www.transunion.com/credit-freeze

https://www.experian.com/freeze/center.html

https://www.equifax.com/personal/credit-report-services

2. Place a security freeze with ChexSystems. This will prevent the approval of new banking accounts opened in your name. This will also need to be lifted when opening new accounts.

https://www.chexsystems.com/security-freeze/information#:~:text=All%20consumers%20who%20reside%20in,your%20name%20without%20your%20consent.

3. Get an Identity Protection Pin for your IRS account. This will prevent someone else from filing a tax return in your name. As enticing as someone filing your taxes for you might sound it can be used in the identity theft process.

https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin#:~:text=An%20Identity%20Protection%20PIN%20(IP%20PIN)%20is%20a%20six%2D,to%20you%20and%20the%20IRS.

4. Review your credit report from each of the credit reporting agencies annually. Due to these large scale data breaches it is important to keep an eye on your credit report. Under federal law you are entitled to a copy of your credit report annually from all three credit reporting agencies – Experian, Equifax, and TransUnion.

How to request your free credit report:

1. You may contact the Central Source by visiting www.AnnualCreditReport.com
   
2. You can request by phone and call 877-FACTACT

Quick and Easy Way – Enroll in an Identity Theft and Monitoring service. Instead of doing the first 4 steps yourself these services help automate the process plus a whole lot more. I would suggest this for a heavy credit user or someone with an extensive digital and financial footprint. These services are expensive but cover a wide array of credit, banking, and identity services that would be next to impossible to manually opt out of. The two front runners are:

Lifelock – https://lifelock.norton.com/

and

Aura – https://www.aura.com/

You can read more about them here:

https://www.cnet.com/personal-finance/identity-theft/best-identity-theft-protection/

and

https://www.tomsguide.com/us/best-identity-theft-protection,review-2083.html

Honorable Mention – There are some services that help to clean up your data from the 100’s or 1000’s of data brokers out there. This type of service is included in the previously mentioned Identity Theft and Monitoring services but you can sign up for this functionality without all of the bells and whistles. A few of the best are:

Delete Me – https://joindeleteme.com/

Incogni – https://incogni.com/

Optery – https://www.optery.com/

I’ll continue to monitor this situation and aggregate the best practices to help mitigate the risk associated with this breach.

---

Update 8/23/2024

Added best practice number 4.

Update 8/26/2024

Added https://www.npdbreach.com/ site by Atlas Privacy to article

Added Quick and Easy and Honorable Mention section

Formatting changes

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

August Patch Tuesday

The August patch Tuesday might be one for the record books. Exploited Zero Days, Remote Code Executions, and Privilege Escalations this month we have it all. As usual our current customers have begun getting critical updates. If your not a current Digital Data Communications managed service customer please manually run Windows updates (and Adobe too). Stay safe!

 ..security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day

Common Log File System

While it’s not a remote code execution (RCE) flaw or a privilege escalation flaw. It still can have a detrimental effect on your business day.

Narvaja said the vulnerability poses a significant risk as it can lead to system instability and denial of service (DoS) attacks. An attacker could exploit this flaw to repeatedly crash affected systems, potentially causing data loss and disruption to operations.

Brief from CISA and FBI on Blacksuit(Royal) Ransomware

This is a great threat briefing but pretty much the same old tricks. This is a very active campaign.

BlackSuit actors gain initial access to victim networks in several ways, including:

• Phishing. According to third-party reporting, BlackSuit actors most commonly gain initial access to victim networks via phishing emails [T1566]
• Remote Desktop Protocol (RDP). The second most common vector (around 13.3% of incidents) BlackSuit actors use for initial access is RDP compromise [T1021.001]
• Public-facing applications. FBI has observed BlackSuit actors gain initial access through exploiting vulnerable public-facing applications [T1190]
• Brokers. Reports from trusted third-party sources indicate that BlackSuit actors may leverage initial access brokers to gain initial access and source traffic by harvesting virtual private network (VPN) credentials from stealer logs [T1650]

Adobe Reader Security Bulletin

This type of vulnerability is a common target for phishing campaigns. If you are one of our managed service customers its likely this vulnerability has already been patched.

Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, privilege escalation and memory leak.

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

Windows Downgrade Attack

We spend a lot of time making sure Microsoft Windows machines are patched to protect from known vulnerabilities. With this attack malicious actors can roll back previously patched software to take advantage of vulnerabilities.

SafeBreach security researcher Alon Leviev revealed at Black Hat 2024 that two zero-days could be exploited in downgrade attacks to “unpatch” fully updated Windows 10, Windows 11, and Windows Server systems and reintroduce old vulnerabilities.

No known exploits are currently in the wild but the security researcher was able to create a working proof of concept. Microsoft is working on a security patch to mitigate this attack.

Another Issue with NTLM

Microsoft’s NTLM has had a troubled past. Tons of exploitable flaws, unsalted hashes, and continued use after the clear successor has been anointed. Unfortunately we will be left dealing with these types of issues for the foreseeable future.

The good new here is that this vulnerability has a decent mitigation while we wait for Microsoft to issue a patch.

In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability

This flaw isn’t currently being exploited but has been tagged as “highly probable” to be exploited.

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

---

 

Watch Hackers Break Into the US Power Grid

In this video, you’ll see hackers in action breaking into several businesses and bypassing all their security measures. A bit goofy, but it accurately illustrates how easily this can be done at most places.

Multipurpose malware: Sometimes Trojans come in threes

Just in case a plain old Ransomware wasn’t bad enough, malware authors have added a DDOS component to Cerber. This malware attacks you in multiple different ways.

As if ransomware weren’t bad enough, now it’s metastasizing: not just spreading rapidly but even picking up secondary characteristics. Take Cerber, ransomware first spotted in the wild back in February 2016.

Briefly, here is the sequence of events. First, Cerber arrives in the form of an e-mail attachment. Once executed, the virus behaves like any other ransomware, encrypting files and demanding money for their safe return. But then, security researchers are finding, it confirms the computer’s Internet connection and begins using the infected PC for other purposes, such as for a distributed denial-of-service (DDoS) attack or as a spambot.

FBI Internet Crime Report

You don’t have to be in the FBI to know that Ransomware and Business Email Compromise are two of the leading issues facing cybersecurity. All leading information security experts agree on that. But still – it’s nice to have the FBI confirm it.

BEC is linked to other types of criminal activity including romance, lottery, employment, and check scams. Victims of these scams may be used to unknowingly transfer fraudulent funds on behalf of the perpetrators. In 2015, the IC3 received 7,838 BEC complaints with losses of over $263 million .

Microsoft Warns of ZCryptor Ransomware with Self-Propagation Features

Malware authors have added a “worm” component to a  variant of the Ransomware Zcrypt. Not only can it encrypt files on shared drives and removable drive but, it can also copy itself there and wait to be installed by another system.

A security researcher named Jack, behind the MalwareForMe blog, first discovered and wrote about this threat on May 24. Three days later, Microsoft ‘s security team also took note of the new wave of infections.

“We are alerting Windows users of a new type of ransomware that exhibits worm-like behavior,” Microsoft’s Malware Protection Center alert reads. “This ransom leverages removable and network drives to propagate itself and affect more users.”

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

---

 

Microsoft report: 9.4 percent increase in vulnerability disclosures

If you don’t download and install security patches, you’re almost asking for trouble. This article proves the point that some of the most exploitable vulnerabilities have already been patched.

One of the most concerning findings was that the most commonly targeted individual vulnerability in the latter half of 2015 was CVE-2010-2568 in Windows Shell, according to Tenable Network Security EMEA Technical Director Gavin Millard.

“CVE-2010-2568, a vulnerability well known for its usage in the Stuxnet malware family in June 2010, has had a patch available since August 2nd 2010 but many systems are still being successfully targeted,” Millard told SCMagazine.com in emailed comments.

10 Years Of Human Hacking: How ‘The USB Way’ Evolved

Interesting technique to get people to plug in a rogue USB drive. Would you fall for this trick?

As users started to become educated about rogue USB drives, we changed the rules by purchasing memory sticks branded with their company name and logo. Sometimes we attached them with a lanyard also printed with the corporate insignia. In some cases, we placed them on the desks of individual users, and in other instances, we physically mailed them to the individual. In all scenarios, users still plugged the devices in and ran whatever exploit we stored on the drive.

Flash Player update fixes zero-day vulnerability and 24 other critical flaws | CSO Online

Adobe Flash continues to be a hackers best friend.

The company issued a warning about the zero-day — previously unknown and unpatched — vulnerability on Tuesday, saying that it is aware of an exploit available in the wild. The flaw, tracked as CVE-2016-4117, was reported by security researchers from FireEye.

I almost can’t believe someone from Adobe was quoted saying the following for this article.

However, while an exploit for CVE-2016-4117 is known to exist in the public domain, the company is not aware of any active attacks using it, an Adobe spokeswoman clarified Thursday via email.

Symantec Antivirus products vulnerable to horrid overflow bug | ZDNet

Even antivirus platforms can provide a surface area to attack.

“This is a remote code execution vulnerability. Because Symantec use a filter driver to intercept all system I/O, just emailing a file to a victim or sending them a link is enough to exploit it,” Ormandy said in his explanation.

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

---

 

Cybersecurity Industry “Fighting the Wrong Battle for 20 Years”

The white paper linked to in this article may be the best thing written on the human side of cyber security that I’ve ever read. Do yourself a favor and read it.

“In the more than 2,500 data breaches I have investigated, I can count exactly zero that were caused by non-human-initiated system failure—like it or not, people are the problem,” said Pogue, Nuix’s Senior Vice President, Cyber Threat Analysis.

Empty DDoS Threats: Meet the Armada Collective

Cybercrooks have started bluffing about their capabilities. What affect this will have on the overall marketplace remains to be seen. It seems like this will take money out of the pocket of “legitimate” cybercriminals. 😉

… we’ve been unable to find a single incident where the current incarnation of the Armada Collective has actually launched a DDoS attack. In fact, because the extortion emails reuse Bitcoin addresses, there’s no way the Armada Collective can tell who has paid and who has not. In spite of that, the cybercrooks have collected hundreds of thousands of dollars in extortion payments.

‘Crypto Wars’ timeline: A history of the new encryption debate

The Patriot Act had a massive influence on encryption. Here’s a good (and mostly politics free) version of the biggest encryption related events since the Patriot Act was passed in 2003.

Law Firms Present Tempting Targets For Attackers

No industry is safe from attackers, scammers and hackers. Just add law firms to the long list of industries targeted by cybercriminals.

The recent data breach at Panamanian law firm Mossack Fonseca that resulted in the theft of a staggering 11.5 million sensitive records highlights what analysts say is a disturbing lack of security preparedness at many law firms.

Healthcare Was Most Attacked Industry in 2015

Healthcare has been under attack in 2015. The stats are disconcerning.

Despite not even making it to top five most targeted industries in 2014, healthcare managed to grab the top spot last year, as five of the top eight largest healthcare security breaches since the beginning of 2010 took place in the first half of 2015. Overall, more than 100 million healthcare records were compromised last year.

Major Exploit Kit Campaign Swaps Locky Ransomware for CryptXXX

Another week, another new wave of attacks. This one changes shapes. An interesting development,l especially since Kaspersky just announced a decryptor for CryptXXX.

In mid-April 2016, a campaign using Nuclear Exploit Kit (EK) to distribute Locky ransomware switched to using the Angler EK to install CryptXXX ransomware. This campaign uses gates registered through FreeDNS atafraid.org. We are calling this the Afraidgate campaign. Although we continue to see Locky distributed through malicious spam, we have not noticed Locky from EK traffic since mid-April.

Malware Leverages Windows “God Mode” for Persistency

A common Windows “feature” gets exploited by attackers.

The so called God Mode allows users to create a folder and give it a special name, which turns it into a shortcut to Windows settings and folders such as control panels, My Computer, or printers. The feature was introduced by Microsoft in Windows Vista and can prove a handy tool for administrators and savvy users alike.

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

---

 

Young adults most likely to lose a phone, making them top targets for mobile hackers

It won’t come as a surprise to you that young adults are most likely to lose a phone. This article makes a great case for two important mobile device best practices that’ll help you in case of loss:

1. Two Factor Authenication for all of your online services
2. Using a passcode to encrypt your mobile device

The New Security Fundamentals

These inexpensive security fundamentals can save your company a lot of time and effort.

The ninja security tactics described in this guide — a set of reimagined, if not completely “new” security fundamentals — are available to all for free or with minimal investment. They don’t come with new acquisition costs, steep learning curves or additional vendor lock-in. All they require is a fresh perspective on existing systems and tools, and the judicious application of already well-known security concepts.

PCI is going to impose new payments security rules this week — and they don’t go nearly far enough

New PCI security requirements are to be issued this week. If you handle credit cards, they apply to you. Are these new measures enough?

“An organization could go to great lengths to protect their internal network only to see a third-party negate all of their effort as indicated in data breach reports. That is why several new requirements were identified for service providers in PCI DSS 3.2. These new requirements should already be part of service providers’ efforts to successfully manage the effectiveness of security within the cardholder data environment,” Troy Leach PCI Chief Technology Officer

Ransomware-as-a-service Malicious Insiders = Deadly Threat

As the Ransomware market continues to evolve, the actors start to specialize and stay in their comfort zones.

The Ransomware as a Service (RaaS) model is an emerging concept in which Ransomware authors provide customized, on-demand versions of malware to distributors. The ransomware author collects the ransom and shares it with the distributor. A classic “affiliate” distribution model, which we know from other domains on the web. Thus, malware authors stay in their comfort zone of writing software while distributors who specialize in spam, malvertizement or BlackHat SEO create a new revenue stream based on their existing platforms

Ransomware in your inbox: the rise of malicious JavaScript attachments

JavaScript attachments are replacing Word documents as attachments of choice for some ransomware authors.

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

---

 

Business Email Compromise – FBI Public Service Announcement

There has been such an increase of instances of the Business Email Compromise scam, that the FBI put out an official public service announcement warning people against falling for it. These shocking statistics show the effectiveness of the scam which caused over $1.2 billion in damages in 2015 alone.

Business Email Compromise (BEC) is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.

The BEC scam continues to grow and evolve and it targets businesses of all sizes. There has been a 270 percent increase in identified victims and exposed loss since January 2015. The scam has been reported in all 50 states and in 79 countries. Fraudulent transfers have been reported going to 72 countries; however, the majority of the transfers are going to Asian banks located within China and Hong Kong. These totals, combined with those identified by international law enforcement agencies during this same time period, bring the BEC exposed loss to over $1.2 billion.

FBI: $2.3 Billion Lost to CEO Email Scams

An interpretation of the report the FBI put out on the BEC scams.

In an alert posted to its site, the FBI said that since January 2015, the agency has seen a 270 percent increase in identified victims and exposed losses from CEO scams. The alert noted that law enforcement globally has received complaints from victims in every U.S. state, and in at least 79 countries.

Business email compromise campaigns continue targeting C-level employees despite warnings

Would you read these emails and do what these hackers ask of you? A great breakdown of how the business email compromise (BEC) scam works, and how effective it is.

Scammers are continuing to target senior financial staff at medium and large corporations, attempting to trick them into carrying out large wire transfer payments. The FBI recently warned organizations of this activity and Symantec Email Security.cloud has observed that these email campaigns are still ongoing.

Adobe ships 0-day patch for Flash – get it while it’s hot!

Adobe just released a patch that fixes a vulnerability cybercriminals are already exploiting to gain access to machines. Everybody needs to download this patch – immediately.

For the second time in two months, Adobe has pushed out a Flash update that’s more than just a nice-to-have.

This one, like last month’s, fixes not only a bunch of holes that crooks would almost certainly try to use if they knew about them, but also a vulnerability that’s already being exploited in the wild for criminal purposes.

Zero-day Numbers Exploded and 43m New Malware Variants Discovered in 2015

In this Security Threat Report, Symantec shed light on some unnerving new developments. I used to draw the line between the skills of organized crime hackers and “nation-state actors”. It looks like that gap is closing.

Symantec has today launched its annual Internet Security Threat Report (ISTR), which reveals highly-skilled cyber criminals with skills sets that echo those of nation-state attackers, are fuelling an exponential growth in online crime.

Illinois USB Whitepaper

Attackers still use USB keys to gain access to machines. Remember: don’t use USB keys that you’re not sure are safe. Simply scanning a drive before plugging it in is not effective to determine its safety.

Abstract—We investigate the anecdotal belief that end users will pick up and plug in USB flash drives they find by completing a controlled experiment in which we drop 297 flash drives on a large university campus. We find that the attack is effective with an estimated success rate of 45–98% and expeditious with the first drive connected in less than six minutes.

How Apple and Amazon Security Flaws Led to My Epic Hacking

Imagine sitting behind your phone or computer and seeing it remotely being wiped completely by a hacker. That’s what happened to Mat Honan. In this classic and riveting first-person account, you learn how your life can digitally dissolve when you’re being hacked.

In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook. In many ways, this was all my fault.

Password Generator Tool Breaks Petya Ransomware Encryption

Finally some good news about ransomware Remember the Petya strain of ransomware I shared with you a few weeks ago? Some researchers found a fix for this particular strain.

Researchers have been combing through code related to the Petya ransomware long enough they’ve been able to cobble together a decryption tool that should allow most victims to generate keys in less than 10 seconds.

The 8 Most Convincing Phishing Schemes Of 2016

The year is young and high-profile phishing attacks keep coming seemingly every week. Here are eight reasons why security pros have to get serious about combating phishing.