Blog

Blog

IC3 Annual Report Released – Report Shows Cyber-Enabled Crimes and Costs Rose in 2018

Infographic using 2014 - 2018 financial losses and complaint numbers from the 2018 Internet Crime Report, released by the Internet Crime Complaint Center (IC3).

The statistics gathered by the FBI’s Internet Crime Complaint Center (IC3) for 2018 show Internet-enabled theft, fraud, and exploitation remain pervasive and were responsible for a staggering $2.7 billion in financial losses in 2018.

In its annual Internet Crime Report, the FBI reports the IC3 received 351,936 complaints in 2018—an average of more than 900 every day. The most frequently reported complaints were for non-payment/non-delivery scams, extortion, and personal data breaches. The most financially costly complaints involved business email compromiseromance or confidence fraud, and investment scams, which can include Ponzi and pyramid schemes.

Reports came in from every U.S. state and territory and involved victims of every age. There was a concentration of victims and financial losses, however, among individuals over the age of 50.

“The 2018 report shows how prevalent these crimes are,” said Donna Gregory, chief of the IC3. “It also shows that the financial toll is substantial and a victim can be anyone who uses a connected device. Awareness is one powerful tool in efforts to combat and prevent these crimes. Reporting is another. The more information that comes into the IC3, the better law enforcement is able to respond.”

The bright spots reported by the IC3 include the establishment in February 2018 of the Recovery Asset Team and its success in recovering funds lost in business email compromise scams. These sophisticated scams involve perpetrators infiltrating businesses’ email accounts and requesting fraudulent wire transfers or gift card purchases.

The Recovery Asset Team has helped streamline communication with financial institutions and assist FBI field offices in the recovery of funds for businesses that report a fraudulent domestic transfer. The team was able to successfully recover more than $192 million in funds—a recovery rate of 75 percent.

One recovery success came in Colorado, where a victim wired $56,179.27 for a home purchase to a thief after receiving a spoofed email request from the lending agent. The Recovery Asset Team worked with the Denver Field Office and the victim’s bank to freeze the funds transfer and return $54,000 of the stolen money.

“The 2018 report shows how prevalent these crimes are. It also shows that the financial toll is substantial and a victim can be anyone who uses a connected device.”

Donna Gregory, chief, IC3

To improve the chances of a successful recovery, it is imperative that victims contact their bank immediately upon discovering a fraudulent transaction as well as report the crime to the IC3.

A large number of complaints captured by the IC3 in 2018 also helped improve the data available to all law enforcement entities as they search for connections among cases and look for trends and patterns in crimes and victims. In addition, the IC3’s Operation Wellspring Initiative helps build the cyber investigative capability and capacity of state and local law enforcement by linking them to the FBI’s field offices for support on identifying and responding to malicious cyber activity.

In 2018, the IC3 also worked with the FBI’s Victim Services Division to add staff to help better serve the victims of cyber-enabled crime. The victim specialist-Internet crimes position helps provide crisis intervention services, assess victim needs, and refer victims to additional resources.

The IC3 website provides a list of common and current scams as well as tips on how to avoid being a victim of an Internet-enabled crime. The most important prevention tips include keeping hardware and software updated and protected by anti-virus programs and strong passwords. The other steps include learning how to recognize suspicious messages and requests and researching and verifying the legitimacy of every offer, person, message, or opportunity encountered online.

The IC3 was created in 2000 to provide the public with a reliable and convenient reporting mechanism to submit information to the FBI concerning suspected Internet-facilitated criminal activity and to develop effective alliances with industry partners. Source

Warning: Internet Explorer Just Became A Silent But Serious Threat To Every Windows User

Security researcher John Page warns that Microsoft’s Internet Explorer has a critical security flaw that allows hackers to spy on you and steal personal data from your PC. That warning may seem irrelevant to you since Internet Explorer was officially discontinued in 2015. It’s now an archaic web browser, only in use by about 7% of Windows users. But if take into account the total market share of Windows 7 and Windows 10, the legacy web browser is installed on more than 1 billion computers. Why does this matter? Because the flaw that’s been discovered can be exploited even if you never intentionally use Internet Explorer.

Yikes.

This June 4, 2012 photo shows the Microsoft Internet Explorer logo projected on a screen during the Microsoft Xbox E3 media briefing in Los Angeles. Photocredit: ASSOCIATED PRESS

 

This June 4, 2012 photo shows the Microsoft Internet Explorer logo projected on a screen during the Microsoft Xbox E3 media briefing in Los Angeles. Photo credit: ASSOCIATED PRESS

As Page explains (via ZDNet), the vulnerability taps into a file extension known as.MHT, which is a format used by Internet Explorer to handle archived web pages. If you were to launch Internet Explorer and save a web page, this is one of the file extensions that could be used.

And if someone were to send you a malicious.MHT file (perhaps disguised as a download link or an email attachment), Internet Explorer would be the default application to open it.

According to Page, once a user opens this malicious “.MHT” file, the specific flaw in the code relies on the user to first issue certain keystrokes first, such as CTRL+K (to duplicate a tab) or various Print commands. At that point, an external attacker can “exfiltrate local files and conduct remote reconnaissance.”

That already sounds scary, but then Page says that a simple javascript call within the file (such as invoking the Print Preview function) can do this automatically and without user interaction.

And if that isn’t enough, Page drops this bomb:

“Typically, when instantiating ActiveX Objects […] users will get a security warning bar in IE and be prompted to activate blocked content. However, when opening a specially crafted .MHT file using malicious < xml > markup tags the user will get no such active content or security bar warnings.”

Page demonstrates this via a YouTube video which shows the attack succeeding even with Windows SmartScreen activated. He says the exploit applies to Windows 7, Windows 10 and Windows Server 2012.

Microsoft’s Response

Mr. Page says the reason he publicly disclosed this exploit — and the accompanying code to pull it off — is that Microsoft acknowledged the threat but refused to treat it as an urgent matter. Page notified Microsoft on March 27, and Microsoft opened a case the next day. Here is the response Page received from Microsoft on April 10:

“We determined that a fix for this issue will be considered in a future version of this product or service. At this time, we will not be providing ongoing updates of the status of the fix for this issue, and we have closed this case.”

Some interesting context: 2 months ago Microsoft published a blog post titled “The perils of using Internet Explorer as your default browser.” In it, Microsoft writes that it is “committed to keeping Internet Explorer a supported, reliable, and safe browser.”

Right now Internet Explorer is included in Windows as nothing more than a compatibility solution, but with vulnerabilities like this popping up, you should seriously just disable or delete it. Between Windows Updatessupply chain attacks and malware spreading via popular file-sharing websites, you already have enough to worry about.

To disable Internet Explorer on Windows 10, follow Microsoft’s suggested steps:

  • Press the Windows logo key+R to open the Run box.
  • Type appwiz.cpl, and then select OK.
  • In the Programs and Features item, select Turn Window features on or off.
  • In the Windows Features dialog box, locate the entry for the installed version of Internet Explorer. For example, locate the Internet Explorer 11 entry. Then, clear the check box.
  • Select OK to commit the change.
  • Restart the computer.

Source

***INTERNET EXPLORER ZERO DAY EXPLOIT***

WE URGE YOU TO REMOVE INTERNET EXPLORER FROM YOUR COMPUTER ASAP! IF YOU HAVE ANY PROBLEMS WITH VIRUSES/MALWARE CONTACT US IMMEDIATELY AT (714) 592-0063 

8 Email Scam Alerts

8 Email Scam Alerts

It is now more important than ever to take cyber security extremely seriously in order to prevent an attack. As cybercriminals up their game and catch even the most vigilant of individuals via various spoofed emails, take a look at these scam email warning signs, which your employees should be looking out for.

For those who are already aware of the dangers we face with email, Symantec has launched comprehensive protection for business email compromise with the deepest visibility into advanced email attacks. If you’re an MSP or VAR and need to offer world class security solutions to your client base, ask our cloud specialists about the robust solutions available in CASCADE.

  1. When was it sent?

By checking the time of when an email was sent, you can potentially identify hazards. For example, you get an email from your manager at 3.45am. Is this normal? Would you usually receive emails at this time from them? If not, don’t click.

 

  1. Check the subject for…

A sense of urgency. Hackers use scare tactics to get you to bite the bate with ‘change your password now’, ‘you’re late with your payment’ or ‘you’ve been charged $134.21’. Do not fall victim to this. Think logically – you know if you’re late on a payment, and you can check your bank account for any deductions. Don’t rush and click through the email and if you do by accident, don’t be tempted to follow any links, download any attachments or send any of your personal details to the sender.

 

  1. And then comes the content…

What does the email require you to do? Be vigilantly aware of anything asking you to urgently update details, claim a tax rebate or send your bank details. Hackers will try anything to get you to click through. Don’t trust it unless you are absolutely 100% sure it is safe. Another obvious, tell-tale sign is grammatically incorrect copy. This is particularly notable when the email is claiming to be from large organizations, such as your bank. The subject line may read something like:

Mr Bloggs, Important! Changes To Your Banking Terms and Conditions and Charges and our Banking made-easy brochure!!

Note that the example above includes unnecessary capital letters, extra exclamation marks and randomly placed commas.

  1. Impersonation

The intelligence of today’s cybercriminals is unfortunately proving to work and is catching us out. Some emails now appear to be from someone you already know – an existing contact, but actually, they are an intelligent spoof. This is a very common way these criminals tempt us to click into the malicious email. Hackers do know that we are more inclined to click on emails if they are from somebody who we trust and will use almost exact fake email addresses. Below is a quick made up example of how similar these may be:

Real: [email protected]
Fake: [email protected]

Spot the difference? The ‘walliscargo’ is simply missing one ‘l’. If you’re checking emails quickly, it’s highly likely that you wouldn’t even notice this tiny difference.

Sometimes, the hackers can use your internal email addresses to appear in the ‘from’ box. There may not even be an error to spot here so check for tell-tale signs such as email signatures and check if the email is being vague with details.

TIP: Many business email compromise attacks pretend to be senior executives such as your CEO or COO.

 

 

Brea Networks security solutions

Brea Networks offers a new feature available within the Advanced Threat Protection stack:

Contact Us

  1. To whom is it addressed?

A lot of the time, hackers will send many phishing emails to many recipients at one time. If you’re copied into a strange email, or don’t know who any of the recipients are, this should be a warning sign to not click on anything.

 

  1. Check the hyperlinks BEFORE you click

If everything looks legitimate in the email, still don’t be fooled. Be even more vigilant by hovering over the hyperlink and checking the destination URL. If it doesn’t match what the description of the email is referring to, DO NOT click on it. If it is completely random, DO NOT click on it. Ensure that you are 100% safe to click before you do. If it appears to be from a colleague, or existing contact, contact the sender directly via phone to confirm whether or not they sent the email.

 

  1. Attachments

Next, we move onto attachments. While they may seem harmless, some can contain malicious variations of malware. Generally, if you are not expecting an attachment, don’t open it as may be fraudulent. Another sign to look out for is the file type. Duplicate file types at the end of the file name is a strong indication that the file is compromised, for example ‘docx.docx’, as well as the well-known exe files that are common threat vectors for email.

  1. Will it delete?

And finally, will the email delete from your inbox? If you swipe right to delete the mail and your phone displays a message like: unable to move message to the mailbox trash, this is a sign that the email is a scam. Depending on your device, contact the manufacturer for assistance with deleting unwanted mail.

Scam Email Samples

 

Brea Networks Smart Alert

 

REAL TIME THREAT PREVENTION Cyber criminals may attack at any time. To ensure business continuity, you need threat prevention that works nonstop, and can stop attacks before they infiltrate your network. Brea Networks Smart Alert™ enables you to stay ahead of attackers with real time threat prevention. Leveraging Brea Networks technologies, it provides the most advanced threat prevention and zero-day protection blocking both known and unknown threats. With over 30 different innovative technologies.

 

  • Network based threat prevention for security gateways, with best-in-class IPS, AV, post-infection BOT prevention, network Sandboxing (threat emulation) and malware sanitation with Threat Extraction.
  • SandBlast Agent endpoint detection and response solution with forensics, anti-ransomware, AV, post-infection BOT prevention and Sandboxing on the endpoint.
  • SandBlast Mobile advanced threat prevention for mobile devices provides a complete mobile security solution that protects devices from threats on the device (OS), in apps, and in the network, and delivers the industry’s highest threat catch rate for iOS and Android.
  • SandBlast for Office365 cloud, part of Check Point cloud security offerings.

 

SUMMARY – Preventing cyber-attacks, with their wide and fast spread across industries and attack surfaces, is essential and possible. Brea Networks is the first and only architecture designed to deliver the most complete real-time threat prevention against new generation cyber-attacks, leveraging Check Point’s most advanced products and technologies across all networks, cloud, endpoint and mobile – all managed by a single, consolidated console. Now with Brea Networks Smart Alert™ Protection you can have the complete threat prevention security you need to battle next generation attacks for a simple per user, per year subscription – including software, hardware, services and support. Ensure business continuity with the only complete architecture that keeps you protected against any threat, anytime and anywhere.

 

 

CONTACT US

Worldwide Headquarters 471 W. Lambert Rd Suite 111 Brea, CA 92821

Tel: (714) 592-0063 | Email: [email protected]

Brea Networks, LLC All rights reserved 2018

Reddit just announced a data breach that’s exposed sensitive customer info

Reddit just announced a data breach that’s exposed sensitive customer info

Here’s what you need to know about the Reddit breach:

  • On June 19, Reddit learned that between June 14-18, hackers were able to access two databases through Reddit employees’ accounts.
  • The first database included early Reddit user data, from the site’s launch in 2005 through May 2007. User info that was accessed by intruders includes usernames, passwords, email addresses and all content, including postings and private messages, from that period.
  • The second database accessed by hackers contained all the logs for the email digests sent out by Reddit between June 3-17, 2018. User info in that database includes email addresses, usernames and the names of any safe-for-work subreddits users are subscribed to.

See this article for more information. CLICK HERE

How to protect your info after this breach

To support you during this time, we’ve put together some guidelines to help you protect yourself:

  • Check out the Reddit help page on how to remove user data like posts, private messages and chats, if you’re a Redditor worried your real identity could be exposed.
    Enable two-factor authentication on your Reddit accounts.
  • Update your password on your Reddit accounts, and if you use that password in other places, especially if your info was accessed in the first database, then you should change those passwords as well.
  • Beware of phishing scams in which fraudsters use the info they know about you, like your Reddit username, to get you to divulge personal info through email.
  • Check your Experian credit report regularly to keep an eye on any unauthorized activity.

7 Windows 10 security features that could help prevent cyberattacks against your business

As the cybersecurity threat landscape expands, Windows 10 users should be aware of several features included in the platform to help protect enterprise data, Alexander Benoit, senior consultant and head of Competence Center Microsoft at sepago, said in a session at Microsoft Ignite in Orlando on Wednesday.

Enterprises face phishing attacks, ransomware, spyware, keyloggers, worms, and compromised accounts every day. “Because the threat landscape we’re facing today is so diverse, there cannot be one tool or feature that we just enable and then we’re secure,” Benoit said.

Before embarking on a comprehensive security plan, organizations need to determine where the data that would be most valuable to criminals lives, and plan to focus on that area, Benoit said.

Here are seven Windows security features that can help your business defend against cyberattacks.

1. Windows Defender Smart Screen

The Windows Defender Smart Screen can “block at first sight,” according to Microsoft. It helps protect employees if they try to visit sites previously reported as containing phishing or malware, and to stop them from downloading potentially malicious files. It can also help protect against fake advertisements, scam sites, and drive-by attacks.

“This is one of multiple layers of defense in anti-phishing and malware protection strategies,” Benoit said.

2. Windows Defender Application Guard

Application Guard offers protection against advanced, targeted threats launched against Microsoft Edge using Microsoft’s Hyper-V virtualization technology. The functionality works with whitelisting: Users can designate trusted sites to browse freely. If a site is not trusted, Application Guard will open it in a container, completely blocking access to memory, local storage, other installed applications, corporate network endpoints, or any other resources of interest to the attacker.

3. User Account Control

User Account Control (UAC) protects users by preventing malware from damaging a machine, and helps organizations deploy a better-managed desktop. When this feature is enabled, apps and tasks always run in the security context of a non-administrator account, unless an administrator specifically authorizes administrator-level access to the system. It can also block the automatic installation of unauthorized apps, and prevent accidental changes to system settings.

4. Windows Defender Device Guard

Defender Device Guard involves driver and application whitelisting, Benoit said. The feature changes from a mode where apps are trusted unless blocked by an antivirus solution, to a mode where the OS trusts only apps authorized by an enterprise. It operates on two components: The first, kernel mode code integrity (KMCI) protects kernel mode processes and drivers from zero-day attacks and other vulnerabilities by using HVCI. The second, user mode code integrity (UMCI) is enterprise-grade application whitelisting that achieves PC lockdown for enterprises using only trusted apps.

5. Windows Defender Exploit Guard

Defender Exploit guard includes exploit protection, attack surface reduction rules, network protection, and controlled folder access. It also provides legacy app protection including arbitrary code guard, blocking low-integrity images, blocking untrusted fonts, and exporting address filtering.

“This helps you audit, configure, and manage Windows systems and application exploit mitigations,” Benoit said. “It also delivers a new class of capabilities for intrusion prevention.”

6. Microsoft Bitlocker

Bitlocker is a full-drive encryption solution provided natively within Windows 10 Professional and Enterprise, Benoit said. It helps mitigate unauthorized data access by enhancing file and system protections, and renders data inaccessible if the computers are decommissioned or recycled.

“This is so important—you don’t want to be the guy who got blamed after the CEO’s device was lost or stolen and all the data was found on the world wide web,” he added.

7. Windows Defender Credential Guard

Defender Credential Guard uses virtualization-based security to isolate secrets, so that only privileged system software can access them—protecting from credential theft attacks. Enabling this feature offers hardware security and better protection against advanced persistent threats.

The overall best security practice? “Educate your users,” Benoit said. “They are the ones who click on the things and execute the files. It’s the toughest thing to do, but in the very end that’s the thing you have to do.”

w10laptopministart16x9en-us-1-768x432.jpg
Image: Microsoft
Source: https://www.techrepublic.com/article/7-windows-10-security-features-that-could-help-prevent-cyberattacks-against-your-business/

Ransomeware 2017

Ransomware is a form of malware that targets both human and technical weaknesses in organizations and individual networks in an effort to deny the availability of critical data and systems. Ransomware is frequently delivered through spear phishing e-mails to end users. When the victim organization determines they are no longer able to access their data, the cyber actor demands the payment of a ransom, at which time the actor will purportedly provide an avenue to the victim to regain access to their data. Recent iterations target enterprise end users, making awareness and training a critical preventative measure.

Key areas to focus on with ransomware are prevention, business continuity, and remediation. As ransomware techniques continue to evolve and become more sophisticated, even with the most robust prevention controls in place, there is no guarantee against exploitation. This makes contingency and remediation planning crucial to business recovery and continuity.

Prevention Considerations

• Implement an awareness and training program.
Because end users are targeted, employees and
individuals should be made aware of the threat
of ransomware and how it is delivered.
• Patch operating systems, software, and
firmware on devices, which may be
made easier through a centralized patch
management system.
• Ensure anti-virus and anti-malware solutions
are set to automatically update and that regular
scans are conducted.
• Manage the use of privileged accounts.
Implement the principle of least privilege: no
users should be assigned administrative access
unless absolutely needed; those with a need
for administrator accounts should only use
them when necessary.
• Configure access controls, including file,
directory, and network share permissions, with
least privilege in mind. If a user only needs to
read specific files, they should not have write
access to those files, directories, or shares.

• Disable macro scripts from office files
transmitted via e-mail. Consider using Office
Viewer software to open Microsoft Office files
transmitted via e-mail instead of full office suite
applications.

• Implement Software Restriction Policies
(SRP) or other controls to prevent programs
from executing from common ransomware
locations, such as temporary folders
supporting popular Internet browsers or
compression/decompression programs,
including the AppData/LocalAppData folder.

Business Continuity Considerations

  • Back up data regularly, and regularly verify the
    integrity of those backups.
  • Secure your backups. Ensure backups are not
    connected to the computers and networks
    they are backing up. Examples might be
    securing backups in the cloud or physically
    storing offline. Some instances of ransomware
    have the capability to lock cloud-based
    backups when systems continuously back
    up in real time, also known as persistent
    synchronization. Backups are critical in
    ransomware; if you are infected, this may be
    the best way to recover your critical data.

Other Considerations

  • Implement application whitelisting; only allow
    systems to execute programs known and
    permitted by security policy.
  • Execute operating system environments
    or specific programs in a virtualized
    environment.
  • Categorize data based on organizational
    value, and implement physical/logical
    separation of networks and data for different
    organizational units.

The Ransom
The FBI does not support paying a ransom to the
adversary. Paying a ransom does not guarantee
an organization will regain access to their data;
in fact, some individuals or organizations were
never provided with decryption keys after having
paid a ransom. Paying a ransom emboldens
the adversary to target other organizations for
profit, and provides for a lucrative environment
for other criminals to become involved. While
the FBI does not support paying a ransom, there
is an understanding that when businesses are
faced with an inability to function, executives will
evaluate all options to protect their shareholders,
employees, and customers.
In all cases the FBI encourages organizations
to contact a local FBI field office immediately
to report a ransomware event and request
assistance. Victims are also encouraged to
report cyber incidents to the FBI’s Internet Crime
Complaint Center (www.ic3.gov).

Ransomware_Trifold_e-version