Hackers Are Increasingly Targeting Mobile Devices

Here's a statistic you're not going to like.  Based on research conducted by cybersecurity researchers at Proofpoint, there has been a staggering 500 percent increase in malware attacks against mobile devices during the opening months of 2022. The most significant peak so far this year occurred at the end of February.

Most of the malware that targets mobile devices tends to be relatively benign.  It's unlikely to encrypt all the files on your phone and demand a ransom. Although there are admittedly some malware strains that do that,  if your phone is infected with malware, it will likely be of the variety that quietly roots through your phone and steals usernames and passwords.

In some cases, you may get infected with a malware strain designed to take screenshots or track your location over time. Again, these are exceptions and not the rule. Even so, malware that steals your account information can be devastating in the longer term. Hackers can use that information to steal your identity, drain your accounts, max out your credit cards, and more.

There are three primary paths hackers use to get malware onto a target Android or iOS device.

The first and the most common is to poison an app and get it placed on either the Apple Store or the Google Play Store.  From there, users will download and install it while completely unaware that they have also installed malware.

SMS texts are another popular avenue of attack, which is why security professionals warn users against tapping links in text messages.  These may be harmless from a dear friend of yours or may have been put there by a hacker pretending to be your friend. When you tap the link, you're taken to a poisoned website which installs malware in the background.

Finally, there's email.  By now everyone has heard the dire warnings against clicking on links embedded in email messages or opening file attachments.  This applies whether you're reading your mail on your phone or your PC.

The bottom line is that you are increasingly a target whether you're on your PC or your phone.  Be careful.

SpartanTec, Inc. provides cybersecurity training for your employees to prevent them from inadvertently affecting your network via their phone, tablet or desktop computer. Call us today for more information.

SpartanTec, Inc.
800 25th Ave S #4320
North Myrtle Beach, SC 29582
(843) 418-4792
https://www.spartantec.com/

Hackers Get Source Code During Data Breach At Samsung

Samsung's corporate network was breached recently.  That's bad news all by itself. The company has recently confirmed that in addition to the confidential customer information that was stolen, the hackers also made off with the source code for the software used in the company's Galaxy smartphones.

The hackers responsible for the attack call themselves "Lapsus$."  Not long after their attack, they disclosed that they had made off with almost 190GB of archives.

Disturbingly, this group has been exceedingly busy so far in 2022 and extremely successful.  Just a week prior to the announcement regarding Samsung's data, the same group released a 20GB sample of documents stolen from Nvidia.  The group claims that this sample is part of a collection of stolen documents more than 1TB in size.

Aside from the aforementioned source code at this point, we do not know exactly what sorts of data the group of hackers may have compromised when they successfully breached Samsung's network.

For that matter, we do not yet know the full extent of the contents of the 1TB cache documents stolen from Nvidia because as members of Lapsus$ explained, they are currently in negotiations for the sale of that data.

This is the world we live in.  This is the shape of 2022 and years to come.  What the long-term implications might be are anyone's guess but fortunately, the advice for guarding against such attacks remains largely the same.

Be sure the software you use is updated with the latest security patches and constantly educate and reeducate your employees about the dangers of phishing campaigns to minimize your risk.

Failing that, take regular backups and have a rapid response team standing by that can spring into action if your defenses fail.  That's by no means a perfect solution, but it will make you a significantly harder target and there's value in that.

We live in a world that is changing at a rapid pace. Can your IT staff keep up? Now is the time to contact SpartanTec, Inc. for an in-depth cybersecurity analysis.

SpartanTec, Inc.
800 25th Ave S #4320
North Myrtle Beach, SC 29582
(843) 418-4792
https://www.spartantec.com/

Possible Okta Breach by Threat Actor

This morning several reports stated that Lapsus$ breached Okta services. The breach has not been confirmed. Lapsus$ shared screenshots showing a January date, indicating the breach could have occurred in the preceding months. Okta states the threat was immediately contained and there is no evidence of malicious activity.

Lapsus$, a unique threat actor, focuses on data exfiltration and extortion and have claimed responsibility for several other high-profile incidents including leaking source code. They claim to be focused solely on financial gain and do not claim political affiliation. To date they have not deployed encryption software.

What you should do

We recommend several precautions if you use Okta in your environment:

• Contact Okta to determine if there is more information or recommended actions.
• Change passwords for key accounts (e.g. executives).
• Consider implementing increased security in e-mail to combat phishing attacks.

While Okta has not confirmed the data breach, MTR is monitoring the situation thoroughly. MTR will release broadcasts as information becomes available.

SpartanTec, Inc. is vigilant about staying on top of possible threats that could affect your business. Call us today if you have any doubt about the security of your network.

References

REUTERS – Report on Okta Breach

https://www.reuters.com/technology/authentication-services-firm-okta-says-it-is-investigating-report-breach-2022-03-22/

VERGE – Report on Okta Breach

https://www.theverge.com/2022/3/22/22990637/okta-breach-single-sign-on-lapsus-hacker-group

BLEEPING COMPUTER – Background on Lapsus$

https://www.bleepingcomputer.com/news/security/okta-investigating-claims-of-customer-data-breach-from-lapsus-group/

TWITTER – Statement from Todd McKinnon, CEO of Okta

https://twitter.com/toddmckinnon/status/1506184721922859010

SpartanTec, Inc.
800 25th Ave S #4320
North Myrtle Beach, SC 29582
(843) 418-4792
https://www.spartantec.com/

People Are Still Not Using Secure Passwords Despite Warnings

It's 2022 and after years of warning people repeatedly about the dangers of using the same old passwords and using the same password across multiple websites, you would think this would get better. You would think we'd have that problem solved and there would be one less network security risk to worry about.

Unfortunately, if you think that you would be wrong.

Poor passwords  affect your companies cybersecurity.

Even now, after endless hours of email safety training and articles just like this one published by the hundreds all over the web, people are still gravitating to the same garbage passwords and still reusing them across multiple websites they frequent.

In fact, it's even worse than that, if recent research by SpyCloud is any indication. They poured over data containing 1.7 billion username and password combinations gleaned from 755 leaked sources in 2021. Based on their research, a staggering 64 percent of people are still using the same password exposed in one data breach for other accounts.

Keep in mind that Google now comes right out and tells Chrome users how many of their saved passwords are at risk for exactly that. Even with the information staring them in the face, significantly more than half of all users won't change their habits.

These statistics must be taken with a grain of salt because the methodology is somewhat imprecise.  It doesn't matter if the actual percentage is five points or so lower because the broader issue remains the same.

By now, everyone knows the risks that bad passwords pose.  Everyone is aware of the dangers of using the same password to access multiple web properties and yet, nothing is changing.

Until there is a tangible financial cost imposed, either by companies beginning to fine users with bad passwords or hackers taking full advantage of those weak passwords and financially punishing those using them, it's not going to change.  It's a real pity it has come to that.

Are you concerned about the cyber threat your employees can be to your company? SpartanTec, Inc. can provide employee training and network security monitoring. Call us today.

SpartanTec, Inc.
800 25th Ave S #4320
North Myrtle Beach, SC 29582
(843) 418-4792
https://www.spartantec.com/

Android Users Need To Watch Out For Teabot Trojan

If you have smart devices in the Android ecosystem, there's a new threat to be aware of in the form of a malware strain called Teabot.  This bit of malicious code is a Remote Access Trojan or RAT for short. The group behind the code is making a big push to see it spread worldwide.

Researchers from Cleafy can confirm that the malware targets more than 400 different applications and the folk behind the code have begun to pivot away from their initial tactic of "smishing."

Smishing, if you're not familiar with the term, is a tactic used to compromise a mobile device via spam text messages that contain poisoned links.  If a recipient clicks on one of these links, they're taken to a site controlled by the hackers and the malware is installed on the user's computer in the background.

This bit of code emerged near the beginning of 2021. Back then, in its earliest incarnations it was known as Toddler/Anatsa.

In its primitive form, it was distributed exclusively via smishing and only had a list of sixty lures.  Granted they were big well-known lures like VLC Media player and DHL shipping but there were only sixty of them.

By July of last year, the owners of the malicious code had modified it to strike at dozens of banks based all over Europe. In the months that followed, at least 18 banks fell victim to Teabot attacks.

More recently, the malicious code has undergone additional changes. The malware has migrated from Europe spreading to Russia, the US, Hong Kong, and beyond.  In addition to that, it's no longer targeting banks exclusively but cryptocurrency exchanges and digital insurance providers as well.  Even worse is that in at least one case Teabot has managed to infiltrate official Android repositories via dropper apps.

In terms of how big a problem this is, here is how it goes. Once Teabot is installed on a target system it can primarily log keystrokes and take screenshots. Then it can exfiltrate them to the malware's controllers which means that in short order any site you log onto using your phone can quickly be compromised.

Stay vigilant out there.  It's still early in the year and Teabot will certainly not be the last threat we face. Call SpartanTec if you suspect your computer or phone has  been compromised.

SpartanTec, Inc.
800 25th Ave S #4320
North Myrtle Beach, SC 29582
(843) 418-4792
https://www.spartantec.com/

Scammers Cost Americans Billions Of Dollars In 2021

The US Federal Trade Commission reports that Americans lost almost six billion dollars to fraud last year.  The $5.8 billion total represented a catastrophic 70 percent increase compared to the losses reported in 2020.

The FTC maintains a database of millions of consumer records it uses to track such information. Based on the statistics gleaned from that database, US consumers filed 2,789,161 fraud reports during 2021. Roughly a quarter of those indicated a monetary loss.

A spokesman for the FTC had this to say about the data:

"Of the losses reported by consumers, more than $2.3 billion of losses reported last year were due to imposter scams--up from $1.2 billion in 2020, while online shopping accounted for about $392 million in reported losses from consumers--up from $246 million in 2020.

While younger people lost money 41 percent of the time they experienced fraud, older adults lost money only 17 percent of the time...but when older people did lose money, they lost a median amount of $1,500, or three times the median amount younger people lost."

The scope and scale of this problem is simply staggering. Although it's doubtful we'll see another 70 percent increase this year the fact remains that US consumers are more at-risk now than ever before.

Odds are good that you've already had conversations about internet safety and security with your employees.  Most likely those conversations have centered around network security.  That's completely understandable, but it pays to have additional conversations that focus on spotting and avoiding online scams.

One thing you can be sure of is that hackers and scammers will be ever watchful for opportunities to take advantage of the unsuspecting.  Don't let your employees, coworkers, family, or friends be among their victims.  Stay vigilant out there.

Call SpartanTec, Inc. if you need help in minimizing your risks of getting scammed.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston

New Phishing Emails Target Citibank Account Holders

Are you a Citibank customer?  If so, be aware that a group of scammers is specifically targeting Citibank account holders.

The campaign is incredibly convincing, and the emails look just like official communications from the company.  All logos have been copied and are positioned correctly.  The sender address appears genuine at first glance and the body of the email message is free of typos which is a common "tell" among poorly orchestrated phishing campaigns.

The content they receive in the email varies. However, the general summary of the phishing emails is that the recipient's Citibank account has been put on hold due to a suspicious transaction or a login attempt made in a location than the recipient would normally log in from.

The solution according to the email is simple.  Take swift action now to protect your account.  Click the link below to verify your account information and avoid a permanent suspension.

Social engineering is common in phishing campaigns, and this is a tried-and-true technique to build a sense of urgency into the communication.

Unfortunately, if the recipient of this email clicks the link they will be taken to a website controlled by the threat actors. While it may appear to be an official Citibank portal, it isn't. Any user who "verifies their credentials" by entering them in the capture boxes on this site is handing their account information to the scammers who will promptly empty their accounts or max out their credit cards or both.

This campaign is targeted primarily at users in the United States with statistics indicating that 81 percent of the recipients of these emails are residing in the U.S. So if you are a Citibank customer, be aware that the campaign is ongoing. If you get an email that appears to come from Citibank, rather than clicking embedded links, either call the company direct or open a new browser tab and manually type in the URL.  Never trust embedded links!

Call SpartanTec, Inc. if you need help in protecting your organization against phishing and other online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence, Charleston