ALERT:  Fake Retail Apps for iPhone and Android

The New York Times has issued a warning to the public about a new kind of ID theft:  App ID Theft…just in time to deceive holiday shoppers!

Every holiday season, “retail apps” become popular.  Starbucks started the trend, but others have since copied.

Both Apple’s App Store and Google Play are getting crowded with fake “imposter” apps.

The counterfeiters are masquerading as big retail chains like Dollar Tree and Foot Locker, big department stores like Dillard’s and Nordstrom, online product bazaars like Zappos.com and Polyvore, and luxury-goods makers like Jimmy Choo, Christian Dior and Salvatore Ferragamo.

The fake apps trick you into dowloading them to your smartphone or tablet, and ask you to load your credit card.

5 Things to Remember When Downloading Apps:

1. Be very judicious in deciding what app to download.  Better safe than sorry!
2. If you decide to download an app, first check the reviews.  Apps with few reviews, or bad reviews, are a big Red Flag!
3. Never click on a link in any email to dowload a new app.  Only go to the website of the retailer to get the link to the legit app on the AppStore or Google Play.
4. Give as little information as possible if you decide to use an app.
5. Be very, VERY, reluctant to link your credit card to any app!

For more information on the New York Times’ warning, go to: http://www.nytimes.com/2016/11/07/technology/more-iphone-fake-retail-apps-before-holidays.html

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

New Locky Ransomware Released

There seems to be a new Locky ransomware phishing attack released this past week.

The emails claim to be “credit card suspended” or “suspicious money movement” warnings.

Graham Cluley reports:

“In the last few days there have been a spate of spammed-out attacks using similar techniques to dupe unwary internet users into clicking on an attachment that will lead to their Windows PC being infected with the notorious Locky ransomware.”

This attack is now using threats claiming that there have been “suspicious movements” of funds out of your bank account and/or that your credit card account has been suspended.

Here are a couple of examples of the phishing emails being received:

1.  “Suspicious movements” email:

2.  “Suspended card” email:

Attached to the email is a ZIP file containing a malicious Javascript file (.JS) that, once opened, downloads that most recent version of the Locky ransomware from a remote server.

The Locky CyberCriminals are extremely well-organized, and highly automated.  They change the names and contact details used in these phishing emails, so you cannot rely on them being the same.  Ransomware is CyberCrime’s most successful and lucrative business model, so you can count on the threat being around for a long time.

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:  Another Tech Support Scam Making the Rounds

Tech support scams are getting more and more sophisticated.  

Security giant Symantec states, “These scams remain one of the major and evolving forces in the computer security landscape.  Between January 1 and April 30 this year, the Internet Crime Complaint Centre (IC3) received 3,668 complaints related to tech support scams, which amounted to adjusted losses of almost US $2.27m.”  And that’s just in the U.S.

Now, there’s a new scam that’s popping up on computer monitors everywhere.

The scam starts when the victim unknowingly visits a compromised website.  Then, according to Symantec, “the web page displays a fake ‘hard drive delete timer’ that warns the user that their hard drive will be deleted within five minutes.  A warning audio tone is also played in the background, which again warns the user that their system is infected.”

Victims then receive a popup “alert” on their monitor, claiming to be from the victims’ “Internet Service Provider”, or Microsoft, or something similar.  The popup ‘alert’ states it is warning the user that their hard drive will be wiped of all data…unless, of course, they call the fake customer support number (which of course they are nice enough to provide you with).  

Another variation is that your screen goes blue, and claims that your computer needs to be repaired.

DO NOT call any numbers provided to you via popups.  Do NOT click on any links.  Do NOT open any attachments.

If you think the warning might be legitimate, call your Internet provider, or whoever the popup is claiming to be from…but look up the phone number yourself.  Or go to their website by typing their website into the address bar yourself.  Never call numbers provided, click on links, or open attachments.

From January 1, 2016 through October, Symantec has blocked more than 157 million tech support scams.  

The U.S., UK, and Canada were the countries targeted the most by tech support scams.

 

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:  Exotic Ransomware

New ransomware strain released by “EvilTwin” or “Exotic Squad” was discovered in early October.

Although the ransomware looks like all the other ransomware on the surface, in looking deeper, it could prove VERY annoying in the future.

The Exotic Ransomware will encrypt all files, just like other ransomware.  What it does differently than other ransomware, is that it also ecrypts executables in targeted folders on a victim’s computer, which makes the programs unusable.  Then it will hit the Desktop twice, making it appear although it was continuously monitoring for new files.

The encrypted files will then look similar to the ones below, when you go to look for them:

The ransomware will then download a background image for the lockscreen & display the lock screen similar to below:

When the timer reaches 0, Exotic will shutdown the computer.  

The ransomware appears to be in the development state, with 3 variants released over 3 days.  The latest contains the Jigsaw Ransomware-like screenlocker ransom note that demands $50 USD to decrypt the files.  

You shouldn’t be seeing it too much yet.  But you can bet it’s being geared up for widespread release soon!

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:  Brad Pitt Suicide Scam

CyberCriminals are opportunistic, and the sensationalized divorce between Brad Pitt and Angelina Jolie has been used by CyberCriminals for a “celebrity death hoax”, which is unfortunately very lucrative for them.

There are several variants, some claiming it was a hanging, others that he died in a shooting range suicide, or a substance overdose.  The scam is currently on Facebook, but you can expect emails with links for “more details” and/or attachments that claim it is a video of his last moments.

Here is one version that making the rounds:

“Brad Pitt, 52, a multi-awarded American actor & husband of Angelina Jolie, 41, shot himself in the head at a shooting range on Sunday.  He was under significant stress because the couple ‘were going through a divorce and he had a history of depression’, sources have said.”

Do not click on any links, or open any attachments, from someone that you do not know, or cannot confirm the source.  Do not click on any ads or posts that claim to have insider information about a celebrity’s last moments, or videos, etc.

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

Old Ransomware Strain Spreading Through Cloud

An obscure 2-year old ransomware strain is rearing its ugly head, with a REALLY ugly twist

Normally, ransomware is spread through email phishing attacks, exploit kits, removable drives (USB sticks, etc.), or external network shares.  However, Virlock is a weird version of ransomware that not only encrypts files, but converts them into a file infector (similar to a virus).  It not only infects the usual documents and image-related files, but infects binary files as well.

If that wasn’t enough, Virlock also effectively weaponizes every data file it encrypts, converting each one into a propagation vehicle for the malware itself.  This means that the encrypted data files don’t just sit there, but they are used to spread the malware joy to other users through file sharing schemes.  It can even be spread via cloud storage and collaboration apps.  

How does this work?  Like this:

User A and User B are collaborating through the cloud storage app Box, using a folder called “Important”.  Both users have some of the files within the folder synced to their own machine.

User A falls for a social engineering attack, and get infected with Virlock ransomware on their own machine, encrypting all their files.  It also, at the same time, turns the files into new Virlock infector files, including the files which are synced on Box.  So, Virlock also spreads to the cloud folder and infects the files stored there which, in turn, get synced to User B’s machine.  

Now, User B clicks on any of the files in the shared folder on their box, the infected Virlock file is executed, and the rest of the files on the machine of User B become infected.  The infected files on User B’s machine now become Virlock infectors just like a virus.  

The bonus:  The scenario isn’t just limited to User A and User B, but will extend to all the users of an enterprise who are collaborating with each other.  Clever AND efficient.  

Like other ransomware strains, Virlock asks the victim for a Bitcoin payment in order to release their machine.  However, Virlock claims to be an “anti-piracy warning” from the FBI.  The message received by the victim states that pirated software has been found on their computer and threatens them with prison and/or a $250,000 file if they don’t pay a $250 “first-time offender” fine.  The message may look similar to the one below:

Unfortunately this social engineering method is tried-and-true, and has proven to be a money-maker for the CyberCriminals in past years in an effort to spook victims into paying their “fines” quickly.

The REALLY bad part of this ransomware?  It has a high possibility of reinfection.  Usually organizations pay Bitcoin ransoms trusting that they’re going to get their files back & not be reinfected with the same ransomware.  However, the strength of this ransomware strain is also its weak point.  Miss one infected file on some share that most admins forgot about…and sorry, you’re reinfected.

 

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

Phishing for Apples

 

Phishing attacks using fake Apple Store messages, fake landing pages, and sometimes fake login pages are a popular attack vector.  

 

They still make it through filters, as witnessed by the hundreds of reports every day.  These CyberCriminals are pros located in Eastern Europe, and test out their phishing emails in the UK.  Once all the bugs are ironed out, they set free the ‘polished’ attack on the US and Canada.

This one is particularly evil…and well-done.  

It may look similar to the email below:

Victims are receiving a fake Apple Store “refund request”, to trick users into trying to prevent getting charged for something they did not buy.  The CyberCriminals ask you to fill out a page with your full address and credit card information so you “will not get charged”.  If you or a friend or family member would fall for this trick, it’s highly likely that your credit card would get fraudulently charged up very quickly.

If you receive a “refund request” from any company, contact the company directly from the phone number or email contained on the website.  Do NOT click on any attachments, links, or use any email addresses and/or phone numbers provided in emails.  Although the contacted phone number and/or email may look/sound legit…these CyberCriminals are good!

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

Yahoo Hack Extends Further Than Just Passwords

Yahoo recently went public regarding “information associated with at least 500 million user accounts was stolen from its network in 2014 by what it believed was a “state-sponsored actor.”  The data stolen may have included names, email addresses, telephone numbers, dates of birth, and hashed passwords (the vast majority with the relatively strong bcrypt algorithm) but may not have included unprotected passwords, payment card data or bank account information, the company reported at the time.  Later on, Yahoo disclosed that more credentials were stolen and that more data (credit cards) was exfiltrated than was known at the time of the discovery.  

Yahoo is working with law enforcement on the matter, and has launched an investigation into a possible breach in early August after a Russian hacker named “Peace” offered to sell a data dump of over 200 million Yahoo accounts on the darknet for a mere $1,800 which included usernames, easy-to-crack password hashes, dates of birth, and backup email addresses.  

Why Should You Worry?

Well, if you change your password regularly (every month or so), and use difficult to guess passwords (ie. NOT “123456” or “password”, or even the ever-popular “abc123”), then you should be good initially (unless, of course, they have your credit card info, in which case you should cancel your cards immediately).  However, the hackers aren’t quite done with you…

1. Phishing attacks will likely be the number one strategy, with Yahoo user accounts being used for social engineering attacks.  These are usually highly successful, and lucrative, for hackers.
2. However, since many people use the same username & passwords across multiple sites, the other attack you have to watch for is “credential-stuffing”.  This is a brute-force attack where attackers inject stolen usernames and passwords into a website until they find a match using the stolen Yahoo username and passwords.
3. Yahoo has put a security announcement on their website, and has started to send users notices that they need to change their password.  CyberCriminals were grateful, I’m sure, as they are going to spoof this and rake in the money.  The emails being sent out look similar to below:

Subject:  Your Yahoo account

The security of your Yahoo account, [Name], is important to us.  Out of an abundance of caution, we are asking you to change your password.  We are committed to protecting the security of our user’s information, and we take measures like this when appropriate in light of reported security issues or suspicious activity on an account.

We encourage you to take the following steps:

1.  Sign into your account and change your password:

https://login.yahoo.com/account/change-password

2.  Visit our Help Page for information on safeguarding your account:

https://help.yahoo.com/kb/account/safeguard-yahoo-account-sln2080..html

Or

Start using Yahoo Account Key and never get locked out from forgetting or losing your password.  Yahoo Account Key is a convenient way to control access to your account, and it’s more secure than a traditional password because once you activate Account Key – even if someone gets access to your account info – they can’t sign in.

https://login.yahoo.com/account/security/mc-yak-optin

Yahoo

How To Protect Yourself:

1. Do NOT click on any links contained within an email, even if the email looks legit.  Type in the address yourself into your browser bar.
2. Do NOT phone any phone numbers contained within an email.  Look up the phone number yourself, directly on the company website.  
3. Do NOT use the same usernames and passwords on multiple accounts.  Using the same password on multiple accounts is an invitation to get hacked.  If you did use your Yahoo passwords on other sites, go to those sites, and change those passwords there too.  Also change the security questions and make the answers non-obvious.
4. Use a free password manager that can generate hard-t0-hack passwords, keep, and remember them for you.
5. Watch out for phishing emails that relate to Yahoo in any way, especially if they ask you to click on links, or if they are asking for information.
6. Now would be a good time to sign up for Yahoo Account Key – a simple authentication tool that eliminates the need to use a password altogether.  

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT: Tech Support Scam Email

Many online service providers like Microsoft, Google, Facebook, Twitter, and PayPal have adopted a policy to warn users via email when there is a possible security-related event like “unusual sign-in activity”.

Unfortunately, CyberCriminals have copied these emails, and using it as a new attack vector for a tech support scam.

These new “phishing” emails point victims to a 1-800 number where either a scammer picks up, or the victim gets sent to voice mail hell for a while, and their number is queued for a fraudulent follow-up call like the one below.

Here is a real example of such a call:  http://cdn2.hubspot.net/hubfs/241394/phone_phish.mp3

If you decide to call any company, go to their website and call the number listed there.  Never use a phone number from any email you may have received.

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

Another Apple Hack

 

As I.T. professionals, we hear it all the time – Macs don’t get viruses, Apples can’t get hacked, Macs don’t need antivirus, etc. etc. etc.

 

In the past couple of weeks, hackers have identified ways to severely compromise your Apple devices.  

1. First with iPhones:  By clicking on a link in a text, hackers could take your device over in the background, accessing your data and cameras, potentially spying on you and everything you do on your device.
2. More recently, the same exploit has come out for Mac devices.  So your laptop or computer could be taken over as well.

Apple has released updates for the exploits (aka hacks), so if you get an update notification, install it!  If you aren’t sure if you’re up-to-date, check as soon as possible.

To update your software on your computer, go to the App store-> Updates-> install Security Update 2016-001 10.11.16.

If you have yet to update the software on your iPhone or iPad, you can do so by going to Settings -> General -> Software Update, and upgrade to iOS 9.3.5.

For the full article, read here:  http://www.telegraph.co.uk/technology/2016/09/02/apple-issues-urgent-security-update-after-hack-turns-mac-compute/

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks