Q-News May 2021 A Word from Jack hings just keep getting more cause of the on-going investigation. It Tinteresting and the criminals are is believed that the hackers were able getting more creative. Last month to gain access to some Internet facing we saw a LinkedIn scraping incident, systems. The company agreed to pay where criminals captured 500 million 4.4 million dollars. As a reminder, the user profiles by scraping the screen data basics are your best protection from cy- and then selling the data on the Dark berthreats: keep your systems patched, Web. This does not represent a breach implement multifactor authentication in the traditional definition, nor did where possible, use strong passwords, LinkedIn do anything wrong. end user training, and have a good backup program. While there are no The big news this month was the pipe- guarantees, doing the basics will make line shutdown. The actual root cause you less attractive to an attacker. of the attack has not been released be- Current Phishing Threats riminals use phishing as an entry Smishing events were up over 300% at Tax scams are also on the rise this Cpoint to install malware, gain the end of 2020, and we look for those year. The IRS pushed Tax Day back access to login credentials, or collect numbers to continue to increase this again this year, and many states are personal information. Hackers follow year. Criminals are turning to phishing catching up to changing last minute current events and prey on the emotions via text message because most consum- federal laws. The tax scams we are of their targets to drive up click rates. ers trust their text messages. We have seeing are phone and email phishing The Federal Trade Commission is still become used to receiving two-factor based. Be aware of the service you are warning of fraud campaigns related authentication text messages for our signing into to file your taxes and use to COVID-19. The scams are being banks and access to health care sys- multi-factor authentication if it is an reported in many forms, including tems. Text messages are not typically option for your tax service provider. phishing emails and texts, robocalls, questioned before consumers click on a Instead of clicking a link in an email, and fake social media posts. The link. Criminals are using this trust to navigate directly to the site by typing COVID scams have shifted from cures their advantage. Smishing campaigns in the site address (URL). to requests for money to get to the run the gamut from tax rebates, bank front of the vaccine wait list. The FBI is activity, package delivery, and Ama- also warning of fake COVID antibody zon. Remember, a phishing campaign test scams that seek to harvest personal usually tries to generate fear so the vic- information from their victims. tim will click the link. If the message creates a sense of urgency or it is not SMS Phishing, or Smishing, continues something you would normally expect, 571 Congress Park Dr. to grow in popularity among criminals. chances are it is fake. Dayton, OH 45459 937.885.7272 quanexus.com CYBERSECURITY CLOUD COMPUTER VOICE Dark Patterns ark patterns are design choices that example would be as a user is filling out a The Roach Motel is familiar to many users. Dtrick users into taking an unintended form, then clicks a green button to go to This dark pattern centers around the idea it action or preventing them from taking an the next step, green button, next step, green is easy to get in, but difficult to get out. Have action. Examples are, tricking a user to button, next step. Then at the end of the you ever had to Google how to unsubscribe subscribe to a service, and then making process, the option to opt into a $10/month from a service? A Roach Motel purposefully it difficult for them to unsubscribe by service is a green button, and the option to hides the cancel option, and possibly makes hiding the unsubscribe button. UX (user continue without the monthly service fee users go through multiple confusing confir- experience) designers are trained to think is black text on a white background. Mis- mations to finally cancel the service. Ama- about how people interact with technology. direction also occurs if an option for “yes” zon is famous for how difficult it is to cancel Unfortunately, this knowledge can also be is highlighted in red, or an option for “no” an account. Darkpatterns.org has a great used to deceive users. They are using human is highlighted in green. These design de- video on all the steps a user has to navigate to psychology to their advantage hoping users cisions are made to confuse the user and cancel an Amazon account, and then at the will get frustrated and give up or click the make them click what the business wants end of the process the user has to chat with wrong option accidentally. them to click. an Amazon specialist because the user actu- ally cannot cancel the membership on their There are many forms of dark patterns. Confirmshaming is a tactic to guilt users own. Amazon must cancel the membership. Harry Brignull started the website darkpat- into agreeing to a service or signing up terns.org in 2010 to identify and highlight for an email list. These are often found on Dark patterns take advantage of psychol- the most egregious offenders. The three shopping websites where the language will ogy and short attention spans. Users get most common are the Misdirection, Con- say, “Sign up for mailing list” and the alter- frustrated and give up trying to cancel that firmshaming, and the Roach Motel. native is “No, I want to pay full price.” In monthly membership or email blast. How- some cases, the pop up creates more urgen- ever, with some education and the occasion- Misdirection is when a website establishes cy with added “One time offer” language. al search engine dive, users can navigate this a pattern and then exploits that pattern. An world of purposefully bad UX design. Human Operated Ransomware on the Rise he cost of ransomware attacks in knowledge of systems administration and These ‘hands on keyboard’ attacks are T2021 are projected to reach $20 common network security misconfigura- more time consuming for the criminal, Billion, almost double the cost impact tions, which are often lower on the list of but they can also be much more profit- from 2019. A ransomware attack occurs ‘fix now’ priorities. able, which is why we are seeing the in- after a criminal has gained access to a crease. While malware attacks are on the system through a phishing attack or stolen Once attackers have infiltrated a net- decline, ransomware attacks increased credentials. A typical ransomware attack work, they perform thorough reconnais- 40% last year. Criminals are focusing encrypts data, which stops the company sance and adapt privilege escalation and time and effort on these more elaborate from doing business until the ransom is lateral movement activities based on se- attacks that yield greater gains. paid. In a human operated ransomware curity weaknesses and vulnerable services attack, the criminals gain access to a they discover in the network.” Preventing these targeted attacks starts business network and move around the with education as always. The criminal network to see what they can find. Hackers can use the business infrastruc- has to get into the network first. Contin- ture to mine bitcoin, run SPAM cam- ued education on phishing campaigns and Microsoft does a good job explaining the paigns, or use company workstations for password management is critical. Addi- difference between the two attack methods: other criminal activities. Only after they tionally, a layered security approach is the have exploited the private infrastructure best defense along with network monitor- “Human-operated ransomware attacks do they then execute a typical ransom- ing tools. These tools can alarm IT de- are a cut above run-of-the-mill commod- ware attack by encrypting data and ask- partments to unusual network activity like ity ransomware campaign. Adversaries ing for money. These criminals can live using workstations to mine bitcoin. behind these attacks exhibit extensive in a company network for months, using the business infrastructure for their gains. CYBERSECURITY CLOUD COMPUTER VOICE CYBERSECURITY CLOUD COMPUTER VOICE US Pipeline Shutdown by Ransomware Attack ne of the nation’s largest pipeline ture. The group reportedly stole and than $350 million dollars to criminals. Ooperators was forced to shut down encrypted 100 gigabytes of data from their network following a ransomware Colonial Pipeline they are threatening Later reports indicate Colonial Pipe- attack. In what is being called the worst to leak if the ransom is not paid. line paid a ransom of nearly $5 million cyberattack on critical US infrastruc- dollars to the Eastern European hacker ture in history, Colonial Pipeline shut Eric Goldstein, executive assistant di- group on the same day as the attack. The down their 5,500 miles of pipeline rector of the cybersecurity division at group provided a decryption tool, but to contain the breach. The Georgia CISA said, apparently it was so slow to work, the based company transports more than pipeline continued to use their backups 100 million gallons of fuel per day “This underscores the threat that to restore the missing data. The details including gasoline, diesel, jet fuel, and ransomware poses to organizations from these stories never fail to highlight home heating oil. Oil analysts say the regardless of size or sector. We encour- the security stack we use at Quanexus.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages4 Page
-
File Size-