Ransomware knocked most systems offline
Officials in Jackson County, Georgia, paid $400,000 to cyber-criminals this week to get rid of a ransomware infection and regain access to their IT systems. The County hired cyber-security consultant to negotiate ransom fee with hacker group. Jackson County officials have not yet confirmed how hackers breached their network.
The infection forced most of the local government's IT systems offline, with the exception of its website and 911 emergency system.
"Everything we have is down," Sheriff Janis Mangum told StateScoop in an interview. "We are doing our bookings the way we used to do it before computers. We're operating by paper in terms of reports and arrest bookings. We've continued to function. It's just more difficult."
Jackson County officials notified the FBI and hired a cyber-security consultant. ... Read More
Extortionists demand money even though no agreement made
Anyone who depends upon good public opinion can be vulnerable to orchestrated bad word-of-mouth, especially in the form of online reviews.
Podcasters are being targeted by extortionists who threaten to swamp their shows with negative reviews, according to Mark Asquith at Rebel Base Media. Asquith cites one recent case in which a scammer reached out to a podcaster on social media and offered to promote their show.
When the podcaster expressed interest, the scammer didn’t respond for several days. After that, the scammer sent a message informing the target that they’d been promoting the target’s podcast for the past few days. The scammer then demanded hundreds of dollars in payment for this supposed service. “No agreement had even been discussed, ... Read More
Office Depot $300 scam - yes, it really happened
I'm sure you've heard something about the Office Depot $300 fraud. For a thorough explanation, see https://cybersafetynet.net/office-depot-faked-malware-scans-to-sell-unneeded-300-tech-services/. Basically, Office Depot's malware scan reported malware on computers that did not have malware. Office Depot then sold an unnecessary $300 service. Today I am writing about how that would look in other industries.
We have a high level of trust in those who provide professional services. We go to them when we sense a problem and need their training, judgement and professionalism to turn the problem into a solution. Let's see how this would play out in another industry.
Electrical
Your kitchen has a refrigerator, microwave oven and coffee maker. You discover that you can run two at the same time, but ... Read More
New Cybersecurity best practices
In December 2018, the Department of Health and Human Services (HHS) published the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication. This new directive offers cybersecurity best practices that healthcare organizations of any size can implement. Originally posted by Fred Langston CISSP, CCSK at CI.Security.
I’ve been doing health industry cybersecurity for a long time, which has led to my involvement in helping to craft cybersecurity policy for the healthcare industry. One of my first experiences was back in 1996, when I was part of the working group that provided guidance on the proposed HIPAA Security Rule. That rule established certain standards for security moving forward. The resulting risk-based approach was meant to allow the vastly different types and sizes ... Read More
Water utilities are popular targets
It wasn't the first time the Fort Collins-Loveland Water District and its wastewater counterpart had been hit by "ransomware," a type of malware that encrypts victims' computer files and demands online payment to unlock them.While operations weren't harmed, the infection prompted the water district to switch out its information technology service provider and call in the FBI. The case, first reported by the Coloradoan, remains under active investigation. FCLWD and the South Fort Collins Sanitation District treat and distribute water to 45,000 customers in northern Colorado.Colorado water officials aren't alone in their cybersecurity woes. The nation's nearly 70,000 water and wastewater utilities are struggling to keep their heads above a rising tide of online threats, based on interviews with security experts ... Read More
Social engineering led to potential kidnapping
Social engineering and impersonation attacks can lead to far more dangerous consequences than monetary losses, according to Matt Devost from OODA LLC. Devost appeared on the CyberWire’s Hacking Humans Podcast last week, where he described the attacks he’s seen involving cybercriminals with fraudulent personas.
Devost described one case in which an attacker impersonated a broker and an investor to target a successful entrepreneur who was looking for funding for a new startup. Under the guise of the broker, the attacker introduced the target to the supposed investor. Now posing as the investor, the attacker conversed with the target about the company, and eventually asked the entrepreneur to fly to South America so they could meet.
“That individual is very, very close to ... Read More
Malicious links on otherwise honest web pages
Webroot revealed the results of their 2019 Threat Report, showing that tried-and-true attack methods are still going strong, but new threats emerge daily, and cybercrime is highly innovative. This includes adding malicious URLs (web page addresses) as links on legitimate sites.
Hal Lonas, Webroot's CTO said: “We wax poetic about innovation in the cybersecurity field, but you only have to take one look at the stats in this year’s report to know that the true innovators are the cybercriminals. They continue to find new ways to combine attack methods or compromise new and existing vectors for maximum results. My call to businesses today is to be aware, assess your risk, create a layered approach that protects multiple threat vectors and, ... Read More
Is this the best Facebook phishing scam ever?
Scams seeking to harvest online credentials have long tried to replicate known logon pages. But this newly found instance is just about perfect.
In every scam that uses social engineering, the key is to be believable. If it looks right, feels right, has the timing right, etc., the victim is more likely to fall for it. This latest scam seeks to take advantage of a user’s desire to leverage single sign-on (SSO) via well-known websites. In this case, Facebook. Rather than creating (and remembering) countless passwords for an equivalently large number of websites, users will take advantage of identifying themselves via Facebook.
Under normal circumstances, a Facebook API is called which prompts the user to authenticate. But researchers at security vendor Myki have ... Read More
A phishing attack will strike you. It is not a question of IF, but a question of WHEN
With the massive rise in phishing attacks, 2019 is the year for organizations to realize the concept of becoming a victim is an issue of when and no longer if.
According to Malwarebyte’s 2019 State of Malware report, there is pretty much no industry that is unaffected by malware. And phishing attacks remain an effective means of tricking users. In Healthcare alone, nearly one-half of orgs citing a 1-10% click rate when interacting with mock-phishing emails to test user response, and another one-quarter of organizations seeing click rates of 11-30%.
These numbers clearly indicate that organizations simply aren’t prepared for phishing attacks.
What you can do
What’s needed is an anti-phishing plan in place that helps to ... Read More
Robocall scams more prolific than ever
Robocall spam has surged to 12 billion calls per month globally. Bank account, credit card and extortion are common scams, according to Hiya, a company that makes apps to fend off unwanted calls.
According to Hiya's first Global Robocall Radar Report, global spam calls grew 325 percent from a year ago to 85 billion. Hiya's estimate is based on an analysis of 12 billion calls per month globally.
UK, Spain, Italy, France and Argentina were the countries with the most robocalls. Like spam, robocalls have proliferated because scammers get just enough victims to rake in profits. The Federal Communications Commission and Federal Trade Commission have been looking at ways to curb robocalls, which are one of the top consumer complaints in the U.S.
The ... Read More