Hacker Tracker | November in Review

Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. Our goal at PK Tech is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware–without being afraid–of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity.

Check out our monthly “Hacker Tracker” for the latest in cybersecurity hacks, breaches and updates…

#1 Ransomware Group Turns to Facebook Ads | 11.20.20

  • One crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up. 
  • An unauthorized ad by the Ragnar Locker Team showed the campaign reached  approximately 7,150 Facebook users, and generated 770 clicks, with a cost-per-result of 21 cents.
  • Facebook billed Ragnar $35 for the first part of the campaign, but detected the ads as fraudulent later the same morning before his account could be billed another $159 for the remainder of the campaign.
  • It’s not clear whether this was an isolated incident, or whether the fraudsters also ran ads using other hacked Facebook accounts. Facebook continues to investigate the fraud.
  • View the Source

#2 GoDaddy staff fall prey to social engineering scam in cryptocurrency exchange attack wave | 11.23.20

  • Employees were exploited to facilitate attacks on multiple cryptocurrency exchanges through social engineering and phishing, that duped them into changing email and registration records, used to conduct attacks on other organizations. 
  • The scam led to a small number of customer domain names being ‘modified’ earlier this month.
  • Hackers ensured that email and web traffic intended for cryptocurrency exchanges was redirected. Liquid.com and the NiceHash cryptocurrency trading posts were impacted, and it is suspected that other exchanges may also have been affected. 
  • View the Source

#3 A hacker is selling access to the email accounts of hundreds of C-level executives| 11.27.20 

  • The hacker is currently selling passwords for the email accounts of hundreds of C-level executives at companies across the world, with access sold for $100 to $1500 per account, depending on the company size and exec role.
  • Email and password combinations come from Office 365 and Microsoft accounts of high-level executives with titles such as CEO, CFO, Vice President, Executive, etc. 
  • The login data is often collected by the infostealer operators, who filter and organize it, and then put it on sale on dedicated markets like Genesis, on hacking forums, or they sell it to other cybercrime gangs.
  • View the Source

Lessons Learned From This Month’s Hacks

Summarizing these three articles:

  • Cybercriminals are casting wider nets to capture victims that click first, ask questions later. HOT TIP: NEVER CLICK ON ADS! 
  • GoDaddy, host of critical services for millions of domains, fell victim to social engineering attacks perpetrated by cybercriminals.
  • Lists of C-levels’ emails is pulling in big $. These lists will be used for spear-phishing in the hopes a wrong link is clicked.

The lesson this month — cybercriminals are stepping up their game every day. One wrong click on an ad or an email and your cybersecurity posture will be tested. Based on what we’ve seen, most small businesses will fail that test. A failure could mean downtime, ransomware infection, extortion, fines, new expenditures, or even business closure. 

What can you do about it? Assess your weaknesses (add likeliness to occur, and an impact rating), attack high-impact, high-likeliness items as soon as possible. E.g., your front desk person clicks on a bad link and infects the entire network. You could attack it with a multi-layered security approach covering email, web traffic, permissions review, anti-ransomware solution, and quarterly phishing training.

You likely do not have the expertise for the above process in-house. Reach out to your IT Company or IT Guy and ask for a security posture review. If they’re unable to perform, seek out a competent local IT Company. If you’re a business who relies on computers to generate revenue in the Greater Phoenix area with 10+ employees, reach out to us here for help.