Security Bulletin 9/13/19
There were a lot of security incidents/issues that could impact both PSAB and staff over the past week or two. Following are highlights and links of interest:
There has been a 13% growth in online cyber attacks just over the last six months.
The latest version of iPhone iOS 13 which is being released now, comes with a serious exploit that can expose all of your contacts and information attached to your contacts. We suggest delaying this update until at least the first major patch is released.
198 Million Car-Buyer Records Exposed. So, if you have shopped for a car over the last 10 years or so there is a good possibility that information provided is now public.
Facebook exposed the phone numbers of 400 million users. So, if you have a Facebook account you can expect your robo-calls to go up exponentially in the near future along with the next brief, below, which is a new twist on phishing and malware distribution.
Hackers are now using Voice Mail to perpetrate their crimes. We assume you are familiar with deep fake’s? That is where a video is altered in such a fashion that it is hard to tell that it is not real. Well, now they are hacking into mail accounts, stealing the voice messages and then piecing them together to leave the target a voice mail that actually comes from the faked individual. An example of this might be that a hacker compromises some of Chris’ voice messages that he may have left for other members, clients, etc. For instance, Chris leaves a few messages for a board member and the board member’s email gets hacked. The hacker takes those 3 or four messages and clips words out of them. They then put it back together in a way that might go something like this “Sharon, would you please transfer $x from account A to account B ASAP. Thanks!” Technology today makes that easy once they have a voice sample with a few words. So, the message would come from Chris, sound like Chris and probably contain at least 1 actual valid account number. And yes, this is being used in the wild and people have fallen for it.
Presidential candidates are being sued for spamming.
Hackers are now targeting companies and municipalities that carry cyber insurance as the insurance companies tend to pay the ransom.
The following was received by several staff members this week. A bit different than your average phishing attempt. The Email actually came from a hacked insurance company and NOT from boroughs.org. There was no effective way to block this attack.
Sent: Monday, September 09, 2019 9:38 AM
Subject: [secure] Pennsylvania State Association of Boroughs
Please review attached and advise.
Pennsylvania State Association of Boroughs
2941 North Front Street
Harrisburg, PA 17110
Contact Us to Get Started
"Your passport to all things web."
To contact us after hours please use the panic button.
Fees may be incurred depending on reason for support.