The Week in Breach: Featured Threat

---

Business Email Compromise is a Messy, Expensive, Preventable Disaster

---

Securing highly privleged executive and administrator accounts has to be a high priority for every business

---

Business email compromise is a nightmare proposition for any company. Trading firm Virtu Financial learned that lesson the hard way in May 2020 when it lost it lost $6.9 million in a nasty incident. 

The scam took off when a hacker accessed the email account of one of its executives, reading and analyzing that account’s email for at least two weeks. In phase two, the hacker altered the account’s settings and started sensing out their own fraudulent emails. 

The cybercriminals involved then moved into phase 3 of the scam. After monkeying with the inbox rules to hide certain messages from being seen by the account owner they sprung the most important phase of their plan: sending a series of emails to the company’s accounting department asking it to issue two wire transfers to banks in China. 

The accounting department didn’t see any red flags, and the two transfers, totaling about $10.8 million, were sent in due course in late May 2020. Shortly after the transfers were made, a routine audit clued accounting staffers into possible trouble but the damage was done, and Virtu Financial was only able to freeze $3.8 million of the money.

This whole nightmare stemmed from a single compromised executive email account. While the integrity of every credential is important to maintain security, executive and administrator credentials can cause the most damage to a company, as Virtu Financial learned to their peril.

It’s essential that every account for every user is under the umbrella of a strong secure identity and access management solution to prevent these incidents. Account compromise like this is frequently the result of a password compromise. 

No matter how it’s obtained, whether it’s through spear phishing or it’s a lucky break from a credential stuffing attack, that compromised executive password can be neutralized when a second credential is needed to login to the endangered account. Plus, secure shared password vaults enable companies and IT teams to keep passwords for essential systems and access points especially protected. 

Secure identity and access management was cited as the top priority of CISOs in a recent study on 2021 cybersecurity planning, and one reason it tops the list is that it goes a long way toward preventing disasters like this. Add Passly to your security offerings now to be ahead of the curve when it comes to securing your clients against business email compromise.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Malicious Insiders Could Be Just Around the Corner

Cybersecurity risks don’t just come from outside your business. Sometimes, it’s the new staffer in payroll or the disgruntled clerk in receiving that pose your biggest cybersecurity threat and you may not even notice them until it’s too late, like Shopify this week. 

But it’s not difficult or expensive to take sensible precautions against potentially malicious employees and you should do that right away – because it will happen to you. Insider threats like this are a never-ending source of worry for business owners, and that’s why secure identity and access management should be at the top of your list for solutions that help prevent malicious insiders from stealing sensitive information. 

Using a dynamic secure identity and access management tool like Passly gives you more control over who has access to what, enabling tight controls on sensitive data. It also adds protection against your staffers selling their login credentials by adding multifactor authentication. And if you do have a malicious inside incident, single sign-on LauncPads for every user makes it easy for your security team to cut off access for a user and limit the damage. 

Security experts at companies around the globe agree – secure identity and access management is a key component of a strong cybersecurity defense that acts as a major deterrent to malicious insiders. Adding a cost-effective solution like Passly to your security plan now can save you a fortune in incident recovery costs and heartache later.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Don't Take the Bait: 7 Signs of a Phishing Email You Need to Know

Phishing emails have become disturbingly more common in recent years. According to a study by Mimecast, roughly one out of every 61 emails sent globally is part of a phishing scheme. While that number may seem small, all it takes is a single phishing email to compromise your accounts, data and personal information.

You can still use email as a digital communications channel. However, you should learn the signs of a phishing email so that you can avoid taking the bait.

1) Initiated By the Sender

Phishing emails are almost always initiated by the sender. Cybercriminals use them to deceive recipients into divulging sensitive information, such as account usernames and passwords. Cybercriminals don't know when you last accessed your account, so most phishing emails are unsolicited. If a cybercriminal discovers your email address, he or she may send you a phishing email.

Because phishing emails are initiated by the sender, you can determine their legitimacy by contacting the company that he or she claims to represent. If you receive an email from what appears to PayPal, for instance, contact PayPal directly -- don't follow any links in the email -- to inquire about its legitimacy.

2) Locked Account

While there are several types of phishing emails, many of them will claim that your account has been locked or suspended. Some may claim that fraudulent activity was detected on your account, whereas others may claim that your billing information is incorrect. Regardless, the phishing email will likely ask you to log in to your account to restore its functionality.

Of course, login links in phishing emails don't point to legitimate websites. They point to malicious websites that are disguised as legitimate sites. When you click a login link in a phishing email, you'll be taken to the cybercriminal's website. It may feature the same name, logo and layout as a legitimate website, but entering your username and password won't allow you to access your account; it will only provide the cybercriminal with your login information.

3) Generic Salutation

Always check the salutation before interacting with or replying to an email. Phishing emails usually have a generic salutation. Rather than addressing you by name, they may address you as "loyal customer" or "valued account holder". Generic salutations such as these aren't used by legitimate websites. If you discover them when browsing your inbox, the emails are probably part of a phishing scheme.

Not all phishing emails use a generic salutation. A cybercriminal may use a personalized salutation if he or she knows your name. With that said, personalized salutations are far less common than generic salutations in phishing emails. Phishing is a numbers game. The more recipients who receive a phishing email, the greater the cybercriminal's chance of illicit success. Therefore, cybercriminals rarely take the time to identify recipients' names when sending phishing emails. They'll collect thousands of email addresses, after which they'll send the same phishing email with the same generic salutation to all recipients.

4) Unofficial 'From' Address

Phishing emails often have an unofficial "from" address. In other words, the email addresses from which phishing emails are sent don't match up with the websites they impersonate. Legitimate websites send emails using an official "from" address that matches their domain. If PayPal sends you an email, the "from" address will show service@paypal.com. Phishing emails, on the other hand, often have a "from" address with a different domain than that of the website they are impersonating.

The "from" address in an email can be spoofed, so you can't rely on that alone to identify phishing schemes. Spoofing occurs when a cybercriminal modifies the header data of an email. Unless it's authenticated using a technology like Sender Policy Framework (SPF), the email will likely be delivered with a spoofed "from" address.

5) Contextual Typos

You may come across one or more contextual typos in a phishing email. The body may contain misspelled words, incorrect punctuation, run-on sentences and other obvious typos. Legitimate emails can contain contextual typos as well, but most reputable brands strive to eliminate them in their emails.

Some people assume that typos are common in phishing emails because English isn't the native language of the cybercriminals behind them. Most cybercriminals are, in fact, located overseas where their digital footprints are harder to track, but that's not why phishing emails contain so many typos.

Phishing emails contain typos primarily to bypass spam filters. When a large number of recipients flag an email as spam, the inbox provider will add the message to its spam-filtering database. Any additional emails containing the same message will then be filtered as spam. By scrambling the content with typos, cybercriminals can trick inbox providers into thinking their phishing emails are unique.

6) Suspicious Link Address

Another sign of a phishing email is a suspicious link address. Phishing emails usually have a link. The link may consist of plain text, or it may consist of a button that looks like the same button used on a legitimate website. Either way, the link will have a suspicious address that doesn't match the domain of the website being impersonated.

You can view a link's destination address by hovering your cursor over it. Don't click the link. Instead, move your cursor over the linked text or button. You should then see the link's destination address displayed at the bottom of your web browser.

7) File Attachments

If a phishing email doesn't contain a link with a suspicious address, it will probably have a file attachment. Some phishing emails steal your information when you click a link, whereas others steal your information when you download a file.

File attachments in phishing emails often use the PDF, DOC, ZIP, SCR or EXE format. If you download any of these files, you may unknowingly infect your computer with malware. The malware may then log your keystrokes or otherwise steal your information as part of a phishing scheme.

Whether you use email for personal or business-related communications, you shouldn't blindly follow the instructions in these digital messages. If it's a phishing email, it could jeopardize your accounts, data and personal information.

By Robert Blake

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Hackers for Hire are Here to Steal Corporate Secrets

 

As the rise of “as a service” cybercrime continues, some hackers aren’t just involved in ransomware and PII theft. They’re focused on specialized spying, like stealing trade secrets – and keeping them out of your business is easier than you think.  

Corporate espionage is a growing industry in a world where information can be currency. From state-backed actors trying to filch technology to data thieves who want the results of COVID-19 testing, thriving cottage industries have grown up around specialized corporate cybercrime.

These bad actors aren’t just focusing on global corporations or well-known institutions anymore – companies of every size are at risk of attack. But you can quickly and efficiently add safeguards to your systems and data to reduce your risk of corporate espionage, and it’s not even expensive.

Add a secure identity and access management solution like Passly to add safeguards against hackers that make it harder for them to break in with a stolen or cracked password. It’s also smart to add automatic phishing protection with Graphus to put strong protection between your business and cybercrime like phishing and ransomware.

By beefing up security with these solutions and staying alert for credential compromise with Dark Web ID, you can ensure that you’re ready for potential corporate hacking attempts to keep your proprietary data safe.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

FBI Warns Against Increased Danger From Netwalker Ransomware

Ransomware attacks are the monster in the closet that keeps IT teams up at night – and they’re only getting worse. Recently, the US Federal Bureau of Investigation released a new Flash Alert warning about the danger of Netwalker ransomware to businesses and infrastructure, as attacks with this tool ramp up against US-based targets. 

Companies of all sizes are at risk for ransomware attacks of this nature, especially in the healthcare, infrastructure, defense, or technology sectors. Netwalker ransomware has also been used to disrupt production lines, as unfortunately happened to a manufacturer of respirators urgently needed in the fight against COVID-19. 

To add to your defenses quickly, upgrade the protection on the access points to your data and systems by adding a secure identity and access management solution. Passly is an affordable and effective tool that combines multifactor authentication and single sign-on to create a more secure gateway to the heart of your business. 

Adding a dynamic tool like Passly strengthens your defense against cybercrime like ransomware and password hacking fast. Passly deploys in days, not weeks – because in today’s fast-evolving threat atmosphere, no business has time to wait and see what cybercriminals are up to next.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

STOP RANSOMWARE ATTACKS FROM LANDING

Encourage customers to boost their phishing resistance training immediately. One of the most devastating tools that cybercriminals including nation state actors are using these days is ransomware – and the number one way that ransomware is delivered is through a phishing email.  About 50% of businesses were affected by ransomware last year – but 50% of IT professionals don’t believe that their organization is ready to defend against a ransomware attack. 

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

SECURE GATEWAYS TO DATA

Immediately recommend that every customer add a secure identity and access management solution like Passly. The bane of every IT team,  insecure or stolen passwords are a constant menace. Multifactor Authentication provides a crucial extra security check between bad actors and a company’s data and systems, and Single sign-on lets administrators quickly and efficiently turn on and off access to applications. Secure Central Password Storage Vaults also keep administrator credentials protected yet accessible by the right people when needed. Improving password security is vital to guarding against cyberattacks like these.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

KNOW YOUR HACKERS

By far, the most dangerous cybercrime environment right now is in medical research and development, as companies around the globe race to develop treatments and an eventual vaccine for COVID-19. Recent attempts to steal vaccine research from Moderna can be traced to known Chinese hacking groups. Additional attacks against pharmaceutical companies and researchers can be traced to Russian hacking groups, according to the U.S. National Security Agency. 

Your customers are reading about these attacks in major publications and seeing growing concern from governments around the world in the media. That’s why you should develop a plan now to offer them options to increase their data protection – and using that plan to start conversations about increased security with other clients who you think might be at risk. Here are 2 crucial tools that should be on that plan.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Nation State Actors Threaten Companies Worldwide

Cybersecurity threats and attacks involving nation state actors have been all over the news. From a pattern of suspected state-sponsored cyberattacks in Australia to suspected cyberthreats targeting critical infrastructure in the United States, high-level hacking has become a worldwide concern. 

While this may not seem like a problem that could affect MSPs and small to medium-sized businesses, it is. These hackers aren’t just going for the biggest kid on the block. Smarter, more sophisticated hackers are starting from the ground up in a concerted effort to capture credentials and access to providers of essential business services in their webs.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Growing Dark Web Data Dumps Are Fueling New Cybercrime

Dark Web data dumps have always been a source of fodder for cybercriminals. However, a dramatic increase in the quantity and quality of data that is available inexpensively or for free on the Dark Web is a key contributor to an explosion of cybercrime in 2020 (like ransomware or credential stuffing attacks) that can devastate your business.  

It’s estimated that 65% of the data on the Dark Web now can damage businesses, and more is being added every day through the release of information obtained in previous cyberattacks and the addition of information that’s been gathered about companies and populations.

One of the most common ways that new information fuels cyberattacks is through a data dump. Dark Web data dumps are huge quantities of information added to the pool that cybercriminals can draw from to power cyberattacks like ransomware, credential stuffing, and phishing. Everything from reams of email addresses to sensitive employee and security information to driver’s license records from around the world is making its way into the slurry of Dark Web data dumps.

That’s why it pays to have constant, reliable Dark Web monitoring and analysis through a solution like Dark Web ID to watch for your company’s protected employee credentials to hit the Dark Web. You can also add additional protections for privileged administrator and executive credentials. 

Dark Web ID uses human and machine intelligence to keep an eye on every shady corner of the Dark Web 24/7/365. If your protected passwords or credentials are spotted entering a Dark Web marketplace, you’re alerted to the potential danger quickly, giving you time to take action against attacks.

With the constant stream of information flowing into Dark Web data markets growing every day, it makes sense to make sure that you’re watching for trouble so that you can stop cyberattacks before they start.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

As Students Go Back To School Virtually, Cybercriminals Are Logging In Too

---

Many school districts in the US and other countries are pursuing distance education this fall as the COVID-19 pandemic continues to impact in-person gatherings. As school systems rely on technology like email and video conferencing to teach classes, cybercriminals are making the most of this opportunity to score paydays and information from a sector that isn’t ready for them – considering the dismal state of cybersecurity education in the US, it stands to reason that schools’ cybersecurity isn’t much better. 

Traditionally, schools and universities aren’t major targets for cybercrime. Public school systems, individual private or religious schools, community colleges, and universities haven’t traditionally been worth the trouble, since few schools could offer a rich ransomware payoff or valuable research and development data to make it worth a cybercriminal’s time. 

That’s all changed in the new era of distance learning. Cybercriminals are regularly targeting school systems of every size and stripe to deploy ransomware and collect payments quickly as they disrupt distance learning. Incidents are popping up everywhere including: 

• For colleges, fundraising and alumni services have been impacted by the epic BlackBaud breach.
• Rialto Unified School District in California suffered a ransomware incident just two days into the new school year, stopping classes for  25,000 students.
• Lake Elsinore Unified School District in California also had significant disruptions through Zoom bombing and DDoS incidents. 
• Selma Unified School District experienced periodic disruptions in student email service.
• The University of Utah was recently the victim of a ransomware attack.
• Michigan State was impacted by Magecart skimming.

And the list goes on. An influx in cyberattacks on schools isn’t just bad news for school systems either. Businesses can be impacted by these incidents as well when parents and students share the same WiFi networks and devices. 

Add Protection to Prevent Intrusion

The fastest, easiest way for any business to immediately add a strong layer of protection between crucial systems and data and bad actors is to add a strong, fast-deploying secure identity and access management solution like Passly. 

The combined power of Multifactor Authentication and Single Sign-On with simple remote management means that IT staffers can more easily guard and control the gateways that give access to information – letting the right people have access to the right things, anytime, anywhere, and keeping cybercriminals out.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

The Stakes Are Rising As Breach Penalties Expand

The Stakes Are Rising As Breach Penalties Expand

The former CSO of Uber was charged with obstruction of justice and misprision of a felony this week for his role in an alleged coverup of the notorious 2016 data breach which impacted an estimated 57 million individuals. What does that mean for companies that suffer a breach now, and what can you do to reduce your breach risk?

Breach penalties have been steadily increasing worldwide as regulators and lawmakers respond to public pressure to hold executives and companies to account that play fast and loose with data protection or attempt to cover up incidents. and the penalties aren’t just monetary – legal implications for executives and companies are becoming more common, especially if companies are uncooperative in investigations. 

So what can you do right now to prevent a costly data breach? Add a secure identity and access management solution. A solution like Passly that combines multifactor authentication, secure shared password vaults, single sign-on, and simple remote management increases your company’s compliance with data safety best practices and protocols while also protecting your systems from cybercrime.

Adding better protection against hackers is essential for protecting not only your data, but it’s also essential for protecting your business. Between the exorbitant cost of recovery and the regulatory nightmares that can follow a sensitive data breach, investing in a secure identity and access management solution now to guard your gateways is a small price to pay for greater peace of mind.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

Growing Dark Web Data Dumps Are Fueling New Cybercrime

Growing Dark Web Data Dumps Are Fueling New Cybercrime

Dark Web data dumps have always been a source of fodder for cybercriminals. However, a dramatic increase in the quantity and quality of data that is available inexpensively or for free on the Dark Web is a key contributor to an explosion of cybercrime in 2020 (like ransomware or credential stuffing attacks) that can devastate your business.  

It’s estimated that 65% of the data on the Dark Web now can damage businesses, and more is being added every day through the release of information obtained in previous cyberattacks and the addition of information that’s been gathered about companies and populations.

One of the most common ways that new information fuels cyberattacks is through a data dump. Dark Web data dumps are huge quantities of information added to the pool that cybercriminals can draw from to power cyberattacks like ransomware, credential stuffing, and phishing. Everything from reams of email addresses to sensitive employee and security information to driver’s license records from around the world is making its way into the slurry of Dark Web data dumps.

That’s why it pays to have constant, reliable Dark Web monitoring and analysis through a solution like Dark Web ID to watch for your company’s protected employee credentials to hit the Dark Web. You can also add additional protections for privileged administrator and executive credentials. 

Dark Web ID uses human and machine intelligence to keep an eye on every shady corner of the Dark Web 24/7/365. If your protected passwords or credentials are spotted entering a Dark Web marketplace, you’re alerted to the potential danger quickly, giving you time to take action against attacks.

With the constant stream of information flowing into Dark Web data markets growing every day, it makes sense to make sure that you’re watching for trouble so that you can stop cyberattacks before they start.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863

As Students Go Back To School Virtually, Cybercriminals Are Logging In Too

As Students Go Back To School Virtually, Cybercriminals Are Logging In Too

---

Many school districts in the US and other countries are pursuing distance education this fall as the COVID-19 pandemic continues to impact in-person gatherings. As school systems rely on technology like email and video conferencing to teach classes, cybercriminals are making the most of this opportunity to score paydays and information from a sector that isn’t ready for them – considering the dismal state of cybersecurity education in the US, it stands to reason that schools’ cybersecurity isn’t much better. 

Traditionally, schools and universities aren’t major targets for cybercrime. Public school systems, individual private or religious schools, community colleges, and universities haven’t traditionally been worth the trouble, since few schools could offer a rich ransomware payoff or valuable research and development data to make it worth a cybercriminal’s time. 

That’s all changed in the new era of distance learning. Cybercriminals are regularly targeting school systems of every size and stripe to deploy ransomware and collect payments quickly as they disrupt distance learning. Incidents are popping up everywhere including: 

• For colleges, fundraising and alumni services have been impacted by the epic BlackBaud breach.
• Rialto Unified School District in California suffered a ransomware incident just two days into the new school year, stopping classes for  25,000 students.
• Lake Elsinore Unified School District in California also had significant disruptions through Zoom bombing and DDoS incidents. 
• Selma Unified School District experienced periodic disruptions in student email service.
• The University of Utah was recently the victim of a ransomware attack.
• Michigan State was impacted by Magecart skimming.

And the list goes on. An influx in cyberattacks on schools isn’t just bad news for school systems either. Businesses can be impacted by these incidents as well when parents and students share the same WiFi networks and devices. 

Add Protection to Prevent Intrusion

The fastest, easiest way for any business to immediately add a strong layer of protection between crucial systems and data and bad actors is to add a strong, fast-deploying secure identity and access management solution like Passly. 

The combined power of Multifactor Authentication and Single Sign-On with simple remote management means that IT staffers can more easily guard and control the gateways that give access to information – letting the right people have access to the right things, anytime, anywhere, and keeping cybercriminals out.

Bit by bit helps client networks run smooth and secure.. visit our website at www.bitxbit.com/texas 877.860.5863