There is a new Threat Spotlight released by Barracuda Networks.
One of the biggest trends in 2019 (where threats against businesses of all sizes are concerned) now takes the form of poisoned documents attached to emails.
The company analyzed more than 300,000 email samples collected over the past twelve months.
They discovered that the frequency of document-based malware attacks increased markedly during the first quarter of 2019, with nearly sixty percent of poisoned files taking the form of documents.
As Jonathan Tanner of Barracuda Networks put it:
"For the past couple of years, script files were a very popular attack method. The percentage of these sort of files declined drastically, however, and was a significant source of the increase of documents as an infection method...
The good news is that most antivirus software is quite good at detecting malicious files. Of course, the weakest link in the equation isn't detection software, it's users. In light of the evolving threat, education is more important than ever. Although to date, the majority of employees have been stubbornly resistant to educational measures designed to reduce the rate at which employees will click on and open documents received from un-trusted or even unknown sources.
As a business owner, that will likely be one of your great challenges in the year ahead. The more wary you can make your employees about opening files from people they don't know, the safer your network is bound to be.
If you've ever been a student or employee of the Georgia Institute of Technology, be advised that any personally identifiable information the university had on you may have been compromised.
Recently, the university reported an instance of unauthorized access into databases connected to its web app.
They first discovered evidence of the unauthorized access in mid-December of 2018 and have been investigating since. To date, however, it remains unclear exactly how long a time the unidentified hackers had access to their databases or what specific information may have been taken.
The formal statement issued by the university says, in part:
"The information illegally accessed by an unknown outside entity was located on a central database. Georgia Tech's cyber security team is conducting a thorough forensic investigation to determine precisely what information was extracted from the system, which may include names, addresses, social security numbers and birth dates."
The fact that the university's investigation is now several months old indicates that the hackers were quite skilled. Given the information that the University fears was compromised, it's more than enough to create a false identity.
If you have ever been employed at Georgia Tech, or if you've ever taken classes there, be mindful that enough of your personal information may have been compromised to steal your identity. If you haven't yet used a service that helps protect you against such things, it may be time to consider doing so. In any case, vigilance is the order of the day.
We don't yet know how many records may have been compromised, but it's better to be safe than sorry. If you've been fortunate enough to have avoided having your identity compromised, count yourself lucky indeed. It's something that can take years to fully recover from. Stay on your guard.
If you frequent any of the following restaurants and paid them a visit between May 23, 2018 through March 18, 2019, your credit card data may have been compromised.
The parent company of these chains, Earl Enterprise, recently announced that an unspecified number of store locations were found to have been infected by PoS malware.
When taken together, they managed to harvest more than two million credit card numbers nationwide. These were later found for sale on the Dark Web.
The list of restaurants includes:
If you've been to any of the restaurants named above in that range of time, you may have already received a notification from the company. If you want to confirm whether the location near you was one that was compromised, Earl Enterprise has a lookup tool on their website allowing you to drill down and find out definitively.
The company was made aware of the issue in late February when they were contacted by private security researcher Brian Krebs. He discovered a large cache of credit card numbers on the Dark Web that belonged to the company's customers.
Once they were informed, they launched their own internal investigation, duly notified law enforcement, and brought in a third-party firm to assist them with the investigation. Upon confirming Krebs' findings, they made a public announcement to their customers.
Exercising an abundance of caution, Earl Enterprise is encouraging all its customers to keep a watchful eye on their credit and debit card statements and to stay alert for any suspicious activity. If you notice any, report it to the company that issued your credit card immediately. If you see something and don't report it right away, you may wind up having to pay for charges you didn't make.
If you're a Mac user and looking for next-level antivirus protection, we've got some potentially good news.
Microsoft recently announced that their enterprise security platform, (Windows Defender Advanced Threat Protection) is now available for macOS.
To reflect the product's move away from offering protection exclusively to Windows-based systems, the company tweaked the name of the product. It is now called simply "Microsoft Defender ATP."
The newly minted version of the software is currently available for Macs in limited preview form, and represents the latest in an ongoing expansion effort. Last month, the company rolled out a version that extended its impressive protection to both Windows 7 and Windows 8.1. Future plans will include a further expansion to also provide protection to Linux-based machines.
At this point, Admins can install Microsoft Defender ATP on the following macOS versions:
Individual users will have the option to configure advanced settings in the software unless their admins specifically disable that functionality. The code also includes an auto-update feature that can be toggled by an Admin.
If you're an admin working in a Mac environment, you might not see a particular need for the new software. However, Microsoft pointed out in the bulletin they released with the announcement that Defender can detect KeRanger, which was the first ransomware strain to target the macOS.
In any case, more security options are generally better than fewer, and Microsoft has long been a favorite target of the hacking world. Love them or hate them, they do know a thing or two about security, especially at the enterprise level. Most insiders hail this move as a good one.
All that to say, if augmenting system security figures highly in your near term plans, and it probably does, this could be an excellent addition to your arsenal.
Fear is a fantastic way to spread malware, which is why hackers around the world are using the fear of a flu pandemic as a hook to install a nasty strain of ransomware.
Researchers at MyOnlineSecurity have detected a cunning email campaign which spoofs the Centers for Disease Control and bears headlines warning of a Flu Pandemic.
The message is short and to the point, explaining that a flu pandemic has been detected and urges recipients to read the attached document for further instructions to protect their families and help keep it from spreading. The instructions also helpfully include the note that in order to view the document properly you'll need to click the 'Enable Editing' button.
The attachment bears the name "Flu Pandemic Warning," which reinforces the message itself. It's an excellent choice from the perspective of the hackers, because they know that a relatively high percentage of those who receive this message from what appears to be a trusted agency will open it.
Unfortunately, the moment they open the file and click to enable editing, they doom themselves. The word document is poisoned and contains scripts that will install the GrandCrab v5.2 ransomware on the victim's machine, which will promptly lock their files and demand a hefty payment.
While this is a nasty and especially effective campaign, it's not the only one that the creators of Grand Crab are engaged in. Recently, the Chinese government issued their own alert, stating that beginning on March 11, various government departments were bombarded with phishing-style emails intent on installing ransomware on their servers.
All that to say, vigilance is more important now than ever. There's no telling how long this campaign will run, or what may come after it, but one thing you can be sure of. They're not going to stop.