September Computer Use Threat Advisory

Resources

Learn about the latest cyber threats below, along with a more expansive list of best practices. Remember safety is everyone’s responsibility!

Need to Know

  • Immediately shut down any County PC that displays a ransomware pop-up. The department manager should then notify MIS.
  • Do not use unsubscribe links in unsolicited messages as they may be forged and could confirm your email is a legitimate address.
  • Do not fill out forms or reply to email messages / phone calls that ask for personal financial information or to confirm account information.
  • Do not download files or execute software unless it is for county business and has been approved & virus scanned by MIS.

Current Email Threats

  • The global spam rate again increased to almost 55%, the highest spam rate since March 2015.
  • The email malware rate increased to one in 359 emails, the highest rate since December 2016.
  • New malware variants decreased in July, dropping from 66.3 million to 58.7 million variants.
  • The phishing rate increased to one in 1,968 emails. This is the highest rate in the last year.
  • Anti-phishing vendor IronScales came out with an interesting new report about phishing trends. About 77% of analyzed attacks targeted 10 mailboxes or less and nearly half of the attacks lasted less than 24 hours. Hyper-personalized targeting has proven effective at social engineering, as people are susceptible to emails written with a personal touch. Meaning phishing attacks are getting more sophisticated and becoming micro-targeted so that they can easily bypass rule- and signature- based spam filters.

Mobile Devices

  • Google removed 500 Android apps from its store after the discovery of an Chinese advertising software development kit that allowed spyware to steal users’ caller information.
  • The BankBot malware family is abusing Android's accessibility services to install additional apps without users' permission. The trojan has concealed itself inside of two apps in the Google Play Store, "Bubble Shooter Wild Life" mobile game, and "Earn Real Money Gift Cards" which claims to help users get rewards for free.
  • Please be advised of these mobile device best practices:
    • Use strong passwords.
    • Think before you click.
    • Always update to the latest mobile security patch.
    • Only download apps from official app stores such as the Apple App Store or Google Play. Mobile botnets will continue to surface and users should protect themselves by reading the reviews of any app prior to installation, including programs found on the Play Store. If users decide to install an app, they should review its permissions carefully before they finalize the download and be very suspicious if any app requests/requires admin privileges.

Attacks

  • Despite the prevalent coverage of ransomware, there are a number of significant attacks that are not widely reported. Three low-key ransomware attacks on health care related industries around the United States occurred back in April. A medical record contains comprehensive information about an individuals identity and medical history, so it’s a valuable piece of data for thieves. Forbes recently reported that an electronic medical record could be worth up to $1,000 on the black market.
  • There is a new spear phishing technique, relying entirely on social engineering: a targeted mail that contains no links or exploits, but mentions an interesting report title. Googling the title leads to the exploit site.
  • A recent attack on Uber users distributed phishing pages via spam mailings; recipients were offered a large discount if they completed a “registration” form, where in addition to personal data they had to enter their bank card information. After completing the questionnaire, the user was redirected to the legitimate site of the company.
  • Facebook was hit with a wave of posts that falsely claimed that major airlines were giving away tickets for free. There were no promotions giving away airline tickets, fraudsters had created sites where users were congratulated on winning a ticket and asked to perform a series of actions to receive their prize. Victims were asked to share the promotion on their Facebook page and click 'Like." Afterwards, the website redirected the user to a resource promoted by the fraudsters.
  • Please be advised a ransomware campaign similar to Wannacry is currently spreading internationally. If any County pc were to receive a Ransomware pop-up that pc should be shut down immediately and Information Systems notified by the department manager.

Breaches & Vulnerabilities

  • Verizon's recent Data Breach Report showed that 81% of hacking-related breaches used either stolen and/or weak passwords, this identifies employees as the weakest link in network security. Check your password security at howsecureismypassword.net.
  • Almost all the popular browsers have built-in protection against web threats. When entering a malicious or phishing page, they often warn the user of the potential dangers and recommend not visiting it. Fraudsters also use this protection measure for their own purposes and distract the victim with warnings. For example, they simulate the Chrome blocking page in order to convince a user who has ever seen this warning from the browser to be more likely to trust the page and follow the prompts.
  • Manual Sharing decreased in July, down to just over 20%.
  • Fake Offers topped social media scams, comprising 75% of scams.

Please read and continue to adhere to the following best practices:

  • Be suspicious of unexpected emails. Watch out for poor grammar or misspelled words which are red flags that the email is suspicious.
  • Do not open email attachments unless they are expected.
  • Do not use links in emails to get to webpages, especially if you suspect the message in any way.
  • Be very suspicious of shortened URL’s, do not click on them without previewing or expanding.
  • Be suspicious of search engine results and review the presented addresses prior to clicking on them.
  • Do not use unsubscribe links in unsolicited messages because they may be forged and could confirm your email address is a legitimate email address.
  • Do not fill out forms or reply to email messages / phone calls that ask for financial information or to confirm account information.
  • Do not download any files or execute software that is from the Internet unless it is for county business and has been approved & scanned for viruses by MIS.
  • Any removable media data must be scanned for malicious content prior to being attached to the County network.