In this issue:
- WannaCry ransomware causes global cyber mayhem
- Emerging threat: Verizon's cybersecurity predictions
- Cybersecurity shorts: Google Doc phishing attack, Equifax's weak security practice, personal health records up for grabs, and more
- Software updates
We certainly had a busy month in the cybersecurity world. By now, I'm sure you're familiar with the global WannaCry ransomware outbreak that occurred earlier this month. We'll be covering that in depth in this newsletter and also offering some tips that will keep you protected from future ransomware attacks.
Read on to learn more about that and:
- President Trump's new cybersecurity executive order
- A malware campaign targeted at DocuSign users
- Why the financial services industry is most at risk of cyberattack
- And more
WannaCry ransomware causes global cyber mayhem
On Friday, May 12 nearly 40 hospitals in the United Kingdom's National Health Service system were taken offline after being hit by a ransomware attack. Simultaneously, Spain's major telecommunications company, Telefonica experienced the same attack.
In the following hours and days, the Russian Interior Ministry, FedEx, Renault, Germany's rail system, and multiple Chinese universities reported infected computers. By the weekend, 200,000 devices in over 150 countries had been hit with the WannaCry ransomware.
The malware infected machines through a recently patched Microsoft vulnerability. The patch was released on March 14 after being exposed as an NSA tool by the hacking group ShadowBrokers. However, many Microsoft users did not update their systems or were using old operating systems that did not have a patch—leaving them vulnerable to attack.
If you have a Windows device and have not updated it since March 14—be sure to do so immediately. You can check on Windows 10 or 7 by going to Start, Windows Settings/Control Panel, Update and Security/Windows Update, and check for updates.
If you happen to still be running Windows XP or Windows 8, you can download a patch from the Microsoft website. But these operating systems are not normally supported by Microsoft. It's not secure to be using them and you should update to Windows 10.
Experts warn that we may see copycat WannaCry attacks in the future. In order to best protect yourself, you should take the following actions.
- Always update your software
Keeping all of the software on your devices up to date is one of the most important cybersecurity actions you can take. Nine out of ten security experts say running updated software is necessary for strong security and they always update their programs.
However, the general public is much more lax with their software security. Forty percent of computer users don't update their software in a timely fashion.
Updating your software closes security holes that when left unpatched can be used by hackers to install malware, like WannaCry, on your system.
It's imperative that you keep all the software on all your devices up to date—that includes your operating system, your browsers, Microsoft Office, Adobe programs, and more. You should set any program that has the capability to auto-update.
- Back up your files
There is one thing you can do to avoid paying ransom if you are hit with a ransomware attack—back up your files.
And you should back everything up to three different places: the device itself, a physical backup device (like an external hard drive), and the cloud. That way, if you are hit with a ransomware attack you have your files safe in two different places. You won’t have to pay the ransom—you can wipe your computer clean and still access all your files and data from the cloud or external hard drive.
- Use the 10-second EMAIL Rule
Ransomware attacks are normally spread through phishing emails—messages that appear to come from a legitimate person or company but are laced with malicious links or attachments. Billions of these emails are sent out daily.
But there's a way you can stop yourself from falling victim to a phishing attack—the 10-second EMAIL Rule. Here, EMAIL stands for Examine Message and Inspect Link.
The first half of the rule, Examine Message, requires that you take a closer look at the sender of the email. Phishers can spoof the "from" line to make it seem like the message comes from a legitimate business or organization. You can determine the true sender by hovering your mouse over the display name. A small box will appear with the true email address.
Next, you need to inspect all links in the email using the same technique. Hover your mouse over any hyperlinked text, buttons, or links to reveal the true destination.
If you are unsure, delete the email and contact the organization directly to ask if they sent you the email.
Ransomware attacks have been on the rise and will continue in that fashion. Many industry experts warn that more simultaneous attacks—like this month's WannaCry—are on the way.
Be sure you protect yourself and remain vigilant when checking your email. If you missed our emergency webinar on this topic, you can view the replay here.
Emerging threat: Verizon's cybersecurity predictions
Verizon released their annual Data Breach Investigation Report this month analyzing cybersecurity incidents of the past year and looking forward to new threats we are likely to face. Experts believe that we will see an influx of pretexting in the future. Pretexting, a form of social engineering, is used to gather information about a targeted individual to commit fraud against them.
For example, a phisher may impersonate the CEO of a company via email and communicate with employees. He can ask questions and create a dialogue before asking the employee to wire money or leak data.
Verizon also warned that ransomware will continue to be a major threat. As we saw with the WannaCry outbreak, ransomware attacks have the potential to cripple organizations. Expect to see similar attacks in the future.
Fraud with a side of guac? Chipotle confirmed a data breach which allowed hackers to steal customer payment card information. The restaurant's payment machines were infected with malware and stole payment information from locations around the country between March 24 and April 18. Affected locations can be found here.
Linksys Smart Wi-Fi routers discovered to have at least 10 security vulnerabilities. Researchers found the holes while they were reverse engineering the firmware that 20 of the "Smart" series routers use. Linksys is currently working on a firmware update for affected routers. You can see if your router is vulnerable here.
Equifax subsidiary TALX exposes customer data through weak security practices. Criminals stole W-2 information from the online payroll, HR, and tax services company. The accounts were protected with 4-digit PINs that hackers were able to reset after answering personal security questions about the victims. Security experts are slamming Equifax for the poor security method as the answers to many of these security questions can be found online. Affected organizations have been notified if their information was exposed.
Google Doc phishing scam hits nearly one million users. Earlier this month, Gmail users began receiving emails from people they knew containing a link sharing a Google Doc with them. When clicked, the link led users to a fake Google Doc page asking for account access. When accepted, the phishing email went to all of their contacts. Google was able to shut down the scam relatively quickly.
Financial services industry is most at risk for a cyberattack, according to AIG. Telecommunications and healthcare followed in second and third place. The AIG survey also found that nine in ten cybersecurity experts believe that we will see mega-cyberattacks where five to ten companies are attacked simultaneously.
President Trump signs cybersecurity executive order. The executive order requires that federal agencies follow the National Institute for Standards and Technology to assess their current risk and submit a report in the next three months. The new order also requires a critical infrastructure review and workforce development. The order was supposed to be signed in January but was delayed until now.
DocuSign breach resulted in malware phishing attacks. The electronic signature company suffered a data breach that released customer and user email addresses. The hackers have been using those email addresses to send targeted phishing emails containing malware. If you receive a suspicious, unsolicited email from DocuSign—do not click.
Bank account protected by two-factor authentication drained due to security flaw in program used by cellphone providers, Signaling System 7 (SS7). SS7 allows users on different cell phone providers to communicate with one another. It is the system that allows you to use your phone when you are roaming. However, there is a known flaw that allows anyone to eavesdrop on your calls or texts. Here, the hacker used the flaw to intercept the two-factor authentication code sent to the victim's cell phone. From there, the victim's bank account was wiped clean.
True Health Diagnostic's website flaw jeopardized private patient records. The flaw, discovered by IT consultant Troy Mursch and reported to Brian Krebs, allowed users to view other patient's health reports by modifying a number in the link of their own report. After being informed by Brian Krebs, True Health reported that they fixed the issue but do not know how long the site was vulnerable.
Received a USB from IBM? Throw it out. The company notified customers that it accidentally sent USB sticks infected with malware. The flash drives were sent to enterprises that order IBM Storwize V3500, V3700, and V500 Gen 1. You can learn more here.
Hacker can't wait for new season of "Orange is the New Black." Notorious cybercriminal, The Dark Overlord claims to have released episodes 2-10 of the Netflix hit's upcoming season. Netflix believes that a production vendor it uses was compromised, which led to The Dark Overlord being able to access the new season. Season 5 of "Orange is the New Black" is set to be released legally next month.
Phishing email costs North Carolina couple their new home. The day before closing on the house, the couple's realtor received wiring instructions from the law firm handling the settlement. The realtor wired money as instructed, but the next day the law firm said they never received the money. One party's email had been compromised by a hacker who forged fake wiring instructions so the money would go to their account. The wire transfer was successfully frozen, but issues continued. Read more here.
Facebook and Google fall for phishing email and wire $100 million to Lithuanian scammer. The emails appeared to come from an Asia-based manufacturer that both tech giants use. Both Google and Facebook state that most of the funds have been recovered. The phisher has been accused of forging invoices, contracts, and letters.
Hotel reservation company Sabre investigates data breach. The company is used by more than 30,000 hotel properties for reservation services. Sabre says they are currently investigating an "incident of unauthorized access to payment information."
Social Security Administration gives stronger security a second try. Last year, the SSA tried to require all online users to provide a mobile phone number for two-factor authentication. After backlash, the SSA did away with the mobile phone requirement. Now, they are requiring online users provide either a mobile phone number or email address to receive a one-time code when signing into their account online.
Adobe: Adobe released updates for Adobe Flash Player this month. Users should be running v. 18.104.22.168 as well as updated versions on their browsers.
Apple: If you use any Apple device it's likely that it needs to be updated. This month Apple pushed updates for the iPhone, iPad, iMac, iWatch, and Apple TV. The updates close pretty serious security holes. A flaw in iBooks could allow hackers to visit websites without your permission and install malware on your device. Your device should prompt you to update on its own but you can learn more here.
Microsoft: In a stressful month for Microsoft, the company issued a handful of updates. As we discussed earlier, Microsoft released updates for the no-longer-supported Windows XP and Windows 8 following the WannaCry outbreak.
But earlier in the month, an emergency patch was released for the "worst Windows bug in recent memory." The flaw affected Microsoft Security Essentials and Windows Defender and allowed hackers to install malware on devices. You can read more about the update here.
Microsoft also released updates for Internet Explorer, Edge, Windows Microsoft Office, and .Net.