Threat Matrix: November Edition
Threat Matrix: New Wi-Fi Attack Methods, Audible Scams, and More
Welcome to the August edition of Upfort’s Threat Matrix, your essential guide to cybersecurity news tailored for small business owners. In this edition, we detail some emerging threat techniques involving QR codes, NFC functionality, and flaws in software you might be using at your org. As always, we include the steps to protect your business.
Want to help keep your company safe? It only takes two minutes to complete our interactive cybersecurity checklist to tell how prepared you are. Or take a free cyber security risk assessment, which taps Upfort’s state-of-the-art AI to surface exploitable vulnerabilities in your network.
A former employee at an unnamed New Jersey-based company was arrested after locking admins out of 254 company servers as part of an extortion plot. The “core infrastructure engineer” used his administrative privileges to change passwords and install backdoors before leaving the company.
Once the disruption was set in place, he left a message in late November threatening to shut down 40 random servers on the company's network daily over the next ten days unless a ransom of $750,000 in the form of 20 Bitcoin was paid. An investigation by the FBI led found the 57-year-old engineer who is based in Kansas City remotely accessed the company’s network without authorization earlier that month.
How to defend yourself: Restrict administrative access to only essential personnel and immediately revoke privileges for departing employees. Implement monitoring tools to detect unauthorized changes and regularly audit account activities to maintain security.
Dick's Sporting Goods recently took proactive measures by shutting down email services and locking employee accounts following a cyberattack. Phone lines at local stores were reportedly also down. The company acted to contain the breach, focusing on safeguarding sensitive information and preventing further unauthorized access. In an internal memo, DICK'S told employees that most of them no longer have access to their systems because of a "planned activity" and that their team leaders will contact them via personal email or text for further instructions.
How to defend yourself: Implement strong security protocols, including regular backups, multi-factor authentication, and continuous monitoring of network activity to detect and respond to threats quickly.
Cybercriminals are now leveraging Microsoft's Sway, a web-based platform for creating and sharing interactive reports and presentations, to launch a new type of phishing campaign dubbed "quishing." This tactic exploits the trust users have in Microsoft products, making it easier for bad actors to steal sensitive information or install malicious software on victims' devices. Phishing emails embedded with malicious links or QR codes redirect users to fraudulent Sway pages that appear legitimate, increasing the risk for unsuspecting victims.
How to protect yourself: Small businesses can take several steps to safeguard against this emerging threat. First, ensure that employees are trained to recognize phishing attempts, including the different forms they can take, such as emails or QR codes. Implement multi-factor authentication (MFA) for access to Microsoft accounts, and regularly update all software to patch vulnerabilities. It’s also wise to scrutinize all unsolicited emails and links, especially those directing to seemingly legitimate platforms like Microsoft's Sway.
Seattle-Tacoma International Airport experienced a major IT systems outage following a cyberattack, leading to disruptions in airport operations. The attack impacted critical systems, causing delays and complications for travelers and staff alike. Authorities are investigating the breach while working to restore normal operations and secure the affected infrastructure.
How to defend yourself: For businesses, ensure that critical infrastructure is protected with strong cybersecurity measures, including regular updates, system backups, and employee training on recognizing and responding to cyber threats.
Cybercriminals are exploiting a critical vulnerability in Atlassian Confluence to deploy cryptojacking malware, a type of attack where hackers hijack a system's processing power to mine cryptocurrency without the user's consent.
Cybercriminals are exploiting a critical vulnerability in Atlassian Confluence to deploy cryptojacking malware, a type of attack where hackers hijack a system's processing power to mine cryptocurrency without the user's consent. This unauthorized mining can severely slow down operations and increase energy costs, causing significant disruption to affected businesses. The widespread exploitation of this flaw underscores the importance of applying security patches promptly to prevent such breaches.
How to defend yourself:
Regularly update software with the latest security patches, especially for critical business tools like Atlassian Confluence, to protect against vulnerabilities.
Cybercriminals are focusing on the manufacturing sector by deploying phishing scams that mimic Microsoft login pages to steal credentials. These scams often involve emails that appear to be from trusted sources, urging recipients to click on a link and log into a fake Microsoft account page. Once the credentials are captured, hackers use them to infiltrate networks, access sensitive data, and potentially disrupt operations.
How to defend yourself:
Educate employees about phishing tactics, enforce strong password policies, and implement multi-factor authentication (MFA) to protect against credential theft.
This sophisticated malware infiltrates Android devices and harvests sensitive banking information by intercepting NFC communications.
A new cybersecurity threat has emerged that specifically targets Android users through their near field communication (NFC) capabilities. Named the "NFC Traffic Stealer," this sophisticated malware infiltrates Android devices and harvests sensitive banking information by intercepting NFC communications. This can lead to financial loss and compromised personal data, posing a serious danger for users who rely on mobile payments and contactless technology.
How to protect yourself: Small businesses can mitigate the risk of falling victim to this malware by encouraging employees to install antivirus software and keep their Android devices updated with the latest security patches. Disable NFC capabilities when not in use and be cautious about downloading apps from unknown sources. Regularly review and manage app permissions to ensure no unauthorized access to sensitive information and always monitor banking transactions for any suspicious activity.