News

Cyber Monday (27th November 2017)

Computer Culture Admin - Monday, December 18, 2017
Hacked

Your age, gender, and location can determine how likely you are to fall victim to internet crime on the biggest online shopping day of the year, according to a new report from OpenVPN.

 

In the USA, last year's Cyber Monday (Monday after the Thanksgiving holiday) was the biggest online shopping day in the history of US e-commerce, with $3.39 billion spent online. This year's promises to be even larger. However, malicious attacks against consumers increase almost 40% on Cyber Monday, and online shoppers need to be more vigilant than ever to ensure the safety of their personal information.

 

To help consumers better understand their risk of falling victim to an attack, a new report from OpenVPN analysed cybercrimes reported to the FBI and CSN in 2015 and 2016—concentrating on internet crime, fraud, and identity theft. With this data, researchers found the states that were affected most in the country for cybercrime victims, the amount of money lost, the number of victims, and the most victimized sex and age.

 

In terms of gender, men fell victim to cybercrime more, 75% more often than women, the report found—possibly because men spend more money online, it noted. In terms of age the report found, people over age 50 were the group most likely to fall victim to attacks in about 30 states.

Trackbacks (0) | Permalink

Bad Rabbit Ransomware

Computer Culture Admin - Thursday, November 16, 2017
Hacked
Organizations in Russia, Ukraine and a few hours later also the U.S. are under siege from Bad Rabbit, a new strain of ransomware with similarities to NotPetya.

The outbreak appears to have started via files on hacked Russian media websites, using the popular social engineering trick of pretending to be an Adobe Flash installer. The ransomware demands a payment of 0.05 bitcoin, or about $275, from its victim, though it isn’t clear whether paying the ransom unlocks a computer’s files. You have just 40 hours to pay.

Bad Rabbit shares some of the same code as the Petya virus that caused major disruptions to global corporations in June this year, said Liam O’Murchu, a researcher with the antivirus vendor Symantec Corp.

Based on analysis by ESET, Emsisoft, and Fox-IT, Bad Rabbit uses Mimikatz to extract credentials from the local computer's memory, and along with a list of hard-coded credentials, it tries to access servers and workstations on the same network via SMB and WebDAV.

The hardcoded creds are hidden inside the code and include predictable usernames such as root, guest and administrator, and passwords straight out of a worst passwords list. (Note to Self: all user passwords need to be strong, step all employees through a strong password training module ASAP.)

As for Bad Rabbit, the ransomware is a so-called disk coder, like Petya and NotPetya. Bad Rabbit first encrypts files on the user's computer and then replaces the MBR (Master Boot Record).
Trackbacks (0) | Permalink

"Fake-tortion" Phishing Attacks

Computer Culture Admin - Thursday, October 19, 2017
HP This is a heads-up about a new aggressive form of email attack that you need to warn your employees, friends and family about. The bad guys have beta-tested and refined it in Australia, and now the first incidents have been spotted in the US.

The sophisticated attackers are targeting potential victims in an email sequence that starts with pornography and adult dating links, which are then followed up with extortion attempts.

IT security company Forcepoint says it picked up more than 33,500 such emails in August, when the testing was happening Down Under.

The scam threatens to steal users’ privacy, sequencing emails that say, “look at this”, then “we know what you just looked at”, and demand US 320 dollars payment in Bitcoin.

The email claims that a virus was installed on a porn website which recorded the victim through their webcam. “Then my software collected all your contacts from messengers, e-mails and social networks,” it says. “If I don’t receive my Bitcoins I’ll send video with you to all your contacts.”

Carl Leonard, principal security analyst at Forcepoint, said cyber-extortion was a prevalent tactic today. While it largely takes the form of ransomware, he said data exposure threats were growing in popularity.

“Cyber-blackmailing continues to prove as an effective tactic for cybercriminals to cash out on their malicious operations,” he said. “In this case, it appears that a threat actor group originally involved in adult dating scams have expanded their operations to cyber-extortion campaigns as a result of this trend.”
Trackbacks (0) | Permalink

Identifying Phishing Emails

Computer Culture Admin - Thursday, September 28, 2017
With the increasing use of phishing emails, we’d like to draw your attention to how to identify whether the email links you are being asked to click are legitimate. This is done by hovering your cursor / pointer over the link and revealing the domain or destination to where you will be sent. If you look at the final part of the domain before the forward slash (/) you can determine whether you think this link is from the organization referred to in the email. In the example below .cenotehopping makes little sense and indicates the link is not authentic. 

If there is a string of cryptic numbers or an .exe file do not click on the link. Ring the organisation who has sent you the email and verify that the email is legitimate.  As always it is better to be cautious than caught out.

Microsoft offers this information on recognising phishing email messages, links, or phone calls.
Trackbacks (0) | Permalink

CEO Fraud Attacks Were Far More Lucrative Than Ransomware Over the Past 3 Years

Computer Culture Admin - Thursday, August 24, 2017
Hacked
Cisco's midyear report released this week showed that CEO fraud netted cybercrime five times more money than ransomware over the last three years.

The surprising highlight of Cisco's ninety-page report was that cybercrime made 5.3 billion from CEO fraud attacks--called business email compromise (BEC) by the FBI--compared with a "mere" 1 billion for ransomware over a three-year stretch.

Ransomware takes time to develop and extensively test before any Bitcoin comes into the wallet, compared to doing a quick bit of research on LinkedIn and crafting a spoofed spear-phishing attack. CEO fraud simply is faster to pull off. Moreover, your run-of-the-mill spray-and-pray ransomware attacks are often lower-dollar numbers.

Schooling Users on CEO Fraud and Ransomware

Cisco says targeted cybersecurity education for employees can help prevent users from falling for CEO fraud and ransomware attacks. The finance department could especially benefit from security training on phishing campaigns, so when the bogus email comes across the transit of the CEO asking for a funds transfer it can be detected.

Regular software patching also is crucial. When spam laden malware hits or ransomware attacks like WannaCry surfaces, the impact can be minimised. "People focus on new technology, but forget about patching and maintaining the infrastructure."

A balanced defensive and offensive posture is required, not just with firewalls and antivirus, but also including measures to hunt down possible attacks through data collection and analysis.

Spyware Makes a Comeback

Cisco found that in the first half of this year, attackers altered their methods of delivering, hiding, and evading their malicious packages and techniques.

File-less malware is popping up, which lives in memory and disappears when a device reboots, according to the report. As a result, it makes detection and the ability to investigate it more difficult.

Additionally, attackers are also making use of anonymised and decentralised infrastructures, to hide command and control activities.

Meanwhile, three families of spyware ran rampant, affecting more than 20% of the 300 companies in the report sample.

Ironically, many organisations underestimate or virtually dismiss spyware. "Spyware is being disguised as adware and adware, unlike spyware, does not create damages for a company," says Cisco. He adds that attackers are injecting spyware and other forms of malware into adware, since adware is a low priority for security teams.

‘Destruction of Service’ Attack Threat

The report also highlights the dangers of Destruction of Service (DeOS) attacks, epitomised by the likes of WannaCry and NotPetya which were both much more destructive than traditional ransomware. According to Cisco, these types of attacks have the strength to eliminate organisations’ data backups and leave them unable to recover.

Cost of Downtime Not Calculated

The one thing related to ransomware that was not considered was the amount of damage caused by downtime, having workstations and servers not up & running. If you calculate that in, ransomware is probably as damaging as CEO fraud, or even more.
Trackbacks (0) | Permalink

New Type of WhatsApp Phishing Attack

Computer Culture Admin - Thursday, August 24, 2017
HP Heads-up. There is a new social engineering attack currently being tested in Europe, which means we may see it in the rest of the world very soon.

The bad guys are using malicious WhatsApp ads, which offer a 250-dollar coupon for a well-known retailer, in exchange for a short survey. The invite looks like it comes from a friend on WhatsApp. A similar strain installs a malware on the phone, which looks like a software update, but steals all the contacts, phone numbers and email addresses - and if they can find any, passwords and banking credentials.

There are different ways to monetise all this phishing data, and it looks like the bad guys have got that down too, from selling the stolen credentials to using the malware to go viral to all the contacts on the phone.

The large retailers have reported hundreds of these attacks to Europe's federal Cyber Crime Unit.
Trackbacks (0) | Permalink

Phishing Attack Attempts

Steve Hirst - Friday, June 23, 2017
Tizen
Phishing Attempt 1

This type of attack is becoming more frequent and the sender masquerades as a legitimate organisation.  The email in this article was apparently from Victoria University of Wellington. It was very similar to one in a recent incident where a Christchurch company was scammed out of tens of thousands of dollars by a fake Otago University purchase order.

These can be circumvented by finding the organisation’s genuine website and calling their procurement department to verify the authenticity of the enquiry.  If it’s too good to be true it usually is.

Attention: Sales/accounts 
Victoria University of Wellington wish to express it's interest in your extensive line of products & services and hereby submit a request for quote for the items below; 
1. WD My Passport Ultra 1TB & 2TB Portable External Hard Drive 
2. Toshiba 1TB & 2TB Canvio Basics USB 3.0 Portable Hard Drive 
3. Seagate Expansion 1TB & 2TB USB 3.0 External Hard Drive 
APPLE PRODUCTS 
1. Apple 15.4" MacBook Pro Retina Display with Touch Bar 2.7 GHz Intel Core i7 Quad-Core 
2. Apple Macbook Pro (2016) Retina Display 2.8GHz Intel Core i7 
3. Apple 13.3" MacBook Pro 3.1 GHz Intel Core i7 
In addition to the above, you may kindly forward us your credit app and also let us know your billing procedures for 30 days payment terms. 
Best Regards, 
Philip Thomas 
Strategic Procurement 
Victoria University of Wellington 
Kelburn, 
Wellington 6012, 
New Zealand 
Phone: +64 4-472 3478 
Fax: +64 4-472 3100

Phishing Attempt 2

Another common attempt is notification of expired or suspended services. Don't click on the link (you can often inspect the link by hovering the mouse cursor over the link. The best approach is to call your IT provider first.
Phishing attack

Phishing Attempt 3

This example is in a similar style.
Phishing attack
Trackbacks (0) | Permalink

A Dangerous Link

Steve Hirst - Friday, June 23, 2017
A link was sent to one of our customers via an email. As this appeared to be from contact they knew they assumed it was safe. The link was to a video for them to watch.
Hackers
Trackbacks (0) | Permalink

HP Fraud Alert

Steve Hirst - Friday, June 23, 2017
HP Fraudulent callers are posing as HP representatives and asking HP customers for personally identifiable information. In some cases, originating phone numbers appear to be from genuine HP contact numbers.

These scam callers might request the following:
  • Your personal information
  • A return call
  • A fee for technical support services
  • Remote access to your computer or device, so they can install malware or viruses in order to charge you a removal fee

To protect yourself, if you receive one of these scam calls, hang up and do not provide any personally identifiable information.
  • Do not provide any confidential information, such as customer IDs, passwords, contact information, social security numbers, credit or debit card numbers, PINs, or account information.
  • Do not provide remote access to your computer or device.
  • Do not transfer funds.
  • Do not install any software suggested by the caller.

The security of HP customers' devices and personal information is a top priority for HP. HP does not contact customers to provide unsolicited technical support. If you believe you have been contacted by a scammer and are concerned about your personal information, run a virus scan on your computer or device, or contact your security software provider for assistance.
Trackbacks (0) | Permalink

Scammers using fake purchase orders to target NZ businesses

Steve Hirst - Thursday, May 25, 2017
Scam 
Police are warning business owners to be wary that scammers are currently using forged District Health Board invoices to swindle New Zealand businesses out of goods. This is a similar scam to one operating earlier this year, where scammers were sending out fake purchase orders.

In this latest scam, using false email addresses, scammers have been sending forged purchase orders to businesses requesting the purchase of various items.

While the domain will look like the legitimate organisation, it will differ slightly with the use of full stops, dashes, or a slight rewording of the original name. 

The purchase order request the companies send the goods to a New Zealand freight company, who are then instructed by the scammers to forward the goods on to an overseas address. 
Police are aware of one shipment from Christchurch that has made it out of the country and is destined for the UK and Asia, but there may have been more incidents. 

This was not related to the current DHB purchase orders that have been identified.
With the co-operation of overseas domain registering companies, several domains have been shut down by Police so far, however it appears that the scammers have now registered a domain like a New Zealand DHB.

“We are currently aware of three false District Health Board purchase orders that have been sent to separate New Zealand companies requesting goods for delivery to a freight company” says Detective Sergeant Michael Cartwright, New Zealand Police Financial Crime Unit. 

“We believe that all District Health Boards could be at risk of being targeted and, due to the large number of suppliers health boards have, we are concerned that this has the possibility to affect a large number of different businesses throughout New Zealand.

“Our advice to businesses is that if you receive an email that seems suspicious in terms of format, numbers, language or delivery addresses, contact the relevant organisation first to verify if it is actually from them before you send anything out.

Poor English in the initial email is a common identifying factor for the scam, and the purchase orders will often have false phone numbers and email addresses on them. 
   
“We ask that anyone who believes they may have been a victim of this scam, or anyone who has received a suspicious sounding email, please reports it to us immediately” says Detective Sergeant Cartwright.

Anyone who believes they may have been a victim of this scam can either contact their local Police Station or report it to Crimestoppers on 0800 555 111.

Issued by Police Media Centre.
Trackbacks (0) | Permalink

1

Back to Top