ALERT:  WordPress Website Hack

 

An alarming number of websites built with popular website-building tool, WordPress, have been hacked, and are delivering the TeslaCrypt ransomware to unsuspecting victims.  

Malware researchers from Malwarebytes and other security firms have reported that a massive number of legit WordPress sites have somehow been compromised, and are silently redirecting visitors to sites with Nuclear Exploit Kit.  As of press time, it is unclear how the WordPress websites are getting infected, but is highly likely that there is a new vulnerability that is being exploited in either WordPress, or one of its plugins.

Malwarebytes Senior Security Researcher Jérôme Segura stated in a blog released last week:

“WordPress sites are injected with huge blurbs of rogue code that perform a silent redirection to domains appearing to be hosting ads.  This is a distraction (and fraud) as the ad is stuffed with more code that send visitors to the Nuclear Exploit Kit.”

The attack tries to conceal itself, and the code forces visitors to be redirected through a series of sites before dropping the ransomware payload.  Once a WordPress server is infected, the malware also installs a variety of backdoors on the machine.

 

What to do if You Run WordPress:

1. Update server Operating Systems (OS).
2. Update WordPress.
3. Delete any plugins you are not actively using, and update patches on any plugins you currently use.
4. Update all your WordPress instances at the same time to prevent cross-infections.  
5. Lock down all WordPress instances with a very strong password, as well as the WordPress 2-factor authentication

How to Protect Your Website Visitors:

1. Keep workstation Operating Systems (OS) and 3rd party apps updated at all times.
2. Backup your data and keep daily off-site backups.  TEST your backups, and if your restore function actually works (this is often overlooked).
3. Provide end-users with the 64-bit version of Google Chrome if possible.
4. Run the latest V5.5 of Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) on workstations.
5. Provide Security Awareness Training.

Not sure if your company is safe?  Ask us for a FREE Network Security Assessment!

Check out our “Email Red Flags”  for what to watch for in suspicious emails. 

Ask us about our “Core Security Solutions” package!

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:

Your Stolen iPhone Has Been Found

 

The enormous sales of Apple products, also mean that they are a huge target for theft.

Between 3 and 4 million smartphones are stolen every year.  

If you’re like most people your phone tends to be a little bit of everything:  a photo album, a diary, wallet, gaming machine, bank account, and more.  Most people have their entire work and private lives on these devices which can cost up to a thousand bucks.  The cost of losing your phone just starts with the cost of replacement…just take a moment to think about all the personal and financial information your phone contains.  Losing it can feel like a disaster.

CyberCriminals count on this panic, and use it for their gain.  They count on the person wanting to avoid the personal and financial loss, in order to use social engineering against them.  

In this new iPhone scam, people are victimized twice:

1. Your iPhone gets stolen.
2. You go online, and turn on the ‘Find My iPhone’ Activation Lock.
3. Shortly afterwards, you receive an email that your iPhone has been found, but you need to go to this website (they provide a link) and verify your Apple ID.  
4. You click on the link provided, and enter into your Apple ID credentials.

The link that was provided, was to a fake Apple iCloud site.  When you entered your information, you gave all the information that the CyberCriminals needed to now own your account and unlock the phone.  The CyberCriminals are now free to sell the phone.

There is nothing else for you to do, other than to go to Apple (go to the Apple site, or type in the address into the address bar manually – Not the one provided in the email).  Change your password, and set up a 2-factor verification for your account.

Your iPhone (or iPad) is gone forever.

 

How CyberCriminals Do This:

Since the release of iOS7, Apple has made it entirely possible for CyberCriminals to reset and reformat your iDevice without your iCloud Username and Password.  They simply send an iMessage to the email address that it said it had been locked by, as the default iOS settings mean you can send & receive iMessages to email addresses with an Apple ID.

It’s important to note that iCloud does not provide an IP address or any other details which will help you actually identify your thief.  It basically shows you a map of the general vicinity of the location of the stolen item (could be 1-3 city blocks), and that’s all.  

What to do if Your iPhone (or iPad) is Stolen:

1. Do Not respond to, or click on links, from an address you do not recognize claiming your phone was found.  
2. Do not click on any links, or open any attachments provided.  Do not call any phone numbers that the message may give you.  
3. Do not log into any site that you get within an message like this, and do not provide your username and password, or any other credentials.
4. DO follow the procedures you were given by your phone manufacturer.  If you do not know the procedure, go directly to the manufacturer website to find out.
5. For Apple go to:  https://support.apple.com/en-ca/HT204315
6. Deactivate the phone with your wireless provider to prevent the theif from running up a lot of charges on your bill.  Some providers will deactivate your device on their network, which prevents a thief from just resetting the device and slapping in a new SIM card.  Note:  Once you deactivate service, you won’t be able to communicate with your iPhone via ‘Find My iPhone’.  
7. Start taking steps to prevent the criminals from accessing your personal information.  Visit the website for every app and service on your phone, and see if they have the option to logout other devices, revoke tokens, or de-register mobile devices.  This will prevent the thief from simply firing up an app or website and using your saved login info.
8. File a police report.  It’s unlikely that the police will act upon the theft, but it is important to document the theft, especially if the device turns up later.  Be sure to include a unique identifyer for your device (phone number or serial number).
9. Change any passwords for email, Facebook, etc.  
10. Inform your family, friends, coworkers, and all contacts in your address book.  It’s possible that the thief may try to impersonate you through social media or via SMS on a different phone. By letting them know, you can prevent them from being victimized as well by a phone/email scam.

Not sure if your company is safe?  Ask us for a FREE Network Security Assessment!

Check out our “Email Red Flags”  for what to watch for in suspicious emails. 

Ask us about our “Core Security Solutions” package!

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:

Dell Tech Support Service Tag Hack

 

A number of people using Dell PCs have been contacted by scammers claiming to be Dell Tech Support who had PC-specific data that only Dell could have had.  

 

Every Dell PC sold has a unique service tag number, which the CyberCriminals have gotten somehow.  

Dell posted a warning in October about this phone scam, but did not mention a service tag number hack.  Dell apparently does not know what is going on, and is “investigating”.  

The scam goes something like this…

People are receiving phone calls reporting to be from “Dell Tech Support”.  They have all the correct personal information, including your name, contact numbers, emails, and address, including the computer-specific service tag number, and any ‘ticket’ numbers assigned to any phone calls you made to Dell support, including the issue that the phone calls were about.

They try to manipulate people into downloading software onto their computer that will give the fake “support” access to their computer.  They will not “fix” anything, but you will receive a huge credit card invoice, and may have ransomware infecting your computer.

Ars Technica reports several stories indicating a possible security breach.  

1. Joseph B. called Dell about a problem with his optical drive.  A few months later, he received a call from a CyberCriminal who knew exactly what his problem was (optical drive), his service tag number, computer model and serial number, and other customer-specific information.  
2. Patrick Z. reported on a Dell U.S.A Customer Care Board about receiving similar calls.  He stated the CyberCriminals knew his full name, email address, city, phone number, computer service tag, and a real Dell ticket number.  He called the scammers back at the number they provided, and they answered “Dell Software Support”.  Patrick Z. hung up & called Dell support directly [using a publicly available phone number, such as on the Dell website].  When he asked company reps to explain how CyberCriminals had so much information about him, a company employee answered “Dell is aware of this and other complaints and is investigating.  No, there will not be a public post/blog.  We consider this closed from a Forum perspective.”
   
3. DJ, an unhappy customer posted in June 2015 that [other than a hack], there is no other way the person would have had my name, cell phone number, and know I had a Dell computer if it didn’t come from your company…”

In a 10ZenMunkeys’ blog post published Jan. 4/16, the author reported he had been contacted by CyberCriminals who knew of every problem the author had ever called Dell about.  None of the problems had ever been discussed in public forums, leading the author to share the suspicion that proprietary Dell data had somehow been breached.  The author reports that the CyberCriminals instructed to enter their domain name into the author’s “Run window”, which would have re-directed to a site to download software to allow remote access to their computer.

There are several other Dell customer complaints regarding the same type of scenarios.   

 

If you receive a phone call reporting to be tech support (from ANY company), and they request you to confirm personal/payment information, or to grant them access to your computer —

HANG UP…IMMEDIATELY.

Delete any email they might send you with similar claims.

 

ONLY give out personal information, if you have initiated the call, and looked up the main company number yourself on the company’s main website.  

Do NOT rely on information in pop-ups, ads, in general internet searches, or on another website or forum, unless you can verify it is a valid source and verify it is a valid phone number for that company.  

 

Not sure if your company is safe?  Ask us for a FREE Network Security Assessment!

Check out our “Email Red Flags”  for what to watch for in suspicious emails. 

Ask us about our “Core Security Solutions” package!

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

Top 5 Reasons to Invest in CyberSecurity

 You can no longer stick your head in the sand in the hope that CyberCriminals will go away.  

CyberCrime is now more profitable than the drug trade.  As reported by the 2013 Europol Serious & Organized Threat Assessment,

the “Total Global Impact of CyberCrime [has risen to] US $3 Trillion, making it more profitable than the global trade in marijuana, cocaine and heroin combined.” 

Large companies are no longer the only target of CyberCriminals.  Data breaches happen on a daily basis, and small and medium-sized businesses, and even home computers, are now all potential victims.  The frequency of CyberAttacks is increasing fast and furious, and CyberCriminals are more and more sophisticated, and their attacks are increasingly difficult to detect and counteract.

If you think you haven’t been attacked yet, you can either count yourself lucky, or you just weren’t aware of the attack & you narrowly avoided it.

Top 5 Reasons to Invest in CyberSecurity:

1.  Frequency of Attacks

Industry leaders like Symantec, McAfee, FireEye, and Verizon all report increases in CyberAttack frequency over the last 2 years.  CyberCriminals are more sophisticated, and probe for vulnerabilities more often, with more sophisticated attack vectors, using such exploits as malvertising on major news outlets, poisoned ads, or infected webpages.  Symantec reports that ransomware attacks soared 113% in 2014.  Attacks are moving faster, I.T. defenses are not.

2.  Cost of Attacks

The cost being CyberAttacked not includes the immediate payout, but also includes downtime, loss of data, PR damage, loss of business/revenue, damage to equipment, as well as legal fees and implications.  Statista reports that in August 2015, the average U.S. company lost $15.42 million.  Symantec Corp. reports, 60% of small businesses go bankrupt within 6 months of a cyber attack.  

3.  CyberCriminals Focus on Small- to Medium-Sized Businesses as Attack Targets

Small- to -medium-sized businesses that have been hacked may feel like it was a ‘fluke’.  The reality is that CyberAttackers use both automated software that probes websites for vulnerabilities and flaws that are easily breached, and thoroughly tested, massive phishing campaigns to spread botnets, Trojans and ransomware.  Symantec reports that 60% of all targeted CyberAttacks in 2014 struck small- and medium-sized organizations.

 

4.  The Number of CyberCriminals Are Increasing

As the cost of launching a CyberAttack decreases, the number of attacks increases.  And as CyberWarfare continues, countries are investing billions of dollars in their CyberWar attack capabilites.  CyberCriminals go after whole sectors of the economy – that means degrading organizations, running stock markets, financials, insurance, manufacturing and more.

CyberCrime-As-A Service is taking off.  It is easier than ever for CyberCriminal noobs to obtain the sophisticated tools available from an ever-expanding Cyber-Underground economy.  Existing CyberMafias are moving into this area at CyberSpeed, and the criminal competition is furious.

5.  CyberCriminals are After Low-Hanging Fruit:  Cyber-Uneducated Employees

Amazingly enough, CyberCriminals are business people too.  Their time is worth billions.  So why would they spend 3 weeks to uncover a vulnerability in a popular piece of software, when you can social engineer a cyber-uneducated employee in 10 seconds?  

According to an SVB survey about CyberSecurity completed by 216 C-level executives from US-based technology and life science companies in 2013:

“Just 35% [of businesses] are completely or very confident in the security of their company information.”

Educate your employees as your 1st line of defense against CyberCriminals.

 

Not sure if your company is safe?  Ask us for a FREE Network Security Assessment!

Check out our “Email Red Flags”  for what to watch for, in suspicious emails. 

Ask us about our “Core Security Solutions” package!

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

Resources:

http://www.tripwire.com/state-of-security/regulatory-compliance/pci/cybercrime-is-now-more-profitable-than-the-drug-trade/

http://www.symantec.com/security_response/publications/threatreport.jsp

https://www4.symantec.com/mktginfo/whitepaper/ISTR/21347932_GA-internet-security-threat-report-volume-20-2015-social_v2.pdf

http://www.statista.com/statistics/293274/average-cyber-crime-costs-to-companies-in-selected-countries/

http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v19_21291018.en-us.pdf

 ALERT:  Apple ID Suspension

With massive amounts of Apple devices being sold during the holiday season, CyberCriminals are looking to cash in.  People and businesses are left having to pay the price.

An email claiming to be from Apple Support, is being received that states your Apple ID and iCloud accounts are going to be suspended.  An example is below.

The email claims Apple sent you an earlier email regarding your verification, but it was not returned on time.  The email is nice enough to include a “Verify Now” link that, they claim, allows you to complete the verification process and save your account from suspension.  If you click on the link, you are directed to a fake Apple login page which asks for your credentials, including password.  Once you submit your credentials, you are then directed to a 2nd fake page which asks for personal and financial information, including credit card & banking details.

The fake “Apple” pages are well-designed to look like a legitimate Apple page, and includes information explaining in detail why you need to complete the verification process.  It all looks very official.

This scam even has retaliation against CyberScam investigators testing the phishing emails.  If you enter false data that includes words such as “scam” into fields on the fake form, your browser will automatically redirect you to a preconfigured Google search for pornography.

The best way to check if a link is legitimate, is not to click on the link in the suspicious email, but hover your mouse (don’t click!) over the link to get the link address (shown below).  Then open a new browser window and manually type in the link address.

Not sure if your company is safe?  Ask us for a FREE Network Security Assessment!

Check out our “Email Red Flags”  for what to watch for, in suspicious emails. 

Ask us about our “Core Security Solutions” package!

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:  The Top 5 Holiday Scams You Need to Know About!

Like it or not, whether you’re Scrooge or Mr. Claus, the holiday season is upon us. 

And with it…CyberCriminals.

Yes, they are waiting in the shadows, for you to drop your guard…and your money.

Digital identity company ThreatMatrix, reports that it has detected a 25% jump in cyber attacks already this season.

In an effort to thwart CyberCriminals’ attempts to separate us from our money, here are the top 5 Holiday Scams You NEED to Know About!

1.  Black Friday/Cyber Monday

That heavily anticipated and/or dreaded time of year when you can buy almost anything, for next to nothing!  However, online scams use a variety of lures to get unsuspecting buyers to click on links or open attachments.  CyberCriminals build complete copies of well-known sites, send emails promoting great deals, sell products, and take credit card information…but never deliver the goods.  If it looks too good to be true…it probably is.  Sites that have deals even more incredible than normal should be a red flag.  Never click on links in emails, or popups with very deep discount offers (especially for watches, phones, or tablets).  Go to the website yourself through your web browser, and check if the offer is legit.  

2.  Complimentary Vouchers or Gift Cards

A popular holiday scam every year, is big discounts on gift cards.  Don’t fall for offers from retailers or social media posts that offer phony vouchers or gift cards (eg. Starbucks) paired with special promotions or contests.  Some posts or emails may even appear to be shared by a friend (who may have been hacked).  Develop a healthy dose of skepticism this holiday…at least in relation to online scams.

3.  Bogus Shipping Notices from Canada Post, UPS, and FedEx

With the massive online shopping, comes massive shipping, and shipping scams.  You will likely see emails supposedly from Canada Post, UPS or FedEx in your inbox that claim there’s a problem with your package and/or it could not be delivered.  Many of these are phishing attacks that try to make you click on a link or open an attachment.  If you click, your computer will be infected with a virus, or even ransomware which holds all your files hostage until you pay $500 in ransom.

4.  Holiday Refund Scams

Online shopping has increased in the past years, and don’t think that hasn’t escaped the notice of CyberCriminals.  Emails reportedly from retail chains or e-commerce companies such as Amazon or eBay have been received, claiming there’s a “wrong transaction” and prompt you to click the refund link.  However, when you do that and are asked to fill out a form, the personal information you give out will be sold to CyberCriminals who use it against you.  

5.  Phishing the Dark Side

A new phishing email has already begun circulating that tricks people into thinking they could win movie tickets to the highly-anticipated movie, “Star Wars: The Force Awakens,” due out December 18.  However, the email is a phishing attack.  Leading up to the film’s release, and shortly after, you need to stay alert for this social engineering attack.  

Bonus Tips:

1. Never, Ever pay online with debit cards.  Only use credit cards when shopping online.  Why?  If the debit card gets compromised, the CyberCriminals can empty your bank account very quickly.
2. Never use an insecure public Wi-Fi to shop with your credit card.  Only do your online shopping with a secure connection at home.

 

Not sure if your company is safe?  Ask us for a FREE Network Security Assessment!

Check out our “Email Red Flags”  for what to watch for, in suspicious emails. 

Ask us about our “Core Security Solutions” package!

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:

New Ransomware Infection “LowLevel04”, Coming Soon to a Computer Near You!

 

The new ransomware called “LowLevel04”, infects your computer, and encrypts your files making them useless to you…unless you pay their ransom demand for a decryption code.  

(Hint:  Backup your important files.  Check out our Managed Backups – they could save your company!)

What’s different about this new version?  For one, the ransom demanded is double the ‘normal’ $500, and demands 4 Bitcoin.  Many victims have also reported that the machines affected were servers, which could cause pandemonium within (or bankrupt) a company.  

Larry Abrams (from techie blog Bleeping Computer”) was the first to report on the new strain.  He stated:

“It appears that once the attacker gains access to a target computer, they download and install a package that generates the encryption keys, encrypts the data files, and then uploads various files back up to the hacker’s temp folder via a terminal services client drive mapping file”.

LowLevel04 scans all mapped drives, including removable and network drives, for data files to encrypt.  When it encounters a file that contains certain file extensions it will encrypt them.  When it’s finished wreaking havoc, the malware cleans up after itself and deletes a number of files used in the encryption process, as well as removing application, security, and system logs.

In each encrypted folder, a ransom note is found.  The note has instructions for the victim to follow, if they want to decrypt their files.  

NOTE:  

Abrams does mention that LowLevel04 does not delete Shadow Volume Copies (yet), so you could use that to get original, unencrypted versions of files back.

 

How To Avoid Becoming A Victim

Ransomware CyberCriminals have used RDP (Remote Desktop Protocol) exploits to gain access in the past, because so many businesses use remote desktop on a daily basis.  So here’s how to avoid becoming yet another victim of ransomware:

1. If You Don’t Need It, Disable It:  It’s a good rule of thumb for everything.  Leaving anything enabled, when you don’t use it, is just leaving another potential back door open for CyberCriminals to gain access to your computer/network.  If you don’t use RDP, disable it.  It’s a huge CyberSecurity hazard.
2. Keep Patches Up-To-Date:  Again, good rule-of-thumb for any electronics that are connected to the Internet (even just for short periods of time).  Keeping Windows patched will help ward off potential RDP exploits.
3. Use What You’re Comfortable With:  If you’re not comfortable with something, you’re not going to use it.  This goes for RDP as well.  If you’re uncomfortable with the out-of-the-box functionality provided by Windows remote desktop software, change to another software you are comfortable with.  Talk to your I.T. provider about options.
4. Use Additional Safety Measures:  Sure, your network security may be good.  But remote desktop is such a huge CyberSecurity hazard that you should have additional security measures in place for each user/computer.  Especially with all the recent hacking, a 2-factor authentication for all remote logins is a absolute MUST.  
5. Security Awareness Training:  Many of the ransomware attacks still arrive via email.  Anyone that has access to anything that contains, or has access to information and the Internet is a CyberSecurity risk and should be put through Security Awareness Training.  This includes everything from computers to mobile devices and receptionist to accountant to CEO.    
6. Backup, Backup, Backup:  The surest solution for that applies to everyone, from the home user to the biggest corporation – BACKUPS.  No defense plan is foolproof – so backup anything you don’t want to chance losing.  Did I mention backups?

Not sure if your company is safe?  Ask us for a FREE Network Security Assessment!

Check out our “Email Red Flags”  for what to watch for, in suspicious emails. 

Ask us about our “Core Security Solutions” package!

 

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks