sign in sign up
<<
Home , Data scraping

Q-News May 2021 A Word from Jack hings just keep getting more cause of the on-going investigation. It Tinteresting and the criminals are is believed that the hackers were able getting more creative. Last month to gain access to some Internet facing we saw a LinkedIn scraping incident, systems. The company agreed to pay where criminals captured 500 million 4.4 million dollars. As a reminder, the user profiles by scraping the screen basics are your best protection from cy- and then selling the data on the Dark berthreats: keep your systems patched, Web. This does not represent a breach implement multifactor in the traditional definition, nor did where possible, use strong passwords, LinkedIn do anything wrong. training, and have a good backup program. While there are no The big news this month was the pipe- guarantees, doing the basics will make line shutdown. The actual root cause you less attractive to an attacker. of the attack has not been released be-

Current Threats

riminals use phishing as an entry Smishing events were up over 300% at Tax scams are also on the rise this Cpoint to install , gain the end of 2020, and we look for those year. The IRS pushed Tax Day back access to login credentials, or collect numbers to continue to increase this again this year, and many states are personal information. Hackers follow year. Criminals are turning to phishing catching up to changing last minute current events and prey on the emotions via text message because most consum- federal laws. The tax scams we are of their targets to drive up click rates. ers trust their text messages. We have seeing are phone and email phishing The Federal Trade Commission is still become used to receiving two-factor based. Be aware of the service you are warning of fraud campaigns related authentication text messages for our signing into to file your taxes and use to COVID-19. The scams are being banks and access to health care sys- multi-factor authentication if it is an reported in many forms, including tems. Text messages are not typically option for your tax service provider. phishing emails and texts, robocalls, questioned before consumers click on a Instead of clicking a link in an email, and fake social media posts. The link. Criminals are using this trust to navigate directly to the site by typing COVID scams have shifted from cures their advantage. Smishing campaigns in the site address (URL). to requests for money to get to the run the gamut from tax rebates, bank front of the vaccine wait list. The FBI is activity, package delivery, and Ama- also warning of fake COVID antibody zon. Remember, a phishing campaign test scams that seek to harvest personal usually tries to generate fear so the vic- information from their victims. tim will click the link. If the message creates a sense of urgency or it is not SMS Phishing, or Smishing, continues something you would normally expect, 571 Congress Park Dr. to grow in popularity among criminals. chances are it is fake. Dayton, OH 45459 937.885.7272 quanexus.com

CYBERSECURITY CLOUD VOICE Dark Patterns

ark patterns are design choices that example would be as a user is filling out a The Roach Motel is familiar to many users. Dtrick users into taking an unintended form, then clicks a green button to go to This dark pattern centers around the idea it action or preventing them from taking an the next step, green button, next step, green is easy to get in, but difficult to get out. Have action. Examples are, tricking a user to button, next step. Then at the end of the you ever had to how to unsubscribe subscribe to a service, and then making process, the option to opt into a $10/month from a service? A Roach Motel purposefully it difficult for them to unsubscribe by service is a green button, and the option to hides the cancel option, and possibly makes hiding the unsubscribe button. UX (user continue without the monthly service fee users go through multiple confusing confir- experience) designers are trained to think is black text on a white background. Mis- mations to finally cancel the service. Ama- about how people interact with technology. direction also occurs if an option for “yes” zon is famous for how difficult it is to cancel Unfortunately, this knowledge can also be is highlighted in red, or an option for “no” an account. Darkpatterns.org has a great used to deceive users. They are using human is highlighted in green. These design de- video on all the steps a user has to navigate to psychology to their advantage hoping users cisions are made to confuse the user and cancel an Amazon account, and then at the will get frustrated and give up or click the make them click what the business wants end of the process the user has to chat with wrong option accidentally. them to click. an Amazon specialist because the user actu- ally cannot cancel the membership on their There are many forms of dark patterns. Confirmshaming is a tactic to guilt users own. Amazon must cancel the membership. Harry Brignull started the website darkpat- into agreeing to a service or signing up terns.org in 2010 to identify and highlight for an email list. These are often found on Dark patterns take advantage of psychol- the most egregious offenders. The three shopping websites where the language will ogy and short attention spans. Users get most common are the Misdirection, Con- say, “Sign up for mailing list” and the alter- frustrated and give up trying to cancel that firmshaming, and the Roach Motel. native is “No, I want to pay full price.” In monthly membership or email blast. How- some cases, the pop up creates more urgen- ever, with some education and the occasion- Misdirection is when a website establishes cy with added “One time offer” language. al search engine dive, users can navigate this a pattern and then exploits that pattern. An world of purposefully bad UX design. Human Operated on the Rise

he cost of ransomware attacks in knowledge of systems administration and These ‘hands on keyboard’ attacks are T2021 are projected to reach $20 common misconfigura- more time consuming for the criminal, Billion, almost double the cost impact tions, which are often lower on the list of but they can also be much more profit- from 2019. A ransomware attack occurs ‘fix now’ priorities. able, which is why we are seeing the in- after a criminal has gained access to a crease. While malware attacks are on the system through a phishing attack or stolen Once attackers have infiltrated a net- decline, ransomware attacks increased credentials. A typical ransomware attack work, they perform thorough reconnais- 40% last year. Criminals are focusing encrypts data, which stops the company sance and adapt and time and effort on these more elaborate from doing business until the ransom is lateral movement activities based on se- attacks that yield greater gains. paid. In a human operated ransomware curity weaknesses and vulnerable services attack, the criminals gain access to a they discover in the network.” Preventing these targeted attacks starts business network and move around the with education as always. The criminal network to see what they can find. Hackers can use the business infrastruc- has to get into the network first. Contin- ture to mine bitcoin, run SPAM cam- ued education on phishing campaigns and Microsoft does a good job explaining the paigns, or use company workstations for password management is critical. Addi- difference between the two attack methods: other criminal activities. Only after they tionally, a layered security approach is the have exploited the private infrastructure best defense along with network monitor- “Human-operated ransomware attacks do they then execute a typical ransom- ing tools. These tools can alarm IT de- are a cut above run-of-the-mill commod- ware attack by encrypting data and ask- partments to unusual network activity like ity ransomware campaign. Adversaries ing for money. These criminals can live using workstations to mine bitcoin. behind these attacks exhibit extensive in a company network for months, using the business infrastructure for their gains.

CYBERSECURITY CLOUD COMPUTER VOICE CYBERSECURITY CLOUD COMPUTER VOICE US Pipeline Shutdown by Ransomware Attack

ne of the nation’s largest pipeline ture. The group reportedly stole and than $350 million dollars to criminals. Ooperators was forced to shut down encrypted 100 gigabytes of data from their network following a ransomware Colonial Pipeline they are threatening Later reports indicate Colonial Pipe- attack. In what is being called the worst to leak if the ransom is not paid. line paid a ransom of nearly $5 million on critical US infrastruc- dollars to the Eastern European hacker ture in history, Colonial Pipeline shut Eric Goldstein, executive assistant di- group on the same day as the attack. The down their 5,500 miles of pipeline rector of the cybersecurity division at group provided a decryption tool, but to contain the breach. The Georgia CISA said, apparently it was so slow to work, the based company transports more than pipeline continued to use their backups 100 million gallons of fuel per day “This underscores the threat that to restore the missing data. The details including gasoline, diesel, jet fuel, and ransomware poses to organizations from these stories never fail to highlight home heating oil. Oil analysts say the regardless of size or sector. We encour- the security stack we use at Quanexus. shutdown could affect gas prices if it Click below for Q-Stack Video. age every organization to take action goes on for more than a few days. The immediate concern is the supply of jet to strengthen their cybersecurity pos- ture to reduce their exposure to these THE Q-STACK fuel to large airports like Atlanta and STACK types of threats.” Q ADVANTAGE Charlotte. Colonial Pipeline moves Protecting your systems, and the information 45% of the fuel from the Gulf Coast of on your systems requires a layered approach. Texas to customers in the southern and These high profile attacks continue to eastern United States. keep IT security in the news and at the POLICIES & CONTROLS forefront of business owners’ minds. The

Ransomware is a type of malware that SolarWinds breach was an illustration locks up a victim’s files, which the at- of the capability and scope of a nation

tackers promise to unlock for a pay- state attack. At the same time we see SECURITY TRAINING ment. More recently, some ransomware ransomware attacks on small business- es or city governments who often don’t groups have also stolen victims’ data ANTIVIRUS MALWARE and threatened to release it unless paid; have the budget for IT infrastructure. a kind of double extortion. Ransomware payments peaked in Q3 of last year with an average payout of PATCHES & UPDATES The attack has been confirmed by the over $225,000 per incident. Criminals FBI to originate from a group of cyber- understand many small businesses don’t OPERATING SYSTEM criminals known as DarkSide. They are have the resources to defend against a new and particularly cruel criminal these attacks and have no choice but to gang who admit to targeting hospitals, pay the ransom. Ransomware attacks schools, universities, nonprofit orga- increased over the prior year by over nizations, and government infrastruc- 300% resulting in victims paying more

CYBERSECURITY CLOUD COMPUTER VOICE CYBERSECURITY CLOUD COMPUTER VOICE LinkedIn Scraping Attack Podcast

We have two new short Podcasts out this month. inkedIn is in the spotlight of IT attacking. Even though the information Jack and Chuck discuss Lsecurity news again. A hacker claims is public, a criminal could use the list to Insider Security Threats, and to have 500 million LinkedIn profiles construct a more credible phishing at- Air Gap Backups! for sale. The criminal posted four files tack. A searchable, sortable, aggregated that contain LinkedIn member IDs, full list of 500 million users could be very names, email addresses, phone numbers, useful to a hacker. They could sort the genders, job titles, workplace information, data by business or area code and create and potentially other identifying data. more targeted attacks, use the data to pose as LinkedIn, or combine the data LinkedIn reviewed the data, confirmed it with other PII to target individual users was real, and released a statement claim- in a spear phishing campaign. ing the data was scraped from public pro- files, and not a breach. is on the rise because we share so much information publicly. “This was not a LinkedIn , LinkedIn has risen in popularity as a and no private member account data business to portray because of so many from LinkedIn was included in what people looking for new jobs during the we’ve been able to review.” pandemic. Click Here for Podcast 4 - Air Gap Backups For a year now criminals have focused With the announcement of this data on LinkedIn to acquire information on scraping attack, users should be on the employees and target them in attacks. lookout for phishing emails referencing LinkedIn is now in the top three compa- LinkedIn, or the information the user nies impersonated in phishing attacks, a has on LinkedIn. It’s always a good idea year ago it wasn’t even in the top 25. Ear- to understand what information you lier in the pandemic we wrote a blog post have publicly available, so if an email or about criminals using LinkedIn to attack text message doesn’t feel right, you can newly hired employees by impersonating better understand the information the IT support of the company. hacker may be working from.

The scraped data are forms of publicly In a couple recent podcasts, Jack talks identifiable information or PII which about oversharing PII, and data aggrega- Click Here for Podcast 5 - can be used along with other public in- tion. Find those podcasts here and here. Insider Security Threats formation to give the criminal a more complete picture of a person they are

Follow Quanexus on Social Media!

Find Quanexus on Facebook, Youtube, Also, subscribe to our email list to regular- LinkedIn, and Instagram! Click on the ly receive tech news, cybersecurity alerts, buttons below to access our social media and information on upcoming events. pages. Like, comment and subscribe! Visit Quanexus.com to sign up!

571 Congress Park Dr. Dayton, OH 45459 937.885.7272 quanexus.com @Quanexus571 @Quanexus @Quanexus @Quanexus571 @Quanexus571