Hackers Execute Ransomware Attack & Encryption on SF Asian Art Museum

In the wake of destruction from an ever-growing threat of cybercriminals, many major municipal branches in Baltimore and Atlanta fell victim to encrypted systems and were extorted for millions. Soon after, the major targets became local school districts and colleges, but it would appear the targets have changed once again. This time to an industry that will surprise many, who think this could NEVER happen to them.

Museums? That’s right, last Tuesday it was reported that the Asian Art Museum in San Francisco was hit with a ransomware attack back in May. Initially, when I heard this, I was as surprised as you were, why would a Museum be hit with Ransomware? Why would someone search out cultural institutions to attack? The answer lays closer than we think, dealing in lower monetary value, museum donors’ personal information, can be easily stolen, alongside the typical digital footprint of email, phone number, first name, last name, etc.

It sounds like something out of an action movie, the hacking of a museum in San Francisco, came to the surface when the Asian Art Museum refused to pay the demanded ransom, sticking with the city’s official “no-negotiation policy.” Although everyone at the Asian Art Museum has been tight-lipped about the tactics used against them, we do know the data was recovered, by utilizing a trusted backup system. Always making sure technology partners are checking in, and running tests periodically, making sure systems built for fail-over are fully operational, and providing the museum the confidence needed to NOT PAY the ransom, knowing they can easily restore data, giving everyone at the Asian Art Museum, peace of mind.

Don’t be taken by surprise, protect your business with these five tips to better your data protection:

  1. End-Point Protection – To protect employees and businesses from cyberattacks and encryption, it’s critical to your success to employ up-to-date End-Point Protection (EPP) and Malware Alerting on high-value targets like servers or domain controllers.
  2. Gone Phishing – The human element is what gets most people, and it’s because these phishing examples have been developed to simulate a popular brand or coworker email. Without successfully phishing someone to gain access, the doors on your network can remain closed. Be warry, as social networks have been hit hard with email spoofing.
  3. See Something, Say Something – One of the most important things to teach employees within your network, is if they see a ransomware pop up, you should immediately disconnect this machine from the network. This will prevent the infected system from communicating with other nods on your network, damaging more of your data, and encrypting more technology.
  4. Group Policy Controls – Generate access controls or Group Policy, in case someone does get into one of the computers, they won’t be able to remote into someone else’s PC or system. Making it critical to prevent the spread and damage of further entities.
  5. Prioritize your Vulnerability – How much of a threat can your business take on, with information everywhere on the network, it grows impossible to secure everything, making it imperative to create a layered approach – to further secure financials and company email that could contain personal information.

In today’s cybersecurity landscape, ransomware poses a serious risk to every business. Taking a proactive approach is the key to reducing your risk. You can learn more about disaster recovery planning and reliable backup solutions by consulting a technology partner who understands your organization’s unique needs. Contact a Clare Computer Solutions Consultant today to determine your risk.

Tax Season is Ending, Clean Up Your Sensitive Information Before the Criminals Do

If you’re anything like me, your tired of picking up the phone just to hear someone’s terrible recording of a tax collector, IRS agent or CPA demanding some outrageous sum of money. According to the IRS, in their latest security bulletin, they have formulated 2019’s “Dirty Dozen.” Keeping employees and end-users in mind, many will have sensitive data leftover on their devices, making your business a prime target.

With highly targeted attacks plaguing many of us today, it’s not uncommon to see Business Email Compromised or more-commonly, CEO Fraud. Reaching $12.5 Billion in total known losses, these attacks have bad guys trying to convince end-users, typically in Accounting, Receiving, HR, and sometimes IT to release information or funds based on their faked email address or title. Typically, this results in many unknowing employees making some form of payment or releasing the information as they view their job could be at stake.

We’ve even seen these “Fake CEOs” attempt to send out emails regarding W-2 issues. Once opened, the payload can be delivered from these attacks at any point in time. In most cases, we’ve witnessed malware laying low in systems for 90 days. With tax season closing, we wanted to shed some light on the technology aspects of the “IRS’ Dirty Dozen.”

Here’s a recap of this year’s ?Dirty Dozen? scams:

1. Phishing: Business’ filing on their own behalf this year, should be alert to the potential for faked emails or websites looking to steal personal information. The IRS notes, “The IRS will never initiate contact with taxpayers via email about a bill or tax refund.” Don’t click any links or attachments from someone claiming to be from or on behalf of the IRS. For more information from the IRS website see here: (IR-2019-26)

2. Phone Scams:?Phone calls from criminals or on behalf of them impersonating IRS agents remain an ever-growing threat to end-users during tax season. It’s these same calls your employees receive that contain outlandish threats including police arrest, deportation, or my personal favorite license revocation. For more information from the IRS website see here: (IR-2019-28)

3. Identity Theft: During tax season, businesses will have taxpayer information on-hand for one of the few times all year. This means for the period between March to May, the IRS warns that identity theft will rise, although the security industry has made several large strides in protecting employees currently. The IRS warns business’ as they continue perusing these criminal actions. For more information from the IRS website see here: (IR-2019-30)

6. Tax Return Preparer Fraud: Unfortunately for some business’ the amount of fraudulent Tax Preparer has also grown in stride. As we all know, the vast majority of tax professionals are there to provide honest, high-quality services but others will operate during the filing season and it’s these scams that continue to push refund fraud and identity theft further. For more information from the IRS website see here: (IR-2019-32)

8. Inflated Refund Claims: Alert the IRS or the police of anyone whose promising inflated refunds or credits. Be alert to anyone promising large returns or asking for credits. This falls on local law enforcement to assist as these frauds will use flyers, fake storefronts, and community groups to infiltrate your trust. For more information from the IRS website see here: (IR-2019-33)

Continue staying diligent, as the typical end-user and employee has sensitive information nearby. Maybe it’s an email of your tax return or that W-2 from human resources. Regardless, having it near anything business related can be an area for concern, for cybercriminals and frauds they will have hit the jackpot.

Learn how to secure your end-users and employees, educating them on how to handle sensitive information, how to interact with strange emails.

Cyberattacks Using SSL Encryption Swells the Success Rate of Malware to 400%

Utilizing Microsoft’s latest partner release of the 2019 Security Intelligence Report, a report put together to inform Microsoft and Office365 Partners of the latest threat-analytics to hit the landscape. Of the 470 billion emails analyzed, the year-to-date trend was well over 250% since it’s last publication in 2018. As phishing attacks continue to trend upwards, attackers are beginning to leverage more sneaky tactics to accomplish their end goal, including blackmail, extortion and worst of all, data corruption.

For many businesses, encryption has become the norm as cyber-criminals begin looking to disrupt operations to turn a quick profit.? One of the largest goals behind any cyber-attack is stealth, the longer a malicious activity goes on unnoticed in your systems, the greater the chances of their attack succeeding. One popular avenue has begun involving SSL encryption to disguise the transmissions of the attack from your local anti-virus or malware agents.

As previously warned, these attackers are persisting to utilize website encryption to provide users with a false sense of confidence while surfing or researching something on the web. As we have mentioned here, Security Awareness Training can assist in informing your employees of the perils found in today’s connected businesses. Begin scrutinizing the sender’s domain name, and the content they want from you.

  • Phishing – 2.7 Million phishing attacks occur monthly, a 400% increase since we’ve been tracking these states in 2017.
  • Content is King – 196 Million instances of “malicious content” including websites, malicious scripts, and malvertising we all found on some of the most well-known websites this year.
  • Botnets – 32 Million botnet callbacks were performed and blocked on average each month since 2018
  • Domains – 32% of all spoofed domains or websites were using SSL to deliver content.

Most Phished Brands through HTTPS:

  1. Microsoft Office365 or OneDrive – 58%
  2. Facebook – 12%
  3. Amazon – 10%
  4. Apple or iTunes – 10%
  5. Adobe – 4%
  6. Dropbox – 4%
  7. DocuSign – 2%

By preparing your employees with a security mindset, we broaden business’ stance on security, to better prevent things like SSL attacks from reaching your end-users. Each of these acts leverages more ways for cybercriminals to establish credibility, and the context needed to fool business.

Recently, I received an email from one of our clients in the North Bay, and they copied me on an email that was dressed up to represent a Microsoft Office 365 notice. Now, this notice contained links to an ?invoice? that were crafted and carefully coded, to send the staff to a fake Russian URL, where Office365 logos were plastered everywhere. Even more conveniently, was the willingness for this HTTPS encrypted website to take down ANY information relating to my own personal Office 365 account. Thankfully, this partner reached out to our staff to double-check the status of their Office 365 account and wouldn?t you know it, no issues were reported.

(Email Pictured Below)

ccs anti spear phishing help and fixes sf bay area

The Latest Spear Phishing Scams to Pass-Through Your Email Filter

Unfortunately, everything malicious isn?t always caught by your email filtering or anti-virus. Because of the rise in email born attacks over the last few months, we?ve begun debunking some of the most well-known spear phishing emails sent to local business owners. With an estimated 91% of successful data breaches started by spear phishing, this type of scam has garnered a lot of media attention. Once reserved for the C-level executive, spear phishing has grown, targeting managers and other employees as an essential component of a social engineering attack.

Did You Know That 91% of Successful Breaches Start with a Spear Phishing Attack?

1. “Funding for Your Business DocuSign Scam”

One of our partners here at CCS sent this brilliant example of a spear phishing scam, that can get past ANY email or web filtering.

This message sails through filters and protects devices as it?s presented as a close-to-real document. Utilizing Adobe DocuSign, this example is built to grab your information, not to deliver a malicious payload.

DocuSign IT Support Company finds Phishing email example

By reviewing documents, and clicking the entirely legit DocuSign page, it will spawn what appears as a loan application. By completing this form, it will send your information directly to the hackers. Making it even easier for them, towards the bottom of this application there is a place to upload your last three paychecks or pay stubs.

Spear Phishing Email Form Top 1

If someone in your account?s receivables, accounting, or finance department were to submit this information, the damage could be extensive, and bankruptcy has unfortunately become a harsh reality for small-to-medium sized businesses due to the potential repercussions.

Spear Phishing Email Example Form 3

2. Unwitting Job Applicant Victims to Malware Ad Attacks

The way spear phishing works is by evoking trust and credibility to entrap victims into providing information that grants them access to personal records, employee information, and company data.

Like many professionals in the SF Bay Area, I?m on LinkedIn, where thousands of people are searching for employment opportunities. Given you?re on a website that knows your job title, industry sector, GPS Location, etc. it wouldn?t raise suspicion in most cases.

That?s exactly what these hackers were counting on when they hosted several malicious LinkedIn Ads to target a bank employee. The victim was a financial company employee that was contacted by, and even held a Skype call with the potential ?new-employer.? Once the interview was conducted, and the employee?s defenses are down, cybercriminals asked the employee to install a program called ?ApplicationPDF.exe? that would generate his application.

Because this program was able to bypass anti-virus and suspicion, it?s believed the hackers were attempting to gain access into the network of financial records, debit cards, and control over localized ATMS.

We often begin seeing employees as the easiest line of defense in your cybersecurity. It?s stories like these that continue to keep our clients vigilant with security and elevate the awareness employees have to surround these malicious threats and looking for red flags. In this case, the PDF application was the scam that allowed access into localized network operations.

 

Steps Towards a Spear Phishing Remedy:

By focusing on the unique needs of your network, and it’s users there are low-cost solutions for making major strides in stepping up spear phishing prevention. With the implementation and setup of policies, permissions, and email filtering, begin minimizing the risk your business can incur. As part of our commitment to the SF Bay Area Community, we have begun offering Security Awareness Training for companies looking to strengthen their security posture. We understand the uniqueness of your business, and so do each of our employees. Leverage our staff, and knowledge to toughen-up security today.

Secure Now, or Pay Later: “Collection #1” Data Breach Reports 773 Million Personal Records

A developing story regarding one of, if not the largest data breach dump of all time. Deemed “Collection #1” for its collated structure. Collection #1 was a series of data dumps from over 2,000 databases, and this data breach hits close to home. After being alerted early Saturday, January 19th, 2019, I noticed an odd email forward from a website I’d never seen or heard of, alerted me that an older personal email and password was compromised. Taking this notice, we’ve used our experts to dig deeper into the Collection #1 data breach.

By starting with the raw-data first, Collection #1 is a set of email addresses and passwords that have totaled 2,692,818,238 rows, of spreadsheets, with decrypted passwords. Made up of several smaller breaches organizations, forums, social platforms make up the varying sources. In total, the data creates 1,160,253,228 unique combinations for emails and passwords. (emails are NOT case sensitive) It should be noted, 772,904,991 unique emails and 21,222,975 other personal data records were released on the dark web on Friday, January 18th, 2019.

Origins of this Data

To further heighten the stakes, with the original documentation pictured above, we can see hackers are neatly formatting their data-dumps, and this shows the delimited text formats (commas, semicolons, syntax) further proving the original origin of this data. Posted late last week on the popular dark web service MEGA, over 12,000 separate files were collected, totaling 87GB of data that has since been removed from the dark web site. Referencing the image below, the expanded view shows the file listing and the many alleged sources. (it’s very difficult to discover the source of data breach information)
Clare Computer Solutions MSSP Managed Security Service
What I can say, is I checked, and verified my own personal data, though it was inaccurate, it was credentials, that I personally used several years ago. Like many of you reading this, I’ve bared witness to my data being in these breaches and although it’s always outdated credentials it still provides me with a sense of dismay, though I know it’s not personal.

How “Hashed Passwords” are Used in Hacking

As I’ve mentioned, there was a mix of “hashed” and “de-hashed” passwords that were cracked, and output to plain-text. These massive files are used with automation tools to resplendently attempt numerous credentials. For an example, if you head over to HIBP, and you enter the word “[email protected]” it will return the password as being cracked or broken 51,000 times, so this is obviously ill-advised though it meets common password standards, like upper case, lower case, number, and 8 characters long.

So, What’s at risk here?

In short, if you’re involved in this data breach, many of your passwords could already be compromised, in this case, used for credential stuffing. Credential stuffing is the process of automated injection of breaches usernames, emails and password pairs to gain fraudulent access to your accounts, once reporting with access, they leverage this same list across banking, emails, and website servers.

The cold reality of this situation is 140 million emails were taken with 21 million in passwords not already disclosed or discovered. My hope is that many will be prompted to broaden their security posture and look past the basic steps in password difficulty. There is something big to take away from all these breaches occurring. Two-step verification could prevent access to many business’ vital applications that are now being moved to the cloud or online.

To learn more about the launch of our latest security initiatives, head over to our Managed Security Services page, to learn the latest technology used to combat cyber attacks in for small to medium business. Providing greater uptime maximization, and peach of mind through fully securing your network.