Archive for February 10, 2024

Don’t Fall Victim: Tips to Safeguard Against Tax Vishing Scams

Posted in Commentary with tags on February 10, 2024 by itnerd

With tax season now upon us, so is the increase in tax phishing scams. In fact, this week, the IRS released a warning to tax professionals about scammers attempting to steal Electronic Filing Identification Numbers (EFINs). 

John Wilson, senior fellow of Threat Research at cybersecurity software and services provider Fortra believes that, in addition to phishing, individuals need to keep an eye out for vishing scams which have become increasingly popular during this time.  

According to John, “An IRS related vishing scam is where a caller, supposedly from the IRS, says there’s been some sort of legal action involving your social security number, and they’ll send agents to your home unless you provide money to correct it.” 

Tips to protect yourself from vishing scams:  

  • Never send money based on an unexpected call. Be particularly suspicious of any party asking for payment in cryptocurrency, gift cards, Zelle or a Western Union money transfer.  
  • Verify through another channel. For any inbound request for information, hang up, find the organization’s phone number on your own  and call back to see if someone is legitimately trying to contact you.  
  • Tap into your intuition. The FBI and Microsoft aren’t going to phone about a virus on your computer. 
  • Implement spam blocking. Telecom providers and consumer apps can help block or flag numbers likely to generate spam calls. There’s also the government’s Do Not Call Registry, which can help you avoid telemarketers, though scammers aren’t likely to play by the rules. But registering could keep you off some phone lists used by fraudsters.  
  • File a complaint. Contact the Federal Communications Commission if you receive calls that seem fraudulent, and alert the FBI’s Internet Crime Complaint Center if you incur a financial loss related to vishing. 

Leave a comment »

Hyundai Motor Europe Confirms That They Were Pwned By Black Basta After Saying That They Had “IT Issues”

Posted in Commentary with tags on February 10, 2024 by itnerd

Early in January, Hyundai Europe had some “IT issues”. But now It turns out the “IT issues” that Hyundai Motor Europe experienced were in fact a cyberattack carried out by the notorious Black Basta ransomware group. Though at the time the company told BleepingComputer they were simply “experiencing IT issues”. But when they were confronted by Bleeping with evidence that data had been stolen, Hyundai confirmed they had suffered a cyberattack. 

In the most recent statement to BleepingComputer, the company stated “Hyundai Motor Europe is investigating in a case in which an unauthorized third party has accessed a limited part of the network of Hyundai Motor Europe.”.

Though Hyundai has not offered details on what type of attack they suffered, Bleeping was able to view an image of a list of folders the Black Basta group claims to have stolen from the company.  The group claims to have taken 3 TB of data, including legal, sales, human resources, accounting, IT, and management.

Ted Miracco, CEO, Approov Mobile Security had this comment:

   “Black Basta is a Ransomware-as-a-Service (RaaS) enterprise that is known for its double extortion attacks. These highly targeted attacks on large corporations involve encrypting victims’ critical data and vital servers and threatening to publish sensitive data, which is apparently happened to Hyundai Motor Europe. 

   “Automotive companies are frequent targets of ransomware attacks due to the increasing digitization of vehicles and the industry’s interconnectedness. Weak API security has contributed to this vulnerability, despite advanced cybersecurity measures by automotive manufacturers and their supply chain. The best way to minimize damage from these kinds of sophisticated attacks is to both implement strong endpoint detection systems for early warnings on attacks and to have robust backup, encryption and recovery systems in place for business continuity.”

Carol Volk, EVP, BullWall follows with this:

   “Large multinational companies like Hyundai Motor Europe are prime targets for cyberattacks due to their substantial wealth and extensive digital attack surface. The recent cyberattack by the Black Basta ransomware group underscores the vulnerability of such corporations to sophisticated threats. The sheer size and complexity of their networks make it nearly impossible to fully safeguard against every potential attack vector.

   “When breaches occur, these companies must have a robust plan in place to mitigate the damage and protect sensitive information. While Hyundai Motor Europe has not disclosed the specifics of the ransomware attack, the reported theft of 3 TB of data, including critical business functions like legal, sales, and human resources, highlights the severity of the incident.

   “To effectively respond to such breaches, companies need proactive measures such as continuous monitoring and rapid incident response protocols, in addition to regular isolated backups and a ransomware containment system.”

Getting pwned by a ransomware group is bad. Denying it to the media is worse because by the time the media is knocking at your door, they already know the answer to the question that they’re asking. Hopefully Hyundai Europe learns from this self inflicted gunshot wound to the foot.

Leave a comment »