ALERT:  WordPress Website Hack

 

An alarming number of websites built with popular website-building tool, WordPress, have been hacked, and are delivering the TeslaCrypt ransomware to unsuspecting victims.  

Malware researchers from Malwarebytes and other security firms have reported that a massive number of legit WordPress sites have somehow been compromised, and are silently redirecting visitors to sites with Nuclear Exploit Kit.  As of press time, it is unclear how the WordPress websites are getting infected, but is highly likely that there is a new vulnerability that is being exploited in either WordPress, or one of its plugins.

Malwarebytes Senior Security Researcher Jérôme Segura stated in a blog released last week:

“WordPress sites are injected with huge blurbs of rogue code that perform a silent redirection to domains appearing to be hosting ads.  This is a distraction (and fraud) as the ad is stuffed with more code that send visitors to the Nuclear Exploit Kit.”

The attack tries to conceal itself, and the code forces visitors to be redirected through a series of sites before dropping the ransomware payload.  Once a WordPress server is infected, the malware also installs a variety of backdoors on the machine.

 

What to do if You Run WordPress:

1. Update server Operating Systems (OS).
2. Update WordPress.
3. Delete any plugins you are not actively using, and update patches on any plugins you currently use.
4. Update all your WordPress instances at the same time to prevent cross-infections.  
5. Lock down all WordPress instances with a very strong password, as well as the WordPress 2-factor authentication

How to Protect Your Website Visitors:

1. Keep workstation Operating Systems (OS) and 3rd party apps updated at all times.
2. Backup your data and keep daily off-site backups.  TEST your backups, and if your restore function actually works (this is often overlooked).
3. Provide end-users with the 64-bit version of Google Chrome if possible.
4. Run the latest V5.5 of Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) on workstations.
5. Provide Security Awareness Training.

Not sure if your company is safe?  Ask us for a FREE Network Security Assessment!

Check out our “Email Red Flags”  for what to watch for in suspicious emails. 

Ask us about our “Core Security Solutions” package!

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:

Your Stolen iPhone Has Been Found

 

The enormous sales of Apple products, also mean that they are a huge target for theft.

Between 3 and 4 million smartphones are stolen every year.  

If you’re like most people your phone tends to be a little bit of everything:  a photo album, a diary, wallet, gaming machine, bank account, and more.  Most people have their entire work and private lives on these devices which can cost up to a thousand bucks.  The cost of losing your phone just starts with the cost of replacement…just take a moment to think about all the personal and financial information your phone contains.  Losing it can feel like a disaster.

CyberCriminals count on this panic, and use it for their gain.  They count on the person wanting to avoid the personal and financial loss, in order to use social engineering against them.  

In this new iPhone scam, people are victimized twice:

1. Your iPhone gets stolen.
2. You go online, and turn on the ‘Find My iPhone’ Activation Lock.
3. Shortly afterwards, you receive an email that your iPhone has been found, but you need to go to this website (they provide a link) and verify your Apple ID.  
4. You click on the link provided, and enter into your Apple ID credentials.

The link that was provided, was to a fake Apple iCloud site.  When you entered your information, you gave all the information that the CyberCriminals needed to now own your account and unlock the phone.  The CyberCriminals are now free to sell the phone.

There is nothing else for you to do, other than to go to Apple (go to the Apple site, or type in the address into the address bar manually – Not the one provided in the email).  Change your password, and set up a 2-factor verification for your account.

Your iPhone (or iPad) is gone forever.

 

How CyberCriminals Do This:

Since the release of iOS7, Apple has made it entirely possible for CyberCriminals to reset and reformat your iDevice without your iCloud Username and Password.  They simply send an iMessage to the email address that it said it had been locked by, as the default iOS settings mean you can send & receive iMessages to email addresses with an Apple ID.

It’s important to note that iCloud does not provide an IP address or any other details which will help you actually identify your thief.  It basically shows you a map of the general vicinity of the location of the stolen item (could be 1-3 city blocks), and that’s all.  

What to do if Your iPhone (or iPad) is Stolen:

1. Do Not respond to, or click on links, from an address you do not recognize claiming your phone was found.  
2. Do not click on any links, or open any attachments provided.  Do not call any phone numbers that the message may give you.  
3. Do not log into any site that you get within an message like this, and do not provide your username and password, or any other credentials.
4. DO follow the procedures you were given by your phone manufacturer.  If you do not know the procedure, go directly to the manufacturer website to find out.
5. For Apple go to:  https://support.apple.com/en-ca/HT204315
6. Deactivate the phone with your wireless provider to prevent the theif from running up a lot of charges on your bill.  Some providers will deactivate your device on their network, which prevents a thief from just resetting the device and slapping in a new SIM card.  Note:  Once you deactivate service, you won’t be able to communicate with your iPhone via ‘Find My iPhone’.  
7. Start taking steps to prevent the criminals from accessing your personal information.  Visit the website for every app and service on your phone, and see if they have the option to logout other devices, revoke tokens, or de-register mobile devices.  This will prevent the thief from simply firing up an app or website and using your saved login info.
8. File a police report.  It’s unlikely that the police will act upon the theft, but it is important to document the theft, especially if the device turns up later.  Be sure to include a unique identifyer for your device (phone number or serial number).
9. Change any passwords for email, Facebook, etc.  
10. Inform your family, friends, coworkers, and all contacts in your address book.  It’s possible that the thief may try to impersonate you through social media or via SMS on a different phone. By letting them know, you can prevent them from being victimized as well by a phone/email scam.

Not sure if your company is safe?  Ask us for a FREE Network Security Assessment!

Check out our “Email Red Flags”  for what to watch for in suspicious emails. 

Ask us about our “Core Security Solutions” package!

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:

Dell Tech Support Service Tag Hack

 

A number of people using Dell PCs have been contacted by scammers claiming to be Dell Tech Support who had PC-specific data that only Dell could have had.  

 

Every Dell PC sold has a unique service tag number, which the CyberCriminals have gotten somehow.  

Dell posted a warning in October about this phone scam, but did not mention a service tag number hack.  Dell apparently does not know what is going on, and is “investigating”.  

The scam goes something like this…

People are receiving phone calls reporting to be from “Dell Tech Support”.  They have all the correct personal information, including your name, contact numbers, emails, and address, including the computer-specific service tag number, and any ‘ticket’ numbers assigned to any phone calls you made to Dell support, including the issue that the phone calls were about.

They try to manipulate people into downloading software onto their computer that will give the fake “support” access to their computer.  They will not “fix” anything, but you will receive a huge credit card invoice, and may have ransomware infecting your computer.

Ars Technica reports several stories indicating a possible security breach.  

1. Joseph B. called Dell about a problem with his optical drive.  A few months later, he received a call from a CyberCriminal who knew exactly what his problem was (optical drive), his service tag number, computer model and serial number, and other customer-specific information.  
2. Patrick Z. reported on a Dell U.S.A Customer Care Board about receiving similar calls.  He stated the CyberCriminals knew his full name, email address, city, phone number, computer service tag, and a real Dell ticket number.  He called the scammers back at the number they provided, and they answered “Dell Software Support”.  Patrick Z. hung up & called Dell support directly [using a publicly available phone number, such as on the Dell website].  When he asked company reps to explain how CyberCriminals had so much information about him, a company employee answered “Dell is aware of this and other complaints and is investigating.  No, there will not be a public post/blog.  We consider this closed from a Forum perspective.”
   
3. DJ, an unhappy customer posted in June 2015 that [other than a hack], there is no other way the person would have had my name, cell phone number, and know I had a Dell computer if it didn’t come from your company…”

In a 10ZenMunkeys’ blog post published Jan. 4/16, the author reported he had been contacted by CyberCriminals who knew of every problem the author had ever called Dell about.  None of the problems had ever been discussed in public forums, leading the author to share the suspicion that proprietary Dell data had somehow been breached.  The author reports that the CyberCriminals instructed to enter their domain name into the author’s “Run window”, which would have re-directed to a site to download software to allow remote access to their computer.

There are several other Dell customer complaints regarding the same type of scenarios.   

 

If you receive a phone call reporting to be tech support (from ANY company), and they request you to confirm personal/payment information, or to grant them access to your computer —

HANG UP…IMMEDIATELY.

Delete any email they might send you with similar claims.

 

ONLY give out personal information, if you have initiated the call, and looked up the main company number yourself on the company’s main website.  

Do NOT rely on information in pop-ups, ads, in general internet searches, or on another website or forum, unless you can verify it is a valid source and verify it is a valid phone number for that company.  

 

Not sure if your company is safe?  Ask us for a FREE Network Security Assessment!

Check out our “Email Red Flags”  for what to watch for in suspicious emails. 

Ask us about our “Core Security Solutions” package!

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks