Cybercriminals are targeting employee payroll and diverting funds, according the Federal Bureau of Investigation (FBI).
The FBI’s Internet Compliant Center (IC3) just released an alert about an increasingly effective cyberattack hitting a variety of organizations in the last couple of weeks.
From education to healthcare to transportation to local governments, almost every industry has seen victims come out of the recent payroll attacks.
The preferred method of distributing this attack is by phishing users—this allows criminals to key log user activity on their computers and ultimately capture employee login credentials. Armed with login information, the criminals then access the employee’s payroll accounts (this is for those of you that have online employee portals) and change bank account information, directing hard earned wages into untraceable offshore accounts.
continue reading
One of the most popular delivery vectors for malware of late? Check out CVE-2017-11882, a patched Microsoft vulnerability that allows hackers to perform arbitrary code execution, ultimately giving them access to your entire network.
Many of the latest attacks have exploited this year-old Microsoft patch to successfully penetrate business networks (note: if you are a Dynamic Edge client, this patch was taken care of a long time ago). This patch vulnerability is so wide-spread that nearly 45% of all ransomware viruses delivered last month had been delivered because businesses failed to apply this one patch.
Macros continue to be a major security problem
There continue to be weaponized Microsoft Office documents delivered via email. As phishing campaigns get more believable, rest assured, criminals are exploiting attachments like they’ve never before. While Microsoft Office by default disables macros nowadays, many enterprise systems still have them turned on. So when a user clicks on an attachment, they might execute code in the background of their computer without even thinking there’s a problem.
continue reading
The Cloud Isn’t a Security Blanket!
Even if you have all of your stuff in cloud, you’re still at risk of an attack. You can just as easily get infected in the cloud as you could on your local server. The hardware is similar, so is the software and so are the updates and patches. If you are accessing the cloud from an infected computer, someone may be able to access your data if that computer or device is not secure. The BIGGEST misconception with the cloud is your data is safe.
Most businesses (and their IT Support) lose focus on security.
All you need to crack the cloud is a Trojan (malicious software disguised as legitimate software). Maybe someone on your staff is working from home, clicks on a link and is infected with some malware that starts recording EVERY keystroke. Over the course of their work day, unknowing that their machine is infected, they log into all sorts of accounts—including logging into your cloud! A criminal now has the exact credentials to access ALL of your cloud data. They may ransom it, or they may just steal it. Either way, your cloud was breached. HIPAA was violated, and your business is at risk of hefty lawsuits, fines, and attrition.
continue reading
Did you realize that Google is actually down-ranking websites that aren’t taking security seriously?
Google, among other search engines, have started to take security online as one of their big initiatives.
If your site isn’t secure? Any rankings you once enjoyed might now be long gone.
And even more, web browsers are starting to communicate more clearly to web visitors if a site isn’t secure. If you load up a browser, type in your url and find something like one of the images below on your site, you’re likely repelling visitors from your site.
continue reading
Over 1.4 billion passwords found on the Dark Web. That’s almost 5 times the population of the United States.
1.4 billion records detailing passwords, usernames. Basically credentials to all sorts of social media and personal email accounts. Passwords that even novice hackers can exploit to get on your network.
Why should you worry about all of these—presumably old—password on the Dark Web?
continue reading
Phishing seems to work. Whether you’re a large familiar brand name or a small business. Whether you invest in your security every month or not (though those that get phished and have security in place are able to easily recover from phishing attacks). The fact of the matter is that employees do get phished if they’re unsuspecting.
No matter how hard you protect your network with latest technology, there’s always going to be someone that brings in a device or that works from home and gets duped into handing over credentials (by allowing criminals to key log every single action on their computers).
I’ve been warning of phishing attacks for a while now—for some more details see one of my latest videos on phishing attacks.
continue reading
