Another day, another district reporting a breach. This time it was Glastonbury Public Schools who did it. It was everyone but the food service personnel (the district appears to know enough NOT to mess with the folks that handle their food).
How does anyone in the school systems not know about this scam already? Sheesh!
It looks like it’s hitting folks this morning (Monday), so keep an eye open for it. Cryptolocker attacks have been on the rise lately and are wreaking some havoc with new “features”. Stay sharp out there!
This happened to the Pennsylvania Senate Democratic Caucus on Friday and the website is still down as of the time of this post on Monday morning. This can’t be a fun day over there. As of Friday, Pennsylvania Democrats spokeswoman Stacey Witalec said, “At this point we are working with Microsoft to see where we’re at.”
Odds are, it was a phishing email some poor unsuspecting staffer clicked on. This is a good time to take them from unsuspecting, to a healthy level of paranoia by training them about the threat.
It’s important that we help educate others that these scams do still happen. Lower income, unemployed and retired people are especially prone to this sort of scam. It sounds like easy money, and even appeals to the undercover 007 type in most of us, but it can do a number on your bank account.
Key thing to remember is, if someone sends you a check and asks you to send the change, it’s a scam. This doesn’t matter if it’s a car purchase on ebay or craigslist, or anything else, don’t do it. Checks can take a long time to clear, or be found to be fake, and you are held holding the bag.
Mystery shopping is the SCAM OF THE WEEK here at KnowBe4, and there is some good info on what to look for, and something you can copy/paste for friends and family. Check it out.
This is really getting stupid. School after school are sending the teacher’s W2 to scammers. Groton Public Schools in Connecticut is the focus of this post. You know, because teachers don’t have enough to deal with, what with miniature humans eating the all of the paste and creating mayhem by the truckload.
And again I find myself reporting on a W2 scam. This time, It’s Yukon Public Schools that fell for a phishing scam and emailed W2’s to scammers. Superintendent Dr. Jason Simeroth said the email looked like it was sent from him, then later in the story it was mentioned that it was spoofed from an AOL email address. Really? AOL in this day and age? This is twice today I have heard of people using AOL email. I really thought it was dead.
Kids, today’s lesson is, if you are handling sensitive information or transferring money, you might want to pick up the phone BEFORE you hit send. Just sayin.
So, I’ve been playing with Kippo and Dionaea using the Modern Honey Network (MHN) tool and having some fun with it. At this point, I’m going to reload my Kippo box at home and deploy it with Dionaea as well rather than WordPot. I like being able to see the different types of attacks on FTP and HTTP, but I’m having some trouble with the config.
Currently, FTP will make a connection, but fails to send a directory listing. Likewise, I am not capturing any binaries right now. I tried making the folder wide open (777 & nobody:nogroup) but still no luck. If you have any ideas, let me know please. I want to start playing with captures. In the meantime, my pew pew map is about done collecting sources now. Few of the attacks come from a new place now.
After taking some time off, Cryptolocker appears to be back in a very aggressive campaign, and it has some new ‘features’. It’s sent via Word docs with a PowerShell script, infects and spreads via shared files, and it’s also grabbing credentials as well.
Right now it appears to be targeting Europe, especially Italy, but we need to keep our eyes open regardless of where we live.
NOTE: This is a repost of something I initially posted to LinkedIn on . I will be consolidating a number of older posts to my blog in the near future. Enjoy.
As I am here at the (ISC)2 Security Congress which is collocated with the ASIS International annual convention in Orlando, I am once again struck by the growing crossover between the information and physical security worlds.
For those that do not know, ASIS is an association dedicated to education and advancement of operational security professionals around the world. Their annual conference features a huge expo hall with every type of physical/operational security gadget you could ever want. There are a plethora of security cameras, gate systems, sensors and even weapons here on the ASIS side of the conference. The “3 G’s” (Guns, Gates and Guards) are the bread and butter of ASIS.
(ISC)2 on the other hand is a cybersecurity certification organization most well-known for the CISSP certification. They also have information security vendors on the expo hall floor.
These two are joined together because as the lines between traditional security and information security start to blur, both sides need to be educated. More and more, these two worlds are colliding and it makes me think about the level of training these security guards and other law enforcement individuals receive with respect to social engineering, especially on the cyber side. Why does it matter if they can spot phishing type attacks or other electronic social engineering? Well, these folks are the front line of security and more and more, their tools are living in cyberspace. These individuals can control gates, cameras and entry points remotely from 100s of miles away in a SOC. Often times, the very control of these gates, cameras or sensors is transmitted to “The Cloud” and then relayed to or from the internet-connected device that is being controlled. A large number of camera systems are IP-based, doors are even networked and controlled by computers and IP-based networking.
To top it off, many physical security manufacturers are not agile enough to provide patches to zero-day software vulnerabilities as quickly as infosec vendors, which leaves the devices vulnerable for extended periods of time. Often these vulnerable systems are on the same network as the rest of the organization’s information technology assets. This is a recipe for disaster, much like what happened with Target where the attack on the POS credit card machines started with vulnerabilities in the HVAC systems.
Imagine if you will, ransomware stopping an organization’s ability to control ingress and egress from buildings or parking lots or even worse, the bad guys being able to control it themselves. How about the ability to remotely deploy an active vehicle barrier system or silence the sensors on the fences?
Untrained individuals can allow this to happen by simply clicking on a malicious link or opening the wrong attachment. Once the bad guys are in, the network is their oyster. This is why, as these digital and physical worlds collide, it is more important than ever to ensure the very people who are guarding our buildings and property are aware of the electronic threats as well as the physical ones.
Cloud-based risk is nothing new to us IT folks, but for those that employ high-tech tools for your operational security, take the time to assess the risk these pose and train your employees to resist the threat they may not be aware of.
Sadly the Swiss company disclosed about 2,400 employees W2’s to scammers. The employees were in Jeffersonville, Indiana; Oregon, Ohio; Bloomsburg, Pennsylvania; and Aiken, South Carolina; and at its North American headquarters in Farmington Hills, Michigan. At least 1 employee already found their taxes having been filed by the scammers.