Last week, the city of Allentown was hit with Emotet, malware that started as a banking trojan. Reports indicate that the initial entry into their municipal business environment occurred via phishing. Once the malware was downloaded and installed, it began to replicate itself across the city government’s network infecting devices and stealing login credentials. This has resulted in the city’s financial system being offline, the city’s camera surveillance being taken offline, and the city’s police department being disconnected from the Pennsylvania law enforcement network.
It is estimated that the cost to remediate this attack will be close to $1 million. This same malware has infected other government and public-school facilities. In fact, this past January, the same malware cost the Rockingham, North Carolina school district $314,000 to recover from the infection.
What is Emotet? Emotet is malware that started out as a banking trojan three years ago. It was originally designed to sniff network traffic for user login credentials. Over the last three years, the malware has morphed to allow for custom modules to be added. Last year, the malware started to use the EternalBlue exploit developed by the NSA and later leaked to the public. This exploit allows the malware to spread across Windows networks on devices that have not been patched. The malware is not easily blocked as it can be delivered via .js, .pdf, and .doc/.docx files.
What can be done? Ensure that you are auditing your patching to verify that patches are being applied as they should. Not saying that this malware spread via the EternalBlue exploit, however as a method that it does spread by, are you ready to prevent it from spreading.
Why perform a patch audit? Sometimes patches may be pushed in an automated fashion, but for whatever reason just don’t make it on to a system and may require a more hands on approach.
There is a large scale phishing attack going on right now to attempt to steal a user’s credentials associated with Google. Users should be wary of any email that states someone has sent them a Google document. The email will be similar to the one shown below
26 January 2017
There is currently a major phishing campaign going on that is tricking users into entering their credentials into a screen that appears to be from an email provider. These screens appear legitimate enough to fool even security professionals. There is also a related phishing campaign tempts unsuspecting email users to click on a link to open a document stored in a Google Drive account.
Images below are examples of what you may see if you receive an email that attempts to lure you into giving up your credentials.
Below is what that image looks like. Don’t click on the link. If you receive one of those emails, please forward the email to us at firstname.lastname@example.org
How do you tell if it is legitimate or not. Look in the address bar. If it is a bad link, it may look something like this…
Notice the words data text and html all be for the https? That should not be there. If it was a legitimate, the https: and a lock would appear in green.
One way to avoid complete access to your account is to turn on 2-factor authentication (2-step authentication in Google). If you see screens like the ones above and enter in your login credentials, your credentials have been compromised. But with 2-factor authentication enabled, your account will likely not be compromised. Change your account password immediately. This goes for any accounts on any website that you use the email address and same password (which is also HIGHLY not recommended).
If you have any questions, please be sure to drop us a line at email@example.com
Each holiday, no matter what it is, brings greetings from friends and families celebrating the holiday. A lot of time, the greetings come in the form of a simple email, other times, it is a link to an electronic card.
Hackers take the holidays for a chance to do some phishing. No not fishing, but phishing. Phishing is the quest for getting a chance to find things out about you. Last night I watched “Now You See Me.” In one of the scenes, the character Arthur Tressler, played by Michael Caine, challenges J. Daniel Atlas, played by Jesse Eisenberg, that he cannot be read. J. Daniel starts making statements about Arthur’s dog to which Arthur sets him straight saying I didn’t have a dog. I had a cat and it’s name was… The scenario went one more time where J. Daniel attempted to read the type of childhood Arthur had. Again, Arthur said he was wrong and gave up some information about his family. Later in the movie, the information provided was used against him to crack a bank account that Arthur owned.
What J. Daniel did was phishing. Hackers do the same thing by sending you emails that look to be legitimate and the real thing. However, the motive behind it is to gain access to your information, your account, or your computer. You may not be the ultimate target, but merely a stepping stone to get to the final destination.
The U.S. Computer Emergency Readiness Team (USCERT) each holiday issues a reminder to everyone to be careful about the emails and ecards you open. Their Easter Alert (follow the link) provides some tips on what to avoid when it comes to these types of communication.
don’t follow link or open emails from people you don’t know.
it someone you do know, but seems like it is an email they would not normally send then don’t open it.
Think twice and take a cyber 360.