Security Bulletin 12/23/19
First and foremost, have a wonderful Holiday Season!
There is a very convincing PayPal scam indicating that there has been unusual activity in a user’s account. There are some signs that it is a scam, but the screens are well done and many people are becoming victims. The scammers are completing draining PayPal and checking accounts.
Facebook has exposed hundreds of millions of user’s phone numbers, user names and ID’s. This is expected to result in an onslaught of both text and robo calls. All scamming of course.
A webinar attended by one of the IT staff concerning Email vulnerabilities discussed a very disturbing trend in Email scams. Scammers are now sending Emails indicating that their is a bomb in your building and they will disclose the location if a ransom is paid. The real issue is not so much the spam messages, but the potential cost. Insurance companies are considering requiring the evacuation of the building as well as police involvement. This could get extremely expensive as far as interrupting work flow. So far, there are only about 4 cases in the U.S. and they are being kept fairly quiet. As you may suspect, the ransom bomb threats are being aimed at huge companies in multi floor operations where it is too expensive to evacuate, etc. We will be following this attack vector to try and determine how other companies handle the situation. In the meantime, should any staff member receive such a message, please forward it directly to IT through a ticket. Again, as of this time, there are no fixed guidelines as to how these Emails are to be handled, so they must be handled on a case-by-case basis. Hopefully the authorities will make the penalties so high that this type of scam will not catch on.
Just as bad, cyber criminals have established several public websites to list companies that decide to rebuild their data rather than pay the ransom. The purpose of the site is to get other scammers to re-target those companies and then simply post the hacked data to the site without giving the hacked company the chance to even pay the ransom. Several websites have sprung up on the Dark Web and corporate and personal private data is starting to be made public.
Hacker’s have claimed to have stolen over 300 million iCloud accounts and are allegedly threatening to remotely wipe millions of iPhones and iCloud accounts, unless Apple agrees to pay a ransom by April 7th. No idea if this is a valid threat or not, however, if they indeed have the accounts, wiping devices is possible. One would think that Apple would force a reset of all passwords prior to April 7th. We will need to wait and see how this plays out.
This headline is not one we want to see: Harrisburg region ranks 5th in nation as most prone to cyberattacks on small businesses, study says.
Several staff members have reported that our security systems would not let them on to some news sites. The issue is not actually the news site but the advertisements that they display. Many news agencies do not screen their advertisements for malware, however, worse is a current vulnerability in their advertising delivery system. In other words, many news agencies have been hacked recently and the advertisements link to compromised websites. PSAB’s security filter can detect these malicious ads and then it blocks the actual news page in order to prevent infection. Therefore, it appears as though the news page is causing the issue, when in reality, it is the ad being delivered on the page. Further, the ads rotate, so you may be able to read the news article today and not tomorrow. Feel free to let us know if this happens, but be aware that there may not be a lot we can do to help as we need to place the security of our network and data first.
If you have purchased goods or services from GE, Dunkin’, or Forever 21, your information may have been compromised and you should pay special attention to your credit cards and any Emails, text, etc. that you may receive from those companies as they may be bogus.
Again, have a safe and Happy Holiday Season!
Contact Us to Get Started
"Your passport to all things web."
To contact us after hours please use the panic button.
Fees may be incurred depending on reason for support.