Hacker Tracker | October In Review

Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. Our goal at PK Tech is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware–without being afraid–of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity.

Check out our monthly “Hacker Tracker” for the latest in cybersecurity hacks, breaches and updates…

1. This new phishing attack features a weaponized Excel file | 10.18.21

  • There is a new sneaky phishing campaign from one of the most creative cybercrime groups on the internet that is weaponizing Excel files. The phishing campaign, dubbed MirrorBlast, was detected by security firm ET Labs in early September. 
  • The group is targeting employees in financial services using links that download what is described as a ‘weaponized’ Excel document. 
  • The malicious Excel files could bypass malware-detection systems because it contains “extremely lightweight” embedded macros, making it “particularly dangerous” for organizations that depend on detection-based security and sandboxing. 
  • View the Source

2. This monster of a phishing campaign is after your passwords | 10.22.21

  • Microsoft has detailed an unusual phishing campaign aimed at stealing passwords that uses a phishing kit built using pieces of code copied from other hackers’ work.
  • A “phishing kit” is the various software or services designed to facilitate phishing attacks. In this case, the kit has been called ZooToday by Microsoft after some text used by the kit.
  • TodayZoo phishing campaign sends links to spoofed Microsoft 365 login pages.
  • View the Source

3. Ex-carrier employee sentenced for role in SIM-swapping scheme | 10.22.21

  • A former sales representative of a mobile carrier has been sentenced after accepting bribes to perform SIM-swapping attacks. 
  • This week, the US Department of Justice (DoJ) said that Stephen Defiore, a Florida resident, accepted “multiple bribes” of up to $500 per day to perform the switches required to reroute phone numbers in SIM-swapping. 
  • SIM-swapping is quickly becoming a serious issue for telecommunications firms — made worse when employees, who have access to internal systems — are involved. 
  • View the Source

Lessons Learned From This Month’s Hacks

  1. From the Excel file ransomware campaign, we are reminded of the danger of attachments. Always verify the source of the attachment before clicking or downloading anything sent to you. When it comes to external files and attachments, we always follow the “when in doubt, check it out” rule. Reach out to your IT security team or the direct sender if anything ever looks suspicious. You are always better safe than sorry.
  2. Passwords, passwords, passwords. For cyber attackers, we’re pretty certain they’ll never go out of style! Passwords are one of the #1 “back doors” into an organization for both sophisticated and unsophisticated hackers. It doesn’t take much if your organization is not properly managing and protecting passwords from top to bottom. Also — USE MFA (multi-factor authentication)! It’s not IF, it’s WHEN your staff fall for a phishing attack and give their email password out, MFA has your back and will add a huge barrier to a successful attack. Check out our blog, Are You Properly Protecting Your Passwords? This List is For You. 
  3. From the SIM-swapping phishing campaign, we again learn the danger of former employees. We have stressed this before, but will stress it again: make sure your organization has a comprehensive offboarding process for former employees. This includes discontinuing all of their logins, changing passwords they had access to, and taking back all company devices they were using. Any cracks in your offboarding process opens your organization to unnecessary risk from disgruntled former employees looking for revenge or some cash. Also, DO NOT USE SMS/TEXTING for two factor authentication! If your cell phone’s SIM is cloned, your second factor goes to the attacker. Use application based multi-factor authentication over SMS.

Reach out if you have questions here.