January Computer Use Threat Advisory

Email Threats

  • The global spam rate increased in November to 55.5 %. This is the highest overall spam rate seen since March 2015 and the Public Administration sector increased 2.3 percentage points to 58 %.

  • The email malware rate has decreased for the second month in a row for the month of November. This brings the rate down to 1 in 505 emails, which is the lowest rate seen since April.

  • The number of new malware variants decreased in November, dropping from 48.8 million to 43.4 million variants.

  • The phishing rate increased slightly in November, up to 1 in 2,560 emails. Phishing rates also increased across most industries, with Public Administration sector seeing the highest phishing rates in November.

Mobile Devices

  • Three new Android malware families were discovered during November.

  • Most ransomware kits still focus on targeting Windows systems, but Android ransomware kits are selling for a premium and are expected to grow in volume and price. More than 5,000 Android ransomware kit listings have been spotted so far this year, with the median price range hitting $200. Android users are not updating their devices therefore attackers have a greater shot of launching a successful Android ransomware campaign and many Android devices have not been updated for two years now.

  • The stakes are growing for mobile apps, as they're increasingly leveraged for high-risk and high-value transactions in finance, healthcare, manufacturing, and other areas. A recent study showed among the top 30 cryptocurrency apps on Google Play with 500,000 installations or more, 94% contained at least three medium-risk vulnerabilities and 77% contained at least two high-risk vulnerabilities.

  • Please be advised of these mobile device best practices:

    • Use strong passwords

    • Think before you click

    • Always update to the latest mobile security patch.

    • Only download apps from official app stores such as the Apple App Store or Google Play. Mobile botnets will continue to surface on Google's Play Store and users should protect themselves by reading the reviews of any app prior to installation, including programs found on the Play Store. If users decide to install an app, they should review its permissions carefully before they finalize the download process and be very suspicious if any app requests/requires admin privileges.

Attacks

  • Cybercriminals are expanding beyond ransomware "spray and pray" attacks delivered by spam, and focusing instead on specific industries, geographies, or companies of a particular size with ransomware phishing campaigns. Spray and pray campaigns were designed to infect as many machines as possible with the expectation that a certain percentage of the victims would pay the ransom. Ransomware attackers in the past year have begun to launch small, targeted campaigns, seeking a better return on their investment of time and money. Financial organizations, higher-education institutions, and healthcare, manufacturing, and technology companies, are some of the industries that have been hit this year with targeted ransomware campaigns.

  • According to Lastline, a live research project, criminal groups are embedding URLs in scriptlets inside Office documents and using that as a method of evading detection. When victims open a malicious Excel file they are prompted to update the workbook's external links, an Office feature that lets authors reference external resources rather than embedding them directly. This keeps files small and easier to update. The external links reference malicious scriptlets and deliver payloads without leveraging traditional delivery methods with the primary goal of stealing credentials from the target victim's system.

  • A perennial scam that picks up around the holidays involves thieves who pull back and then replace the decals that obscure a prepaid gift card’s redemption code, allowing them to redeem or transfer the card’s balance online after the card is purchased by an unwitting customer. The thieves call the service number to monitor the balances, and try to consume them before the victims can.

Breaches & Vulnerabilities

  • HP has issued a security advisory and pushed out updates to fix a potential issue with the keylogger in the HP Synaptics Touchpad driver used by 475 models of HP laptops.

  • Hackers stole the personal data of 57 million customers and drivers from Uber, a massive breach that the company concealed for more than a year. Uber fired their chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a 100,000 dollar payment to the attackers to "delete the data".

  • Manual Sharing continues to top social media scams, comprising more than 71% of scams again in November. Like Jacking decreased to just under 19%.

Please read and continue to adhere to the following best practices:

  • Be suspicious of unexpected emails. Watch out for poor grammar or misspelled words which are red flags that the email is suspicious.

  • Do not open email attachments unless they are expected.

  • Do not use links in emails to get to webpages, especially if you suspect the message in any way.

  • Be very suspicious of shortened URL’s, do not click on them without previewing or expanding.

  • Be suspicious of search engine results and review the presented addresses prior to clicking on them.

  • Do not use unsubscribe links in unsolicited messages because they may be forged and could confirm your email address is a legitimate email address.

  • Do not fill out forms or reply to email messages / phone calls that ask for financial information or to confirm account information.

  • Do not download any files or execute software that is from the Internet unless it is for county business and has been approved & scanned for viruses by MIS.

  • Any removable media data must be scanned for malicious content prior to being attached to the County network.

Need to Know

  • Please continue to be aware that if any County pc were to receive a Ransomware pop-up that pc should be shut down immediately and Information Systems notified by the department manager.

  • Do not use unsubscribe links in unsolicited messages because they may be forged and could confirm your email address is a legitimate email address

  • Do not fill out forms or reply to email messages / phone calls that ask for personal financial information or to confirm account information

  • Do not download any files or execute software that is from the Internet unless it is for county business and has been approved & scanned for viruses by MIS