Newsletter

Network Monitoring News – Jan 2017

W2’s

The IRS is warning of a new series of phishing attacks targeting your finance, payroll and human resource departments. Some versions of this scam are requesting wire transfers as well. Employers should consider creating an internal policy, if one is lacking, on the distribution of employee W-2 information and conducting wire transfers.

Here’s how the scam works: Cybercriminals use various spoofing techniques to disguise an email to make it appear as if it is from an organization executive. The email is sent to an employee in the payroll or human resources departments, requesting a list of all employees and their Forms W-2. This scam is sometimes referred to as business email compromise (BEC) or business email spoofing (BES).

Malware being less suspicious

For the last year malware writers were using javascript files to distribute malware. Attackers have recently switched to less suspicious attachment types, most notably .LNK and .SVG files. LNK files are files for shortcuts or links to executable files. In this instance, ransomware/malware files.

SVG files are image files. Unfortunately this file format is allowed to contain javascript which of course means executable content is only an image preview away.

Those that have ContentCatcher are already protected with FileWall. The ContentCatcher team has added .lnk and .svg attachments hidden within zip files to the default drop list for your protection.

IOT

The Internet of Things is gaining ground. Many items purchased today have the ability to connect to the internet. Sadly, most of them have very little in terms of security but this is slowly changing. Now, we face something entirely different, privacy concerns. Recently police were trying to access records of an Amazon echo device to help solve a crime. In this particular case, an IOT water heater was also used to compile evidence based on how much water was used with the prosecutor saying, it was enough to wash away evidence. Thinking of business and IOT devices, it is extremely important to make sure these types of devices are protected. Attackers are gaining access and using the information found within to gain a stronger foothold, phish users or whatever else they have yet to think of for financial gain.

Ron Samson

Share
Published by
Ron Samson

Recent Posts

Huntress vs CrowdStrike

Choose Huntress or CrowdStrike by operating model, not hype: compare managed EDR, Falcon platform depth,…

57 years ago

SOC vs MDR

Reduce risk without overloading IT: compare SOC monitoring, alert triage, threat hunting, and MDR response…

23 hours ago

How Much Does a SOC Cost?

Compare SOC costs from $60K SOCaaS to $5M+ internal 24x7 teams, with hidden staffing, tooling,…

2 days ago

NIST 800-171 for Manufacturers

Protect CUI and win defense contracts with practical NIST 800-171 steps for manufacturers, from scoping…

2 days ago

CMMC Services for Manufacturers

Secure DoD contracts with CMMC support for manufacturers: map CUI, close NIST 800-171 gaps, monitor…

3 days ago

Incident Response Retainer

Contain breaches faster with an incident response retainer that prebooks experts, SLAs, evidence handling, and…

3 days ago