May Computer Use Threat Advisory

Highlights

  • With the rising digital literacy of users spam is becoming more personalized and mailing is becoming targeted. Email
  • Mobile threat researchers spotted a malware family known as FalseGuide masquerading as game guides on Google Play. Mobile
  • Criminals are increasingly spoofing caller ID using VoIP apps including Skype or Google Voice to hide their identity and location. Attacks
  • Manual sharing continues to dominate social media scams, increasing in February to almost 88%. Breaches

Learn about the latest cyber threats below, along with a more expansive list of best practices. Remember safety is everyone’s responsibility!

Need to Know

  • Please continue to be aware that if any County pc were to receive a Ransomware pop-up that pc should be shut down immediately and Information Systems notified by the department manager.
  • Do not use unsubscribe links in unsolicited messages because they may be forged and could confirm your email address is a legitimate email address
  • Do not fill out forms or reply to email messages / phone calls that ask for personal financial information or to confirm account information
  • Do not download any files or execute software that is from the Internet unless it is for county business and has been approved & scanned for viruses by MIS
  • Please be advised that Information Systems has identified malicious email campaign which has been socially engineered as a receipt. The campaign currently uses only an attachment which has the name format of “Receipt” followed by a number sequence.xls and there is no text body in the email which could fool someone into opening the attachment thinking it was a valid receipt. This campaign currently appears to be coming from various gmail accounts and may be forging the IP address making it difficult to quarantine. Please do not open the attachment and delete the email. Contact Information Systems if you have any questions, thank you for your cooperation.

Read on to find out more about these threats and others that can wreak havoc in your professional and personal lives.

Email Threats

  • The global spam rate increased slightly in March, to 53.8 percent, up 0.1 percentage points from February
  • Malicious mailings were discovered last month in which spammers used the actual postal addresses of the recipients in messages to make them seem as credible as possible. With the rising digital literacy of users spam is becoming more personalized and mailing is becoming targeted. Cybercriminals are now relying upon the fact that it is not so easy to remember all your subscriptions, all your online orders etc… or where you’ve left your personal data, including addresses so they try to personalize in order to dupe the recipient.
  • The email malware rate decreased slightly in March, from 1 in 635 emails to 1 in 668.
  • The number of new malware variants decreased to 77.5 million in March but this is still significantly higher than the December-January period.
  • The phishing rate saw further decreases in March, down to one in 9,138 emails. Please continue to be extremely wary of unexpected messages with attachments and/or embedded links. A new phishing campaign is taking advantage of consumers at a time when many are booking summer plans, fake confirmation emails are being sent to consumers who may panic under the impression someone booked a ticket using their identity. To try and solve the problem, they click the email's embedded links which redirects them to compromised websites with infected Word docs.

Mobile Devices

  • No new Android malware families were discovered during March.
  • The number of Android variants per family remained at 60 in March.
  • Cybercriminals are constantly looking for ways to infect Android devices. Android spyware SMSVova managed to dupe users into thinking it offered a system update app but instead secretly operated in the background and revealed victims' real-time geo-location data to attackers. SMSVova, which had garnered between 1 million to 5 million downloads managed to fly under the radar ducking detection by Google since it was last updated in December 2014. Google has since removed the app from its Play Store.
  • Mobile threat researchers spotted a malware family known as FalseGuide masquerading as game guides on Google Play. The malware hiding in more than three dozen guide apps available for download on Google's Play Store since mid-February infected nearly two million Android devices.
  • Please be advised of these mobile device best practices;
    • Use strong passwords
    • Think before you click
    • Always update to the latest mobile security patch.
    • Only download apps from official app stores such as the Apple App Store or Google Play. Mobile botnets will continue to surface on Google's Play Store and users should protect themselves by reading the reviews of any app prior to installation, including programs found on the Play Store. If users decide to install an app, they should review its permissions carefully before they finalize the download process and be very suspicious if any app requests/requires admin privileges.

Attacks

  • Please continue to be aware that if any County pc were to receive a Ransomware pop-up that pc should be shut down immediately and Information Systems notified by the department manager.
  • Criminals are increasingly spoofing caller ID using VoIP apps including Skype or Google Voice to hide their identity and location. Based on a review of more than 500 million calls last year fraud rates soared 113% over the previous year.
  • With stolen data and a call center based in India, a group of thieves impersonated Internal Revenue Service and US Citizenship and Immigration Services officials to scare money out of US residents.
  • In recent weeks attackers have changed the bank-deposit information on Amazon accounts of active sellers to steal tens of thousands of dollars from each, according to several sellers and advisers. Attackers also have hacked into the Amazon accounts of sellers who haven’t used them recently to post nonexistent merchandise for sale at steep discounts in an attempt to pocket the cash. The sad reality is that hacked Amazon seller accounts have been available for years at underground shops.

Breaches & Vulnerabilities

  • Cybercriminals infiltrated some 1.4 billion data records last year, an 86% increase over the previous year. Identity theft accounted for 59% of the data breach incidents, a 5% increase from 2015.
  • 936 out of the 1,792 breaches had an unknown amount of data records involved because the information was not publicly available in the breach disclosure. The total number of breaches in the U.S., Canada, Mexico and Central America was 1,433 - up over 11% from 2015.
  • The public sector agencies and other government entities had 269 breaches in 2016, down 9.4% from the previous year. The number of records lost or stolen in attacks against the government totaled 391.7 million, up 27.3% from 2015 and accounting for about one quarter of all the records involved in data breaches in 2016 (28.4%).
  • Manual sharing continues to dominate social media scams, increasing over 11 percentage points in February to almost 88%.

Please read and continue to adhere to the following best practices:

  • Be suspicious of unexpected emails. Watch out for poor grammar or misspelled words which are red flags that the email is suspicious.
  • Do not open email attachments unless they are expected.
  • Do not use links in emails to get to webpages, especially if you suspect the message in any way.
  • Be very suspicious of shortened URL’s, do not click on them without previewing or expanding.
  • Be suspicious of search engine results and review the presented addresses prior to clicking on them.
  • Do not use unsubscribe links in unsolicited messages because they may be forged and could confirm your email address is a legitimate email address.
  • Do not fill out forms or reply to email messages / phone calls that ask for financial information or to confirm account information.
  • Do not download any files or execute software that is from the Internet unless it is for county business and has been approved & scanned for viruses by MIS.
  • Any removable media data must be scanned for malicious content prior to being attached to the County network.