Posts

Coronavirus Malware Phishing Scams Thumbnail

How Cyber Attackers Use The Coronavirus to Steal Your Data

Coronavirus Email Scams

The recent coronavirus outbreak has motivated cybercriminals to send virus related malware attacks across the world.

Phishing emails claiming to possess information on protecting against the virus have appeared, spreading misinformation and malicious software. These emails encourage victims to open attached documents containing malware that can freeze or completely steal valuable data.

Scammers use fear and uncertainty to manipulate victims into infecting their computer with malware. However, incorporating tragic events, potential pandemics or natural disasters into their attacks is nothing new.

Beware of Phishing After Any Big Event

Attackers customize phishing emails to current or upcoming events like tax season, hurricane season, and holidays. Regardless of the occasion, the goal is the same: to access valuable information. The attacks prey on people’s desperation for answers and suggest that they have can give them to you.

Furthermore, there have been cases of scams emerging in places like Michigan and New York. Officials in these states are warning residents to be vigilant of emails asking for donations or personal payment card information.

Coronavirus scam emails were popping up in early February which prompted Michigan’s Department of Health and Human Services to warn citizens on their dangers.

The Federal Trade Commission even sent out a memorandum advising people on how to spot email scams and stay safe online.

Additionally, the FTC says cyber criminals could be setting up fraudulent websites that sell fake products using illegitimate emails, social media posts and texts to trick people into sending them money or personal information.

An example of a phishing email scam offering fake information about COVID-19.

Common attributes of a fake email are spelling and/or grammar errors.
If you receive a suspicious link, hover your cursor over it to view the destination url.

Protecting Against Coronavirus Phishing Scams

Here are some tips recommended by the FTC to keep safe against scammers:

1) Be suspicious of emails claiming to be from the Center for Disease Control and Prevention (CDC) or anyone purporting to be an “expert” with information on the virus.

2) Avoid emails that allude to any “investment opportunities.” Social scams will promote products claiming they can cure, detect, treat or prevent the disease are fake.

3) If you’re going to donate, do the proper research into the organization and payment method. Don’t be pressured to donate and especially if it’s through an email link.

4) Ignore offers for vaccinations. Ads that say they have the cure or treatment for coronavirus are probably scams. Any medical breakthrough will be announced on mainstream media networks.

5) For up-to-date information on the virus visit the Center for Disease Control and Prevention (CDC) and the World Health Organization (WHO)

Don’t Be Misled

These scams will continue to spread and they won’t go away any time in the near future. In fact, scammers will certainly take greater advantage of the misinformation and fear from media coverage.

Moreover, cyber scammers in China were reported sending malicious emails containing malware. It’s difficult to protect yourself from these types of attacks but

Threat actors also targeted users in Japan with a campaign that spread malicious documents with supposed information on the virus.

Unsurprisingly, these social engineers even sent emails impersonating the CDC to lure unsuspecting users into malware traps.

The Coronavirus is a real threat but it’s important to keep a level head and not expose yourself to even greater harm online.

Ultimately, even Facebook has begun planning to ward off misinformation on the virus. Other social media platforms have voiced concern about the spread of false claims on their platforms as well.

The virus has attracted the attention of a global audience but that doesn’t mean you have to fall victim to those looking to profit off of that attention.

Coronavirus Malware Phishing Scams Leaderboard

Summit Hosting Outage Ransomware Downtime Thumbnail

What Businesses Can Learn From the Summit Hosting Outage

The Outage in Summit Hosting

On Saturday, January 18 cloud provider Summit Hosting was hit by a ransomware attack.

Details regarding the breach are still unknown. What is known is that support has reached out to its users claiming they are working on resolving the issue.
A Reddit user claiming to be a client posted a letter he said he received from Summit Hosting after attempting to contact them.

The letter states that their cloud environment was hit by a ransomware attack and security systems detected the attack immediately, shutting down all 400 client servers as a result.

Cloud providers often market themselves as a safer, more secure, and more efficient alternative to on premise, or internal IT. The truth is, Cloud providers and Managed Service Providers (MSP’s) are susceptible to all the same risks other businesses face.

The issue arises when businesses looking to adopt a cloud-based infrastructure fail to understand what makes a cloud vendor trust-worthy or what to avoid when looking for a cloud vendor.

Here are four things to keep in mind about choosing a cloud provider.

Low Costs Cost More

Many vendors will offer you cloud hosting services for the deceptively low price of $100 a month or $58 a month to host a specific application. Potential clients then see the low price and immediately assume they’re getting a good deal. However, there are instances where the less expensive option can be the more dangerous one.

For example, would you feel safe going over a bridge that costs $400 or $40,000?

Lower priced cloud services imply the provider doesn’t have the resources to deal with bigger issues when they arise. When the price is cheap it typically means they’re cutting costs elsewhere, usually to the detriment of the user.

This could mean a sacrifice in cyber security tools, capable systems engineers or software.

Make Sure Your Provider Permits Storage Onto Your Servers as Well

Adopting the cloud is not, and should never be, an all or nothing affair. In other words, a cloud vendor should never prevent you from storing certain data on premise. If they do, then they should at least provide the capability to access and save important data onto your internal servers as well.

This safeguards your business against a complete halt of productivity and even temporary shutdown should your cloud provider experience an outage or a cyberattack. What good are cloud-backups if you can’t access them?

When discussing your service contract, or service level agreement (SLA), with a vendor you can choose to keep certain mission critical data on your own servers. Furthermore, no business is the same. Not even businesses within the same industry are the same. Therefore, it makes sense that one business would require different kinds of services on the cloud than another.

Look for a Team with a Fast Response Time (No Longer than 12 Minutes)

When a cloud provider experiences an outage for whatever reason, your provider should always be able to respond quickly and efficiently.

To illustrate my point, It’s important to highlight the differences between a public cloud and a private cloud. If something goes wrong with a private cloud, you’ll typically have someone to call. With a public cloud it’s only always included.

Public cloud vendors like Azure, offer one-on-one support only if you purchase their support plan separately. With Amazon Web Services, you must submit a support request through their website and wait for a response.

The most important thing, however, is that you’re given a point of contact. This can be an engineer or even the CEO of the cloud provider.

But just because you have a private cloud vendor to call, doesn’t mean they’ll be timely in their response. After the outage in Summit occurred, support was unable to efficiently respond to its 400 clients in a timely fashion.

As a result, the 400 clients were left confused, worried, angered and distressed for hours and in some cases days. So, make sure your cloud vendor has a response time of 12 minutes or less in case of an emergency like the one in Summit Hosting occurs.

In cases of such an emergency, Nerds Support has staff ready to respond and provides periodic updates every four hours via email and social media. Consistent communication like this ensures a smooth recovery in emergency situations and helps businesses maintain order.

Always ask your cloud provider for a business continuity plan. They should be able to provide you with a detailed plan outlining how they operate in the case of an outage, breach or natural disaster. If they don’t have one set up, move one to another provider.

Be Aware of Cyber Attacks

It should be the duty of every cloud provider to provide educational training to users about the various kinds of cyberattacks that businesses are susceptible to. However, providers often overlook training and focus on other areas of their services.

Ask your vendor what they’re cloud cyber security policy is. They should have a system in place that verifies and secures all devices before use. The reason for this being, employees bring their own devices to work and it can create a security issue if the machines are not secure.

Review your cloud vendor’s cybersecurity tools and protocols to make sure they provide the security benefits you need.

Although more and more users are becoming aware of some of these attacks, they are quickly adapting and changing to overcome user awareness. When it comes to cyber-attacks, your education is never finished. Human error is still the number one cause of cyber breaches and phishing is still the most effective cyber attack.

Research found Ransomware extortion payments are now $84,000 on average. This isn’t meant to scare you, simply to make you aware of the importance of staying educated. All it takes is one user in a company of thousands of people to compromise a system.

Often times, a company experiencing a ransomware attack fails to recover their files and pays the ransom out of desperation. Unfortunately, this doesn’t always guarantee all encrypted or stolen data will be restored or that the cybercriminal won’t attempt to extort them again.

Any cyber security expert will tell you, the best solutions are preventative. The most effective way to successfully survive a cyber-attack is to avoid it. By staying up-to-date on cybersecurity you’ll decrease your chances of falling victim to an attack by a hacker.

Summit Hosting Outage Ransomware Downtime Leaderboard

Midwest Restaurants Credit Card Breach Joker's Stash

Why Dark Web Marketplace “Joker’s Stash” Threatens Businesses Everywhere

Massive Leak in Restaurant Chain

Four popular restaurant diners in the east and Midwest had their customers’ payment card information stolen. Three of those four restaurants are owned by the same parent company, Focus Brands.

The stolen cards were sold on the Joker’s Stash, a Dark Web destination that trades payment-card data. Joker’s stash might sound like something out of a comic book, but it’s very real and very dangerous.

What is Joker’s Stash?

Joker’s Stash is the biggest and most reputable Dark Web marketplace out there and periodically features a fresh list of payment card information available. As a result, it quickly became an expensive site featuring card information from high-value targets like restaurants and even government officials.

The website has stolen card information from places like Sonic Drive-In, the supermarket chain Hy-Vee and others.

Cyber-criminals who buy this information usually use the data to clone the real cards and withdraw the money from ATM’s. What’s more, in 2015, the dark web card shop added a section offering social security numbers as well. This isn’t just a problem for people in the U.S. Cybercriminals target whoever they can, wherever they can, not just restaurants.

 1.3 Million Stolen Cards For Sale

In late October of 2019, 1.3 million Indian payment cards were put on Joker’s stash for sale at $100. This is evidence that there is a demand for websites like Joker’s stash.

Group-IB, a cybersecurity firm in Singapore was the first to find the stolen data. After analyzing the cards on the site said over 98 percent of the cards were issued by Indian banks. Only about 1 percent of the cards were stolen from Colombian banks.

The India card dump is considered the third largest in 2019 by researchers, in regards to size. However, this isn’t typical for this type of dump. Usually, the cards are released in small quantities, over a longer period of time. Experts say that a data dump of this size suggests the criminals wanted to make a profit from as many cards as possible before banks and cardholders realized the fraud had taken place.

Although how the data was stolen remains unknown, it’s likely that it was obtained through a Point-of-Sale Data breach(POS).

Point-of-Sale Data Breaches

Point-of-Sale data breaches (POS) and occur when cybercriminals install malicious software on a business’s card-processing system. The malware is designed to copy data stored on a payment card’s magnetic strip when it’s swiped at an infected payment terminal.

How Does Joker’s Stash Work?

Unfortunately, Joker’s stash operates using Blockchain DNS, a blockchain system that lets website visitors avoid surveillance intervention and censorship from governments and ISP’s. In other words, Joker’s Stash uses a decentralized system that helps the site stay active if someone attempts to take it down.

Midwest Restaurants Credit Card Breach Joker's Stash Screenshot 1

The good news is that Fraud teams can use Joker’s Stash to understand what card data is made available and when. As a result, they’re able to determine the common point of purchase of affected cards. A report by Flashpoint, a business risk intelligence specialist, published an analysis that explains how this is the most reliable method of identifying the source of a breach.

All of this to say that POS data breaches are a problem for businesses if customers are afraid their card information isn’t safe.

Midwest Restaurants Credit Card Breach Joker's Stash Screenshot 2

The fraud intelligence company, Gemini Advisory, said out of the almost 2,000 locations that belonged to the restaurants, close to 50% were breached, according to an article by Insurance Business America.

There is No Safety in Numbers

As we’ve seen, breaches can affect not only retailers and restaurant chains but financial institutions as well. It could have been a bank in the U.S., not India, breached by cybercriminals. Capital One was breached in March, exposing more than 14,000 Social Security numbers and 80,000 bank account numbers.

This information could have been dumped into the Joker’s Stash website and sold for a few hundred dollars just as easily as with the Indian banks. The Department of Justice arrest a Seattle Tech worker, Pagie A. Thompson, for the fraud. She claimed she didn’t do it for the money, but she could have made millions of dollars through sites like Joker’s Stash.

Midwest Restaurants Credit Card Breach Joker's Stash Screenshot 3

Cybercrimes cost banks more than $1 trillion dollars a year. That’s mainly due to financial institutions failing to comply with regulations, like FINRA and SOX, creating compliance risks. However, as regulations change with technology, criminals adapt and develop newer ways to exploit regulations.

Breaches Will Get Worse

Banks are usually secure against external threats, but the biggest threats are internal. That is, careless employees. Financial institutions are finally getting around to training their employees, but that might not be enough. Implementing a strong cybersecurity plan is key in a world lurking with criminals ready to leverage any vulnerability a firm might have.

Dark web card sites like Joker’s Stash make are growing more popular and profitable. If these breaches have shown anything it’s that Joker’s Stash isn’t going away. The best chance businesses have is to adapt. That said, cloud security and multi factored authentication are making easier to do so.

To stay informed on cyber Security, data breaches, compliance and cloud technology check out the Nerd Support blog.

Social Engineering Serious Threat

What Is Social Engineering?

Social Engineering

Social engineering comes in many forms. The most commonly spoken about is phishing but it gets much more intricate than that. We know about the hackers that use their technical skills to access and infiltrate a hapless victim’s computer and steal sensitive data.

There are other types of cybercriminals, however, who use techniques to undermine their victim’s cyber defenses. They ‘re called social engineers and they exploit the greatest liability in any and every industry: human beings. They use social media, phone calls and emails to trick people into willingly giving them valuable or desired information.

You may have heard stories of people getting calls offering credit card deals or one-time promotions. They try to take their targets information by claiming to be a representative of this or that company and requiring you to give them credit card information. This is social engineering.

In this article, we’ll focus on the most common types of social engineering attacks used to target victims into divulging information.

Scareware

Scareware involves victims being flooded with false emails and threatening notifications. Users are made to believe their computers are infected with malware or viruses, which encourages them to download software that infects the user’s computer with malware and viruses. Other names for scareware include deception software, fraudware and deception software.

Some of you could have encountered scareware at some point. They come in the forms of banner ads or pop ups that warn you about having an infected computer. It offers to install the software for you and direct you to a malware-infected site where your computer becomes vulnerable.

It can even spread through spam email so be weary of the messages you open.

Worm Attacks

In the past worm attacks have exploited the philosophy behind scareware, aiming to attract user attention to a malicious link or file. Worms were used most in the late 1990’s and early 2000’s but it’s still important to be aware of how they were so successful.

In 2000, the “Iloveyou” worm was spread in email attachments that managed to infect tens of millions of windows computers throughout the US. It started in the Philippines and spread to the west via corporate email systems, causing an estimated 5.5-8.7 billion in damages.

Victims received an email inviting them to open a love letter. When they opened the file, the worm copied itself to all the contacts in victim’s address book. Notice, social engineering is about manipulating human emotion to gain advantage over someone and their information.

Malware links, as mentioned above, contain provocative words or graphics that compel you to open them, bypassing any anti-virus filters your mail could have.

Baiting

Baiting is what it sounds like, baiting the victim by appealing to greed or personal interests. This is particularly insidious because it often discourages the victim from reporting an attack. An unsuspecting user will read an email offering fake deals and shortcuts like free internet or other illegal benefits.

When these emails are opened, the trojan virus attached to the email or file corrupts the computer and encrypts the computer or spreads further through the entire system.

The victim will most likely be too embarrassed to disclose their reasons for opening the email in the first place, so it goes unreported.

A perfect example of this technique was when a trojan virus was sent to the corporate email addresses of employees in the form of a recruitment website. The criminals knew that the employees would be reluctant to tell their employers they were infected with a virus while looking for other jobs.

This type of attack isn’t limited to email, either. Cyber criminals have also used USBs infected with viruses also. The USBs are left lying around and all it takes is one person curious enough to plug it into their machine to ruin everything.

Pretexting

Pretexting is a social engineering technique that uses cleverly developed lies and deceptions to obtain information. In the case of pretexting, it’s usually done through the phone as opposed to online. The attacker will pose as an important figure, perhaps a CEO of an IT company, or a vender and use that as a pretext to gain desired information from the victim or victims.

This also requires the social engineer to develop a friendship with the victim through this impersonation. The impostor asks the target a series of questions as an authority figure, lulling the victim into a false sense of security.

The key in pretexting is manufacturing a scenario that the social engineer uses to engage their victim. A famous case dates to the 1970’s when Jerry N. Schneider used old invoices and manuals obtained by scavenging trash to start a profitable business. He got the invoices by looking through the Pacific Telephone and Telegraph dumpsters. He then used that information to acquire new telephone equipment posing as high-ranking member of the company and sold it back to PTT through his own company.

Phishing

Phishing is the most common type of social engineering scheme. The attacker creates a fake version of an existing website of a highly regarded or renowned company and sends the link to targets through email or social media. The reason it’s so low on the list is because it’s been discussed at length in other blogs.

Vishing

As we’ve discussed, social engineers don’t always use the internet to gather information. Vishing is the use of Interactive Voice Response IVR to trick their target. They attach the IVR to a toll free number and trick people into calling that number and enter their information.

Tailgating

Tailgating is when a person uses an authorized person to gain access to a restricted area where some form of identification is required to get through.

This doesn’t work with large companies with advanced security features that require bio-metric scanning, for example, to get into the building.

What tends to happen is, the social engineer impersonates a delivery driver and when an employee is entering the building the person passing as a driver will quickly ask the employee to  hold the door so that they might make it through. This occurs more often in smaller sized businesses that have comparatively lax security.

Quid Pro Quo

Quid pro quo attacks offer benefits in exchange for information. The most common type of quid pro quo attack involves impostors pretending to be IT service providers and make direct calls to as many members of a company as possible. These criminals offer their IT expertise to all their targets and ask the victim to disable their antivirus program to fix whatever issue present at the time.

 

Social Engineering Statistics

Preventing Social Engineering Attacks

Now that we’ve discussed the types of social engineering techniques, you might be wondering how to defend against these types of attacks. If you’ve made it this far then congratulations you’ve taken the first step, which is knowing about them.

With the emergence of smartphone technology, which puts powerful computers in the hands of so many people, information is very easy to come by. Unlike the days of Mr. Schneider, you don’t have to peruse through company dumpsters to access valuable data.

You, your company, employers or employees need to be more conscientious about what is posted online. Whether it be on a website, a social media page or via email.

To keep your devices and accounts safe, it’s important to implement strong passwords and two-factor authentication. Invest in IT, take the necessary measures to add anti-virus software firewalls and the like.

This is by no means a comprehensive overview of all types of social engineering, some are more detailed in nature and varied in scope. Tactics are changing with technology and cyber attacks are becoming more and more laser focused on specific targets. Instead of going for a large pool of potential targets, the social engineers and cyber criminals will go for one or two individuals. They gather such specific information that distinguishing a phishing scam from a legitimate email is getting harder and harder.

Getting help from an IT service provider you can trust might mitigate the risks of falling for any one of these tricks.

For more information on phishing and other social engineering tactics, visit our website or call us for more information.

 

 

Keystroke Logging Thumbprint

Data Protection 101: Keystroke Loggers

Keystroke Logging is a software that tracks the keys that you type on your keyboard, as you type them. In example, if you were to start typing a document, a keystroke logger would be able to use their own special software to be able to monitor each key you have typed and figure out what you typed.

While this may seem a little shocking to hear, Nerds Support’s experienced business IT support team has been aware of programs like these for quite some time. In fact, hackers that carry keystroke logging programs are called Keyloggers. In the hacking community, Keyloggers have developed Keystroke Logging software that can access any type of computer. Nerds Support’s IT support Miami team would like to advise that this also includes highly monitored business computers.

Who uses Keystroke Logging?

Believe it or not, keystroke logging is an open secret. Even regular business owners, with a good sense of computer knowledge, access keystroke logging software for everyday use. Generally speaking, companies are more commonly use keystroke logging software to monitor their employee’s computer productivity. That means, that as a business owner, you can use this type of software to see what your employees are doing on company computers.

However, there is a community of hackers who would use this keystroke logging software to do some serious harm to your company. Keyloggers disable antivirus software on unsuspecting computers in order to install keystroke logging programs. Often, they use social engineering tactics, such as email phishing, to trick employees into downloading the malware onto company computers. They use their own special software to access company computers and disable the antivirus.

From there, keyloggers can find now configure everything that you type in your keyboard. They can access valuable information that can be used against you. Such data includes:

  • Important email login information
  • Very Important company files on clientele and analytics
  • Super Important company financial information

This information is only a fraction of what a keylogger can access if they were to ever hack your business computer to find company information.

Types of Key Loggers

Hardware

There are hardware based key loggers, which use a small device that serves as a connecter between a keyboard and the computer. The device was made to resemble an ordinary keyboard connecter.

A hardware key logger also comes as a module that is installed inside the actual keyboard. The victim uses the keyboard and the device collects each keystroke, saving it as text in its own hard drive.

Software

There are also key logging software programs as previously mentioned. These don’t require physical access to the target computer to install. A hacker typically installs the key logging software via malware to trick users into unwittingly downloading whatever program the hacker is using at the time.

Massive spam campaigns where a hacker sends malware encrypted with key logger software is pretty frequent.

There are several indicators that you could have a key logger in your system. Keep in mind, however, that one or more of these signs don’t automatically mean you have one:

  • Your mouse or keystrokes don’t appear onscreen when you type.
  • A slower web browser
  • You receive error screens when loading a graphic or webpage.

Keystroke Logging Incidents

On February 28, 2019 four students in New Jersey made the news when they illegally trying to change their grades used using keylogging software to hack into the school districts computer system.

The Jersey Journal reported the students used the software to get their teachers’ log-on information and changed their own grades and the grades of their friends.

This is just one example of what Keystroke logging is capable of.

Keystroke Logging Facts and Statistics

Keystroke logging is one of the oldest tools in the hacker’s arsenal, dating back all the way to the 1960’s and 1970’s. Russian spies figured out how to bug IBM typewriters used by US diplomats, transmitting the keystrokes through radio frequency.

In 2015 a key logger was found hidden inside a game modification for the popular videogame Grand Theft Auto V.

It’s also a tool used in law enforcement. In 1999 the FBI used key logging get notorious Philadelphia crime boss Nicodemo Scarfo Jr. when they installed a key logger through a Trojan. Using the data obtained from the key logger they were able to use it as part of their case against Scarfo.

Criminals use key loggers to get passwords, credit card information, and personal information in order to steal your identity and more. Key logging is one of the most prevalent forms of spyware because anyone can use it thanks to commercial spyware companies.

There are services that help install key loggers into a target of the client’s choosing.  There are even key logging services catered towards parents who wish to monitor their children’s online activity. These tools are available for anyone to use.

How to Combat Keystroke Logging?

It can be frustrating to fight against keystroke logging software. It might even be hard to prove that such a software is installed in your work computers. But one suggestion to combat keyloggers is that your company have Nerds Support’s Miami IT support data protection team to take care of keyloggers and ensure the safety of your company.

Having a reliable IT Support Miami team has become essential to a company’s survival. That’s why Nerds Support’s data centers are so secure. Your company would have heavily monitored data centers that conduct daily scans on their servers. When a heavily monitored data center conducts their scans, they make sure that their servers are clean and free of any trace of hackers or malware. Such a team would even alert your company of what is happening and remove the threat immediately.

A good business IT support plan should come with the latest firewalls and antiviruses. That would mean that so that business’ protection against malware can be guaranteed. That means you, the business owner, can focus more on your business and maximizing profit. So if you are in need of a great business protection plan, contact Nerds Support & find out how we can help you achieve your business goals!