In the past few weeks, hundreds of WordPress sites have experienced an onslaught of ransomware attacks. The hackers implement encryption notices and demand a ransom of 0.1 Bitcoin, which equates to roughly $5,500 dollars.   The hackers include a countdown timer and tell the website owners that they will delete their entire website, which for a small business can be very costly.

The interesting aspect of this attack though is that it is FAKE.

Researchers have discovered that the websites were in fact not encrypted. Instead, threat actors changed an installed plugin called Directorist to display a ransom note and countdown. Researchers have also noted that hackers used admin credentials to get into these sites, likely as the result of brute-force or stolen credentials purchased through the dark web. However, these attacks appear to be only a part of a much larger campaign, suggesting the latter to be the avenue through which criminals gained access to private information.

So, what can you do? If you’re a WordPress user, review the plugins you use, as WP Reset Pro, OptinMonster, and Hashthemes Demo Importer have all been discovered to have vulnerabilities that hackers could exploit. Additionally, watch for and install software patches and updates to decrease the possibility of your site being attacked. If you’d like to learn more about website development and ransomware protection, you can reach out to us at info@optfinity.com or call us at (703) 709-0400.

The Transportation Security Administration (TSA) recently announced that it will soon implement new cybersecurity requirements on the railroad and airline industries. To many, this comes as no surprise, as critical infrastructure has been subject to a slew of high-profile cybersecurity attacks this past year. The new directives will all but waive existing voluntary cybersecurity measures for these industries in favor of a mandatory cybersecurity baseline. These new guidelines will be implemented by the end of the year, and fines will be imposed on noncompliant contractors and entities.

The Railroad Industry: Now, TSA will require higher-risk railroads to report cyber incidents to a federal agency. Creating cybersecurity point persons and contingency and recovery plans are also part of the forthcoming security directive.

The Airline Industry: As for the airline industry, the TSA will require designated cybersecurity coordinators and reports on cyber incidents to the Cybersecurity and Infrastructure Agency. Entities ordered to follow these new guidelines include critical US airport operators, passenger aircraft operators, and all-cargo aircraft operators.

Though many are familiar with the Colonial Pipeline hack that disrupted access to gas and created a hike in prices, different incidents’ have been of particular concern to policy makers. The Southeastern Pennsylvania Transportation Authority, Cape Cod’s ferry services, and New York City’s Metropolitan Transportation Authority have all been hit with similar malware in the past 2 years, demonstrating the importance of securing the nation’s critical transportation services. If you’re concerned about malware hitting your business, reach out to us at info@optfinity.com or call us at (703) 790-0400.

Many cybersecurity experts are now warning of a new ware called killware. Unlike ransomware and malware, which primarily aim to gain money and access to sensitive data, killware’s aim is to take lives. Authorities warn that these types of attacks could impact hospitals, transportation, law enforcement agencies, banks, and even the water supply. Hospitals specifically are of great concern to officials due to underreporting. As they increase their use of digital tools, they become more dependent on technology to deliver treatment and keep patients safe.

These types of attacks have already forced hospitals to cancel or defer procedures, including critical surgeries. This not only put lives at risk but leaves hospitals vulnerable to HIPPA violation fines and liability lawsuits. Gartner estimates that the financial impact of cyber-attacks resulting in fatalities will exceed $50 billion within the next few years.

Though authorities are now warning that killware will likely become more common and devastating in the near future, these types of attacks are not new. In fact, a recent and prominent example of this occurred earlier this year. Hackers were able to infiltrate a Florida water treatment facility and alter its chemical mixture to a dangerous level before operators noticed and quickly changed the levels back to normal.

One of the best ways to protect your organization from these types of attacks is to implement a strong security policy and train employees to know the warning signs of a cyberattack. To learn more or implement a strong security policy in your organization, contact us at info@optfinity.com or via phone at (703) 790-0400.

In early October, an anonymous 4chan user posted a 125GB torrent link to the 4chan site containing breached data from the popular streaming platform Twitch. The hacker claimed that the intent of the leak was to “foster more disruption and competition in the online video streaming space”, suggesting that the breach was driven by spiteful intent.  Twitch has since confirmed the breach and stated that it is still working to comprehend the full impact of the incident.

So, what happened? According to Twitch, an error in a server configuration allowed the unknown hacker to maliciously gain access to sensitive reports and unreleased information. Fortunately, there has been no indication that login credentials were accessed and because the platform does not store full credit card numbers, full credit card numbers had not been retrieved. In an attempt to prevent similar breaches from occurring, Twitch has recently increased its bug bounty pay-outs from $3,000 to $5,000.

Bug bounties are deals offered by organizations and websites that promise monetary pay-outs in exchange for reporting bugs that may lead to security exploits and vulnerabilities. Twitch appears desperate to seal off any and all entry points, as labeling of the leak as “part one” suggests that more hacking attempts are likely. If you’re concerned about the security of your organization’s endpoints, feel free to contact us at info@optfinity.com or at (703) 790-0400.

Cybersecurity Awareness Month 2021: Week 3

Last week, we discussed email phishing and the red flags you need be aware of. This common yet effective method of harvesting personal data laid the foundation for attacks that target mobile devices. Though many people are aware of phishing email campaigns, not the same can be said about mobile phishing campaigns.

Hackers use social engineering techniques to target services like Facebook, WhatsApp, SMS, and malicious apps to exploit users who are less suspicious of these new avenues of cybercrime.

Perhaps this explains why research has found that mobile users are three times more likely to fall victim to phishing attempts compared to desktop users.

The goal of mobile phishing attempts is often the same as email phishing attempts, and as such, warrant awareness and attention. Below, we outline the four most common ways hackers are infiltrating mobile devices.

Malicious Apps

Hackers try to trick users into downloading malicious apps in two ways. One method involves using legitimate app stores like the iOS or Android stores. They use these markets to broadcast harmful apps that use phishing tactics to steal personal information.

Though these stores constantly remove malicious apps, some are able to slip through the cracks amidst the torrents of official apps uploaded to these stores on a daily basis. Secondly, cybercriminals create unofficial app stores. Here, fraudulent apps mimicking legitimate ones are riddled with malware that activates only after they are installed.

These two means of infiltrating devices have become more common as corporate desktops have begun implementing pre-approved lists of software. This limits the success of hacking devices through application stores. Meanwhile, mobile devices can download any app from any network, broadening cybercriminals’ points of entry.

To keep yourself safe, never download apps from a browser; only use apps in your device’s official store. Within legitimate stores, keep an eye out for apps from unknown developers or those with few or negative reviews. Lastly, if an app is no longer supported by your device’s store, there’s probably a good reason it isn’t- so just delete it

Smishing

Text messaging is an often-overlooked segment of organizational cybersecurity, making “smishing” (SMS phishing) a newly popular way of hacking into mobile devices. Further, the success of these attacks has only incentivized hackers to continue deploying smishing attacks, as open rates are at an astounding 98%. Smishing primarily exploits devices through encouraging users to click on a link. Opening these links either loads a fraudulent landing page that asks for a user’s login credentials, or secretly downloads spyware onto the device.

Both tactics have been successful in gaining access to personal and corporate data. Be wary of links within texts, and if you are unsure if a link from a seemingly legitimate text is safe, reach out to the company it claims it’s from and confirm if they sent a text to your device from the number you have.  Always use the phone number from an official source and not one which has been sent to you.

Whishing

After hackers saw the success in smishing, they began launching phishing campaigns via a medium commonly used as an alternative to SMS messaging: WhatsApp. “Whishing”, or WhatsApp phishing, operates in the same way that smishing does; through sending malicious links over text. Whishing has risen in prevalence due to its relatively cheap and easy implementation.

WhatsApp allows communication with anyone else on the app, enabling hackers to send mass phishing messages to a plethora of unsuspecting app users.

Whishing can be neutralized by using a web gateway to block connections to a phishing server, so make sure you are connected to your organization’s corporate network before inspecting any strange WhatsApp messages. Whether using a corporate or personal phone, never disclose sensitive information over Wi-Fi unless you know that the network is secure.

Social Media

Lastly, hackers use social media to exploit mobile devices. Malicious links can be embedded into posts that appear innocent and uploaded to many social media sites. Facebook, Twitter, Instagram, and even LinkedIn have been known to host these types of posts. The links within these posts redirect users to phishing sites that ask for sensitive credentials.

Phishing posts may appear as ads, giveaways, or contests that seem too good to be true. When clicked on, they take users to phishing sites that look real, but are simply fronts for stealing data. Be wary of any post that urgently encourages you to click on a link, especially if it involves a purchase or giving out personal information like an address.

If you’re worried about hackers gaining sensitive information through mobile attacks, contact us about network security at info@optfinity.com.

In recent years, end-to-end encryption has risen in popularity as cybersecurity concerns have become more prevalent in popular culture.

End to end encryption makes it very difficult for anyone to be able to see messages and platforms like Google, Facebook, and Twitter have taken to implementing this encryption method for the safety of their users- a beneficial feature for users, but very frustrating for governments trying to spy on terrorists and criminals.

Enter Pegasus: A Surveillance Solution by NSO Group

It recently came to light  that the Israeli tech firm NSO created a software called Pegasus to alleviate this issue for governments and other entities, although the firm doesn’t disclose which entities have purchased it.

The software can stealthily infiltrate a smartphone and gain access to everything on it, including the camera and mic. Gaining access to devices running on Blackberry, iOS, Android, and Symbian operating systems allows governments to turn them into surveillance devices.

Are You at Risk? Protecting Your Device Against Spyware

One of the most popular ways it does this is through spearfishing, in which accepting an unsuspecting call on WhatsApp gives the software unbridled access to the device’s capabilities. Recently, we have learned that the software now is a zero-click exploit, in which the software can simply call a user’s WhatsApp number, delete the call, and gain access to a smartphone without the user ever knowing anything suspicious occurred.

Additionally, the spyware can infiltrate devices through sending messages that contain gifs. A user doesn’t even need to open the message; once it’s received, the phone is compromised.  Are you safe?

If you’re wary of falling victim to spyware or malware, you can reach out to us at info@optfinity.com

Cryptocurrency platform Poly Network revealed recently that they were hacked. The over $600 million dollar theft is the largest crypto hack to date, although the hacking itself was not a hack of the technology.  Instead, the hackers exploited a vulnerability within Poly Network’s system that allowed them to assign themselves the ownership of money processed through the platform. The site reported that $611 million in digital tokens were stolen although a significant portion of the assets were redirected to nonprofits and charities in a modern-day Robin Hood scenario.

As various cryptocurrencies like Bitcoin and Ethereum rise in investment popularity, more attempted hacks into cryptocurrency firms may occur as they have in the past.  In 2019, we saw the Italian exchange BitGrail lose $195 million in assets and in 2018, the Tokyo-based firm Coincheck was hacked and lost $530 million in digital tokens. If you’re concerned where the next attack is coming from and want to be protected, feel free to contact us about virus protection at info@optfinity.com.

Happy Labor Day Weekend! While you celebrate your extended weekend with cookouts, parades, and enjoying time off from work , you might want to know that hackers may be watching closely. Holidays are notorious magnets for hackers because of online sales, where people are quick to input their personal info and payment information.

To avoid falling victim to these attacks, there are several steps that consumers can take.

• Make sure that all your devices are up to date and have the latest operating system.
  • This helps to ensure that you have the latest security patches and limits the vulnerabilities that hackers can exploit.
• If you choose to travel, be wary of pop-up ads on travel sites and strange emails promoting airline or hotel deals. These may be attempting to harvest your personal information or financial information. Whether you’re purchasing airline tickets, hotel rooms, or items online, don’t allow sites to save your credit card information in their system.
  • If a site you’ve used your card on gets exploited, your card credentials, name, and address can be accessed by hackers.
• Keep and eye on your email and bank account statements for any signs of suspicious activity, and enjoy your weekend safely!

If you find yourself concerned about your network’s security capabilities, feel free to reach out to us at info@optfinity.com

Since the onset of the coronavirus pandemic, remote work has become a large aspect of the new normal. Subsequently, there has been an increase in attacks launched by cyber criminals, including a wave of large-scale attacks has rendered critical infrastructure unusable. The SolarWinds hack, JBS hack, and Colonial Pipeline hack have all been hailed as powerful signals to governments and organizations alike that more investment and research into cybersecurity is necessary.

In an attempt to avoid these types of incidents occurring over and over again, the Senate recently approved $1.9 billion dollars in cybersecurity infrastructure bills. This comes as part of a $1 trillion dollar infrastructure package approved August 10^th. This money will be used for securing critical infrastructure against attacks, helping vulnerable organizations defend themselves, funding for a key federal cyber office, and to strengthen cybersecurity for state and local governments.

One of the most notable bills is the State and Local Cybersecurity Improvement Act. This act would give one billion dollars to government entities over 4 years, with a quarter of that being allocated to vulnerable rural communities. This act in particular is much needed, as an attack on a school system or electrical grid could put crucial services in jeopardy- and many state and local governments do not have sufficient resources to defend against these types of attacks. If you’ve found yourself a victim of the onslaught of recent cyberattacks, feel free to reach out to us about malware protection and data recovery at info@optfinity.com.