Recent Hacks and Scams that Could Threaten Your Cybersecurity

Article

By Karen Andersen

Looking to make sense of the fluid nature of cybersecurity? 

We bring you the hacks, vulnerabilities and challenges of securing your daily habits and work environment. This brief is intended to help you make sense of the ever-changing world of cybersecurity so you can avoid similar scenarios. View our growing list of topics below:

 


October 2019

OWN IT, SECURE IT, PROTECT IT.

With data breaches and privacy concerns routinely making international news headlines, it’s more important than ever to take a proactive approach to cybersecurity. For the past 16 years, October has been National Cybersecurity Awareness Month. Awareness Month is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity. This year’s theme is Own It, Secure It, Protect It.

Own It

  • Never Click and Tell: Staying Safe on Social Media
  • Update Privacy Settings
  • Keep Tabs on Your Apps: Best Practices for Device Applications

Secure It

  • Shake Up Your Passphrase Protocol: Create Strong, Unique Passphrases
  • Double Your Login Protection: Turn on Multi-Factor Authentication
  • Shop Safe Online
  • Play Hard to Get with Strangers: How to Spot and Avoid Phish

Protect It

  • If You Connect, You Must Protect: Updating to the Latest Security Software, Web Browser, and Operating Systems
  • Stay Protected While Connected: Wi-Fi Safety
  • If You Collect It, Protect It: Keeping Customer/Consumer Data and Information Safe

(Source: https://staysafeonline.org/ncsam/themes/)

For more information about this year’s theme and access to a number of resources, including the 2019 National Cybersecurity Awareness Month Toolkit, visit the National Initiative for Cybersecurity Careers and Studies website.

If you have any questions about these attacks or would like to better understand how we help our clients feel more confident about their cybersecurity, please contact Anders Erickson, Director of Cybersecurity Services, at 208.383.4731. You can also click the get started button to submit a contact form.


September 2019

CRIMINALS USE SOPHISTICATED VISHING IN MOST RECENT ATTACK

Users are constantly being tested by criminals trying to get them to click on links in emails or download malicious software. There are many technical controls in place to help prevent those types of emails from even getting into a user's inbox, and many users a trained to spot these types of emails. Criminals know this and are testing new scams using AI to help.

In a recent article, The Wall Street Journal uncovered an incident of criminals using sophisticated AI to deepfake a CEO's voice to call a coworker and convince them wire $243,000 dollars to supplier. Of course, the bank account numbers weren't owned by the supplier, and the funds quickly bounced from one country to another to avoid being tracked.

This form of social engineering is called voice phishing, or "vishing." With the ability to use AI to learn and mimic voices on the rise, it's only a matter of time before more criminals utilize this technology. Organizations should train users that no personnel (even CEOs) are allowed to request money transfers without proper approvals and verification of recipients.

If you have any questions about these attacks or would like to better understand how we help our clients feel more confident about their cybersecurity, please contact Anders Erickson, Director of Cybersecurity Services, at 208.383.4731. You can also click the get started button to submit a contact form.


August 2019

CAR BUYERS BEWARE OF RECENT CYBER INCIDENT

It seems pretty common these days when a company announces they have had a breach and millions of records are at risk. Unfortunately, it’s even more common for companies to have breaches and not announce the incident to their customers. One of the most recent examples of this is an elastic database that was hosted online without proper password protection, exposing 198 million car buyer records. This was first reported by Jeremiah Fowler, a security researcher who came across the database (413GB) belonging to DealerLeads. After DealerLeads was notified, they protected the database, but they did not notify users of the potential breach. The unsecured database was found to contain 198 million records, including names, email addresses, phone numbers, street addresses and other personal information.

Unfortunately, there are many breaches like this that go unannounced or do not get the media attention to alert people. According to a data recently published in the 2019 MidYear QuickView Data Breach Report, the first six months of 2019 have seen more than 3,800 publicly disclosed breaches. Those breaches exposed over 4.1 billion records. Even more staggering, of those 4.1 billion records, 78% of the records were exposed by just 8 separate breaches.

Proper configuration of online services is critical anytime an organization handles customer data. If you have any questions about this attack or would like to better understand how we help our clients feel more confident about their cybersecurity, please contact Anders Erickson, Director of Cybersecurity Services, at 208.383.4731. You can also click the get started button to submit a contact form.


July 2019

CIRCLE OF LIFE

2020 is just around the corner, and it’s not just another new year; January 2020 marks the end of two of the most popular Microsoft operating systems: Windows 7 and Server 2008 R2. End of life for these two operating systems doesn’t mean that they will stop working in January 2020, but it does mean that, after January 2020, they will not receive security updates. That means after January 2020, if any new vulnerabilities are found, they will no longer be patched, leaving the device vulnerable.

The latest figures (by ComputerWorld) show that of all devices in the world running a Windows operating system, 40% are still running Windows 7. In six months all those devices will stop receiving updates, making them vulnerable to any new security risks.

Server 2008 R2 is also reaching its end of life, which won’t be an issue for personal use, but in the corporate world, Server 2008 is a very popular operating system that will need to be updated in the next six months. If corporations don’t upgrade to a newer version of Windows by January 2020, they may be at serious risk. If your organization is still running Windows 7 or Server 2008 R2, upgrade as soon as possible.

If you have any questions about these services, please contact Anders Erickson, Director of Cybersecurity Services, at 208.383.4731.


June 2019

BUSINESS EMAIL COMPROMISE

When cyber threats don’t get the attention of the media, sometimes threats remain unknown to users—especially executives. Ransomware is a huge threat to all organizations, and it’s hard to imagine anyone in an organization today not knowing about the destruction and cost that is associated with it. But last year, another threat cost companies even more money than ransomware.

According to the FBI’s 2018 Internet Crime Report, Business Email Compromise or “BCE” cost companies over $1.2 billion in losses. A business email compromise is a technique used to get unauthorized transfer of funds to bank accounts owned by criminals. This is usually done by spoofing or using stolen email credentials to solicit the transfer of funds. One of the most common examples of this type of attack is when a criminal spoofs the CEO’s email address and emails someone in accounting, typically stating that they are about to board a plane and need to pay an invoice they forgot about. They provide the necessary routing numbers to “get the invoice paid immediately.” Unfortunately, the email is not legitimate, and the funds are sent to the criminal's bank account.

Of the 351,936 IC3 complaints reported last year, only 20,373 were of BEC (6%), but accounted for almost half (45%) of the total amount of money lost.

These types of attacks are not seen on major news outlets, since they are not destructive like ransomware, which can affect whole companies and cities. These types of incidents also usually do not affect millions of consumers, like breaches in which a plethora of data is stolen. Even though these attacks are not often reported by the media, organizations should be aware of these types of attacks and educate users on how to properly handle such requests.

If you have any questions about these attacks or would like to better understand how we help our clients feel more confident about their cybersecurity, please contact Anders Erickson, Director of Cybersecurity Services, at 208.383.4731. You can also click the get started button to submit a contact form.


May 2019

RECOVERY COMPANIES VS. INCIDENT RESPONSE COMPANIES: BEWARE

Ransomware has exploded over the last few years. Online services that specialize in ransomware allow even the most novice person access to release ransomware. Since the market of deploying ransomware has grown, so has the business of data recovery.

With organizations and even entire cities (most recently Baltimore) under attack from ransomware, many are turning to third parties to help them recover. Most recovery companies will tell you that, unless there is something wrong with the deployment of the ransomware, it’s very unlikely you will ever be able to decrypt your files. They often recommend that you start restoring data from backups and wipe all devices that were infected.

This is not the case for some recovery companies, though; some companies guarantee they can decrypt ransomware. In a recent article published by Renee Dudley and Jeff Kao for ProPublica, some of these companies were investigated. ProPublica found that most of the time, these “recovery” companies just pay the ransom on your behalf and say their propriety technology decrypted the data. Even worse: in some cases, the recovery companies appeared to have relationships with the criminals. Paying the ransom is never advised, since there is no guarantee the criminals will provide the decryption keys, and the ransom money could be used for other illegal activities.

It’s always best to engage with an incident response company before an incident occurs. This gives you time to properly review the company and understand all their services. It’s also important to work to prevent ransomware from infecting your organization. The best way to protect your organization against ransomware outside of the technical aspects (keeping things up to date, firewalls, endpoint protection, etc.) is to educate users through ongoing training and simulated phishing tests. Another way is to limit user access; many times, the scope of what is encrypted from ransomware can be limited if the principle of least privileged is followed.

If you have any questions about these attacks or would like to better understand how we help our clients feel more confident about their cybersecurity, please contact Anders Erickson, Director of Cybersecurity Services, at  208.383.4731. You can also click the get started button to submit a contact form. 


April 2019

ISLAND HOPPING ATTACKS INCREASING ACROSS ALL INDUSTRIES

Do you trust outside organizations that you’ve given access to your network or services? Most organizations have a false sense of security when it comes to allowing vendors or service providers into their network. What happens if one of your vendors or service providers was infiltrated by criminals? In the most recent Global Incident Response Threat by Carbon Black, it was found that in 50% of attacks, the attacker migrates from one organization to another in a technique called island hopping. This type of attack remains most popular in healthcare and financial industries, but is growing in all industries.

These types of attacks are very effective since they leverage the trust between organizations. Island hopping attacks can also be very successful even if your vendors or service provider don’t have access to your network, as the attacks leverage the trust built between your organizations to send you a convincing phishing email. Since the email is coming from a legitimate vendor, many times spam filtering is less likely to flag the email as suspicious, and users are also more likely to act on the email since it came from a trusted source. The attackers know this and do their homework to make sure they have wording, names and dates correct when composing the phishing emails.

In the most recent occurrence of one of these attacks, Brian Krebs reported that a large IT service provider (Wipro) had been infiltrated by cybercriminals. The cybercriminals leveraged Wipro’s resources to phish and gain access to Wipro clients. The investigation is still ongoing, but many of Wipro clients have already found they have also been infiltrated by the same group on criminals. Wipro provides IT services to tens of thousands of organizations across the world including fortune 500 companies.

If you have any questions about these attacks or would like to better understand how we help our clients feel more confident about their cybersecurity, please contact Anders Erickson, Director of Cybersecurity Services, at 208.383.4731. You can also click the “get started” button to submit a contact form.


March 2019

PASSWORD MANAGEMENT

One of the most common questions I get asked is, “if you were going to recommend one thing to do today to better protect my business or self, what it would be?” Although it’s always hard to come up with one thing to help protect an organization or individual, the response I usually give is related to password management and second-factor authentication.

Many companies these days use online services, rather than internally hosted applications, for most of their day to day operations. Most of these services require their own login credentials. How do users manage to remember all those passwords? More often than not, the user utilizes the same password across all of the services so they can easily get into each one.

Password management includes many aspects, but the key is to not utilize the same password for multiple accounts. The only way to do this effectively when users have dozens of (if not more) accounts between their personal and work use is to utilize a password manager (LastPass, 1Password, etc.). Password managers can be a lifesaver when you have too many passwords to try and remember.

If you are going to provide a password manager for users within your organization, make sure to take the time to train users on how to utilize the tool. Also, don’t assume users know how to reset their password within a service. I’ve talked to many users who try and do the right thing and change their password to something unique, but they don’t know how. Many services bury the “change password” option deep within account settings or profile page. In these cases, even if a user decides to utilize a password manager, they may be unable to set each account up with unique passwords, which defeats the purpose of the password manager.

If you have any questions about these services or would like to better understand how we help our clients feel more confident about their cybersecurity, please contact Anders Erickson, Director of Cybersecurity Services. You can also click the get started button below to submit your contact information.


February 2019

ANOTHER DAY, ANOTHER DATA BREACH

Like the Equifax breach in 2017, this breach may affect you even though you didn’t provide the company with any data. Also, like the Equifax breach, this latest breach could have been avoided if proper configurations were in place. A simple setting on a server recently exposed a database of more than 24 million financial records. The records included tens of thousands of mortgages from some of the nation’s largest banks. The result of the oversight made it possible for users visiting the website to view the entire database. To make matters worse, during the investigation, another server was found to be misconfigured and exposing its entire database as well.

The company responsible for this breach is Ascension Data & Analytics. Data analytics companies are becoming more common as businesses are trying to utilize data to improve their products and lower costs. Unfortunately, this type of practice can come at a price to consumers. Since data was provided to Ascension by other companies, consumers may not know they have been affected until it's too late.

This breach serves as a good reminder that organizations should have a robust change control process in place to avoid changes to production that could negatively affect the organization. Organizations should also be performing regular vulnerability scans to find misconfigured settings and vulnerabilities within their systems.

Eide Bailly’s Cybersecurity team includes experienced network engineers that assist our clients with vulnerability and Windows configuration scans, risk assessments, and web application security reviews. Click the button below to get started.


January 2019

BOMB THREAT SCAM

On December 14, 2018, the FBI released a statement regarding a recent hoax where hundreds of emailed bomb threats targeted businesses and schools nationwide. The email describes a placement of a bomb in the respective buildings, and, unless a ransom of bitcoin was received, the bomb would be detonated.

If anyone receives this type of communication, they are advised to contact the FBI and local law enforcement, as well as the FBI's Internet Crime Center at www.ic3.gov/ Do not reply or attempt to contact the sender. Do not pay the ransom.

Several variations of the email have been noted, but the content is largely the same. Here is an example email threat:

“Good day. There is the bomb (Tetryl) in the building where your business is conducted. It is constructed according to my guide. It can be hidden anywhere because of its small size, it can not destroy the building structure, but you will get many wounded people if it detonates.
My man keeps the building under the control. If he notices any unusual activity, panic or emergency the bomb will be exploded.”

Noted characteristics are as follows:

  • References a specific chemical
  • States the explosive device is small in size and hidden within the building
  • Demands a ransom of $20,000 USD be paid to a named Bitcoin address
  • Indicates the detonation will be called off after the payment is verified by three confirmations on the Bitcoin blockchain
  • States the senders of the emails are not affiliated with a terrorist organization

As always, if you notice any suspicious activity, threats or incidents, notify management and the proper authorities.

If you have any questions about these services or would like to better understand how we help our clients feel more confident about their cybersecurity, please contact Anders Erickson, Director of Cybersecurity Services, at aerickson@eidebailly.com or (208) 383-4731. You can also click the get started button to submit a contact form. 


November 2018

CELLPHONE SCAMS

If you have a cellphone, you've probably noticed an increase in the number of those annoying spam or "robocalls." The following tips may be helpful when dealing with these calls.

  1. Ignore calls that do not provide a caller ID or are not a number that you recognize. If it's a legitimate call, they will leave a message.
  2. Anticipate legitimate calls that do not belong to a defined contact. For example, if you dropped off your car for a service appointment and you've provided your cell phone number, you can expect the call when it's ready to be picked up.
  3. After receiving a spam call, block the caller's number. Unfortunately, most spammers simply change their spoofed phone number to get around being blocked, but it can't hurt.
  4. If you answer a call and do not know the caller, avoid answering “yes” to any questions; this may be a ruse to record your verbal consent and alter the recording for other purposes.
  5. Never give out personal information. If you are an existing customer of an established business, they should already have your information. Do not give out sensitive information such as date of birth, social security or credit card number over the phone, period. Remember, scammers purposely try to sound convincing; don’t fall for it.
  6. If the caller asks you to press a key or a number to respond to a question, don’t do it. You are not required to provide information or to answer phone surveys. Don’t be afraid to be assertive.
  7. Opening links in text messages can be as dangerous as clicking a link in an email. Think before you press, and if you’re unsure, don’t open it.
  8. Lastly, apply the same skepticism when answering the phone at work, as it’s common practice for scammers to target businesses as well as personal numbers.

If you have any questions about these services or would like to better understand how we help our clients feel more confident about their cybersecurity, please contact Anders Erickson, Director of Cybersecurity Services, at aerickson@eidebailly.com or (208) 383-4731. You can also click the get started button to submit a contact form. 


September 2018

DO YOU WEAR YOUR CYBERSECURITY HELMET?

What is your risk tolerance? While on a recent bicycle ride, I started analyzing my ride in terms of risk. What is the likelihood the person coming at me on a narrow path will stay on their side of the trail? Is the approaching rider looking up or are they distracted? A few riders had bike helmets but they were not wearing them; the helmet was attached to a handlebar or sitting in a basket. I realized this is similar to what is often observed in cybersecurity. If you purchase a tool or device that is intended to protect you, unless you actively use it as designed, the odds of it protecting you during an actual incident are greatly diminished. Or completely. To me, the behavior is perplexing - why make the investment yet not utilize the benefit? Why do people engage in risky behavior and not heed precautions? Be aware of the actions you are taking both at work and in your personal life. Are you consciously avoiding risk or are you moving forward and hoping for the best?

A bike helmet won't protect you at the office; knowing how to spot and avoid risky scenarios will go a long ways in offering protection. Pause before responding to an unusual email, before opening a link or attachment, and confirm with a colleague, in person, before agreeing to change a bank routing number or sending a wire transfer. If you suspect something doesn't seem right, follow your intuition. If you accidently make a mistake, such as sending an email to the wrong recipient or accidentally deleting data, let someone know so it can be corrected. Accidents can happen to anyone; it's how you recover that matters.

If you have any questions about these services or would like to better understand how we help our clients feel more confident about their cybersecurity, please contact Anders Erickson, Director of Cybersecurity Services, at aerickson@eidebailly.com or (208) 383-4731. You can also click the get started button to submit a contact form. 


August 2018

SHARING PERSONAL INFORMATION

Have you ever Googled yourself? You should. It’s important to understand what information about you is readily available on the internet.

However, personal information isn’t just gathered online. Think about items you often carry. Are they personalized? For example, jackets, luggage tags, your computer screen, or a boarding pass. Maybe your job requires a security badge, or maybe you’re wearing a company issued items with logos or your company names. If these things are visible, they may be revealing information about you. Social engineering involves learning about people and using that personalized information to manipulate or build a sense of familiarity with unsuspecting people.

Other methods often used to gain personal details include calling someone and purposely stating incorrect information. If the caller states the wrong answer, people will often correct them and provide relevant information. Some callers will ask personal questions under the guise of a survey, while others will even knock on your door at home, armed with personal information, acting as if they are trying to persuade you to vote a certain way or support a cause.

By understanding what data is available both online and in person and limiting the information you share, you can better protect yourself and lower the risk of personal data being used to target you. It’s all about security awareness.

If you have any questions about these services or would like to better understand how we help our clients feel more confident about their cybersecurity, please contact Anders Erickson, Director of Cybersecurity Services, at aerickson@eidebailly.com or (208) 383-4731. You can also click the get started button to submit a contact form. 


July 2018

CYBER EXTORTION – A SERIOUS MATTER

Cyber extortion is not a new topic, however there is a new scam, sextortion. Here is an overview of the scheme. A “bad actor” sends an email, with a message similar to this:

Your email address is <actual email address>; your password is <corresponding password>

I recently placed malware on a site hosting sexual content; I caught you visiting the site. As proof, your email is <email> and your password is <password>. I was able to connect to your computer, and I've copied all of your contacts. I also made a split-screen video; one video is the activity on your computer of websites visited. The second video is your webcam recording you watching online content.

The sender demands a bitcoin ransom be paid within 24 hours, or he will release the footage to all of your contacts. The “bad actor” also includes additional graphic and threatening language. Ransom amounts vary, but are typically around $1,000 to $2,700.

This is extortion. This scam may be automated, with the goal of actually finding people who fall for the scheme. Due to the number of data breaches, it is relatively easy to obtain a valid email and password, especially if they have been reused. Some people who have received this threat noted the email/password combinations appear to be from previous data breaches, some as old as 10 years ago.

If a susceptible person receives this email, they may feel guilty, panic, and decide to pay the ransom.  The extortionist is purposely looking to exploit personal fears. In extreme cases, the fear of exposure may lead to suicide.

According to the FBI, here are some things you can do to avoid becoming a victim:

  • Never send compromising images of yourself to anyone, no matter who they are—or who they say they are.
  • Don’t open attachments from people you don’t know, and in general be wary of opening attachments even from those you do know.
  • Turn off and/or cover any web cameras when you are not using them.

The FBI advises that in many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, the FBI wants to hear from you. Contact your local FBI office or toll-free at 1-800-CALL-FBI.

And of course, continue to help build awareness.

If you have any questions about these services or would like to better understand how we help our clients feel more confident about their cybersecurity, please contact Anders Erickson, Director of Cybersecurity Services, at aerickson@eidebailly.com or (208) 383-4731. You can also click the get started button to submit a contact form. 


June 2018

VACATION WITHOUT WORRY

School is out and it's a great time for a family vacation! Travelers aren't the only ones who look forward to this time of year. It's common sense not to announce that you're going out of town. This is also a great time to share with family the potential dangers of social media and how it can be used against you.

Friendly reminders:

  • Do not post that you'll be out of town; burglars love to learn these details.
  • Do not accept requests from people you don't know.
  • Remind your kids to be careful what they post on social media; excitement can take over and lead to sharing the big news.
  • If you sign in to a website or app with credentials for another site, it allows both sites to access your data. Be aware of any automatic updates posted on your behalf. If an auto generated post announces that you are checking into a hotel or resort, it also lets others know you aren't home.
  • If a stranger knocks on your door in the middle of the day, they may be scouting to see if anyone is home. Instruct children and others in your home not to give out information to strangers, or simply state something such as “my mom (or dad) can't come to the door right now.”
  • Pay attention to what you are disclosing in public; details can be overheard.
  • Discuss smart tips at home and at work to help spread the word. Encourage others to be safe and aware.
  • Most importantly, have a great vacation!

If you have any questions about these services or would like to better understand how we help our clients feel more confident about their cybersecurity, please contact Anders Erickson, Director of Cybersecurity Services, at aerickson@eidebailly.com or (208) 383-4731. You can also click the get started button to submit a contact form. 


May 2018

Ctrl +Alt +Del YOUR WAY TO SECURITY

Whenever you're working at your desk, and you need to step away, get in the habit of locking your PC. It's just three little buttons Ctrl + Alt + Del. By locking your screen, you let coworkers know you are away from your desk. It's helpful to know you aren't at your desk if you use Communicator or an Instant Messenger. Secondly, it protects any applications you currently have open such as a sensitive document or a spreadsheet. Establishing good habits such as locking your PC every time youstep away, are simple ways to improve your security posture.

Next time you walk down the hall at work or you're in a public space, see if you notice any unattended and/or unlocked PCs. It's interesting to observe the number of PCs left wide open. It also prevents anyone from tampering with your PC or seeing data that isn't meant to be seen by others. Do you ever use a PC in a public area? It is important to ensure an unintended user doesn't access your data.

It also demonstrates to others that you take protecting company assets seriously and are trying to avoid unintended access. It may be unlikely that someone would use your PC in your absence but then again, why wait until something bad happens. Make it a habit to lock your PC on a regular basis. Organizations should also set an auto lock after a short period of inactivity.

This tip also applies to cell phones. It's easy to inadvertently set a phone down. By getting in the habit of locking your phone, you help protect the data, the applications, and the phone from misuse by a stranger.

If you have any questions about these services or would like to better understand how we help our clients feel more confident about their cybersecurity, please contact Anders Erickson, Director of Cybersecurity Services, at aerickson@eidebailly.com or (208) 383-4731. You can also click the get started button to submit a contact form. 


April 2018

BEFORE YOU FILL OUT THAT SURVEY…

The internet is filled with people looking for ways to obtain personal information about you. Facebook has been in the news lately as a source for other organizations to "scrape" personal data. Another common scam technique often masquerades as a friendly, unassuming survey or a game. Sometime they are featured as part of another webpage where you're reading a news article, it may be on social media, it may also come in an email as a link. It may encourage you to share the survey with family and friends!

In person, if you were asked a very private question, you may object or not respond. Surveys are a clever way to obtain data without the responder even realizing the information they are providing. Historical information is particularly valuable - what year were you born? It may be a fun survey about pets and ask - what was your first pet and what was its name? What was your first job? These are also common security questions to gain access to an account if you forget your password.

If you would like to see other examples of how fun and innocent surveys appear, click here.

If you have any questions about these services or would like to better understand how we help our clients feel more confident about their cybersecurity, please contact Anders Erickson, Director of Cybersecurity Services, at aerickson@eidebailly.com or (208) 383-4731. You can also click the get started button to submit a contact form. 


March 2018

CELLPHONE PORTING SCAM

If your phone suddenly switches to "emergency calls only" mode, you better act fast. A new scam has fraudsters targeting individuals to gather personal information including name, cellphone number and carrier, in addition to the usual date of birth, Social Security number and address. The fraudster contacts the cell service provider and reports the phone as stolen, and requests to have the cell number "ported" or assigned to a new phone and/or a new carrier.

Once the cell number has been moved to a new device, hackers attempt to access accounts that utilize a text message as part of authentication. Victims have had their bank accounts drained, credit card accounts hacked and other instances of fraud.

If you suddenly receive a text thanking you for signing up for a new cellphone carrier or your cell service drops, contact your cellphone carrier immediately. Also change passwords to any online accounts as soon as possible and take steps to recover your identity. As a preventative measure, you can institute a pin number on your cellphone account. Please share the details of this scam with others to help increase awareness.

For more on the story check out the Better Business Bureau’s advice, here.

If you have any questions about these services or would like to better understand how we help our clients feel more confident about their cybersecurity, please contact Anders Erickson, Director of Cybersecurity Services, at aerickson@eidebailly.com or (208) 383-4731. You can also click the get started button to submit a contact form. 


February 2018

SCAMMERS TARGETING TAX PREPARERS AND CLIENT INFORMATION TO COMMIT IRS FRAUD

Brian Krebs writes a security blog, KrebsonSecurity.com, which recently shared details of tax preparer fraud to help people be aware: 

"On Feb. 2, 2018, the IRS issued a warning to tax preparers, urging them to step up their security in light of increased attacks. On Feb. 13, the IRS warned that phony refunds through hacked tax preparation accounts are a “quickly growing scam.” "

Basically, identity thieves focused on tax fraud, hack online accounts at tax preparers, and file phony tax returns.  Clients receive tax refunds they were not expecting.  Then the victim receives notification from a fraudster, posing as a debt collector or even as the IRS, stating they have received funds in error, and demanding that the funds are repaid immediately.  The scam may also include a website with a posted video, explaining the error and how to return the funds via wire transfer along with instructions. Some scams even assign a case worker along with telephone number and email address, to “help resolve the issue.”  The hackers provide the social security number of the targeted individual along with other personal information such as date of birth, address, to make the scam appear official.

“Thieves know it is more difficult to identify and halt fraudulent tax returns when they are using real client data such as income, dependents, credits and deductions,” the agency noted in the Feb. 2 alert. “Generally, criminals find alternative ways to get the fraudulent refunds delivered to themselves rather than the real taxpayers.”

One last note of caution, if you go to file taxes and receive a notice that your taxes have already been filed, it is a good indicator that a scam artist may have beat you to it.  Tax fraud is so prevalent, the IRS provides documentation "Taxpayer Guide to Identity Theft" along with a form to file in the event you are a victim.

Brian's original blog can be found here.

If you have any questions about these services or would like to better understand how we help our clients feel more confident about their cybersecurity, please contact Anders Erickson, Director of Cybersecurity Services, at aerickson@eidebailly.com or (208) 383-4731. You can also click the get started button to submit a contact form. 


January 2018

THE CHIPS IN OUR COMPUTERS HAVE LEFT US VULNERABLE

A team of researchers from Google, who refer to themselves as Project Zero, have released information regarding two significant vulnerabilities in the Central Processing Units (CPUs) – the primary computer chips – produced by all major chip manufacturers. Referred to as Meltdown and Spectre, these vulnerabilities threaten almost all personal computers, laptops, tablets, and smartphones produced in the past 20 years. Once a hacker has access to a computer or device, they can exploit these vulnerabilities to extract data from that system’s memory, including even sensitive personal information or passwords.  Many software vendors have released patches (updates and instructions) to help prevent hackers from exploiting these vulnerabilities; however, the fixes can be very complex.  It has been determined that specific versions of anti-virus software prevent the patch from being applied.  The result is a “blue screen of death” which renders a computer unusable without further recovery efforts. In addition, because these vulnerabilities are so deeply embedded in processes a computer chip uses to manage data, it is unclear how long it will take to truly develop a complete solution.

These new revelations of flaws that reside at the very heart of our systems provide a timely reminder of the importance of cybersecurity.  Organizations need additional emphasis and due diligence on basic security activities, including:

  • security awareness training and education
  • network vulnerability and penetration testing
  • monitoring and detection activities
  • incident response planning

The Cybersecurity Team at Eide Bailly helps clients navigate the often complex process of implementing critical software updates to mitigate the Meltdown and Spectre vulnerabilities.  In addition, we help organizations establish the basic security practices and activities that will strengthen their internal culture of security.

If you have any questions about these services or would like to better understand how we help our clients feel more confident about their cybersecurity, please contact Anders Erickson, Director of Cybersecurity Services, at aerickson@eidebailly.com or (208) 383-4731. You can also click the get started button to submit a contact form. 


December 2017

EMAIL SPOOFING – WHO REALLY SENT YOU THAT EMAIL?

Email spoofing is a trick that has been employed by hackers for a long time. The hacker alters the “From” field in an email so that it appears to originate from someone other than the hacker. The objective is to trick the recipient into believing the email is from a trusted source, such as a friend or coworker.

Security researchers recently discovered a set of vulnerabilities that could be exploited to perform email spoofing on several widely-used email applications. They have called this collection of email vulnerabilities MailSploit. Recently, a number of organizations and individuals have been victims of MailSpoit attacks.

How can you help protect yourself from email spoofing? Here are five helpful tips:

  1. Proceed with caution if you don’t recognize the sender of an email. Check to see if the email address matches the signature line or is a trusted email address. 
  2. Be suspicious of emails with language that contains misspellings or that doesn’t “sound” right. 
  3. Hover over hyperlinks (don’t click on them) and look closely to see if they appear legitimate – with some fonts, the letter ‘r’ next to ‘n’ can look like the letter ‘m’. 
  4. Never use a hyperlink in an email to provide credentials and personal information. Instead, open your web browser and go directly to the application or website. 
  5. Avoid accessing free or unsecured wireless networks unless utilizing a virtual private network (VPN). 

If you are concerned that you may have already been the victim of email spoofing, please contact your local IT team immediately. They can help to identify and limit the impact of any data breach that may have occurred.

If you have any questions about these services or would like to better understand how we help our clients feel more confident about their cybersecurity, please contact Anders Erickson, Director of Cybersecurity Services, at aerickson@eidebailly.com or (208) 383-4731. You can also click the get started button to submit a contact form. 


September 2017

EQUIFAX – A REMINDER TO PROTECT OURSELVES AND OUR ORGANIZATIONS

The credit monitoring service Equifax experienced a data security breach that could affect as many as 143 million people. Hackers exploited a flaw on the Equifax website to gain unauthorized access to files that contained consumer identity and credit card information.

The breach provides us with two important reminders:

  1. Individuals must remain vigilant in monitoring and protecting our own identities. This Consumer Reports article provides details on how to monitor for fraud and take action should you see that something has taken place.
  2. Organizations should be prioritizing the development of a culture where cybersecurity is seen as an element critical to success. Leaders and executives should promote strong cybersecurity practices and ensure that activities like the following are addressed on an ongoing basis:
    • Security Awareness Training
    • Vendor Management
    • Event Detection and Response
    • Incident and Contingency Planning

The firm offers a foundational risk assessment – Cybersecurity Compass® – that provides non-IT leaders with an overview of how their organization has addressed these and other cybersecurity risks. This assessment also outlines recommendations and priority projects to help direct risk remediation efforts.

If you have any questions about these services or would like to better understand how we help our clients feel more confident about their cybersecurity, please contact Anders Erickson, Director of Cybersecurity Services, at aerickson@eidebailly.com or (208) 383-4731. You can also click the get started button to submit a contact form. 


August 2017

VENDOR MANAGEMENT:  YOU’RE ONLY AS STRONG AS YOUR WEAKEST LINK

Google recently notified its employees and the state of California that they had been victims of a cybersecurity breach. One of their travel agencies, Carlson Wagonlit Travel (CWT), utilizes the system called SynXis Central Reservation System (CRS), which is owned and operated by Sabre Hospitality Solutions.  Sabre discovered that hackers had gained unauthorized access to SynXis CRS. The hackers had taken travel reservation data including names, contact information, and payment card information. Google is now managing the impact and cost of a security breach that occurred at a vendor (Sabre) used by their vendor (CWT). This story highlights a significant challenge all organizations face as they enter into vendor relationships – how to ensure they partner with organizations who treat their data in a secure manner.

We live in an increasingly outsourced world. Organizations are eager to capitalize on the cost savings that result from contracting with third-parties to perform anything from payroll processing to software development.  The common thread throughout all these outsourced activities is the sharing of data, and if those third-parties don’t have adequate security practices, then that shared data is at risk of being compromised.  Cybersecurity experts at Eide Bailly recently conducted a risk assessment at a manufacturing client where they identified over five vendors who had significant access to the company’s systems or data with little or no oversight. The team is now assisting this client in establishing a vendor management program to regulate the data and access provided to third-parties and to hold vendors accountable for the security of data with which they are entrusted.

If you have any questions about these services or would like to better understand how we help our clients feel more confident about their cybersecurity, please contact Anders Erickson, Director of Cybersecurity Services, at aerickson@eidebailly.com or (208) 383-4731. You can also click the get started button to submit a contact form. 


June 2017

EXTORTION OF STOLEN PERSONAL HEALTH RECORDS

A plastic surgery clinic in Lithuania recently had their customers’ personal health records stolen in a phishing attack conducted by a group of hackers who call themselves “Team Tsar”. These records included personal information along with images of patients from both before and after their surgery. The hackers threatened to release these sensitive health records to the general public if the clinic didn’t pay a ransom. Once this clinic refused to pay the ransom, the hackers followed through on their threat and released the records. As could be expected, the fallout was swift and heavy, resulting in significant loss of consumer trust and revenue. The experience of this clinic demonstrates an important cybersecurity principle – Much, if not all, data can be exploited to create value. In this instance, the hackers used extortion in an attempt to increase the value of data.

Clinics and smaller medical practices carry a heavy burden when it comes to cybersecurity. They operate under the same risks as larger hospitals and medical institutions but often don’t have the resources to implement sound cybersecurity practices. Cybersecurity experts at Eide Bailly recently completed Cybersecurity Compass risk assessments at six local access hospitals in South Dakota. These professionals brought extensive healthcare experience to these engagements and helped these institutions identify risks that could place their patient’s personal health records at risk. The reports from these assessments provided non-IT executives and board members with a clear understanding of their organization’s cybersecurity risks and outlined recommendations for remediation. Using our recommendations, these organizations are now prepared to make strategic cybersecurity investments.

If you have any questions about these services or would like to better understand how we help our clients feel more confident about their cybersecurity, please contact Anders Erickson, Director of Cybersecurity Services, at aerickson@eidebailly.com or (208) 383-4731. You can also click the get started button to submit a contact form. 


May 2017

RANSOMWARE HITS 99 COUNTRIES IN 10 HOURS

On Friday, May 12, organizations all around the world were victims of ransomware attacks. Cybersecurity experts tracked more than 75,000 coordinated ransomware attacks in 99 countries. Ransomware locks the files on an infected computer rendering them inaccessible.  The victim is then instructed to pay the hackers a “ransom” before the files can be unlocked. The British National Health System was one of these victims, causing hospitals across the United Kingdom to turn away patients. Other victims included Russia’s Interior Ministry and Telefonica (one of the largest private telecommunications companies in the world). The attackers demanded ransoms of only $300, indicating that their goal was to infect as many organizations as possible – irrespective of size. Even small and mid-sized organizations were targeted.

Organizations face ever-increasing risk of attacks to their computer systems and networks. Without appropriate preparation, monitoring, and response, their operations could be negatively impacted or their critical data lost.  Eide Bailly’s Cybersecurity team has the experience and tools necessary to prepare and educate clients so they are not the next victim of ransomware. If an organization has experienced a ransomware attack, we can provide response management and risk assessment services to give clients peace of mind.

If you have any questions about these services or would like to better understand how we help our clients feel more confident about their cybersecurity, please contact Anders Erickson, Director of Cybersecurity Services, at aerickson@eidebailly.com or (208) 383-4731. You can also click the get started button to submit a contact form. 


STUDENT HACKS SCHOOL COMPUTER SYSTEM

You may recall the 1983 movie “War Games” in which Matthew Broderick plays a high school student who, at one point, uses a stolen password to hack into the school’s computer system to change his grades.  Just recently this scene played out in real life.  A high school sophomore attending a Spring Branch Independent School District school in Houston, Texas was arrested on March 31, 2017 and charged with a felony for hacking the District’s computer system with the purpose of changing student grades.  Just like in the movie, this student used a stolen password to hack into the system and took it even a step further by offering to change other students’ grades for a fee.

School systems and higher education face a significant challenge when it comes to cybersecurity.  Their young students know as much or more about their computer systems than those charged with administering them. Eide Bailly’s Cybersecurity team recently completed a Cybersecurity Compass assessment at a school district in Idaho.  With over 14,500 students, 1,500 employees, and thousands of computers and tablets, the district’s leadership was seriously concerned about their organization’s cybersecurity readiness.   The Cybersecurity Compass provided them a clear understanding of their cybersecurity risks and gave recommendations to help them begin strategically tackling these risks.

If you have any questions about these services or would like to better understand how we help our clients feel more confident about their cybersecurity, please contact Anders Erickson, Director of Cybersecurity Services, at aerickson@eidebailly.com or (208) 383-4731. You can also click the get started button to submit a contact form. 


April 2017

MOBILE DEVICES: THE NEXT TARGET FOR CYBER CRIMINALS

In the most recent Threat Intelligence Report publish by Nokia, researchers found that software viruses or malware infecting mobile devices (e.g., cell phones and tablets) had increased 83 percent in the second half of 2016.  The report suggests that this increase represents a shift from hackers targeting traditional computers to going after mobile devices.  One of the most common methods of infecting mobile devices is through “Trojan” apps.  Like the Trojan Horse of Greek mythology, these apps look like a game or something harmless but when they are installed on a mobile device, they execute malware that allows a hacker to access or steal data from that device.  One thing users can do to protect themselves from these types of viruses is to avoid downloading apps from locations other than the Apple or Android app store. 

Most organizations allow their employees to access organizational data through their mobile devices.  Whether that’s emails, files, or the corporate directory, the access they provide to their employees represents a significant business risk.  If not properly protected, malware infecting an employee’s mobile device can place our client’s data in jeopardy.  Eide Bailly’s Cybersecurity team can assist your clients in protecting their data on mobile devices by:

  • Helping establish a secure mobile device policy;
  • Implementing mobile device management (MDM) software, which allows our clients to safeguard corporate data on their employees’ mobile devices; and
  • Educating employees on the dangers of mobile devices and how they can help protect themselves and their organization.

If you have any questions about these services or would like to better understand how we help our clients feel more confident about their cybersecurity, please contact Anders Erickson, Director of Cybersecurity Services, at aerickson@eidebailly.com or (208) 383-4731. You can also click the get started button to submit a contact form. 

Stay current on your favorite topics

SUBSCRIBE

Applicable Services

Take a deeper dive into this Insight’s subject matter.

Cybersecurity