Posts tagged " cyber attack "

Phishing Posts that really catch people out

June 28th, 2017 Posted by Industry Focus, News No Comment yet

As hackers grow in sophistication, so do the phishing scams they try and entice innocent users with. We’ve rounded up some of the most common and well-used versions:

The Public Speaker

This is a long-running scam that preys on the hopes of public speakers, inviting them to speak (and be paid a hefty fee) at a conference in the UK or somewhere else in the world.  In the last year or so, the scam has taken a nasty turn, targeting ministers, pastors, and preachers to invite them to a bogus religious conference and again offering them a big paycheck.

Now, the scam has taken a new direction, aimed at women and parents, or at least speakers on these subjects.  Please beware if you get a letter like this.  The idea is to get your personal details under the pretext of sending you some money, or getting you to send some money to take care of administrative fees or governmental controls, with a promise of a big check to come.

But this is a scam.  You will never get the promised big check.  The conference is not real.

So the answer is simply to ignore the email.  Don’t be tempted!

The Tax Rebate

Fraudsters are generating phishing emails by posing as HMRC in order to gain access to people’s bank accounts. It appears the occurrence of these emails has become increasingly common as a Which? survey found that of 2016 adults, 40% had received communication of this nature.

The general format of these e-mails can look very convincing as they make use of genuine HMRC branding. Sometimes emails are signed off with the name of an actual HMRC employee making them seem even more realistic.  The contents will generally be offering you a tax refund and asking for bank details in order for the money to be refunded.

The amount offered is usually up to £500, so as not to raise the recipient’s suspicions. The main aim of these emails is to extract money from your bank account, get you to send money or to gain enough personal information about you to sell you details to identity theft criminals. An example is below:

Phishing email 1.png

 

HMRC will never send notification of a tax reimbursement or ask for personal or payment information by email. So you can safely ignore these emails.

Google Docs

This is a sophisticated phishing scam that asks for permission to access files stored in Google Drive. The attack involves an email being received saying a Google Doc has been shared with you.

The message looks legitimate and appears to be from a contact you already know. But when clicked, permissions are granted to a third-party that has no relation to Google. The below image shows the phishing scam in action:

google-docs-oauth-phishing-email

 

 

 

 

 

 

 

 

 

 

 

 

What to do if you get ‘phished’

“If you have disclosed confidential data (e.g. a username or password), go to the real site and change it immediately, to stop the criminals hijacking your online account,” You can also report emails to your email service provider.

If you see a phishing email at work, the best approach is to forward it to an IT department or report it in via internal company systems. If it appears to come from a colleague, but it does look and feel ‘phishy,’ don’t reply in the mail, call them or go to see them to confirm the validity of the mail and the contents.

Never reply to the message, even if you fancy taunting the ‘phisherman,’ you would only be confirming your email address is valid and live.

If you do click on a phishing link, it’s also worth reporting the incident to Action Fraud.

 

WannaCry ‘link’ to North Korean hackers

May 24th, 2017 Posted by News No Comment yet

A hacking group closely tied to North Korea was behind the massive WannaCry attack earlier this month, security company Symantec says.

The way the attack was set up made it “highly likely” that the Lazarus group was responsible, it said.

Lazarus has been blamed for a 2014 attack on Sony and the theft of $81m (£62m) from Bangladesh’s central bank.

In those attacks, the group is believed to have worked on behalf of North Korea’s government.

In a blog, Symantec said “substantial commonalities in the tools, techniques, and infrastructure used by the attackers” led it to conclude that the Lazarus group had instigated the WannaCry attack.

However, Symantec added that the character of the attack suggested it had not been carried out on behalf of North Korea.

Rather than being a nation-state campaign, it said, it looked more like a “typical” cyber-crime campaign that sought to enrich its operators.

North Korea has denied any involvement with WannaCry, branding any claims it was behind it “ridiculous”.

wannapic

‘Error prone’

The virulent WannaCry worm is believed to have infected computers at more than 200,000 companies.

Victims included more than 60 NHS trusts in the UK as well as Fedex, Renault and Telefonica.

On compromised computers, the worm encrypted files and demanded a ransom of $300 (£231) in bitcoins to unlock them.

Symantec pointed to small-scale attacks carried out prior to the massive May event that used the same basic malware but also employed other technical tricks Lazarus is known to use.

The earlier attacks did not exploit the vulnerability that helped WannaCry spread so far, so fast but instead used six other malicious programs favoured by Lazarus.

Two of these are known to have been used in the Sony attack.

In addition, Symantec said, code inside WannaCry was shared with a separate program also linked to Lazarus. Symantec’s analysis builds on work by other researchers who have studied WannaCry and found evidence that some of its core code is shared with other malicious programs Lazarus is believed to have used.

Despite Symantec’s lengthy analysis, some experts remained cautious about blaming Lazarus.

“Attributing hacking operations and malware to specific groups is an imprecise undertaking that’s frequently fraught with errors,” wrote Dan Goodin, security editor at Ars Technica.

So far, 300 victims are believed to have paid to have their files unlocked, generating a total ransom payment of $109,245.

The money is being paid into three separate bitcoin wallets that are being closely scrutinised for activity to see if they can help identify the criminals.

‘Firewall prevented infection’

Luckily for Microcomms customers with WatchGuard Firewalls in place, their Firebox with Total Security Suite Blocked WannaCry 2.0 so they were safe from the attack. Are you confident in your Security measures? If not, please get in touch for a chat – a conversation costs nothing and might save you a whole heap of cash!

 

Google Docs users hit with sophisticated phishing attack in their inboxes

May 5th, 2017 Posted by Uncategorized No Comment yet

A Google Docs scam that appears to be widespread began landing in users’ inboxes on Wednesday in what seemed to be a sophisticated phishing or malware attack. The deceptive invitation to edit a Google Doc – the popular app used for writing and sharing files – appeared to be spreading rapidly, with a subject line stating a contact “has shared a document on Google Docs with you”. If users click the “Open in Docs” button in the email, it takes them to a legitimate Google sign-in screen that asks to “continue in Google Docs”.

Clicking on that link grants permission to a bogus third-party app to possibly access contacts and email, which could allow the spam to spread to additional contacts.

Google has said it is aware of the issue and investigating it. The company encouraged users to report the email as phishing within Gmail.

“We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts,” a spokesperson said in a statement. “We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again.”

The company did not immediately respond to requests for comment on how many people had been affected by the attack and where it may have originated.

Web

Phishing scams typically involve emails, ads or websites that appear to be real and ask for personal information, such as usernames, passwords, social security numbers, bank account data or birthdays. Google says it does not send out emails asking for this type of data and encourages users not to click on any links and to report suspicious messages.

As the Verge noted, Wednesday’s attack seemed to be more advanced than standard email phishing scams, because it doesn’t simply take users to a bogus Google page to collect a password, but instead is working within Google’s system with a third-party web app that has a deceptive name.

If users have already granted permission through the phishing email, they can go to their settings and revoke the app.

ransomware attack

Facebook denies Ransomware attack

December 1st, 2016 Posted by Uncategorized No Comment yet

Thanks to TechNewsWorld for the information below:

hacker_facebook_attack

Facebook on Monday denied that its network and Messenger app were being used to spread ransomware to its users, contradicting the claims of researchers Roman Ziakin and Dikla Barda.

The two researchers last week reported they had discovered a new method for delivering malicious code to machines, which they dubbed “ImageGate.” Threat actors had found a way to embed malicious code into an image, they said.

Due to a flaw in the social media infrastructure, infected images are downloaded to a user’s machine, Ziakin and Barda explained. Clicking on the file causes the user’s machine to become infected with a ransomware program known as “Locky,” which encrypts all the files on the infected machine. The user then must pay a ransom to the purveyor of the malicious software in order to decrypt the files.

Facebook has disputed the findings

“This analysis is incorrect,” Facebook said in a statement provided to TechNewsWorld by spokesperson Jay Nancarrow.

“There is no connection to Locky or any other ransomware, and this is not appearing on Messenger or Facebook,” the company maintained.

“We investigated these reports and discovered there were several bad Chrome extensions, which we have been blocking for nearly a week,” Facebook noted. “We also reported the bad browser extensions to the appropriate parties.”

Consumer Protection

While Ransomware is always a serious threat to consumers, this new twist on its distribution raises the bar even higher.

Anti-virus specialists have commented, “Consumers simply do not expect malware to be delivered via a Facebook message. Most people probably consider social media sites to be a safe space, so the lack of concern and vigilance makes it powerful as a potential infection channel for malware.”

For consumers concerned about an ImagteGate attack, it is recommended that you do not open any files downloaded to a device after clicking any image. The same is true for image files with unusual extensions, such as SVG, JS or HTA.

Users should also keep their operating system and antivirus software up to date, and make backups. Even if you’re never infected with ransomware, you never know when something might go wrong with your machine.

If you are concerned about Cyber Security at your company – speak to our experts today hello@microcomms.co.uk or call 01209 843636.