Hacker Tracker | September In Review

Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard.” Our goal at PK Tech is to educate and offer proactive steps for cybersecurity safety. It’s essential to be aware–without being afraid–of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity.

Check out our monthly “Hacker Tracker” for the latest in cybersecurity hacks, breaches, and updates…

#1 Phishers impersonate US DOT to target contractors after Senate passed $1 trillion infrastructure bill | 9.15.21

  • A new phishing campaign has been uncovered targeting companies that may work with the US Department of Transportation.
  • The campaign, discovered by security company INKY, found that phishers are impersonating the US Department of Transportation (DOT) in an effort to harvest Microsoft Office 365 credentials.
  • The phishing emails peaked around August 16-18, right after the US Senate passed the $1 trillion infrastructure bill on August 10.
  • Dozens of phishing emails sought to impersonate the DOT, with attackers contacting multiple companies in the engineering, energy, and architecture industries, asking them to submit bids for federal contracts.  
  • View the Source

#2 Crystal Valley Cooperative becomes latest agriculture business hit with ransomware | 9.22.21

  • Minnesota-based farm supply and grain marketing cooperative Crystal Valley has become the latest agriculture business hit with a ransomware attack.
  • The attack infected all of their computer systems and interrupted the daily operations of the company. 
  • Due to this computer breach, all systems of the Mankato-based cooperative have been shut down until they can be restored safely and securely.
  • View the Source

#3 VoIP company battles massive ransom DDoS attack | 9.23.21

  • Massive distributed denial of service attack hits Canada-based internet telephony company, VoIP.ms.
  • The attack also affected its domain name service (DNS) infrastructure. Its website remains hard to access some days after the attacks were first acknowledged.
  • In an update on Wednesday, VoIP.ms apologized to customers and confirmed it was still being targeted by what it described as a ‘ransom DDoS attack’. VoIP.ms says it has over 80,000 customers in 125 countries that stand to be potentially affected by the attack.     
  • View the Source

Lessons Learned From This Month’s Hacks

  1. From the phishing attempts made on US DOT, we learn a simple yet very important lesson (and reminder): always check for fake email addresses and URLs. In this case, attackers were sending their phishing emails from “transportation.gov[.]net,” a newly created domain intended to impersonate typical government emails that come from .gov addresses. While the difference is subtle, if you are not expecting an email from a particular party, always double check the sender email address and/or URL if provided. If you are in any way unsure, do not click links or respond to the suspicious email address before checking with your IT security team.
  2. This attack is the second ransomware attack in the last week to target an agriculture cooperative (Iowa-based farm service provider NEW Cooperative was hit with a ransomware attack just last week). Following these attacks, it can be noted that cyber actors have chosen to attack the agriculture industry in a particularly destructive time: harvest season. What do we learn from this? Whatever industry you’re in, identify your highest risk time of the year, and consider additional IT security precautions during this time. The cost of downtime can be greater during times such as harvest season in the agriculture industry, tax season for CPAs, etc. Proceed with your IT security plan accordingly.
  3. From the VoIP.ms attack, we are reminded of the detrimental effects of ransomware on companies servicing multiple countries. In the case of VoIP.ms, they service over 125 countries, making the effects of the attack that much greater and far-reaching. Understand that if you have an international company, you are instantly at greater risk to be targeted. Develop your IT security plan to protect these vulnerabilities accordingly.

Reach out if you have questions here.