There is a massive scam campaign going on, this time a very well executed Netflix phishing attack.
The scam targets subscribers telling them that their account is about to be canceled. The well-designed, individualized fake email convinces customers to update their account information to avoid suspension. This results in stolen personal and credit card information.
The email has the subject line “Your suspension notification” and includes a link where the subscriber is taken to a fake Netflix page which requires their log-in information as well as credit card number.
The scam was detected Sunday and it targeted nearly 110 million Netflix subscribers. As mentioned, the fake site includes Netflix’s logo as well as popular Netflix shows like “The Crown” and “House of Cards” to make it seem legitimate.
LOS ANGELES—Risk managers, whose job once focused on a basic “bucket of risks,” and making decisions about which risks are transferable and which ones the company should retain, have been “migrating along an evolutionary path which is allowing us to be more strategic,” Chris Mandel, senior vice president of strategic solutions at Sedgwick, said at the RIMS ERM Conference 2017 here.
He noted during the session, “The Trouble with ERM,” that risk managers now need to alter their focus. “The question for risk managers now is, how do we get our organizations to focus on long-term success and recognize the link between strategy and risk?” he said.
Erin Sedor, president at Black Fox Strategy, said that she found through personal experience the importance of connecting with the CEO and aligning with the company’s strategy when setting up a program. “You need to know what they are talking about and understand strategy,” she said.
Unable to find a satisfactory definition of strategy for ERM, Sedor came up with her own: “A strategic business discipline that allows an organization to manage risks and seize opportunities related to the achievement of its objectives.” She added that, unfortunately, enterprise risk is not a term that resonates with the c-suite, but strategy is.
She identified three major problems with ERM that can dampen its prospects:
- A limited view of the organization’s mission, growth and survival.
- Silos. Breaking through them is a nonstop process, no matter how a company tries to improve the situation—especially in the areas of risk management, continuity planning and strategy, which typically happen in very different parts of the company.
“It is important to link risk management and continuity planning in the strategic planning process, because that will get some attention and get the program where it needs to be,” she said.
- Size. Because ERM programs are notoriously huge, “The thought is that ERM will cost too much money, take too many resources and take too long to implement. And that by the time it’s finished, everything will have changed anyway,” she said.
Starting the process by “saying you’re going to focus on mission-critical,” however, can help get the conversation moving. “Because as you focus on that, the lines between risk management, continuity planning and strategic planning begin to blur,” she said.
Sedor described mission-critical as any activity, asset, resource, service or system that materially impacts (positively or negatively) the organization’s ability to successfully achieve its strategic goals and objectives.
She said to find out what mission-critical means to the organization, what is the company’s appetite and tolerance for mission-critical, and the impacts of mission-critical exposures on the organization. “Risk managers will often ask this question first, but you have to come to grips with the fact that not every risk is a mission-critical risk,” she said. “And not everything in a risk management program is mission-critical.” Using that context helps in gaining perspective, she added.
When viewing risk management, continuity planning and strategic planning from a traditional perspective, strategic planning is about capturing opportunity and mitigating threats; risk management is the identification, assessment and mitigation of risk; and business continuity planning is about planning for and mitigating catastrophic threats.
Looking at them from a different vantage, however, strategic planning is planning for growth; risk management allows you to eliminate weaknesses that will impede growth, which is why it’s important; and continuity planning will identify and mitigate the threats that impact sustainability. “That is how they work together,” she said, adding, “You are also looking at weaknesses that when coupled with a threat, will take you out. Those are your high-priority weaknesses. Using a mission-critical context makes it all manageable.”
At this point, if a risk manager can gain enough leverage to talk to executives throughout the organization about what mission-critical means to the company, its impact, and then about tolerances and creating a more integrated program, “all of a sudden you’ve talked about ERM and they didn’t even know it. They thought you were talking about strategy,” she said.
Organizations in Russia, Ukraine and the U.S. are under siege from Bad Rabbit, a new strain of Ransomware with similarities to NotPetya the last horrible outbreak.
The outbreak started Tuesday and froze computer systems in several European countries, and began spreading to the U.S., the latest in a series of attacks.
Department of Homeland Security’s Computer Emergency Readiness Team issued an alert saying it had received “multiple reports” of infections.
Russia’s Interfax news agency reported on Twitter that the outbreak shut down some of its servers, forcing Interfax to rely on its Facebook account to deliver news.
Bad Rabbit Starts With Social Engineering
The outbreak appears to have started via files on hacked Russian media websites, using the popular social engineering trick of pretending to be an Adobe Flash installer. The ransomware demands a payment of 0.05 bitcoin, or about $275, from its victim, though it isn’t clear whether paying the ransom unlocks a computer’s files. You have just 40 hours to pay.
Bad Rabbit shares some of the same code as the Petya virus that caused major disruptions to global corporations in June this year, said Liam O’Murchu, a researcher with the antivirus vendor Symantec Corp.
Based on analysis by ESET, Emsisoft, and Fox-IT, Bad Rabbit uses Mimikatz to extract credentials from the local computer’s memory, and along with a list of hard-coded credentials, it tries to access servers and workstations on the same network via SMB and WebDAV.
The hardcoded credentials are hidden inside the code and include predictable usernames such as root, guest and administrator, and passwords straight out of a worst passwords list. (Note To Self: all user passwords need to be strong, guide all employees through a strong password training module ASAP.)
As for Bad Rabbit, the ransomware is a so-called disk coder, similar to Petya and NotPetya. Bad Rabbit first encrypts files on the user’s computer and then replaces the MBR (Master Boot Record).
Ouch, that basically bricks the workstation!!!
Learn how to FIGHT Ransomware and stop being a victim!!!
When news broke that the credit reporting agency Equifax had suffered a data breach, consumers around the country began to question the safety of their personal information.
After all, credit reporting agencies have access to most of your personal identifiable information (PII): name, address, birth date, Social Security number, and more.Finding out that the PII for more than 143 million US consumers had been stolen was upsetting, to say the least.
Now, consumers are being cautioned about what can happen with that information, and what steps they can take to protect themselves.
1. Beware of phishing attempts in “news” articles:
Immediately after the announcement of the data breach, articles began circulating that contained a link that lets you find out if your data was stolen. While Equifax has a dedicated web page that lets you enter your information and see if you’ve been exposed, it takes no work at all for scammers to create their own link, request your information for “verification” purposes, and then steal your data. Before clicking any links or entering any personal data, make sure you’re using a verified link that was issued by the correct source.
2. Emailed phishing attacks have already been reported:
There are already scam emails in circulation that suggest you check your credit report by using their handy link. The easiest way to verify an email’s sender is to hover your mouse over the sender’s name. The actual address used will appear in a small box. To be on the safe side, don’t click through from any emails you receive; if you’re told to check your credit report, use a verified request service or form instead of the emailed link.
3. Be on the lookout:
Because genuine information was stolen, be extra diligent about monitoring your account statements, looking for unauthorized charges, tracking and reporting any suspicious activity, and keeping a close eye on your credit reports. Never provide your sensitive information for verification purposes; if you receive a warning or alert, contact your financial institution directly using an approved contact method.
To visit Equifax’s verified link to discover if your information was stolen, go directly to Equifax’s website and follow the steps they suggest. If you do experience any strange activity on your accounts, report it immediately, no matter how minor it might seem at first. Be sure your antivirus software is up-to-date to block any malicious threats from fraudulent emails or messages, and consider placing fraud alerts and security/credit freezes on your credit report with the three reporting agencies if your information was accessed.
Most everyone has heard something about the Latest breach of Equifax. Here is some of the latest information.
The massive Equifax data breach has already led to the filing of more than 30 lawsuits seeking class-action status. One of the lawsuits, filed in Portland, Oregon, is demanding up to $70 billion in damages.
The lawsuits are just one measure of the fury generated by Equifax – one of the three biggest U.S. data brokers – revealing Thursday that it suffered a breach, beginning in May, that exposed to hackers 143 million consumers’ personal details, including information that could be used to commit identity theft.
In its alert issued Thursday, Equifax said that it discovered the breach July 29 and launched a website that consumers can use to see if their data was exposed. The company is offering all U.S. consumers one year of prepaid credit monitoring, which includes freezing their credit reports on Equifax. But it has not offered to do the same with consumers’ credit reports at other data brokers.
Almost immediately following the breach notification, affected consumers began filing lawsuits – more than 30 by Monday, Reuters reports. Meanwhile, attorneys general in at least five states – including New York and Illinois – have also announced formal breach investigations. And several Congressional committees are launching or eyeing breach-related hearings. Equifax has also promised to work with regulators in Canada and the United Kingdom, where some victims reside.
Hardest hit by the breach, however, were those who live in the U.S. The breach exposed information on nearly half of all U.S. adults, including names, birthdates, addresses, Social Security numbers and in some cases, driver’s license numbers. All of that data is regularly used to verify an individual’s identity, and thus it’s also valuable for identity thieves.
“The quality of data potentially compromised is very valuable to cybercriminals,” cybersecurity attorney Imran Ahmad tells Information Security Media Group. “What these guys are looking for is high value bits of information. The reason they like this type of data is because they can easily on the darknet sell these and create virtual profiles and sell them to others.”
Numerous security watchers have called for Equifax to publicly atone for the breach – and do so quickly – and have called on anyone who has a choice of data brokers to immediately stop working with Equifax. Some also want to see Equifax CEO Richard Smith ousted.
“Smith should resign. If he does not, his board should fire him,” says information security expert William Hugh Murray, who’s a senior lecturer at the Naval Postgraduate School.
Three other Equifax executives sold stock in the company after it learned of the breach, but before it issued a public notification (see Equifax Breach: 8 Takeaways).
The U.S. Securities and Exchange Commission declined to comment to ISMG about whether it will investigate the timing of those stock sales.
Equifax has released a statement saying that the executives – including its chief financial officer – had been unaware that the breach had occurred when they sold shares.
Murray, meanwhile, recommends the three “resign and flee the country before the Feds come after them for insider trading.” And for good measure, he adds, “the CISO should update his resume.” As ISMG has previously reported, however, that job position was, until recently, being advertised as vacant.
Lawsuit Seeks Up to $70 Billion
Equifax already faces multiple lawsuits over the breach, including one filed in Oregon by Mary McHill from Portland and Brook Reinhard from Eugene. Their lawsuit seeks class-action status on behalf of everyone affected by the breach and demands damages of as much as $70 billion. It was filed by law firm Olsen Daines PC, together with Geragos & Geragos, which Bloomberg reports is a law firm known for launching splashy, high-octane class actions.
“This complaint requests Equifax provide fair compensation in an amount that will ensure every consumer harmed by its data breach will not be out-of-pocket for the costs of independent third-party credit repair and monitoring services,” according to the complaint.
Reinhard, for example, says that he spent $19.95 to buy “third-party credit monitoring services he otherwise would not have had to pay for.”
The lawsuit also alleges that Equifax failed to invest sufficiently in its information security program. “In an attempt to increase profits, Equifax negligently failed to maintain adequate technological safeguards to protect [individuals’] information from unauthorized access by hackers,” according to the complaint. “Equifax knew and should have known that failure to maintain adequate technological safeguards would eventually result in a massive data breach. Equifax could have and should have substantially increased the amount of money it spent to protect against cyberattacks but chose not to.”
Many breach-related lawsuits, however, have failed, with the cases often being dismissed because plaintiffs failed to prove they suffered unreimbursed financial losses (see Why So Many Data Breach Lawsuits Fail).
This newly discovered ransomware strain is targeting healthcare, education, manufacturing and tech sectors in the US and UK, using customized spear phishing emails.
Defray is demanding a relatively high ransom amount – $5,000 in Bitcoin, and ironically the word defray means “to provide money to pay a portion of a cost or expense.”
The Defray ransomware infection vector is spear-phishing emails with malicious Microsoft Word document attachments, and the campaigns are as small as just a few messages each. The planning and sophistication of the attacks point to a highly-organized cybercrime gang.
“The ransom note follows a recent trend of fairly high ransom demands; in this case, $5000. However, the actors do provide email addresses so that victims can potentially negotiate a smaller ransom or ask questions, and even go so far as to recommend BitMessage as an alternative for receiving more timely responses. At the same time, they also recommend that organizations maintain offline backups to prevent future infections,” Proofpoint researchers said in a blog.
The Proofpoint researchers, further said that the bad guys using this strain were using official logos of hospitals and businesses to trick users into opening malware-laced email attachments. In one of the campaigns, they designed the phishing emails as if they came from a UK-based aquarium with international locations.
“Defray Ransomware is somewhat unusual in its use in small, targeted attacks. Although we are beginning to see a trend of more frequent targeting in ransomware attacks, it still remains less common than large-scale “spray and pray” campaigns,” Proofpoint researchers said. “It is also likely that Defray is not for sale, either as a service or as a licensed application like many ransomware strains. Instead, it appears that Defray may be for the personal use of specific threat actors, making its continued distribution in small, targeted attacks more likely.”
See How Sentree Systems, Corp. can Help!!
The Food and Drug Administration on Tuesday issued an alert about the first recall of a network-connected implantable device due to cyber security vulnerabilities.
The agency is instructing patients with certain implantable cardiac pacemakers from St. Jude Medical – now owned by Abbott Laboratories – to visit their physicians for firmware updates to address cyber vulnerabilities that can potentially be remotely exploited by hackers and that pose safety concerns.
Approximately 465,000 such devices are in use in the U.S., an Abbott spokeswoman tells Information Security Media Group. She did not immediately have information about how many of these devices are used outside the U.S.
While the FDA has characterized the corrective action to address the vulnerabilities as a “voluntary recall” by the manufacturer, the Abbott spokeswoman stresses that neither the company nor the FDA is not recommending the “prophylactic removal and replacement of affected devices.” Rather, patients are being advised to have the devices’ firmware updated “at their next regularly scheduled visit” to their healthcare provider, the Abbott spokeswoman says.
A related Department of Homeland Security alert also issued on Tuesday notes that vulnerabilities include the Abbott pacemaker’s authentication algorithm, “which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via radio frequency communications.”
The recall of the Abbot cardiac devices is “a key moment in the evolution of connected medical devices,” says cyber security expert Joshua Corman, founder of grassroots cyber safety organization I Am the Cavalry and a member of the Department of Health and Human Services’ cyber task force. That group issued a report earlier this year with recommendations about how the healthcare sector can improve cyber security.
Making arrangements to have nearly a half million patients in the U.S. visit their healthcare provider for the firmware update “will be a logistical nightmare,” he says, despite Abbott and the FDA recommending that patients wait until their next regular appointment with physicians to do the update. Many worried patients are likely to seek appointments for the updates sooner than their regularly slated visits, he says.
And although there have been no reports of actual harm to patients due to hackers exploiting the vulnerabilities in the devices, “that number can go from zero to a lot of patients quickly” if hackers decide to launch attacks, Corman warns.
This recall is the most serious development so far related to medical device cyber security, Corman contends.
The FDA alert says the recall involves implantable cardiac pacemakers, including cardiac resynchronization therapy pacemakers under the names Accent, Anthem, Accent MRI, Accent ST, Assurity and Allure. The alert does not apply to any implantable cardiac defibrillators or to cardiac resynchronization ICDs, the FDA says.
The FDA notes that on Aug. 23, it approved the firmware update “that is now available and is intended as a recall, specifically a corrective action, to reduce the risk of patient harm due to potential exploitation of cyber security vulnerabilities for certain Abbott pacemakers.
Is your Network REALLY Secure, why not know for sure, Get your FREE Vulnerability Assessment Today!!!
Hurricane Harvey hit hard and especially Houston, TX got badly flooded. The death toll is rising and you can also count on low-life cyber-scum exploiting this disaster.
Scammers are now using the Hurricane Harvey disaster to trick people in clicking on links, both on Facebook, Twitter and phishing emails trying to solicit charitable giving for the flood victims. Here are some examples:
- Facebook pages dedicated to victim relief contain links to scam websites.
- Tweets are going out with links to charitable websites soliciting donations, but in reality included spam links or links that lead to a malware infection.
- Phishing emails dropping in a user’s inbox asking for donations to #HurricaneHarvey Relief Fund.
Previous disasters have been exploited like this, and the bad guys are going at it again will all guns blazing. Be wary of anything online covering the Hurricane Harvey disaster in the following weeks.
I suggest you send employees, friends and family an email about this Scam Of The Week, feel free to copy/paste/edit:
“Heads-up! Bad guys are exploiting the Hurricane Harvey disaster. There are fake Facebook pages, tweets are going out with fake charity websites, and phishing emails are sent out asking for donations to #HurricaneHarvey Relief Funds.
Don’t fall for any scams. If you want to make a donation, go to the website of the charity of your choice and make a donation. Type the address in your browser or use a bookmark. Do not click on any links in emails or text you might get. Whatever you see in the coming weeks about Hurricane Harvey disaster relief… THINK BEFORE YOU CLICK.
WASHINGTON, August 28, 2017 — The Internal Revenue Service warned people to avoid a new phishing scheme that impersonates the IRS and the FBI as part of a ransomware scam to take computer data hostage.
The IRS said: “The scam email uses the emblems of both the IRS and the Federal Bureau of Investigation. It tries to entice users to select a “here” link to download a fake FBI questionnaire. Instead, the link downloads a certain type of malware called ransomware that prevents users from accessing data stored on their device unless they pay money to the scammers.”
“This is a new twist on an old scheme,” said IRS Commissioner John Koskinen. “People should stay vigilant against email scams that try to impersonate the IRS and other agencies that try to lure you into clicking a link or opening an attachment. People with a tax issue won’t get their first contact from the IRS with a threatening email or phone call.”
I suggest you send employees, friends and family an email about this ransomware attack, feel free to copy/paste/edit:
“Heads-up! The IRS is warning against a new phishing scam that tries to make you download an FBI questionnaire. But if you click the link, your computer will be infected with ransomware instead. The scam email uses the emblems of both the IRS and the Federal Bureau of Investigation.
Remember that the IRS does not use email, text messages or social media to discuss personal tax issues, such as those involving bills or refunds. THINK BEFORE YOU CLICK!
The IRS stated: “Victims should not pay a ransom. Paying it further encourages the criminals, and frequently the scammers won’t provide the decryption key even after a ransom is paid. Victims should immediately report any ransomware attempt or attack to the FBI at the Internet Crime Complaint Center, www.IC3.gov. Forward any IRS-themed scams to firstname.lastname@example.org.”
Here is the official IRS Newsroom post : https://www.irs.gov/uac/newsroom/irs-issues-urgent-warning-to-beware-irs-fbi-themed-ransomware-scam
Bank Scam Alert!!
We’re going to go out on a limb here and assume that everyone reading this uses a bank, right? Well, if you use a bank than this scam is targeted at you. Last week, an innocent banking customer received a legitimate looking text (about an hour after she left the bank!) stating that her card had been temporarily blocked and it gave her a number to call to resolve the issue. Wanna take a wild guess about who was waiting for her to dial that number and spill all of her banking information? You guessed it, the scammer!!!
Do You Need to Worry: You sure do. Since it appears like it’s coming from a company that you do business with you are more likely to fall for this scam. By calling the phone number provided you’ll be automatically connected with the scammer who says they need your bank account information. They may even ask for your PIN or Social Security number leaving you with a serious problem on your hands.
What Can You Do About It: Keep in mind that financial institutions won’t contact you by text or email to request personal information or account details. While you may receive alerts, the information should only flow one way, from the bank to you, not the other way around. If you get a request to contact your bank, always verify the source by calling the bank, using the number on your ATM card or on their official site.