What To Do If Ransomware Hits Your Business
Hit by ransomware? Here’s what to do immediately
Welcome to the first Threat Matrix of spring 2024. In this edition, we drudge up emerging (and concerning) threats from the digital muck such as a growing gen AI-powered phishing scam targeting mourning co-workers, Wordpress malware infecting more than 39,000 business sites, and new revelations that Russian hackers have accessed source code to multiple internal Microsoft systems.
Yeefk!
The good news? There are steps you can take to defend yourself and your business, which we’ve detailed below.
Be sure to set aside some time this spring for a little cyber hygiene. Take two minutes to fill out our interactive cybersecurity checklist or take a free cyber security risk assessment, which taps Upfort’s state-of-the-art AI to surface exploitable vulnerabilities in your digital network.
Also be sure to keep up on the latest threats by following Upfort on LinkedIn and subscribing to the Level Up Security newsletter.
Scammers are using genAI tools such as ChatGPT to rapidly build and publish fraudulent obituaries of recently passed individuals to lure their coworkers so they can install malware on their devices. And in some cases, they're even creating obits for people who are very much alive.
These unscrupulous individuals exploit the initial information void that exists before an official obituary is published to disseminate fake obituaries across several bogus memorial sites.
Visitors to these sites are redirected to spam or fooled into downloading malware. The phishers appear to be using the deaths of individuals at target companies so they can find ways into the organization via malware downloaded onto tricked colleagues' devices.
DIY cybersecurity kit: Examine the URLs clicking to judge if it appears to be a legitimate publication or source. NOTE: GenAI and other tools empower phishers to rapidly build increasingly sophisticated spoof sites, so consider tapping an additional layer of website browsing protection that can automatically flag potentially malicious sites.
The phishers appear to be using the deaths of individuals at target companies so they can find ways into the organization via malware downloaded onto tricked colleagues' devices.
An elusive malware dubbed 'Sign1' has infected about 39,000 sites, causing disruptive ads and redirects for site visitors. The malware infiltrates WordPress sites via custom HTML widgets and legitimate plugins and uses random URLs that change every 10 minutes to avoid detection.
DIY cybersecurity kit: Fend off such attacks by creating robust admin passwords, keeping plugins up-to-date, and minimizing excess add-ons that may present vulnerabilities.
Microsoft revealed that a breach by Russian hackers, known as Cozy Bear or Midnight Blizzard, was more extensive than initially believed, involving access to Microsoft source code and internal systems.
The attack, which began in November, stemmed from a compromised test system and escalated to infiltrate emails of senior executives. Microsoft assures that customer-facing systems remain uncompromised, concern lingers over the hackers' persistence and ability to leverage stolen information.
The company is intensifying security measures in response to the ongoing threat, illustrating the evolving and complex landscape of sophisticated nation-state cyber attacks.
DIY cybersecurity kit: Keep all Microsoft systems (and all systems in general) up-to-date with the latest free updates and patches as soon as they are available.
A group identified as 'Narwhal Spider' recently tricked several organizations into downloading access malware hidden in phony legal invoices, which might signal larger, forthcoming cyber-attacks.
This latest scheme involved a phishing campaign where the group's deceptive emails contained malicious PDFs designed to look like genuine invoices for legal services.
DIY cybersecurity kit: Watch for suspicious traffic patterns, unusual influxes of external PDF invoices, and provide proper phishing awareness training for employees. Indeed, research has shown that 95% of cyber incidents are due to human error.
Streaming device company Roku has revealed a data breach affecting over 15,000 accounts, allowing hackers to access stored credit card information and make unauthorized purchases of streaming subscriptions.
The breach, likely resulting from credential stuffing tactics using information from previous data breaches, prompted Roku to secure affected accounts, reset passwords, and cancel/refund unauthorized purchases.
DIY cybersecurity kit: While sensitive information like social security numbers and full payment account numbers weren’t compromised in the attack, users are advised to change their Roku passwords and monitor for any unauthorized activity on their accounts.
A cybercrime campaign known as 'PhantomBlu' is targeting US-based Microsoft Office users, mimicking an accounting service to deliver an undetectable remote access trojan (RAT).
Designed to evade detection by appearing as legitimate software, the attackers' emails invite recipients to download a Microsoft Word file supposedly containing their 'monthly salary report.' This infected file eventually delivers the sinister NetSupport RAT, notorious for conducting surveillance, capturing data, taking over system resources, and spreading within networks.
DIY cybersecurity kit: PhantomBlu seeks to exploit employee trust, and as always, training and awareness are key defenses against such schemes. Email phishers are tapping increasingly sophisticated methods to fool users, so consider employing additional inbox defenses.
Designed to evade detection by appearing as legitimate software, the attackers' emails invite recipients to download a Microsoft Word file supposedly containing their 'monthly salary report.'
Hackers recently commandeered the Belgian Grand Prix's official contact email, tricking fans with a €50 voucher scam on a phony site. According to race organizers, the criminals hijacked the email on March 17, and subsequently sent deceitful emails promising race ticket vouchers in exchange for personal and banking details.
DIY cybersecurity kit: In the event that a legitimate account is hacked, phishers will send people to their own accounts (often not associated with the legitimate site). Take a look at the URL to see if it’s a match. NOTE: sometimes phishers will go to the trouble to secure a website that resembles a legitimate site, e.g., the letter O is replaced with a zero. You should also implement automated, up-to-date browsing defenses to detect and flag users to potential issues.
The security researchers at CISPA Helmholtz-Center for Information Security have discovered 'Loop DoS,' a new denial-of-service attack that can engulf network services in a perpetual communication loop, generating vast volumes of traffic. The attack, which affects nearly 300,000 hosts, exploits a vulnerability (CVE-2024-2169) in the User Datagram Protocol (UDP).
DIY cybersecurity kit: To safeguard against Loop DoS, CERT/CC recommends regularly updating software, disabling unnecessary UDP services, employing TCP or request validation, setting up anti-spoofing solutions, and implementing Quality-of-Service measures to cap network traffic.
A potentially devastating ransomware attack supposedly perpetrated by the LockBit cybercrime gang has reportedly leaked 668GB of critical national pension data in South Africa. While allegations of the breach remain under investigation, the incident has sparked concerns regarding the organization's security posture and system resilience.
DIY cybersecurity kit: To resist ransomware attacks, experts recommend enforcing proactive strategies, such as using multifactor authentication, maintaining current backups, applying endpoint protection and threat detection capabilities, managing vulnerabilities, and securing management and administrative interfaces of public-facing applications.
In a recent advisory, the White House has highlighted the growing cybersecurity threats posed by Chinese and Iranian threat groups to US water and wastewater systems. It has urged stakeholders in these sectors to urgently review their cybersecurity practices and establish strategies to mitigate risk and respond to attacks.
The memo points to incidents like the November attack on Pennsylvania's Municipal Water Authority by an Iran-sponsored group, as an indication of potential damage that could be posed by targeting water systems.
DIY cybersecurity kit: For most of us, there’s unfortunately not much to do when it comes to state-sponsored cyber warfare. For water systems, authorities recommend stringent separation of IT and OT environments to contain damage in cases of successful attacks.