their

now browsing by tag

 
 

Fancy Bear #hackers are now #exploiting the #New York terror attack to #spread their #malware

Source: National Cyber Security – Produced By Gregory Evans

Fancy Bear #hackers are now #exploiting the #New York terror attack to #spread their #malware

As the US justice department forges ahead with its investigation into the Trump administration and any possible collusion with Russia, the Fancy Bear hackers continue refining their attacks against global targets. As part of their new phishing campaign, the hackers are capitalising on the recent New York terror attack, to trick users into clicking on malicious documents, which in turn infects systems with their malware.

The Kremlin-linked hackers first made headlines during the 2016 US presidential campaign and are now widely considered to have orchestrated the cyberattacks against the US Democratic Party. The cyberespionage group has since been actively involved in various campaigns over the past year, targeting organisations and individuals across the globe.

The Fancy Bears’ most recent campaign, uncovered by security researchers at McAfee, involves the use of a black malicious document, titled “IsisAttackInNewYork”, which when clicked drops the hackers’ first-stage reconnaissance malware dropper Seduploader. The implant collects basic data from infected PCs and profiles prospective victims. Once hackers determine some interest in the victim, the implant then drops Fancy Bears’ customised malware X-Agent or Sedreco.

The post Fancy Bear #hackers are now #exploiting the #New York terror attack to #spread their #malware appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

54% of #security #experts anticipate a successful #cyberattack on their #enterprise within the year

Source: National Cyber Security – Produced By Gregory Evans

54% of #security #experts anticipate a successful #cyberattack on their #enterprise within the year

A successful cyberattack on your enterprise may be imminent, and security experts say many companies aren’t doing enough to protect themselves. Increasingly, risks are coming from within.

Ask a cybersecurity expert or hacker to name the weakest link in any security plan and they will inevitably answer “the people.” Just like everything else, security can’t account for the unpredictability of the human factor. In an enterprise setting, employees will circumvent protocols for the sake of convenience, offer bits of information to strangers because they asked nicely, and generally make a mess of any well-laid enterprise-wide cybersecurity plan.

According to the Cybersecurity Trends 2017 Spotlight Report (PDF), 54% of cybersecurity professionals surveyed anticipate a successful cyberattack on their organization in the next 12 months. Some 40% of those professionals also view the lack of employee awareness as a major obstacle to stronger cybersecurity.

With increases in mobility and the adoption of a BYOD culture in the enterprise, 69% of the surveyed cybersecurity professionals are increasingly concerned about data leakage. Another 64% believe their organizations will have to deal with the download of unsafe applications and the introduction of malware stemming from portable storage devices and the like in the next year.

While workforce mobility and the culture of BYOD certainly produce tremendous benefits for modern enterprises, the technology presents a challenging risk for cybersecurity professionals. The only viable approach to overcoming, or at least mitigating, the human factor is to educate employees and establish a comprehensive policy to govern how personal devices, especially portable storage devices, will be introduced to an enterprise network.

TechRepublic’s premium sister site, Tech Pro Research, offers a ready-made Portable Storage Device Policy to help you regulate and secure usage of portable storage devices to help reduce the risks.

The post 54% of #security #experts anticipate a successful #cyberattack on their #enterprise within the year appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Scammers are #conning homebuyers out of their down #payment

Source: National Cyber Security – Produced By Gregory Evans

Scammers are #conning homebuyers out of their down #payment
  • Scammers are going after homebuyers’ down payments in a growing version of “email access compromise.”
  • Because it’s the consumer authorizing the wire transfer, the usual protections don’t apply.
  • Experts say don’t trust emailed closing instructions. Call a number you know to be correct to confirm.

$52,660.57.

It’s a number Shannyn Allan knows by heart. That’s how much money she painstakingly saved for a 20 percent down payment and closing costs on her dream home — one with a claw-foot tub and enough room to run her fundraising group for dog rescues.

It was “the only house in San Antonio in our price range,” she said.

And it’s how much money the first-time homebuyer nearly lost this spring to an increasingly common scam.

“It was a nightmare every single day,” Allan said of the three-week ordeal. “I almost lost the house.”

Variations of so-called email access scams have become a $5.3 billion problem affecting businesses and consumers in all sectors, the FBI warned in a May public service announcement.

The bureau’s notice called out real estate transactions as a trending forum for the scam, targeting “all participants … including buyers, sellers, agents, and lawyers.” In particular, complaints to the FBI from victimized title companies jumped 480 percent in 2016.

“They’re tough numbers to digest because we do think they’re underreported,” said James Barnacle, chief of the FBI’s money laundering unit.

In some of the largest real estate cases, he said, losses have been “in the low millions.” But even smaller losses are significant.

“They’re people’s life savings,” Barnacle said.

Tactics for the scam vary, but thieves’ aim is the same: Compromise the computer or email account of a person or business involved in real estate to monitor upcoming transactions. That gives them an opportunity to impersonate that party and try to intercept funds.

“Scammers and hackers want to target you when you’re either scared out of your mind or extremely happy,” said Ryan O’Leary, vice president of the Threat Research Center at WhiteHat Security. “Real estate is the perfect one-two combo, and there’s a lot of money at stake.”

Elements of real estate transactions are becoming increasingly digital, giving would-be thieves plenty of opportunities, he said. Nor does it hurt that a home purchase is one of the few instances where a request to wire money won’t set off alarm bells for the consumer.

In Allan’s case, the thieves interceded just hours before the closing.

“They waited and they watched, like a damn gator in the water,” she said.

She was on her way to the bank when she got an email that appeared to be from her title company, with a change of wire transfer instructions. Suspicious, Allan reached out to her real estate agent — who, she says, simply apologized for the hassle.

Allan wired the money at 9:34 a.m. Central time.

By a lucky coincidence, the real title company reached out to Allan shortly after, to give her the final closing instructions and confirm the money would be wired.

“They were like, ‘You wired the money? Who did you wire it to?’” she said.

How to avoid real estate wire fraud

An educated homebuyer is the first line of defense, said Jessica Edgerton, associate counsel for the National Association of Realtors. No matter what security precautions other parties, such as your title company or real estate agent, have in place, ultimately you’re the one wiring the money.

“This is happening all the time,” she said. “Attempts are happening on a daily basis.

“Don’t dismiss this as an interesting news story and distance yourself thinking this is something that won’t happen to you,” Edgerton said.

Here’s how to avoid falling victim to this kind of scam:

1) Verify everything

When you’re buying a house, you expect to hear from your real estate agent, attorney and other parties in the transaction. So you’re naturally less suspicious of emails that appear to be from those people — which thieves take advantage of, said the FBI’s Barnacle.

Don’t assume any emailed instructions or account details are legit.

“You have to call, and you have to confirm,” Barnacle said. “Having some kind of redundancy and some kind of check in place is the number one way of avoiding being hit by these frauds.”

But don’t call the phone number in the email, he said. That may redirect you to the would-be thieves. Instead, call a number you know to be correct for say, that title agency or mortgage broker, based on a web search or previous interactions.

2) Be suspicious of changes

Last-minute changes to closing procedures are a red flag — especially requests that you change the payment method or send money to a different bank or account, said Doug Johnson, senior vice president and senior advisor of risk management policy for the American Bankers Association. Real estate closings are a “standard process,” he said, and it would be unusual for those details to change.

Again, verify any changes by calling the other parties involved.

“Trust your instincts on this kind of stuff,” Johnson said. “We tend to know when something smells a little fishy.”

3) Secure your emails

Given the risk of compromise, don’t send sensitive data such as bank account details or your Social Security number over email, Edgerton said. Use a secure file-transfer service to send documents required for that home purchase, or a secure client-access portal that the business (be it your title company, mortgage broker, etc.) has set up.

Be suspicious of communications that don’t follow whatever protocol has been set up — for example, a request that you email details that you’ve previously securely submitted via a portal.

4) Use good cybersecurity hygiene

This scam begins with thieves gaining access to the computer or email account of someone involved in the real estate transaction, said O’Leary — make sure that someone isn’t you.

Keep your antivirus software and operating system up to date, use unique, complex passwords and enable protections such as two-factor authentication where available. Don’t click on any suspicious links in emails, he said.

5) Pick a secure payment method

Ask about your options for paying the down payment and closing costs, said Allan, who blogs about personal finance at FrugalBeautiful.com and now, after her experience, at Realestatewirefraud.com. You may be able to bring a paper certified check or cashier’s check to the closing or an agent’s office ahead of time, avoiding the possibility the funds end up in a fraudster’s hands.

WHAT TO DO IF YOU’RE VICTIMIZED

If you fall prey to one of these scams, you’ll need to act immediately. The odds of recovering that stolen money aren’t in your favor.

Money sent via a wire transfer is quickly moved electronically from your bank to the recipient bank, and then into the payee’s account. You typically have only a tiny window for the banks to halt a transfer, or freeze the account before fast-moving thieves withdraw the funds. Once the money is out of that account, it’s gone.

Even if you spot and report the fraud within 24 hours, you might not get your money back, said Barnacle.

“I don’t want to set false expectations for consumers,” he said. “The chance of recovery here is slim.”

Because the consumer is the one to authorize the wire transfer, protections covering unauthorized financial transactions don’t apply. The banks will work with you, but you may bear some or all of the liability for lost funds, depending on the details and extent of the crime, said Johnson.

Allan’s almost immediate notice of the fraud was instrumental in recovering of her money because the bank was able to freeze the thief’s account. In the end, she lost just $430 — including $70 in wire transfer fees. She’s quick to point out she was extremely lucky.

“I feel like a magical unicorn, because this doesn’t happen,” she said.

Here’s how to take action if you fall prey to a scam:

Alert the banks. “Immediately call your bank or financial institution,” Johnson said. “They may still be able to call back the wire.” Alert the bank on the receiving end of the wire transfer, too. They can often work with your bank to halt the transfer or freeze the recipient’s account.

Call in law enforcement. File a local police report detailing what happened. Call your local FBI office and file a complaint with the FBI’s Internet Crime Complaint Center, too. “At the FBI level, we have briefed all of our 56 field offices and all of our resident agencies, and they are equipped to rapidly respond,” Barnacle said.

The post Scammers are #conning homebuyers out of their down #payment appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Three out of five #Americans concerned #hackers could #spy on them via their #webcam

Source: National Cyber Security – Produced By Gregory Evans

Three out of five Americans concerned hackers could spy on them via their webcam

Avast solutions help users control who can access their webcam to prevent unwanted spying.

In October, we conducted an online survey around webcam security awareness and found that 61% of Americans are concerned hackers could spy on them through their computer’s camera.

They have every reason to be concerned.

Tools that can hack a computer’s webcam are available on the regular web, as well as the darknet, in some cases even for free. Although many computers come with a light that indicates the webcam has been activated, tools can circumvent the light from being triggered.

The survey reveals that Americans are more aware that hackers can spy on them without activating their webcam’s indicator light compared to the global results. Globally, two in every five (40%) respondents are unaware of the threat, while two-thirds of Americans claim they know of the possibility.

Many people, like former FBI Director, James Comey, and Facebook CEO, Mark Zuckerburg, cover their webcam to prevent unwanted spies from watching them. However, despite concerns being high, only 52 percent of Americans have physically covered up their computer’s webcam.

Covering webcams is a good start, but can be an inconvenience if you frequently need to use your webcam. We at Avast understand this inconvenience, which is why we give our users complete control over who can use their camera, without having to physically cover it up. – Ondrej Vlcek, CTO of Avast

Avast’s new feature, Avast Webcam Shield, which comes with Avast Premier, ends webcam spying for good by blocking malware and untrusted apps from hijacking webcams. Furthermore, users have the option of forcing all apps to ask their permission before they can access the computer’s webcam. The same feature is offered in AVG Internet Security, under a different name, Webcam Protection.

Source:

The post Three out of five #Americans concerned #hackers could #spy on them via their #webcam appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers are locking people out of their MacBooks – here’s how to stay safe

Source: National Cyber Security – Produced By Gregory Evans

Hackers using stolen iCloud credentials have been able to use Apple’ Find My Device features to remotely lock down computers and demand Bitcoin ransoms from affected users. However, that doesn’t mean Apple’s iCloud was hacked. Instead, hackers are likely trying their luck with some of the many available username and…

The post Hackers are locking people out of their MacBooks – here’s how to stay safe appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

FDs need to change their approach or be caught out

Source: National Cyber Security – Produced By Gregory Evans

Cyber security is repeatedly in the news, with headlines shouting about security breaches and stolen data, as PR teams scrabble to fix the reputational damage to companies. With all this noise on cyber security, it would seem safe to assume that there is also a wealth of informed and collected…

The post FDs need to change their approach or be caught out appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Bitcoin users are opening their wallets to hackers through mobile networks

Source: National Cyber Security – Produced By Gregory Evans

Cryptocurrencies like Bitcoin make a big deal of their security; theoretically, they are almost impossible to hack. Every transaction is stored in a ‘digital ledger’, shared across multiple machines; an attacker would need to compromise every computer in the chain to successfully hack the system. However, the digital wallets that…

The post Bitcoin users are opening their wallets to hackers through mobile networks appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Democrats’ Biggest Cybersecurity Upgrade Is Their New Tech Chief

Source: National Cyber Security – Produced By Gregory Evans

The Democratic National Committee is upping its cybersecurity efforts — and it’s getting some help from a former Silicon Valley exec. Back in June, the committee hired Raffi Krikorian — a former top engineer at Uber and Twitter — as chief technology officer. Since his hire, Krikorian has instituted better…

The post Democrats’ Biggest Cybersecurity Upgrade Is Their New Tech Chief appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Windows 10 users need to update their PC TODAY, or hackers could take control

Source: National Cyber Security – Produced By Gregory Evans

Windows 10 users at a risk from a “critical” vulnerability that lets cybercriminals take over their PCs, unless they update their computers now, Microsoft have patched dozens of major security vulnerabilities that affect all supported versions of Windows. One “critical” vulnerability enabled a hacker to exploit how Windows Search handles…

The post Windows 10 users need to update their PC TODAY, or hackers could take control appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Free Wi-Fi has driven 88% of Canadians to put their personal info at risk

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans A strong Wi-Fi signal is one major factor that helps Canadians decide where they want to stay when they go away for long weekends, said a risk report released by Norton last month. And while a hefty majority of Canadians believe their information is safe while […] View full post on AmIHackerProof.com | Can You Be Hacked?