Hackers Are Increasingly Targeting Mobile Devices

Here’s a statistic you’re not going to like.  Based on research conducted by cybersecurity researchers at Proofpoint, there has been a staggering 500 percent increase in malware attacks against mobile devices during the opening months of 2022. The most significant peak so far this year occurred at the end of February.

Most of the malware that targets mobile devices tends to be relatively benign.  It’s unlikely to encrypt all the files on your phone and demand a ransom. Although there are admittedly some malware strains that do that,  if your phone is infected with malware, it will likely be of the variety that quietly roots through your phone and steals usernames and passwords.

In some cases, you may get infected with a malware strain designed to take screenshots or track your location over time. Again, these are exceptions and not the rule. Even so, malware that steals your account information can be devastating in the longer term. Hackers can use that information to steal your identity, drain your accounts, max out your credit cards, and more.

There are three primary paths hackers use to get malware onto a target Android or iOS device.

The first and the most common is to poison an app and get it placed on either the Apple Store or the Google Play Store.  From there, users will download and install it while completely unaware that they have also installed malware.

SMS texts are another popular avenue of attack, which is why security professionals warn users against tapping links in text messages.  These may be harmless from a dear friend of yours or may have been put there by a hacker pretending to be your friend. When you tap the link, you’re taken to a poisoned website which installs malware in the background.

Finally, there’s email.  By now everyone has heard the dire warnings against clicking on links embedded in email messages or opening file attachments.  This applies whether you’re reading your mail on your phone or your PC.

The bottom line is that you are increasingly a target whether you’re on your PC or your phone.  Be careful.

SpartanTec, Inc. provides cybersecurity training for your employees to prevent them from inadvertently affecting your network via their phone, tablet or desktop computer. Call us today for more information.

SpartanTec, Inc.
800 25th Ave S #4320
North Myrtle Beach, SC 29582
(843) 418-4792
https://www.spartantec.com/

Hackers Get Source Code During Data Breach At Samsung

Samsung’s corporate network was breached recently.  That’s bad news all by itself. The company has recently confirmed that in addition to the confidential customer information that was stolen, the hackers also made off with the source code for the software used in the company’s Galaxy smartphones.

The hackers responsible for the attack call themselves “Lapsus$.”  Not long after their attack, they disclosed that they had made off with almost 190GB of archives.

Disturbingly, this group has been exceedingly busy so far in 2022 and extremely successful.  Just a week prior to the announcement regarding Samsung’s data, the same group released a 20GB sample of documents stolen from Nvidia.  The group claims that this sample is part of a collection of stolen documents more than 1TB in size.

Aside from the aforementioned source code at this point, we do not know exactly what sorts of data the group of hackers may have compromised when they successfully breached Samsung’s network.

For that matter, we do not yet know the full extent of the contents of the 1TB cache documents stolen from Nvidia because as members of Lapsus$ explained, they are currently in negotiations for the sale of that data.

This is the world we live in.  This is the shape of 2022 and years to come.  What the long-term implications might be are anyone’s guess but fortunately, the advice for guarding against such attacks remains largely the same.

Be sure the software you use is updated with the latest security patches and constantly educate and reeducate your employees about the dangers of phishing campaigns to minimize your risk.

Failing that, take regular backups and have a rapid response team standing by that can spring into action if your defenses fail.  That’s by no means a perfect solution, but it will make you a significantly harder target and there’s value in that.

We live in a world that is changing at a rapid pace. Can your IT staff keep up? Now is the time to contact SpartanTec, Inc. for an in-depth cybersecurity analysis.

SpartanTec, Inc.
800 25th Ave S #4320
North Myrtle Beach, SC 29582
(843) 418-4792
https://www.spartantec.com/

Possible Okta Breach by Threat Actor

This morning several reports stated that Lapsus$ breached Okta services. The breach has not been confirmed. Lapsus$ shared screenshots showing a January date, indicating the breach could have occurred in the preceding months. Okta states the threat was immediately contained and there is no evidence of malicious activity.

Lapsus$, a unique threat actor, focuses on data exfiltration and extortion and have claimed responsibility for several other high-profile incidents including leaking source code. They claim to be focused solely on financial gain and do not claim political affiliation. To date they have not deployed encryption software.

What you should do

We recommend several precautions if you use Okta in your environment:

  • Contact Okta to determine if there is more information or recommended actions.
  • Change passwords for key accounts (e.g. executives).
  • Consider implementing increased security in e-mail to combat phishing attacks.

While Okta has not confirmed the data breach, MTR is monitoring the situation thoroughly. MTR will release broadcasts as information becomes available.

SpartanTec, Inc. is vigilant about staying on top of possible threats that could affect your business. Call us today if you have any doubt about the security of your network.

References

REUTERS – Report on Okta Breach

https://www.reuters.com/technology/authentication-services-firm-okta-says-it-is-investigating-report-breach-2022-03-22/

VERGE – Report on Okta Breach

https://www.theverge.com/2022/3/22/22990637/okta-breach-single-sign-on-lapsus-hacker-group

BLEEPING COMPUTER – Background on Lapsus$

https://www.bleepingcomputer.com/news/security/okta-investigating-claims-of-customer-data-breach-from-lapsus-group/

TWITTER – Statement from Todd McKinnon, CEO of Okta

https://twitter.com/toddmckinnon/status/1506184721922859010

SpartanTec, Inc.
800 25th Ave S #4320
North Myrtle Beach, SC 29582
(843) 418-4792
https://www.spartantec.com/

People Are Still Not Using Secure Passwords Despite Warnings

It’s 2022 and after years of warning people repeatedly about the dangers of using the same old passwords and using the same password across multiple websites, you would think this would get better. You would think we’d have that problem solved and there would be one less network security risk to worry about.

Unfortunately, if you think that you would be wrong.

Poor passwords  affect your companies cybersecurity.

Even now, after endless hours of email safety training and articles just like this one published by the hundreds all over the web, people are still gravitating to the same garbage passwords and still reusing them across multiple websites they frequent.

In fact, it’s even worse than that, if recent research by SpyCloud is any indication. They poured over data containing 1.7 billion username and password combinations gleaned from 755 leaked sources in 2021. Based on their research, a staggering 64 percent of people are still using the same password exposed in one data breach for other accounts.

Keep in mind that Google now comes right out and tells Chrome users how many of their saved passwords are at risk for exactly that. Even with the information staring them in the face, significantly more than half of all users won’t change their habits.

These statistics must be taken with a grain of salt because the methodology is somewhat imprecise.  It doesn’t matter if the actual percentage is five points or so lower because the broader issue remains the same.

By now, everyone knows the risks that bad passwords pose.  Everyone is aware of the dangers of using the same password to access multiple web properties and yet, nothing is changing.

Until there is a tangible financial cost imposed, either by companies beginning to fine users with bad passwords or hackers taking full advantage of those weak passwords and financially punishing those using them, it’s not going to change.  It’s a real pity it has come to that.

Are you concerned about the cyber threat your employees can be to your company? SpartanTec, Inc. can provide employee training and network security monitoring. Call us today.

SpartanTec, Inc.
800 25th Ave S #4320
North Myrtle Beach, SC 29582
(843) 418-4792
https://www.spartantec.com/

Android Users Need To Watch Out For Teabot Trojan

If you have smart devices in the Android ecosystem, there’s a new threat to be aware of in the form of a malware strain called Teabot.  This bit of malicious code is a Remote Access Trojan or RAT for short. The group behind the code is making a big push to see it spread worldwide.

Researchers from Cleafy can confirm that the malware targets more than 400 different applications and the folk behind the code have begun to pivot away from their initial tactic of “smishing.”

Smishing, if you’re not familiar with the term, is a tactic used to compromise a mobile device via spam text messages that contain poisoned links.  If a recipient clicks on one of these links, they’re taken to a site controlled by the hackers and the malware is installed on the user’s computer in the background.

This bit of code emerged near the beginning of 2021. Back then, in its earliest incarnations it was known as Toddler/Anatsa.

In its primitive form, it was distributed exclusively via smishing and only had a list of sixty lures.  Granted they were big well-known lures like VLC Media player and DHL shipping but there were only sixty of them.

By July of last year, the owners of the malicious code had modified it to strike at dozens of banks based all over Europe. In the months that followed, at least 18 banks fell victim to Teabot attacks.

More recently, the malicious code has undergone additional changes. The malware has migrated from Europe spreading to Russia, the US, Hong Kong, and beyond.  In addition to that, it’s no longer targeting banks exclusively but cryptocurrency exchanges and digital insurance providers as well.  Even worse is that in at least one case Teabot has managed to infiltrate official Android repositories via dropper apps.

In terms of how big a problem this is, here is how it goes. Once Teabot is installed on a target system it can primarily log keystrokes and take screenshots. Then it can exfiltrate them to the malware’s controllers which means that in short order any site you log onto using your phone can quickly be compromised.

Stay vigilant out there.  It’s still early in the year and Teabot will certainly not be the last threat we face. Call SpartanTec if you suspect your computer or phone has  been compromised.

SpartanTec, Inc.
800 25th Ave S #4320
North Myrtle Beach, SC 29582
(843) 418-4792
https://www.spartantec.com/

Scammers Cost Americans Billions Of Dollars In 2021

The US Federal Trade Commission reports that Americans lost almost six billion dollars to fraud last year.  The $5.8 billion total represented a catastrophic 70 percent increase compared to the losses reported in 2020.

The FTC maintains a database of millions of consumer records it uses to track such information. Based on the statistics gleaned from that database, US consumers filed 2,789,161 fraud reports during 2021. Roughly a quarter of those indicated a monetary loss.

A spokesman for the FTC had this to say about the data:

“Of the losses reported by consumers, more than $2.3 billion of losses reported last year were due to imposter scams–up from $1.2 billion in 2020, while online shopping accounted for about $392 million in reported losses from consumers–up from $246 million in 2020.

While younger people lost money 41 percent of the time they experienced fraud, older adults lost money only 17 percent of the time…but when older people did lose money, they lost a median amount of $1,500, or three times the median amount younger people lost.”

The scope and scale of this problem is simply staggering. Although it’s doubtful we’ll see another 70 percent increase this year the fact remains that US consumers are more at-risk now than ever before.

Odds are good that you’ve already had conversations about internet safety and security with your employees.  Most likely those conversations have centered around network security.  That’s completely understandable, but it pays to have additional conversations that focus on spotting and avoiding online scams.

One thing you can be sure of is that hackers and scammers will be ever watchful for opportunities to take advantage of the unsuspecting.  Don’t let your employees, coworkers, family, or friends be among their victims.  Stay vigilant out there.

Call SpartanTec, Inc. if you need help in minimizing your risks of getting scammed.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle BeachNorth Myrtle BeachColumbiaWilmingtonFayettevilleFlorence, Charleston

New Phishing Emails Target Citibank Account Holders

Are you a Citibank customer?  If so, be aware that a group of scammers is specifically targeting Citibank account holders.

The campaign is incredibly convincing, and the emails look just like official communications from the company.  All logos have been copied and are positioned correctly.  The sender address appears genuine at first glance and the body of the email message is free of typos which is a common “tell” among poorly orchestrated phishing campaigns.

The content they receive in the email varies. However, the general summary of the phishing emails is that the recipient’s Citibank account has been put on hold due to a suspicious transaction or a login attempt made in a location than the recipient would normally log in from.

The solution according to the email is simple.  Take swift action now to protect your account.  Click the link below to verify your account information and avoid a permanent suspension.

Social engineering is common in phishing campaigns, and this is a tried-and-true technique to build a sense of urgency into the communication.

Unfortunately, if the recipient of this email clicks the link they will be taken to a website controlled by the threat actors. While it may appear to be an official Citibank portal, it isn’t. Any user who “verifies their credentials” by entering them in the capture boxes on this site is handing their account information to the scammers who will promptly empty their accounts or max out their credit cards or both.

This campaign is targeted primarily at users in the United States with statistics indicating that 81 percent of the recipients of these emails are residing in the U.S. So if you are a Citibank customer, be aware that the campaign is ongoing. If you get an email that appears to come from Citibank, rather than clicking embedded links, either call the company direct or open a new browser tab and manually type in the URL.  Never trust embedded links!

Call SpartanTec, Inc. if you need help in protecting your organization against phishing and other online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle BeachNorth Myrtle BeachColumbiaWilmingtonFayettevilleFlorence, Charleston

Employee Information Was Leaked At Cookware Company Meyer

Meyer Corporation is a California-based company and a giant in the cookware industry. Meyer is the latest victim in a seemingly never-ending parade of hacking attacks. The full extent of the attack has not yet been disclosed because an investigation into the matter is ongoing. However, we do know at this point that the attackers made off with at least one database containing the personal information of thousands of Meyer employees.

The company issued a breach notification and has filed papers with the Attorney General office in both Maine and California.  Notification letters have already been sent to individuals impacted by the breach.

The notification reads in part, as follows:

“Meyer was the victim of a cybersecurity attack by an unauthorized third party that impacted our systems and operations. Upon detecting the attack, Meyer initiated an investigation with the assistance of our cybersecurity experts, including third-party forensic professionals. On or around December 1, 2021, our investigation identified potential unauthorized access to employee information.

The types of personal information that may have been accessed during this incident will depend on the types of information you have provided to your employer, but may include: first and last name; address; date of birth; gender; race/ethnicity; Social Security number; health insurance information; medical condition(s) and diagnoses; random drug screening results; COVID vaccination cards and status; driver’s license, passport, or government-issued identification number; Permanent Resident Card and information regarding immigration status; and information regarding your dependents (including Social Security numbers), if applicable that you may have provided to the company in the course of your employment.”

The company has not confirmed that the attack was a ransomware attack. However, the Conti gang who makes heavy use of ransomware successfully breached the company’s defenses last November (in 2021).  Their leak site contained nearly 250 MB of data which represented about 2 percent of the total data stolen from the company during that attack.

It’s not much of a silver lining. At least in this case, unless you work for the company, your personal information does not appear to be at risk.  Even if you are one of the unfortunate people who received a notification letter from Meyer you will be offered two years’ worth of free identity protection.  That’s small consolation but it’s something.

Call SpartanTec, Inc. now if you need help in protecting your company against online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle BeachNorth Myrtle BeachColumbiaWilmingtonFayettevilleFlorence, Charleston

4 Ways To Protect Yourself From Keyloggers

Hacking is a becoming an increasing problem. Hackers are finding new ways to steal sensitive data, as well as using old techniques, as more people use smartphones and computers. Keep reading to learn more about how to protect yourself against keylogger.

What is a keylogger?

Keylogger is shorthand for the keystroke logger. It is surveillance software that records each keystroke of a user.  The Soviet Union created and deployed a keylogger for typewriters in 1970s.

A keylogger can be used for legitimate purposes today, including monitoring children’s online activities or monitoring the computers of employers and employees. Keyloggers are often used to malicious ends. Keyloggers are used by cybercriminals to steal passwords and personal information.

Phishing attempts are one way keyloggers can be spread. The software infects your computer by clicking on or opening a fake attachment.

There are many ways to protect your company and information from keyloggers. These are four ways to be proactive.

Keylogger Protection and Prevention

  1.  Training your employees to spot phishing attacks.

Keylogger-Myrtle-Beach-2-300x200.jpgIt is important to educate your employees about phishing so they are aware of its basics. Cyber awareness is the first step. SpartanTec, Inc. can train your employees the current security practices.

Hackers are constantly evolving and finding new and innovative ways to steal data. Make sure your employees are aware of the latest attacks so that they can be prepared. Remind your employees to be cautious. Even when systems and caution are in place, sometimes things can still happen.

  1. Use a password manager

While keyloggers cannot track what is being typed, relying on the browser’s remember password’ feature may not be the best way to protect your information.

For example, hackers can access Google Chrome’s password settings to gain access to all your saved passwords. You should instead use an identity management and access control system that encrypts all passwords and allows for single-click login.

  1. Implement Multifactor Authentication

Multifactor authentication strengthens and enhances user logins through multiple steps in the login process. MFA requires two of three identifiers: username and password, hardware, phone, or biometrics.

The password can be recorded using a keylogger but the hacker who attempts to gain access to the account must have the same hardware or be you. Hackers who use a keylogger can’t bypass this security measure, as there is no keyboard that can be tracked.

  1. Use software to help protect yourself against phishing attacks

A Third party vendor, such as SpartanTec, Inc., can help stop attacks by providing built-in software that alerts users and allows them to manage potential attacks. Automated systems that prevent these cyberattacks are the most effective defense, and it doesn’t rely on human error.

Stop typing personal information or passwords if you suspect you might have been compromised by a keylogger. You can use your onscreen keyboard, which is available in your computer’s settings under accessories – accessibility. After you have removed the keylogger, change your passwords.

Call SpartanTec, Inc. now if you need the help of an IT professional in protecting your network against keyloggers and other cyberthreat.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle BeachNorth Myrtle BeachColumbiaWilmingtonFayettevilleFlorence, Charleston

What You Need To Know About Co-Managed IT Services

When it comes to the technology plan or managed IT services that your business needs, a one-size-fits-all or a cookie-cutter approach isn’t what most businesses need. A proven process should be set in place if you want your business to move forward. A reliable firm, like Spartantec, Inc.,  will work with your company’s in-house IT team to address certain concerns during the proprietary business and onboarding process review.

This involves the following:

  1. Evaluating your business cybersecurity plan and network infrastructure  against the industry standards
  2. Identifying technology risks and determining business impact
  3. Concentrating on sequencing top priorities that address business risks
  4. Prioritizing IT initiatives that support the goals of your business

All these information will then be used to create recommendations, which will be provided during the consultation. After that, our IT professionals will create a plan, budget, and roadmap from comprehensive onboarding and business process. We will also take into account suggested business intelligence solution, application integration and selection, advisement and strategy, industry compliance and security, remediation plan, cybersecurity action, business continuity solutions, and disaster recovery.

With a co-managed IT service, we will improve your internal IT department. The model used for the co-managed IT services will overlay the tested and proven procedure onto your existing IT structure. Our experts will work with your tech team to create a technology plan that is aligned with your specific business and assist in managing your daily IT operations, where you can make the most out of your investment.

Co-managed IT solutions generally include:

  1. cloud-computing-300x185.jpgContinual standards alignment and dedicated network administration
  2. Development of an effective technology strategy
  3. Preventative maintenance for the network as well as the end-point environment
  4. Managed end-point security
  5. Escalation support for your in-house IT-department
  6. Cloud computing
  7. Backup and disaster recovery
  8. Data and IT security

Do you have an internal IT team? Are you confident they are able to handle all of todays security challenges? If you have any doubt, call SpartanTec, Inc. to learn more about how your company will benefit from co-managed IT services.

SpartanTec, Inc.
Myrtle Beach, SC  29577
843-561-9788
https://www.spartantec.com/