Cloud 9 Advisers - News #phishing

CrowdStrike and Microsoft

Fri, 09 Aug 2024 14:22:27 -0500

CrowdStrike and Microsoft Outage: Next Steps

The CrowdStrike and Microsoft Outage Aftermath: Next Steps by Jeff Hathcote, Solution Architect – Security

CrowdStrike and Microsoft: Hard at work

While unintentional in nature, the recent CrowdStrike outage caused disruptions that reverberated throughout the globe. While CrowdStrike and Microsoft are hard at work to rectify an estimated 8.5 million computers affected worldwide, guess who’s hard at play taking advantage of the situation? The bad guys and their phishing schemes.

Now is the time to work with Cloud 9 to help you understand the implications of the outage, and the importance of prioritizing your resiliency plans.

The vital role of Cloud 9 Advisers and Essential Discussion Points:

In the aftermath of the CrowdStrike outage, Cloud 9 has a critical role to play as your trusted adviser. We can help with guidance on navigating this crisis in two ways: 1) Helping you comprehend the situation, and 2) Advising you on how to strengthen your defenses to avoid a similar disaster from impacting your organization (any sized company is vulnerable to modern cyber threats.)

1. Understanding the Outage

It is important to note that the CrowdStrike/Microsoft outage was NOT a cyberattack. The incident began with a software update. As part of its ongoing threat protection, CrowdStrike regularly updates its sensor with the latest threat data. In this instance, the update violated a protected memory address within the Microsoft Windows environment, causing the operating system to encounter a critical error, resulting in the ubiquitous “blue screen of death” where an affected device is unable to recover on its own.

The workaround to the issue involved a very manual process, requiring users/admins to log in to each machine under “safe mode” and remove the registry key that contains the faulty code. This event shows just how connected technology products are within our ecosystem, and one failure can cause a cascade of devastating impact on an entire infrastructure.

While both CrowdStrike and Microsoft are working diligently to assist in recovery efforts, we all need to be aware of the potential for secondary attacks from cybercriminals based on information collected via a phishing attack.

Learning from the Incident: How to Outsmart the Bad Guys

Within hours of the incident on July 19, 2024 CrowdStrike warned of malicious activity trying to exploit the outage. One primary method that cybercriminals are using is to send phishing emails purportedly from CrowdStrike (or Microsoft) using “spoofed” addresses (i.e., somebody@crowdstrikeoutage.com) with malicious attachments or simply to gather information for a later compromise.

CrowdStrike and Microsoft are working around the clock to provide guidance as well as potential tools to assist with recovery. Some good, free advice: DO NOT OPEN any emails from unofficial addresses posing as CrowdStrike or Microsoft support and thoroughly questioning any potential phone calls you may get from CrowdStrike staff; they are likely impersonators.

Additionally, this unfortunate incident opens up the conversation for developing (or revisiting) a robust cybersecurity prevention and recovery plan. With access to a breadth of cybersecurity providers, solution architects, and managed services, Cloud 9 has the opportunity to help you with your entire strategy – from organization-wide cyber training, to IT outage response plans, to infrastructure automation for disaster recovery, to third-party risk management and consulting programs.

Or, if you’re a maverick and really want to stir the pot, we can even help you switch it all over to Google and Chromebooks!

Final Thoughts

“This high-impact event emphasizes the urgency to keep resiliency plans current, communicated, and understood within the organization to avoid the types of customer disruptions experienced since July 19. Like other industry disruptions this year, this event creates conversational opportunities about how to best prepare organizations for these inevitabilities.” – Koby Phillips, VP of Advanced Solutions

While the CrowdStrike outage presents significant challenges, Cloud 9 is ready, willing, and able to offer expert guidance. We can assist you in navigating this crisis and help you emerge stronger and more resilient. To that end I ask: Which components or upstream service providers in your environment are you dependent on? Are you considering additional resiliency around your mission critical vendors?

Get Started Now

Gone Phishin'

Mon, 04 Dec 2023 11:53:38 -0500

SATs plus Phishing Simulation, A No-Brainer

Arm yourself with knowledge and enhance your organization's cyber resilience. Any Security Awareness Training (SAT) program worth it's salt should have phishing simulation built in. Uncover the power of testing your team's resilience against the ever-evolving threat of phishing attacks.

Strengthening Cyber Defenses

In the ever-evolving landscape of cybersecurity, where human error remains the leading cause of incidents, the significance of robust Security Awareness Training (SAT) cannot be overstated. A recent study by IBM revealed that a staggering 95% of cybersecurity breaches stem from human error, emphasizing the critical need for proactive measures. In our previous exploration of SAT, we delved into the pivotal role it plays in mitigating these errors. Now, let's journey further into the realm of cyber resilience and focus on a key augmentation to SAT – the indispensable Phishing Simulation.

The Power of Security Awareness Training:

Security Awareness Training (SAT) acts as a shield against the inadvertent actions and decisions that can lead to security breaches. It equips your staff with the knowledge to navigate the intricate web of scams, tactics, and evolving security threats. This empowerment, in turn, aids in fostering a security-conscious culture within the organization, reducing the exposure to potential risks.

Enter Phishing Simulation:

While SAT lays the groundwork for understanding security principles, the integration of phishing simulation takes your cybersecurity strategy to the next level. It serves as the litmus test for your employees' comprehension of security threats, specifically their ability to identify and thwart phishing attempts.

Putting Knowledge to the Test:

Phishing simulation operates on the premise of realism. By deploying lifelike phishing scenarios, organizations can gauge the reactions of their employees in real-time. Do they recognize the subtle signs of a phishing email, or do they inadvertently open the door to potential threats? The simulation provides invaluable insights into the efficacy of your SAT program and identifies areas that may require additional attention.

Creating a Cyber-Resilient Workforce:

The true value of phishing simulation lies in its ability to fortify your workforce against the ever-persistent threat of phishing attacks. It goes beyond theoretical knowledge, allowing employees to apply their learning in a practical setting. As they face simulated phishing attempts, the training becomes a dynamic experience, honing their instincts and enhancing their ability to make informed decisions.

Strategic Benefits of Phishing Simulation:

Measuring Security Awareness: Phishing simulation becomes a litmus test for your employees' security awareness. Identify those who may be more susceptible to falling victim to a phishing attack, enabling a targeted and effective SAT program.
Enhancing Phishing Identification Skills: Practical exposure to realistic phishing emails sharpens your team's ability to discern the telltale signs of a scam. This, in turn, empowers them to avoid clicking on malicious links or opening potentially harmful attachments.
Fostering a Culture of Security: Beyond individual training, phishing simulation contributes to creating a broader culture of security within your organization. When employees witness the organization's commitment to rigorous testing, they are more likely to embrace and adhere to security precautions.
Reducing the Risk of Data Breaches By reducing the number of employees susceptible to phishing attacks, organizations can significantly lower the risk of data breaches. This proactive approach safeguards against financial losses, reputational damage, and potential regulatory fines.

In the intricate dance between cybersecurity and human behavior, the synergy between SAT and phishing simulation emerges as a formidable defense. Together, they empower your workforce to navigate the digital landscape with confidence and resilience. As we continue to unravel the layers of cyber resilience, the integration of these two components stands as a testament to the proactive measures organizations can take to secure their digital future.

Cloud 9 Advisers

Let us help you find the right SAT and Phishing simulation solutions and providers. Our only job in this world is to help organizations buy "cool" and important stuff: i.e. cybersecurity.

Wuhan Virus Phishing Attacks

Wed, 15 Apr 2020 19:51:56 -0500

How to protect yourself from coronavirus phishing threats

The worst disease of the century brings out the worst in people as phishing attacks increase to unprecedented levels. Here's how to spot and avoid COVID-19 phishing attacks. By: Steven J. Vaughan-Nichols. see the article here

I just got an e-mail from the World Health Organization (WHO) asking for a donation to help fight coronavirus. It looked good. It sounded good. It was a fake. Asking for a donation in Bitcoin set off my alarm. Anytime, anyone asks you for Bitcoin in an email they're trying to scam you. We may get sick, but phishing, the art of conning people via email or texts, is as healthy as ever.

"In addition to identifying generic phishing attempts, there are also ways of spotting coronavirus-specific phishing messages."

So, as we face the deadly threat of coronavirus, you should know that there's no situation so awful that someone won’t take advantage and make it even worse by using it to steal from people. According to network security firm Barracuda Networks, there's been a steady rise in the number of COVID-19-related email attacks since January. But, in March, Barracuda researchers say they've seen a recent spike, 667%, in Coronavirus phishing messages.

To be exact, from March 1 to 23, researchers detected 467,825 spear phishing email attacks, and 9,116 of those detections were related to COVID-19, representing about 2 percent of attacks. That doesn't sound like much, but in February, 1,188 coronavirus-related email attacks were detected and only 137 were detected in January.

Phishing thrives on fear. "Although the overall number of these attacks is still low compared to other threats, the threat is growing quickly," Barracuda said in a statement.

Paul Walsh, CEO of Metacert, which makes a web browser extension that warns you of dubious websites, agreed. "For malicious people, preying on collective fear and misinformation is nothing new. Mentioning national headlines can lend a veneer of credibility to scams. We've seen this tactic time and again, so it's no surprise that COVID-19 themed social media and email campaigns have been popping up online."

Simultaneously, cybersecurity company Check Point announced that crooks are registering malicious coronavirus-themed websites. Since January 2020, there are over 4,000 new sites containing words like “corona” or “covid.” Check Point estimates these new Coronavirus-themed domains are 50 percent likely to be dangerous. I’m surprised the percentage isn’t higher.

That said, they're not all bad sites. Rob Ragan, principal researcher at Bishop Fox, a security firm specializing in offensive security testing, said, "[Although] thousands of new domains are being registered to opportunistically garner COVID attention online. A lot of them are legit, a lot are trying to make money from selling merchandise or supplies." That said, many of these "are fraud or phishing sites."

Another security firm, RiskIQ, found no fewer than 317,000 new dubious websites were created with coronavirus-related keywords during the two-weeks between March 9 and 13. And, it's not slowing down any. RiskIQ is providing a constantly updated list of suspicious coronavirus sites. The company is spotting tens of thousands of new dubious sites every day.

Does that sound paranoid? It's not. As the saying goes, "You're not paranoid if they really are out to get you."

COVID-19 phishing basics

Most, but not all, phishing messages tell a story. Anytime you get an email, text, or instant message (IM) with any of the following traits, be very careful.

First, don't trust any message that looks like it's from a company you already do business, which tells you your account has had suspicious activity, needs an updated credit-card number or has had unauthorized login attempts. All that may be true, but if the message then asks you to login in via a website within the message to resolve the issue, odds are you're being scammed. Other variations of this include presenting you with a demand you click on a link to make an immediate payment, get a refund, or offer you free stuff.

You should also never follow up on an email asking for your personal information. No honest email is going to ask for your Social Security number or login information. Never, ever respond to such an email with your personal data.

Some phishing messages will appear real because they sound like it's from someone or some company that already knows facts about you. That's because with numerous corporate data hacks, such as 2017's Equifax breach, most of us already have much of our personal data out there on the dark web.

For example, many extortion messages will tell you that they have incriminating video or information about you and "prove" it by showing you an old password. They didn't get it by hacking your computer. They got it from one of those many data breaches.

And, let's not forget, if you're on Facebook or the like, it's not hard at all to find out where you went to school, that your dog's name is Spot, and what your favorite flavor of ice cream is. Remember, a message that looks questionable probably is, just because it contains a random fact or two about you, doesn't mean it's trustworthy.

Spotting phishing messages

The easiest way to spot phishing messages is if they start with "Dear user” or “Dear [your email address]." Real business emails either skip a salutation or address you by your first and last names or by your business name. Any "dear user" message is from a loser.

Another quick way to spot bogus messages is to look at the From email address field. Usually, but not always, the address is subtly wrong. For example, PayPal, the most frequently abused company by phishers, proper email address ends with "paypal.com." But, you'll often see phishing messages from fake addresses such as paypal@notice-access-275.com. If an address doesn't look exactly right, delete it.

Next, look at the message's web link. Hover over the link with your mouse pointer. Does the address look right? If, for example, you get a message from Amazon warning you that your account is about to be suspended, and when you hover the link instead of amazon.com you see something like amazon.com.xyz. Those are always fake, dangerous websites and you should never click on them.

Worried that maybe a message that looks a bit dodgy was real? Then, contact the company via a normal route. Just, whatever you do, do not connect via a link within the message.

Another way to spot a scam email is if it contains poor spelling and grammar. I subscribe to the theory that these blunders are a ‘filtering system.’ If you can't spot the mistake, the idea goes, you're likely to miss the attack hidden within the message as well. Be that as it may, if a message looks like the sender failed high-school English, don't open it.

Still, another common way of messing you is to include an attachment containing some kind of malware. Lately, I've been seeing a lot of fake invoices containing a dose of poison. Any time you get an attachment from anyone, unless you know for certain it's safe, don't open it. Instead delete the message and move on.

Not sure about a message that looks like it's from a coworker or friend? Ask yourself, "Were we expecting an email from them?" Or, ask them via a different medium, such as a phone call, Slack message, whatever, to verify that they had indeed emailed you.

Finally, Walsh warns that simply because a site is encrypted with HTTPS doesn't mean it's a trustworthy site. "Over 93 percent of all phishing sites classified by MetaCert start with HTTPS." All HTTPS means is that data transmission to and from the site is encrypted. It has nothing to do with being able to trust the site's data.

Detecting coronavirus phishing

In addition to identifying generic phishing attempts, there are also ways of spotting coronavirus-specific phishing messages.

First, as the Electronic Frontier Foundation (EFF) points out, if "an email sounds too good to be true (“New COVID-19 prevention and treatment information! Attachment contains instructions from the US Department of Health on how to get the vaccine for FREE”), it probably is." Let me get even more specific. There will be no cure, no vaccine, no miracle fix, no radical new treatment from a local doctor, for coronavirus. Anyone telling you otherwise is lying or trying to sell you something.

If you get an email demanding you do something about coronavirus right now -- (URGENT: COVID-19 medication shipment blocked. Please accept order here to receive medication) -- it's not real. If someone needs to do something immediately about the virus, they're not likely to be doing it via an email.

There are also many phishing messages purporting to be from the World Health Organization (WHO), Center for Diseases Control (CDC), and US Centers for Disease and Prevention warning you of new dangers or wonderful cures and to learn more just click . I won't say they're all fake, but I haven't seen a real one yet.

What makes this particularly villainous is such messages, claiming, for instance to provide vital information about how to prevent and treat COVID-19, are being directed at doctors, nurses and other medical professionals. They, like you, must be wary of messages that appear real, but aren't.

An especially insidious version of this appears to be from medical suppliers. These claim a delivery can't be made without some action by a hospital staffer to complete the order. With hospitals running out of ordinary, but vital medical supplies such as rubber gloves and N95 masks, and looking for them from any possible source, this kind of phishing has much too high a chance of succeeding.

Such messages typically contain links that lead to malicious code. Malwarebytes Labs reports that some Coronavirus phishing messages will give you a case of AzorUlt malware. Once in place, it will scan your computer for more data, pass it along to a botnet command and control server. Then, once it has information it can use, it can then download and execute more malicious code, such as ransomware

So far, so normal, but Krebs On Security has found some attackers use the Johns Hopkins University coronavirus map to make its poisoned messages look trustworthy. The moral of the story is that coronavirus phishing messages are especially good at fooling even the practiced security eye.

Finally, it's not just your computer that's in danger. DomainTools recently reported a new Android ransomware app that pretends to be a coronavirus update application. This one came with a mistake, which rendered it mostly harmless. Others won't. When someone sends you a message containing a link to a great new COVID-19 phone app, be careful of it. Don't download it via the message. Go to your app store and get it from there.

4 tools to help you beat coronavirus phishing

If you can't trust your own eyes -- and with as much stress as we're now under you can't -- you need other tools to keep you safe. These include the following:

PC security software: Antivirus programs can help block phishing attacks. Set your program to update automatically, so it can deal with any new security threats. As I pointed out, there's a constant flood now of new coronavirus phishing sites.
Use email server anti-phishing services: These can stop bad messages before users are ever exposed to them. Among others check out GFI MailEssentials, Sophos Phish Threat and Barracuda Email Security Gateway.
Use cloud-based servicesto scan for and detect phishing: Such services include INKY and Metacert. These use white-listing approaches, which block unknown and potentially dangerous messages and sites, while letting traffic from known trustworthy sites through.
Switch your Domain Name Server (DNS) setting to a DNS service which provides filtering: Some DNS systems, including CleanBrowsing, OpenDNS, SafeDNS and Quad9, automatically attempt to block questionable sites. With these, you literally can't go to a bad site.

Armed with these tools you should be OK. This is a rough time, but with care and due diligence, you and your systems will make it through OK. Good luck and stay safe.

Contact Cloud 9