Netcraft Publishes Details About A New Scam via Trump’s Social Media Platform

Posted in Commentary with tags on January 16, 2025 by itnerd

Netcraft has published a new blog post detailing its initial analysis of threat actors and malicious campaigns deployed using Truth Social, the social media platform created by Trump Media & Technology Group (TMTG) in 2022, to target its users. 

Key findings include:

  • Threat actors immediately target new Truth Social users — Netcraft received over 30 messages within hours of creating an account.
  • Truth Social’s group structure gives threat actors easy access to target groups with more than 100,000 members.
  • Advance Fee Fraud scams average $250, with some scammers asking for as much as $1,000 at once on Truth Social.
  • Central European, French-speaking threat actor targets global victims by impersonating trusted brands, including Spotify, Disney+, EasyPark, Sky, Netflix, and Google.

You can read the blog post here.

Leave a comment »

CIRA unleashes the fierceness of the Canada goose in a new ad campaign

Posted in Commentary with tags on January 16, 2025 by itnerd

With more than eight million people protected by CIRA Cybersecurity Services, the organization is looking to encourage more Canadians to join the flock by launching its first major cybersecurity advertising campaign. The digital campaign is inspired by the country’s most fearsome foe, the Canada Goose, who is ferocious in defence of its goslings, its place on the sidewalk, or a crust of bread. The mighty goose reflects CIRA’s fierce commitment to protecting Canadian institutions, small businesses and individuals who are at risk of cyber attacks.

CIRA practices cyber protection the Canadian way, which means building a flock of partners and institutions across the country to implement effective, adaptable, accessible and robust cybersecurity solutions tailored for families and organizations without compromising customers’ data safety and sovereignty.

With increased cyber incidents across all sectors of the economy including schools, municipalities, universities and hospitals, Canadian organizations need to assume a defensive formation to protect against cyber criminals with increasingly complex and effective tactics. This campaign showcases how CIRA is using its 20 years of expertise in technology, Canada-wide infrastructure, and partnerships with organizations and governments across the country to help fight back against cyber threats. CIRA is proud to offer services and solutions designed to tackle evolving Canadian and international online security threats while reinvesting in free tools such CIRA Canadian Shield to protect all Canadians and make the internet a safer place.

Developed by award-winning Toronto-based agency, Agnostic, the campaign will run across social media and digital platforms.

Learn more about CIRA cybersecurity services

Leave a comment »

UK considers ban on public sector ransomware payments 

Posted in Commentary with tags on January 15, 2025 by itnerd

On Tuesday, the UK government published a Home Office-led consultation proposing a ban on the public sector and critical infrastructure organizations making ransomware payments with the hope of disrupting ransomware gangs’ financial models and gather intelligence to help law enforcement target their operations.

The Home Office said that expanding an existing ban on ransomware payments would help make critical services such as hospitals, schools, railways, and other essential public services less attractive targets for ransomware attacks.

In addition to the ban, ransomware incident mandatory reporting has also been proposed aiming to boost UK law enforcement agencies’ access to intelligence on attacks and support international law enforcement operations targeting ransomware gangs.

“With an estimated $1bn flowing to ransomware criminals globally in 2023, it is vital we act to protect national security as a key foundation upon which this Government’s Plan for Change is built.

“These proposals help us meet the scale of the ransomware threat, hitting these criminal networks in their wallets and cutting off the key financial pipeline they rely upon to operate,” UK Security Minister, Dan Jarvis, commented.

Furthermore, the consultation will explore the implementation of ransomware payment prevention regime, offering victims guidance on how to respond to cyber incidents. It would also help block payments to known criminal groups and sanctioned entities.

The consultation will run for 12 weeks, ending on April 8.

Evan Dornbush, former NSA cybersecurity expert had this to say:

  “Something needs to change. The economics of cybercrime favor the aggressor. Until solutions can effect an increase in attackers’ costs and/or a decrease in attackers’ revenues, there is nothing to suggest the increasing rates of attack will diminish.”

I have said for a while that nobody should ever pay a threat actor who is holding their data hostage or is threatening to leak their data. Or perhaps both. It emboldens them to do more of this which is bad for all of us. This is a start, but more needs to be done to make sure that crime doesn’t pay.

UPDATE: Lawrence Pingree, VP, Dispersive adds this:

  “The benefit of this approach is that the reward for doing the ransom goes away. Australia did a similar mandate. I think it will likely have a positive effect on larger entities where the targeting often happens.”

Leave a comment »

Happy New Year…. A BMO Text Message Scam Is Making The Rounds

Posted in Commentary with tags on January 15, 2025 by itnerd

A reader of this blog sent me a screenshot of a text message scam that he just received:

Now this is an easy to spot scam for the following reasons:

  1. The text message states “We’ve detected unusual activity on your BMO client card starting with 551029.” The thing is, more recent BMO client cards start with that number. There’s nothing unique about that, which means that this text message is being sent to thousands of people and the threat actors are hoping to get 1% to fall for it because they’re not paying attention to a detail like that. For the record, BMO along with any other bank would use the last 4 digits of your credit or debit card in a situation like this. Assuming that they would send you a text message like this. More on this in a moment.
  2. The website that is mentioned isn’t “bmo.com” or something like that. This is clearly a website that has been set up to phish your banking details so that they can steal your money. And it goes without saying that you should not click on the link.
  3. BMO, nor any other bank would alert you to fraud via a text message. That never, ever happens.

I’m not going to go down the rabbit hole in terms of looking at the website or anything like that. Because we already know that this is a scam and should be avoided. Thus if you get a text message like this, delete it and move on with your day.

Leave a comment »

Watch Out For Scams Related To The Los Angeles Wildfires

Posted in Commentary with tags on January 15, 2025 by itnerd

The wildfires in Los Angeles and surrounding areas have left residents and businesses vulnerable to exploitation by scammers looking to take advantage of them for financial gain, to steal their identities, and other fraudulent activities. Here’s a few examples from the news that illustrate what I am talking about.

Jim Routh, Chief Trust Officer at cybersecurity company Saviynt, commented:

“Enterprises with geo-location settings used for authentication validation purposes should adjust their models to acknowledge those employees forced to evacuate their home.

“Major catastrophic events like the fires in California bring out kindness and empathy from many people who are not victims for days following the event. Unfortunately, these events also bring out cyber criminals seeking to capitalize on the victim’s misfortune by designing phishing emails supposedly from FEMA, fire officials or other state and local agencies offering relief options. We recommend:

1.      Review your passwords for key accounts/sites and consider improving the complexity of the password (use a password manager and ensure that you have access to it from all devices)

2.      Read email messages closely and identify the origin of the sender’s email address

3.      Avoid clicking on links in email messages unless you are certain of the validity of the sender

4.      Print a list of emergency numbers to keep handy and include the FEMA Fraud Hotline:

1.      To protect yourself from fraud and identity theft, we encourage you to be careful when sharing your personal information.

If you believe you are a victim of identity theft, or someone applied to FEMA using your personal information, please call 800-621-3362. Do not contact the FEMA Fraud Investigations and Inspections Division, DHS Office of Inspector General, or the National Center for Disaster Fraud for the purpose of reporting identity theft.

Report any other types of disaster fraud by emailing StopFEMAFraud@fema.dhs.gov. For more information, visit the disaster fraud page.

5.      Employees and third parties will be forced to access networks from different locations using potentially different devices. Increase staffing levels of IAM ops staff to address the needs of storm victims and expand call coverage

6.      Advise employees to consider donations to the American Red Cross and other disaster relief organizations that are well established vs. newly formed entities specific to the California fires.”

James McQuiggan, security awareness advocate at cybersecurity company KnowBe4:

“The fires in Los Angeles County have caused significant loss of homes and property, leaving many residents vulnerable to exploitation. Scammers often prey on homeowners facing challenges with their insurance providers, posing as fake adjusters, offering fraudulent services, or ways to get money fast to start rebuilding. These schemes often involve promises of quick resolutions in exchange for upfront payments or steep fees. Some may claim they can prevent insurers from dropping coverage, adding to the stress of an already difficult situation. 

“Homeowners should confirm the identity of any insurance representative by contacting their provider directly and avoid making hasty decisions or signing agreements without proper verification. Outside of LA, individuals moved by the destruction will be targeted by fake donation campaigns or fraudulent grassroots donation platforms. Scammers create convincing appeals, often using AI-generated synthetic images to portray fabricated victims or destroyed homes. These scams manipulate people’s emotions and ask for donations quickly. 

“People looking to help should prioritize verified charities with established reputations and avoid sharing financial information through requests or unverified crowdfunding campaigns. Careful research and communication with the proper and recognized organizations can ensure that contributions are used for legitimate relief efforts.

“Disaster-related scams are not new and have appeared after hurricanes, floods, and earthquakes, following a similar pattern of urgency and emotional manipulation. The tactics remain consistent: leveraging heightened emotions and telling stories to exploit our human nature. It’s essential to remain cautious and somewhat skeptical during such events. Taking the time to verify claims, conducting research, and educating others can significantly reduce the effectiveness of these schemes. Awareness is critical to prevent fraud from happening based on the devastation of these events and ensure that support reaches those who need it most during their time of need.”

So the question becomes how can you help and not get scammed. Here’s a list that I’ve complied:

California Community Foundation

California Fire Foundation

L.A. Fire Department Foundation

Pasadena Humane Society

Ventura County Community Foundation

American Red Cross of Greater Los Angeles

Center for Disaster Philanthropy

Direct Relief

World Central Kitchen

Any assistance to any of these organizations is appreciated.

Leave a comment »

DOJ Discloses Operation That Deleted PlugX Malware from 4,250 Hacked Computers

Posted in Commentary with tags on January 15, 2025 by itnerd

The DOJ has disclosed that a multi-month law enforcement operation allowed the FBI to delete PRC-associated PlugX malware from over 4,250 infected computers:

The Justice Department and FBI today announced a multi-month law enforcement operation that, alongside international partners, deleted “PlugX” malware from thousands of infected computers worldwide. As described in court documents unsealed in the Eastern District of Pennsylvania, a group of hackers sponsored by the People’s Republic of China (PRC), known to the private sector as “Mustang Panda” and “Twill Typhoon,” used a version of PlugX malware to infect, control, and steal information from victim computers.

According to court documents, the PRC government paid the Mustang Panda group to, among other computer intrusion services, develop this specific version of PlugX. Since at least 2014, Mustang Panda hackers then infiltrated thousands of computer systems in campaigns targeting U.S. victims, as well as European and Asian governments and businesses, and Chinese dissident groups. Despite previous cybersecurity reports, owners of computers still infected with PlugX are typically unaware of the infection. The court-authorized operation announced today remediated U.S.-based computers infected with Mustang Panda’s version of PlugX.    

Roger Grimes, Data-Driven Defense Evangelist at KnowBe4 had the following comment on this news:

“It’s always a good day when the good guys get a win! As simple as it seems for anyone to go in and proactively remove malware, it really isn’t easy to do. First, you’ve got to make sure you can do it legally. That often takes lawyers and legal review, and in most cases, lawyers with experience in global cybercriminals and laws. It takes someone in law enforcement who cares enough to push it. They’ve got to make a case and get it approved by senior management. Then, the removal process has to be tested.” 

“In this case, the FBI relied upon the bot’s own removal instructions, but it isn’t always this easy. Historically, there have been instances of less mature and capable but well-meaning defenders who have less elegantly removed malware and caused more problems than the malware did. The solution has to be tested and retested. Then, it has to be globally coordinated to happen as quickly as it can before the attackers know something is up and implement defenses.” 

“The overall process is more difficult than it first sounds. There’s a reason why proactive removal isn’t that common. With that said, it does seem like we are seeing just a bit more of these proactive removal projects than we used to see. Of course, expect to see the hackers respond by making it harder for unauthorized removal schemes to take place. It’s a business, and the bad guys see the good guys as adversaries and will respond accordingly. The bad guys won’t sit back and stay defeated. They will respond. They will make it harder for future efforts to be as successful. But for today, let’s celebrate the win!”

Wins seem to be hard to come by these days. Thus I will take this one. But realistically what needs to happen is prevention and detection means need to be better so that actions like these are the exception.

Leave a comment »

Nearly 250,000 Records Exposed by Fintech Company 

Posted in Commentary with tags on January 15, 2025 by itnerd

A significant data exposure involving Willow Pays, a payment software company offering AI software solutions was recently uncovered by cybersecurity researcher Jeremiah Fowler.

What happened:

A database containing nearly 250,000 records was exposed. The exposed database includes customer names, emails, home addresses, partial debit and credit card numbers, scanned bills and loan payment documents and more.

Why it matters: 

This exposure presents serious risks, such as invoice fraud, phishing schemes or social engineering attempts.

To learn more, read the detailed report here: https://www.websiteplanet.com/news/report-willowpays-breach/

Leave a comment »

Elon Musk Gets Sued By The FTC Over Twitter Takeover

Posted in Commentary with tags on January 15, 2025 by itnerd

This lawsuit was guaranteed to happen, and it finally has. The SEC has finally sued Elon Musk over his takeover of Twitter:

The US Securities and Exchange Commission sued Elon Musk on Tuesday for allegedly failing to properly disclose his ownership of X, then known as Twitter, as required by federal law, which allowed him to buy shares of the platform at “artificially low prices.”

Before he closed his $44 billion deal to buy Twitter in October 2022, Musk began to acquire a “significant number” of Twitter shares. By mid-March 2022, he owned more than 5% of the company’s common stock and was required to disclose that to the SEC within 10 calendar days. The filing alleged that Musk failed to disclose that information until April 4, 2022.

Had Musk and his wealth manager disclosed his ownership as required, the stock price would likely have increased significantly,” the suit alleged.

Now of course Elon is denying all of this. And I bet he’s hoping that his buddy Donald Trump does him a big favour and makes this go away. But if that doesn’t happen, Elon is in a whole lot of trouble here. Especially since he’s flipped off the SEC on multiple occasions, which isn’t a good idea if you ask me. But I think he’s about to find that out. And I am here for it.

Leave a comment »

OneBlood confirms personal data stolen in July ransomware attack

Posted in Commentary with tags on January 14, 2025 by itnerd

Blood-donation not-for-profit OneBlood last week confirmed that a ransomware attack last summer has resulted in donors’ personal information being stolen, including names and SSNs. 

On or around July 28, 2024, OneBlood became aware of suspicious activity within its network. We began an investigation to determine the full nature and scope of the event. Our investigation determined that between July 14 to July 29, 2024, certain files and folders were copied from our network without authorization. We conducted a comprehensive review of the affected files to identify the types of information contained in them and to whom the information relates. On or about December 12, 2024, we completed our review and determined that the affected files contained your information.

What Information Was Involved? The investigation determined that your name and Social Security number was included in the relevant files and folders.

Erich Kron, Security Awareness Advocate at KnowBe4 had this to say: 

“Ransomware attacks are pretty much synonymous with data breaches, and this was certainly no exception. Modern ransomware groups put a lot of effort towards stealing data because they know that it can often be used as leverage to force organizations to pay ransoms in exchange for not leaking the data, so when we hear about a ransomware attack taking down systems, we can safely assume most of the time that personal data was stolen as well.”

“The attack on OneBlood is especially frustrating because the organization does have a great mission and does good things to provide blood to those in desperate need. The attack last year impacted a number of clinics and increased the likelihood of human errors when computerized systems were taken offline. For the volunteers that already gave their time and blood to help the cause, the news that their personal information was lost to bad actors is certainly unwelcome.”

“Unfortunately, OneBlood took a long time to determine what data was lost and to inform victims of the breach. When information like this is leaked, it is extremely beneficial for potential victims to be able to take steps to protect their identity from theft and to protect themselves from potential social engineering attacks, and delays such as this can put them at even higher risk of negative consequences.”

“Organizations that collect or store personal and medical information need to ensure the highest standards of protection are met, and that potential victims of data theft are notified quickly and given information they can use to protect themselves from the misuse of their private data. Delays in notification leave victims vulnerable to additional attacks and identity theft.”

Rebecca Moody, Head of Data Research at Comparitech adds the following: 

According to our data, OneBlood is one of 128 US healthcare providers confirmed to have been hit by a ransomware attack in 2024. These attacks affected nearly 21.8 million records in total and saw an average ransom of just over $1 million.”

“We don’t yet know how many people have been involved in this breach but at least 608 residents in Massachusetts have received notifications. Those impacted should take up OneBlood’s offer of 12 months free credit monitoring and identity theft protection services while also being on high alert for any phishing messages and monitoring accounts for unauthorized activity.”

Besides being yet another health care related hack, this really took way too long to be brought to the attention of victims. That’s not cool and OneBlood really needs to do better.

Leave a comment »

KnowBe4 Research Confirms Effective Security Awareness Training Significantly Reduces Data Breaches 

Posted in Commentary with tags on January 14, 2025 by itnerd

KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today released a new white paper that provides data-driven evidence on the effectiveness of security awareness training (SAT) in reducing data breaches. 

Over 17,500 data breaches from the Privacy Rights Clearinghouse database were analyzed along with KnowBe4’s extensive customer data to quantify the impact of SAT on organizational cybersecurity. This research provides an in-depth perspective on the effectiveness of security awareness training in preventing data breaches.  

Key findings from the research include: 

  1. Organizations with effective SAT programs are 8.3 times less likely to appear on public data breach lists annually compared to general statistics. 
  2. 97.6% of KnowBe4’s current U.S. customers have not suffered a public data breach since 2005. 
  3. Customers who experienced breaches were 65% less likely to suffer subsequent breaches after becoming KnowBe4 customers. 
  4. 73% of breaches involving current KnowBe4 customers occurred before they implemented the company’s SAT program.  

KnowBe4 advises organizations to implement SAT programs with at least quarterly training sessions and simulated phishing tests, noting that more frequent engagement can lead to even greater risk mitigation. The study addresses a critical question in cybersecurity: Does security awareness training measurably reduce an organization’s risk of real-world cyberattacks? The analysis demonstrates that organizations practicing regular and effective SAT see significant decreases in human risk factors and fewer real-world compromises. 

This research provides valuable insights into the substantial role that security awareness training plays in preventing data breaches, particularly given that social engineering and phishing account for 70% to 90% of data breaches. KnowBe4 defines an effective SAT program as one that includes at least monthly training and simulated phishing campaigns.   

The full white paper, “Effective Security Awareness Training Really Does Reduce Breaches,” is available for download here

Leave a comment »

« Older Entries
Newer Entries »