The Growing Threat of Elder Fraud and How to Protect Against It
Cybercrimes against the elderly are on the rise. Here are some of the most common scams and tips on protecting yourself.
Welcome to the September edition of Upfort’s Threat Matrix, your essential guide to cybersecurity news tailored for small business owners. In this edition, we cover new sophisticated info-stealing campaigns, a huge US federal government data breach impacting 31 million people, how scammers are (of course) trying to take advantage of Hurricane Helene recovery efforts, and how you can protect yourself!
Want to help keep your company safe? It only takes two minutes to complete our interactive cybersecurity checklist to tell how prepared you are. Or take a free cyber security risk assessment, which taps Upfort’s state-of-the-art AI to surface exploitable vulnerabilities in your network.
A cybercriminal group known as “Marko Polo” launched a malware operation targeting cryptocurrency users and gamers. The group distributed malware through targeted spearphishing emails via direct messages on social media platforms to reach high-value targets such as cryptocurrency influencers, gamers, software developers, and other people likely to handle valuable data or assets.
Victims are lured into downloading malicious software by interacting with what they are tricked into believing are legitimate job opportunities or project collaborations. The malware meticulously harvests sensitive data such as account credentials, financial information, and other digital assets stored within browsers and cryptocurrency wallets.
According to security researchers tracking the Marko Polo operation, the malware campaign has impacted thousands, with potential financial losses in the millions.
How to defend yourself: Educate staff on recognizing phishing emails and avoiding suspicious links, as awareness is the first line of defense. Implement multi-factor authentication (MFA) for all business accounts to add an extra layer of security.
Recent reports highlight a new strain of infostealer malware that effectively bypasses Google Chrome's updated defenses against cookie theft. This advanced malware exploits vulnerabilities within the Chrome browser to steal session cookies, which can then be used to hijack user sessions and gain unauthorized access to sensitive accounts and data. By circumventing Chrome’s latest security measures, the malware can continue siphoning off critical information such as usernames, passwords, and other private data from online accounts.
Security researchers have observed that this malware leverages sophisticated techniques to extract cookie data directly from Chrome’s encrypted cookie store, making traditional security measures less effective.
How to defend yourself: As of writing, much is still unknown such as how the malware bypasses App-Bound Encryption. Be sure to update Chrome as soon as a patch is made available.
The U.S. Centers for Medicare & Medicaid Services (CMS) has disclosed a major data breach that exposed the personal information of 31 million individuals. Hackers exploited a vulnerability in the agency’s MOVEit software, leading to unauthorized access to sensitive data, including Social Security numbers and medical records. The breach raises significant concerns over privacy and the security of government-held healthcare information.
How to defend yourself: Monitor your accounts for suspicious activity, consider credit monitoring services, and report any fraudulent activity to authorities.
Cybercriminals are now using AI-generated malware in targeted attacks, making it harder for traditional security tools to detect and block these threats. The malicious code, crafted by AI, mimics human-written malware but with enhanced evasion techniques, allowing hackers to bypass cybersecurity defenses and infiltrate networks more effectively. This advancement signals a concerning shift in the capabilities of malware authors and the sophistication of future attacks.
How to defend yourself: Strengthen defenses by utilizing advanced threat detection tools that leverage AI and machine learning to counter evolving malware tactics.
A security vulnerability in Kia's dealer portal was discovered that could allow attackers to remotely access and control millions of Kia vehicles. This flaw could be exploited to unlock doors, start engines, and track vehicle locations without the owner’s consent. The potential impact of such an attack could lead to serious safety concerns, vehicle theft, and privacy violations for millions of car owners.
How to defend yourself: Keep your car's software updated, and ensure any vulnerabilities identified by the manufacturer are promptly addressed.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about fraudulent schemes targeting individuals and businesses affected by Hurricane Helene. Scammers are using phishing emails, fake charity websites, and impersonation tactics to exploit those seeking aid in the wake of the disaster. These scams can lead to the theft of personal information or financial loss, compounding the challenges already faced by storm victims.
How to defend yourself: Be cautious of unsolicited emails or calls, verify charities before donating, and avoid sharing sensitive information with unverified sources.