Hacker Tracker | June

Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. Our goal at PK Tech is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware–without being afraid–of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity.

Check out our monthly “Hacker Tracker” for the latest in cybersecurity hacks, breaches and updates…

Look out- that Microsoft Teams alert might be a phishing scam | 5.6.20

  • Hackers are using fake Microsoft Teams alerts to gain Office 365 access.
  • Users of the popular video conferencing service are being targeted by a phishing scam that looks to trick Teams customers into handing over their logins.
  • According to researchers from Abnormal Security, criminals have been using cloned imagery and designs to make their malicious alerts look like real ones from Microsoft.
  • If the victim clicks on a link in the malicious email, they are then taken to a fake landing page which accurately copies the real Office 365 login page, however entering account details there will lead to the information being stolen.
  • View the Source

WordPress Hacker Attacks One Million Sites in a Month | 5.6.20

  • WordPress administrators are being urged to ensure all of their plug-ins are up-to-date, after researchers detected a 30-fold increase in attack traffic targeting mainly cross-site-scripting vulnerabilities.
  • On May 3, more than 20 million attacks were attempted against more than half a million individual sites.
  • The JavaScript in question is designed to redirect users that are not logged-in to a malvertising URL. If they are logged-in it will try to inject a malicious PHP backdoor into the current theme’s header file, alongside another malicious JavaScript, with the aim of taking remote control of the site.
  • View the Source

Phishing campaign caught spoofing Zoom | 5.11.20

  • Scammers are taking advantage of everything to do with COVID-19, and virtual video conferencing (i.e. Zoom) is no exception
  • A new phishing campaign spotted by Abnormal Security takes advantage of the popularity of Zoom to try to capture account credentials of unsuspecting users.
  • The campaign impersonates Zoom emails, but steals the Microsoft account credentials of its victims.
  • Mimicking a real Zoom notification, the initial phishing email tells recipients that they’ve recently missed a scheduled meeting.Clicking the link takes the user to a malicious landing page hosted on “zoom-#####-web.app”.
  • View the Source 

Lessons Learned From This Month’s Hacks

#1 and #3 both are related to phishing attacks acting like the software you’re probably already using. When receiving email alerts on the software you own, take a hard look at the content, and ask yourself: should I be receiving this? Have I ever received something like this before? Is the from address, body, and links (when you hover over them) look right? If you have any doubt, delete it, and look at the software directly. E.g., Zoom alert that an attendee is waiting, launch Zoom and check. 

WordPress is the most common website platform out there. It’s probably what your company’s website runs on. The problem with using the most popular platform on the planet is it’s highly attacked. E.g., why Microsoft Windows is attacked way more than Mac — Windows dominates the market. What can you do about it? Make sure whoever manages your website is running security updates on WordPress daily. If your son’s friend’s roommate made your website, it’s probably not getting security updates. We recommend using a “managed” website solution that includes security updates AND backups. Here’s who we use & recommend: Pronto.

Reach out if you’d like to talk about your company’s IT security posture. Contact PK Tech here.