Weekly Cyber AAG

Crooks Are Swapping Out Chips on Payment Cards, Says US Secret Service
Comment: Malicious actors are willing to go to extreme measures to steal personal information. In a recent warning released by the US Secret Service, profit-motivated criminals have begun intercepting victims’ mail in the hopes of finding new and unactivated chip-enabled payment cards in transit from banks to customers. If the criminals find one, they replace the chip in the new card with one from an old or deactivated card, repackage it, and send it along to its destination. When the recipient calls the bank to activate the card, the criminals are then able to use the stolen chip for financial gain. When expecting a new bank card in the mail, inspect the envelope, the chip, and the card for any signs of tampering such as heat damage or scratches. Take your card into your bank to activate it and make a small transaction using the chip immediately after activation to verify that the chip is valid.
 
11 Ways Ransomware Is Evolving
Comment: Ransomware developers are continuously modifying their code and tactics to foil security researchers’ attempts to decrypt the malware as well as to evade detection by antivirus software, network administrators, and end users until the encryption process is complete. The list included in this article outlines ways in which ransomware campaigns have evolved over the past few years to help potential victims recognize, react, and respond to these ever-changing and often devastating attacks.

Weekly Cyber AAG

4 Lessons Your Organization Can Take From Atlanta's Ransomware Attack
Comment: With the recent news coverage surrounding the massive ransomware attacks that impacted both the city of Atlanta and the Colorado Department of Transportation, organizations across all sectors should learn from these incidents and make ransomware prevention and mitigation a top priority in order to avoid the same crippling fate. Always maintain current backups of critical data and systems and keep them stored offline and in a secure location. Educate end users about this type of threat and make sure they know what to do if they click on a link or open an attachment that launches a ransomware infection. Lastly, minimize your risk by regularly auditing what ports and services are exposed to the internet, remove unneeded or outdated ones, and ensure that the rest are secured properly. Being proactive and learning from others’ experiences can be an effective way to protect yourself and your organization from a future attack.

Malicious Gaming Extensions: A Child’s Play to Infection
Comment: The gaming community and children, in particular, are attractive targets for malicious actors whose goal is to distribute malware and potentially-unwanted-programs (PUPs) designed to spy on users and track their online behavior to deliver targeted ads. A recent threat involves malicious browser extensions that promise to improve the functionality of a popular game but, in reality, does nothing more than deliver adware to users and modify their browser settings. Be sure to educate your children about these types of threats and regularly scan their computers and mobile devices for unwanted and malicious extensions and software. Never let anyone use or download software or extensions onto a device you use for work as you could inadvertently infect your organization’s network

Dot-cm Typosquatting Sites Visited 12M Times So Far in 2018
Comment: Typosquatting, also known as URL hijacking, is a type of threat that relies on common typing errors and internet users’ lack of awareness to direct them to malicious websites. In a typosquatting campaign recently discovered by security researcher Brian Krebs, malicious actors registered a network of domain names that end in .cm rather than .com to take advantage of people who accidentally omit the “o” when typing the URL to deliver them to spammy and malware-laden websites. Be mindful of this threat when typing addresses into URL fields and, for frequently visited sites, consider bookmarking them to eliminate the need to manually enter them into your browser.

Weekly Cyber AAG

7 Ways to Protect Against Cryptomining Attacks 
Comment: Cryptocurrency mining, the process by which new cryptocurrency is generated, requires significant computing power that, in some cases, can cost the miner more in time, electricity, and equipment than the cryptocurrency itself is worth. To circumvent this resource-intensive process, profit-motivated actors have developed methods to hijack computing power from a large number of victims by infecting their mobile phones, IoT devices, computers, and servers with malware designed to conduct this type of mining activity. Over the past several months, cryptocurrency-mining malware has been delivered to victims via drive-by mining campaigns, malicious Android and MacOS applications, browser extensions and add-ons, and powerful botnets. We encourage all system users and administrators take the steps outlined in the article to protect themselves from this and similar threats. 

8 Security Spring Cleaning Tips for the Home Office
Comment: This year, expand your spring cleaning efforts beyond vacuuming and reorganizing your closet. Now is the perfect time to take inventory of your home network – including computers, routers, and other internet-connected devices – and make sure they are all patched, secured, and up-to-date with the latest software and firmware. It is also a good time to get rid of those old, bad cybersecurity habits and replace them with new ones that will do a better job of keeping your data and devices safe. This article highlights eight simple steps you can take now to improve your cybersecurity posture both at home and at work.

Here’s a Long List of Data Broker Sites and How to Opt-Out of Them
Comment: As people become increasingly concerned with the amount of personal information being collected, shared, and sold by various websites, social media platforms, and data brokers, more emphasis is now being placed on opting-out of data-collection services when possible. Motherboard has compiled a list of websites and services that participate in this type of data collection along with links that provide instructions on how to opt-out or request the deletion of personal information from their databases. We encourage all users to request the removal of their information from as many of these websites as possible to reduce the risk of that information being accessed by malicious actors and used to craft convincing social engineering campaigns.

Weekly Cyber AAG

Warning – 3 Popular VPN Services Are Leaking Your IP Address
Comment: VPN services are used for online anonymity, data security, and to hide users’ real IP addresses, and by extension, their location. Before installing any VPN software or applications, read the terms of service and conditions of use, as well as requested device permissions. It is also recommended to always keep software versions up-to-date to ensure known vulnerabilities are patched.

Facebook Confirms Gross Misuse of User Data for US Election
Comment: This incident highlights the importance of verifying app permissions prior to use and establishing privacy settings on social media accounts. Granting access to account information via app permissions can inadvertently expose personal data of the individual user, and in some cases, information of digital connections such as Facebook friends.

Weekly Cyber AAG

Half of Ransomware Victims Didn't Recover Their Data After Paying the Ransom 
Comment: This survey, conducted by the CyberEdge Group, highlights the fact that paying a ransom does not guarantee a victim will successfully recover files encrypted by ransomware. In the event of a ransomware attack, restoring from backups is often the best course of action to ensure the integrity and availability of data during and after an infection. The NJCCIC recommends implementing a comprehensive data backup and recovery plan that includes regularly testing backups, storing them off the network, and keeping them in a secure location. 

Think Twice Before You Connect to the Free Hotel Wireless Network
Comment: Connecting to free public wireless networks increases your risk for threat actors to extract data such as credit card information, emails, and passwords. If possible, rather than using free public Wi-Fi, use your cellular network or personal mobile hotspot. If you must use free Wi-Fi, try to verify the legitimacy of the hotspot with the location’s staff and use a virtual private network (VPN) before logging into personal online accounts to reduce the risk of credential theft.

The One Thing That Protects a Laptop After It’s Been Stolen
Comment: It’s important to remember that, just because you secure your computer with a password, it does not mean that your data is fully protected. There are many methods that can be used to extract data from a locked computer’s hard drive. The best way to protect your stored data from unauthorized access is to encrypt it using either the encryption solution provided by your operating system or a reputable standalone product.

Weekly Cyber AAG

Digital Copiers are Computers, Too - The Importance of Securing Physical Documents
Comment: Although often overlooked and forgotten when it comes to security, multifunction printers can pose a significant risk to data and networks when improperly configured. Printers with open and exposed ports as well as default login credentials or no user authentication requirements can allow both internal and remote threat actors to gain unauthorized access to the device and potentially sensitive data stored within its memory. Secure network-connected printers by closing unneeded ports, requiring user authentication and implementing user-based access control, and encrypting all data traveling between the printers and other devices. Clear printer memories often, especially before decommissioning them, and track and log all printer activity in the event any are discovered to be the source of a data breach.

Cryptocurrency Scams on Android: Do You Know What to Watch Out For?
Comment: Android users have recently been targeted with cryptocurrency exchange scams due to the popularity of cryptocurrency and because many exchanges do not offer a mobile app. Individuals are encouraged to treat cryptocurrency exchanges and wallets with the same level of caution as mobile banking apps. Check to make sure the mobile app is verified via the associated service’s official website before downloading. If possible, enable two-factor authentication to protect your exchange or wallet accounts. As with any mobile app, be sure to thoroughly read user reviews prior to installation to help determine its legitimacy.

Weekly Cyber AAG

Over 40% of Online Logins Are Attackers Trying to Invade Accounts
Comment: In the Q4 2017 edition of their State of the Internet/Security report, CDN and cloud services provider Akamai reported that up to 43 percent of online login attempts made globally are a result of malicious bot activity. Nearly 3.6 billion out of 8.3 billion login attempts observed during the month of November were malicious, using password-guessing techniques or information gathered from online reconnaissance to try and gain unauthorized access to accounts. This report emphasizes the importance of enabling two-factor authentication (2FA) on every account that offers it. For a list of websites that allow users to secure their accounts with 2FA, please visit TwoFactorAuth.org.

50 Percent of Adults Have Not Checked Their Credit Since Equifax Breach
Comment: More than 145 million US consumers had their personal financial information compromised in the Equifax breach, yet 50 percent of adults have not checked their credit report or credit score since the breach last year. 18 percent of adults surveyed have never checked their credit report or credit score. Individuals are encouraged to regularly check credit and financial accounts for unauthorized activity and to take advantage of any free credit monitoring service offered by companies that exposed your sensitive information during a breach. Additionally, placing a security freeze on credit files can prevent identity thieves from opening new accounts in your name.

Weekly Cyber AAG

FIFA 2018 and Bitcoin among 2017’s Main Spam and Phishing Topics 
Comment: In light of the recent Olympics hack, cybersecurity is an increasingly important concern for major sporting events. Later this year, the FIFA 2018 World Cup will be hosted in Russia. In 2017, there were several reports of fraudulent emails impersonating FIFA officials notifying people of free tickets and lottery winnings. It is important for individuals to stay cognizant of phishing campaigns geared around popular sporting events such as the 2018 World Cup. Users are advised to avoid responding to or acting on unsolicited emails claiming to give away free items or money. If you receive a phishing email, be sure to mark it as spam and never share any personal or financial information with the sender. 

Small Business Information Sharing: Combating Foreign Cyber Threats 
Comment: The FBI recently released a statement on measures that small businesses can take to protect themselves from cyber threats. Small businesses, including local NJ establishments, should take note of increasingly prevalent cyber threats targeting small-to-medium businesses, particularly business email compromise (BEC). Business owners should use trusted, secondary verifications for transactions, keep hardware and software up-to-date, install reputable anti-virus software, properly configure all cloud-based databases, and use multi-factor authentication for account and network access. Businesses are also encouraged to take steps to protect their customers’ data to prevent a data breach.

Weekly Cyber AAG

Former Employee Arrested for Trying to Sell Company's Database for $4,000 
Comment: Employees come and go, and this latest incident stresses the importance of disabling former employees’ accounts that provide access to the company’s network and information. After separation or termination, employees familiar with the company’s network and its vulnerabilities may attempt to gain access to information that can be sold to the employer’s competitors, on the dark web, or used for other malicious purposes. 

Ethereum Scammers Make $5,000 in a Night by Impersonating Celebs on Twitter 
Comment: To help protect yourself from this and similar scams, ensure that social media accounts promoting giveaways are verified. Twitter displays a blue check mark next to account names to confirm authenticity. Additionally, do your research before sending money online and verify the giveaway is legitimate through an internet search. A simple search can confirm whether other people have left reviews or complaints claiming they have been victims of the scam. 

Would You Have Spotted This Skimmer? 
Comment: ATM and payment card terminals can become compromised in the blink of an eye with skimming devices. These devices are placed over the customer-facing card terminals to capture the personal identification number of accountholders and/or copy the data on the magnetic strip of a bank card, allowing thieves to clone the card and use it to make unauthorized purchases or to withdraw money from your account. The NJCCIC recommends checking your bank statements for unfamiliar transactions and encourages customers to use chip-based cards for all transactions. Additionally, cashiers and employees are advised to closely monitor any customer interaction with point-of-sale terminals. For more information, please see the NJCCIC threat analysis titled Payment Cards: Threat Remains High Despite Chip Card Transition.

Weekly Cyber AAG

FBI Pushes for Small Business Information Sharing
Comment: It can be challenging for small businesses to maintain awareness of, and defend against, the myriad of cyber threats that could impact their networks, data, and livelihood every day. Information sharing initiatives such as those promoted by the FBI and the NJCCIC can make the difference between being prepared for a cyber threat and being the victim of a devastating attack that closes your doors for good. We encourage all small businesses to partner with law enforcement in an effort to fight cybercrime and we especially encourage New Jersey small businesses to become members of the NJCCIC, to share information on the types of cyber threats they’re seeing, and to use the information we publish to strengthen their defenses. To become a member of the NJCCIC, fill out our Membership Form and you’ll be put on our list to receive alerts, advisories, bulletins, and training notifications. 

Compromised Credentials: The Primary Point of Attack for Data Breaches 
Comment: An overwhelming majority of data breaches stem from compromised account credentials including stolen, default, or weak passwords. As phishing campaigns become more sophisticated, it is imperative that end users take password security seriously. Implementing multi-factor authentication and selecting complex passwords are two simple steps users can take to bolster account security. 

Weekly Cyber AAG

Registered at SSA.GOV? Good for You, But Keep Your Guard Up
Comment: Unfortunately, identity thieves have discovered a way to steal Social Security benefits by impersonating victims and diverting payments, even if victims have not yet chosen to receive their benefits. With all of the sensitive information that has been exposed over the years by a number of high-profile data breaches, we all must assume that our personal data is available to criminals and remain vigilant with all of our accounts, checking them regularly and reporting suspicious activity immediately. Staying informed can help you detect and mitigate problems early and prevent a lot of hassle in the long run.

Malwarebytes Annual State of Malware Report Reveals Ransomware Detections Increased More Than 90 Percent 
Comment: 2017 was a big year for ransomware operations. While we will certainly continue to see more ransomware infections, the publicity around high-profile ransomware campaigns, such as WannaCry and NotPetya, has also educated the public about this threat and how to defend against it. This increase in awareness means that victims may be less likely to pay the ransom today than they were a year ago, which helps to deter this type of profit-motivated cybercrime. For more information, please see the NJCCIC Ransomware Threat Profile.

Google Removed over 700,000 Malicious Android Apps from the Play Store in 2017 
Comment: Over the past several months, the NJCCIC has alerted members to numerous malicious apps available for download in the Google Play store, many of which were designed to mimic legitimate applications. With a 70 percent increase from 2016, it is evident that threat actors will continue to infiltrate the Play store despite enhanced security measures. To help protect yourself from malicious Android applications, avoid downloading apps that require excessive device permissions and always review user ratings prior to installation. 

Weekly Cyber AAG

Over 90 Percent of Gmail Users Still Don’t Use Two-Factor Authentication 
Comment: While two-factor authentication (2FA) isn’t bullet-proof protection against account compromise, it does provide an extra layer of security that would require a threat actor to not only obtain or guess your password, but also would require them to access an additional authenticating factor, such as a time-based one-time password generated by an application, a single-use code sent to your mobile phone, or a biometric identifier such as a fingerprint or a facial scan. 2FA is a very simple way to greatly reduce your risk of account compromise and the NJCCIC highly encourages all users to enable this security feature for any account that offers it. For more information, please see the NJCCIC blog post, “Stop What You Are Doing and Enable 2FA.” 

Cybercriminals Stole $172 Billion from 978 Million Consumers in the Past Year 
Comment: According to the 2017 Norton Cyber Security Insights Report, 143 million consumers were victimized by cybercrimes last year in the United States alone. This survey highlights the importance of maintaining awareness of current cyber threats and educating yourself on best practices to help defend against common attacks. When it comes to cybersecurity, employing best practices such as enabling multi-factor authentication and running up-to-date antivirus software can go a long way in reducing your cyber risk.

Weekly Cyber AAG

Email Virus Shuts Down Rockingham County Schools Computer Servers 
Comment: This incident reinforces the importance of educating administrators, teachers, parents, and students on common cyber threats and the impact such attacks can have on an entire school district. Email-based cyber threats are rapidly evolving as criminals find new and effective ways to bypass security controls and reach end users. In this attack, Emotet was delivered in the form of a malicious Microsoft Word document which led to the complete shutdown of computer networks throughout a North Carolina School District. 
  
CISOs Are Feeling Less Confident Than Ever about Cyber Risk and Data Security 
Comment: According to a survey conducted by the Ponemon Institute, phishing campaigns and malware attacks are among Chief Information Officers’ top predictions with regards to cybersecurity incidents expected to impact organizations in 2018. To help combat these and similar threats faced by all organizations, the NJCCIC strongly recommends implementing a cyber incident response plan and providing training to all employees on cybersecurity best practices.

Weekly Cyber AAG

Online Shop Can't Determine Card Breach Severity Due to "Lack of Backups" 
Comment: This breach emphasizes the importance of implementing data backups and also highlights the consequences that arise when backups are not completed on a regular basis. At a time when no individual or organization is immune from cyber attacks, it is vital that backups are conducted routinely and incorporated into cyber incident response plans. For additional information and tips on developing a backup strategy for you or your organization, review the NJCCIC’s Cyber Blog “Backups: The Cure to Viral Cyber Infections”.

How to Keep Your Browser and Devices Safe from Cryptojackers 
Comment: Over the last several months, the NJCCIC has reported on numerous cryptocurrency-mining scripts embedded within browser extensions, mobile device applications available for download in official app stores, and popular websites. This helpful article lists some simple steps you can take to prevent your system from being hijacked and becoming a cryptocurrency-mining machine.

Weekly Cyber AAG

Make 2018 Your Year of Taking Password Security More Seriously
Comment: This year, make a resolution to secure all of your online accounts by using strong, complex passwords and enabling two-factor authentication for every account that offers it. Don’t reuse passwords across multiple accounts and keep your systems and devices free of data-stealing keyloggers and other malware by using up-to-date antivirus software. These basic steps can help you reduce your risk of account compromise and better secure your digital data.

Symantec: A Cryptocurrency Mining Malware 'Arms Race' Is Looming 
Comment: With the value of digital currency rising, threat actors are consistently developing new ways to mine virtual coins by hijacking unsuspecting users’ machines. In 2018, this type of malicious activity will increasingly impact computer and mobile device users as profit-motivated actors seek to generate revenue by embedding these scripts in browser extensions, popular websites, and seemingly legitimate apps available for download via official app stores. We recommend that users closely monitor their devices for any sudden changes in performance that may be attributed to cryptocurrency-mining malware.

Resolve to Mitigate Your Business' Digital Risk in 2018 
Comment: From compromised third-party suppliers to self-replicating malware, organizations must be prepared to defend their data and networks against a multitude of threats. This article highlights several steps that management and IT personnel can take to better secure their organizations and mitigate the risks posed by cybercriminals this year.