Blog

Beware of politically charged email messages and links to news articles.

Cyber criminals are continually developing effective new phishing campaigns to steal login credentials. With the increased business adoption of hosted email solutions, such as Microsoft Office 365 and Google Gmail for Business, phishing for login credentials has become a significant threat. Email messages that prompt you to login to your email account are common ploys used by hackers, whether prompting to access a secured document, change your password, or verify your license. Clicking on the authentic-looking link in the email message will conveniently bring up a familiar login screen that looks EXACTLY like what you expect, but is HOSTED BY THE HACKER.

Whether as proactive protection against cyber threats or in response to external requirements, businesses of every size and kind are finding the need to monitor the security health of their networks.  Those who accept credit card payments need security monitoring to address payment card industry requirements (PCI-DSS), while financial institutions and healthcare are required to protect sensitive data.  Manufacturers who use restricted chemicals or accept Department of Defense contracts need to implement security controls to meet the requirements of DFARS, NIST, and CVI.  Regardless the reason, security monitoring will detect and enlighten you to vulnerabilities and activities so they can be FIXED!

Equifax, one of the three major credit reporting agencies, disclosed a data breach on September 7 that affects 143 million people in the US.  The stolen data included the consumer’s name, address, date of birth, and social security number.  In addition, credit card numbers and other personally identifiable information was also stolen for about 200,000 of the 143 million individuals.  The “unauthorized access” was reported to have occurred on July 29, and the investigation is ongoing.

Gaining clear visibility into what is happening on your network is necessary to detect the nefarious activities of cybercriminals and to understand your users’ day-to-day activities. Security Incident & Event Management (SIEM) is the solution that can take detection of malicious and anomalous activity to a higher level. SIEM tools have historically been thought of as enterprise or carrier-class products, but as the need for better visibility has expanded to businesses of all sizes, SIEM tools have become less costly and more accessible.

This is an ACTIVE EMAIL THREAT – PLEASE FORWARD TO YOUR NETWORK USERS.

On Friday, May 12, 2017, cyber criminals released what has been the most malicious ransomware attack in history.  The ransomware named WannaCry has infected over 10,000 organizations in over 150 countries so far.  Several European health systems and major manufacturers were forced to shut down by the initial wave on Friday.  To compound matters, at least two new strains of WannaCry have been released since Friday as the cyber criminals continue to leverage this latest threat.

If you received a message today with the subject, “A document on Google Docs has been shared with you,” it is very likely that your email address is on the contact list of someone’s account that was hacked.  This ploy was meant to convince you that someone you know sent you a document, and by entering your Google email address and password, you would be able to open the attachment.  In reality, entering your credentials would provide a hacker access to your Gmail mailbox from which they could harvest your mailbox and attack your contacts.

Google has reported that they have taken down the offending accounts and system updates are underway to prevent future attacks.  Google is also encouraging users to report the email as a Phishing attempt within Gmail.

If you received one of these messages, your account would have been compromised at the point of entering your email address and password.  Opening the message, or even clicking on the link that opens the login page would NOT compromise your account.

If you clicked on the link and entered your credentials, immediately complete the following steps:

• Go to your Gmail account’s permissions settings at https://myaccount.google.com/permissions
• Remove permissions for “Google Docs,” the name of the phishing scam (if the page says, “You haven’t granted any apps or websites access to your Google Account,” your documents were not compromised).
• Change your Gmail password

When setting passwords, consider using a passPHRASE made up of three or more common words, and add a number or special character to increase complexity.  Even the longest dictionary word is easily hacked, but passPHRASES are much more difficult to pick.  Try something like “I-Like-Tomatoes22” or “I-Dr1ve-A-Boat” rather than using a common word or pet’s name.  The length and use of multiple words provide added protection.

This is only the latest of several new email attacks.  Always pay attention to the TO, FROM, and SUBJECT LINE before clicking on a link or opening an attachment.  The “TO” line on this Google Docs message says, hhhhhhhhhhhhhhhh@mailinator.com.  It is also important to be very suspicious anytime you are asked to enter your password from an email request. Credential phishing is big business for cybercriminals. 

This is the time of year that taxes are on our minds. Whether from the business’ perspective of preparing and sending W2’s, to the individual looking forward to a refund, it is tax time. Tax time is a golden opportunity for criminals to steal identities, tax refunds, credit card numbers, and credentials. In 2016, the IRS reported a whopping 400% increase in phishing scams, and 2017 will see new and more sophisticated schemes. 

The news that 500 million accounts were stolen from Yahoo should make anyone with an online account at least a little anxious.  According to a Yahoo statement, “The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords, and in some cases, encrypted or unencrypted security questions and answers.”