March Computer Use Threat Advisory

Highlights

  • Finance, entertainment and IT have been the most targeted by phishing so far this year. Email
  • A new Android banking Trojan infiltrated Google’s Play Store as a legitimate weather forecast app. Mobile
  • Criminal hackers attempt to impersonate "Tech Support" and ask for a password, pretend to identify, or offer to solve technical problems. Attacks
  • The number of social media impersonators grew 11x between December 2014 and December 2016. Breach

Learn about the latest cyber threats below, along with a more expansive list of best practices. Remember safety is everyone’s responsibility!

Need to Know

  • Please continue to be aware that if any County pc were to receive a Ransomware pop-up that pc should be shut down immediately and Information Systems notified by the department manager.
  • Do not use unsubscribe links in unsolicited messages because they may be forged and could confirm your email address is a legitimate email address
  • Do not fill out forms or reply to email messages / phone calls that ask for personal financial information or to confirm account information
  • Do not download any files or execute software that is from the Internet unless it is for county business and has been approved & scanned for viruses by MIS
  • Please be advised that Information Systems has identified malicious email campaign which has been socially engineered as a receipt. The campaign currently uses only an attachment which has the name format of “Receipt” followed by a number sequence.xls and there is no text body in the email which could fool someone into opening the attachment thinking it was a valid receipt. This campaign currently appears to be coming from various gmail accounts and may be forging the IP address making it difficult to quarantine. Please do not open the attachment and delete the email. Contact Information Systems if you have any questions, thank you for your cooperation.

Read on to find out more about these threats and others that can wreak havoc in your professional and personal lives.

Email Threats

  • The global spam rate declined slightly in January to under 54%.
  • The email malware rate dropped drastically across industries and organization sizes in January, down from 1 in 98 emails to 1 in 722.
  • The number of new malware variants seen in January increased to 32.9 million. While up from December, new malware activity is down compared to August through November 2016.
  • The phishing rate increased slightly in January, down to one in 3,271 emails. Please continue to be extremely wary of unexpected messages with attachments and/or embedded links. Cybercriminals will improve their spear-phishing techniques and turn to automation to fuel large-scale personalized campaigns. The result: more personal details that help boost the credibility of phishing emails and persuade victims to click. Finance, entertainment and IT have been the most targeted by phishing so far this year.

Mobile Devices

  • Two new Android malware families were discovered during January.
  • The number of Android variants per family remained the same at 59 in January.
  • As the incidence of cybercrime rises it is wise to review security patches and OS upgrades to ensure Android devices have the latest security updates because half of the 70 Android vulnerabilities identified so far this year are rated as critical. The latest major versions of Android, Nougat 7.0 and 7.1, released at the end of August 2016 (slightly earlier than iOS 10) account for a mere 1.2% of distribution. Google, in its desire to have the most widely-used operating system, allowed anyone to create an Android phone – with little consideration of how those phones would be updated for a security patch or an operating system upgrade and this fragmentation leaves Android devices open to security problems. As of February 20, 2017, 79% of iOS devices were using iOS 10 – the latest version of Apple’s mobile operating system.
  • A new Android banking Trojan infiltrated Google’s Play Store as a legitimate weather forecast app for a couple of days, Good Weather, in an effort to steal users' banking credentials and intercept SMS messages. Always review permissions requested by any app being installed.

Attacks

  • Please continue to be aware that if any County pc were to receive a Ransomware pop-up that pc should be shut down immediately and Information Systems notified by the department manager.
  • Ransomware is rising dramatically, growing by a rate of 167 times year over year, according to SonicWALL, with some 638 million attack attempts in 2016, up from 4 million the previous year. One research team was seeing 130,000 ransomware samples per day in December of last year. Kaspersky Lab data as of last October shows there's a ransomware attack every 40 seconds.
  • Attackers are more sophisticated with their encryption methods, and more aggressive, instituting tighter payment deadlines and including organized-crime style threats. Reinfection is also becoming a trend, where attackers who have successfully forced a victim to pay up to get their data back later target the same victim multiple times
  • Everyone should be aware of new telephone scams, the person on the other end might be a criminal hacker trying to manipulate them into getting access to the network. They attempt to impersonate "Tech Support" and ask for a password, pretend to identify or offer to solve technical problems in order to compromise the workstation.

Breaches & Vulnerabilities

  • The number of social media impersonators grew 11x between December 2014 and December 2016, a sign of a trend threatening businesses and individuals as fake accounts become easier to create. Impostors try to trick unsuspecting users by employ link shortening so unsuspecting victims have no idea they're getting phished and/or using cropped, flipped, or altered images from legitimate brands to make their false advertising seem real.
  • Manual sharing continues to dominate social media scams, increasing in January to over 76%.
  • Arby’s told KrebsOnSecurity that it recently remediated a breach involving malicious software installed on payment card systems at hundreds of its restaurant locations nationwide. The breach is estimated to have occurred between Oct. 25, 2016 and January 19, 2017, involved malware placed on payment systems inside Arby’s corporate stores and that Arby’s franchised restaurant locations were not impacted.
  • InterContinental Hotels Group (IHG), the parent company for thousands of hotels worldwide including Holiday Inn, acknowledged that a credit card breach impacted at least a dozen properties. IHG said it found malicious software installed on point of sale servers at restaurants and bars of 12 IHG-managed properties between August and December 2016.

Please read and continue to adhere to the following best practices:

  • Be suspicious of unexpected emails. Watch out for poor grammar or misspelled words which are red flags that the email is suspicious.
  • Do not open email attachments unless they are expected.
  • Do not use links in emails to get to webpages, especially if you suspect the message in any way.
  • Be very suspicious of shortened URL’s, do not click on them without previewing or expanding.
  • Be suspicious of search engine results and review the presented addresses prior to clicking on them.
  • Do not use unsubscribe links in unsolicited messages because they may be forged and could confirm your email address is a legitimate email address.
  • Do not fill out forms or reply to email messages / phone calls that ask for financial information or to confirm account information.
  • Do not download any files or execute software that is from the Internet unless it is for county business and has been approved & scanned for viruses by MIS.
  • Any removable media data must be scanned for malicious content prior to being attached to the County network.