This week the current threats are the same as they are just about all day, every day. There is a new method of phishing campaign you need to watch out for. I also want to tell you about a new potential malware threat, as well as some other interesting cybersecurity information.
- Spear Phishing Attacks
- Phishing Attacks
- A new phishing attack uses three different pieces of malware within one malicious payload.
- Please do not click any payment spreadsheets that appear to be from a trusted source.
- The supposed trusted source (think of the scams we have been seeing from Amazon!) asks that you view the spreadsheet.
- Once you open the attached spreadsheet report, you are asked to activate macros.
- Once you enable the macros, malware is deployed!
- Always think about what you or your department has purchased recently.
- Think about how you are usually asked to pay for the purchases (most likely not by reviewing a spreadsheet report).
- If you think it could be from the trusted source, call them before you open anything!
- If you choose to email the trusted source to ask about the validity, do NOT reply to the email, but instead start a new email using only the address you would normally use for communication!
- You can always ask me before you click anything.
New Potential Threats
- Microsoft has introduced a term to the cybersecurity community.
- “Cryware” (i.e., crypto ware) is a new type of information-stealing malware that targets online passwords stored in a browser and seeks to harvest private keys from Internet-connected cryptocurrency ‘hot wallets’ stored on a device.
- Since these ‘hot wallets’ are non-custodial cryptocurrency wallets, they are stored locally on a device and provide easier access to cryptographic keys needed to perform transactions and, as such, they are being targets by more threats.
- While browsers are being managed on Institute-owned IT assets, this is a good example of why you should to never allow your browsers to store passwords, even on your personally-owned devices.
Weak Security Controls and Practices Routinely Exploited for Initial Access
Cyber actors routinely exploit misconfigured security configurations, unsecured security configurations, weak controls, and other poor cyber hygiene practices to gain initial access to a victim’s system or device. The Cybersecurity & Infrastructure Security Agency (CISA) has released a joint Cybersecurity Advisory that was coauthored by the cybersecurity authorities of the United States, Canada, New Zealand, the Netherlands, and the United Kingdom. This advisory identifies the most commonly exploited controls and practices and they are:
- Multifactor authentication is not enforced.
- Incorrectly applied privileges or permissions and errors within access control lists can prevent the enforcement of access control rules.
- Software is not up to date.
- Vendor-supplied default configurations or default login usernames and passwords are not changed.
- Remote services lack sufficient controls to prevent unauthorized access.
- Strong password policies are not implemented.
- Cloud services are unprotected due to misconfiguration.
- Open ports and misconfigured services are exposed to the Internet.
- Phishing attempts are not blocked or detected.
- Poor endpoint detection and response allows malicious scripts and attacks to bypass endpoint security controls.
You can see from this list why cybersecurity is everyone’s responsibility. We do have policies and controls in place, but those policies must be followed and controls properly configured for security to be expected. Don’t forget to regularly review the Institute’s IT Security Policies and Procedures to ensure you know what you are supposed to do or not do.
Thank you for being observant and asking questions. I am always here to help you. If I don’t get back with you quickly enough via email or if it is an emergency, please call my cell number.