Invincia Blog

Category: IT Security

  • Office 365 Phishing Attack Targets WFH

    Hackers keep abusing WFH confusion. This time focused on VPNs.

    With many employees working from home, VPNs (virtual private networks) have become widely used for WFH security. And they should be! It’s an important layer of security for any remote work environment.

    As we’ve seen recently, hackers are creating and exploiting pandemic confusion for their profit (just like here and here). A new Phishing attack warns users to urgently update VPN configurations. The email impersonates the victim’s IT department with a link to a spoofed Office 365 login page.

    The attackers are spoofing the sender email address to match the domains of their targets’ organizations and embed hyperlinks that send them to phishing landing sites designed to steal their Office 365 credentials.

    The hackers are spoofing the victim’s domain in the sender email address. This can provide a false sense of security to the user and increase the likelihood of taking the bait.

    These attacks could have a high rate of success in tricking potential victims since many recipients might click through and log into their Office 365 accounts to avoid losing remote access to company servers and resources.

    Once the user clicks the link, they’re sent to a landing page that looks exactly like a legitimate Office 365 login. The attackers exploit Microsoft’s Azure Blob Storage, making the URL look safe.

    The landing page is a cloned Office 365 login page hosted on the Microsoft-owned web.core.windows.net domain by abusing the Azure Blob Storage and it comes with a valid Microsoft certificate.

    Hackers keep improving spoofing tactics, making attacks harder to recognize. It is up to every organization to take action to arm their people with the safe online behaviors and tools to protect their networks and data.

    Are you ready to take action?
    Find out how to protect your team with INFIMA’s Automated Security Awareness platform.

    To get a quote, set up a call with our team here!

    Original article here.

  • Lady Gaga & Springsteen’s Law Firm Hacked

    Attackers compromised a law firm, stealing a huge trove of data on A-List celebs.

    The media & entertainment law firm of Grubman Shire Meiselas & Sacks suffered a vicious cyber attack.  The 756GB in stolen files appears to contain data on dozens of high profile celebs, also including Mariah Carey, Cam Newton and John Oliver.

    The ransomware attack was perpetrated by a group called “REvil,” also known as “Sodinokibi.”

    The REvil group has its own A-List of previous attacks, including Travelex and Brooks International. A hallmark of their attacks includes stealing data before ransoming the organization.

    “Cybercriminals use the threat of releasing the stolen data as leverage to extort payment.”

    In this case, the compromised data could be very valuable to the law firm and, in turn, the attackers.

    “The trove of data allegedly stolen includes contracts, nondisclosure agreements, phone numbers and email addresses, and “personal correspondence.

    To prove their case, the hackers posted snippets of the stolen data on a dark web forum. This is very similar to this attack on a Texas law firm earlier this year.

    The attacks on law firms will continue. They hold tons of sensitive data, and cyber criminals know it. As always, they will go after the softest targets.

    Are you ready to take action?
    Start with booking quick call to learn how Invincia’s Managed IT Security can help your company.

    To learn more, set up a call with our (non-pushy) team here!

    Original article here.
    [https://variety.com/2020/digital/news/entertainment-law-firm-hacked-data-breach-lady-gaga-madonna-bruce-springsteen-1234602737/]

  • Cyber readiness starts with awareness

    News emerged in a new report last week that just 10% of European and US firms are “cyber ready”, despite surging attacks.

    The study from insurer Hiscox — which spanned the UK, US, Germany, Belgium France, Spain, and the Netherlands — should be something of a wake-up call for IT and cybersecurity leaders. SMEs, in particular, are said to be in the firing line.

    Although technical controls certainly play their part in helping to mitigate risk and improve preparedness, the report revealed that cultural changes and a more proactive approach to training are equally important. Perhaps it’s time for the security industry, in general, to take a more holistic approach to threat prevention that’s not so solution-centric.

    Attacks soar in 2018

    The percentage of firms classed as “experts” in cyber-readiness actually dropped from 11% last year. Yet the threats facing them have never been more pronounced: 61% reported an attack over the past year, up from less than half (45%) the year before. The figure rose even higher in France (67%) and Belgium (71%). The frequency of attacks has also increased, as has their cost: up 61% from $229,000 last year to $369,000 in this year’s report, with medium and large firms bearing most of the financial impact.

    According to an FBI report also out last week, total losses from global complaints to the Bureau’s Internet Crime Complaint Center in 2018reached $2.7bn, with nearly half ($1.3bn) coming from Business Email Compromise attacks. Ransomware losses also surged, from $2.3m to $3.6m, although many more attacks go unreported.

    Read the full article here

  • Proud Sponsors of The Association of Legal Administrators

    Invincia Technologies is proud to sponsor the ALA Central Florida Chapter’s signature event, the Business Partner Showcase.

    Invincia’s executive team, including Scott Dollar and Bill Rutherford, attended the event February 28th at the Tampa Bay History Center. They spent the day showcasing Invincia Technologies IT Serucity services and  networking with Tampa’s top legal administrators.

    The Association of Legal Administrators (ALA) was formed over 30 years ago to enhance the education of legal managers and promote the profession of legal administrators and functional specialists all over the world.

    Scott Dollar

    In 1981, a small group of local administrators formed the Suncoast Chapter ALA when the Chapter Charter was presented by Attorney Charlie Robinson at an inaugural meeting at a restaurant on Treasure Island, Florida. One of the early functions of the new Chapter was hosting the first Managing Partners Dinner in 1983 where Brad Hildebrandt, the original founder of the Association of Legal Administrators, was the guest speaker. Presently the Suncoast Chapter serves over 100 members that include a diverse group of managers and decision makers from the tri-county area of Hillsborough, Pinellas and Polk counties.

    The Association of Legal Administrators

    The goals of the Association are to provide personal and professional growth. At the local level the Chapter offers a wonderful networking opportunity for all members through an Internet Listserv that has become a great resource for instantaneous feedback regarding any problems or issues an administrator may face on a day-to-day basis. The Chapter produces a quarterly newsletter offering a wealth of information including upcoming events, relevant articles on human resources, information systems and technology, leadership, marketing, finance and motivation, as well as contact information for our local business partners. We also offer an annual educational conference developed by a committee of peers, Chapter lunch meetings, and hosted webinars. We encourage all members to utilize resources at the ALA regional and national levels by visiting the website www.alanet.org to explore the many benefits offered to legal administrators and functional specialists throughout the world.

  • Attack Campaign Using Fake Browser Updates to Deliver Ransomware and Banking Malware

    Researchers observed an attack campaign distributing fake browser updates to infect website visitors with ransomware and banking malware.

    Sucuri reported that the attackers inject either links to an external script or the entire script code into a compromised webpage. In both cases, this code creates a message box informing the user that a critical error resulted from an outdated version of the web browser. It then prompts the visitor to update his or her browser version while displaying garbled text in the background to legitimize the appearance of a critical browser vulnerability.

    If the user clicks the “Update” button within the message box, the computer downloads a ZIP archive. This resource harbors a JavaScript file with a name that mentions “browser” and “components,” an apparent attempt to further convince the user that it is legitimate.

    Once run, the file tries to download browser.jpg, which is actually a Windows EXE file containing ransomware. By comparison, the Android version of this campaign downloads banking malware onto the infected device.

    A Long History of Fake Browser Updates

    The tactic of using fake browser updates to deliver malware goes back to at least 2012, when Trend Micro discovered several websites offering fake, malware-laden updates for popular web browsers. A year later, ThreatTrack Security Labs came across fake upgrades hosted on an online repository.

    The tactic has also been active in recent years. In 2017, for example, Proofpoint discovered a malvertising attack that used fake browser updates to deliver the Kovter ad fraud malware. Malwarebytes Labs came across something similar when it uncovered the FakeUpdates malware campaign in November 2018.

    How to Defend Against Banking Malware and Ransomware

    Security professionals can help defend against banking malware and ransomware by taking a risk-based approach to patch management, which can help them decide whether to patch known component vulnerabilities or replace at-risk items with more secure ones. Security teams should also invest in a solution that delivers phishing intelligence about ongoing attack campaigns, which helps responders determine which indicators pose the greatest risk to the organization’s environment.

    Contributing Editor

    David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley..
    https://securityintelligence.com/news/attack-campaign-using-fake-browser-updates-to-deliver-ransomware-and-banking-malware/