Industry News Q2 21′

Channel Nine – Hacked

What was initially thought to be a mere technical issue turned out to be a calculated cyberattack that stopped one of Australia’s largest media companies from broadcasting.

Channel Nine has become one of the most recent household names to become victims of a cyberattack in Australia, which was believed to be a foreign national state response to their program called Under Investigation with Liz Hayes. One episode featured an influential political leader and his alleged “campaign of terror” using the most potent chemical weapon in the world.

The attack resembled almost every detail to that of ransomware.

Ransomware is software specifically designed to prevent access to a computer system until the demanded amount of money is paid. This type of attack is usually spread through emails as attachments or links. If accessed, the ransomware is then downloaded unknowingly by the user.

However, only one feature was missing from the ransomware that brought down the televising capacity of channel Nine: there was no demand for ransom.

The incident has since prompted a much-needed discussion among news media companies, personalities, and journalists on re-establishing the grounds of broadcasting and news reporting.


Preventing ransomware attacks

There are multiple ways for hackers to infect your computers with ransomware. However, the most common and effective ploy is by sending phishing emails. Here are some tips on identifying these attacks:

  1. Poorly written content – Unless you are confident that the email is from someone who writes as if they are text messaging, poorly written emails should be an immediate indication that what you are reading is indeed a phishing email.
  2. Public email domain – Before following any instruction stated in the email, be sure to check the sender’s email address. Chances are, attackers use public domains such as “@gmail.com” or “@yahoo.com” even though the email is presented bearing the characteristics of an official communication of a legitimate organisation.
  3. Misspelled domain – Most often than not, culprits go the extra mile to make their email address seemingly appear like the exact equivalent in hopes to bait the user since most of us, whether we care to admit it or not, only skim through the text and do not care much about the minor details.
  4. Unknown Source – This says it all. If you are not familiar with the organisation, person, or email address, refrain from doing further activities with the email. If you are genuinely keen to open the attachment or click on a link, it is best to do your research first. You may also further double-check the email by contacting the organisation through its website or reaching out to the individual who supposedly sent the email through their socials such as LinkedIn.
  5. Suspicious email attachments or links – If the email screams suspicious from a mile away might as well move it to the trash bin before accidentally compromising anything in your system.


Means of System Penetration

Other ways to penetrate your organisation’s systems include the following:

  1. Removable Media – Make sure any device connected to your computer, such as USBs, are safe and are free from any virus.
  2. Remote Desktop Access – Having your organisation’s IT remotely access your device during technical troubles may be convenient. However, the ‘open’ portal may also allow hackers to join in and exploit the same access.
  3. Drive-By Downloads – Be vigilant on what websites to visit or access. Malicious websites are readily accessible by a couple of wrongful clicks on the internet. They introduce ransomware to your devices through drive-by downloads. What this means is that users are not notified by any downloads happening in the background.

Overall, with harmful attacks like this just lurking around the corner, it is now more important than ever to have an effective and reliable cyber security strategy in place to protect your organisation from a potential data breach. Contact a Vectra representative today for more information on where is best to invest for your industry and organisation profile to reduce your risk.

 

Recent Social Media Attacks – Smishing

As technology becomes more and more sophisticated, so are cyber attacks.

A news program reported that personal details from Facebook of more than 7 million Australians were leaked online by cybercriminals. We also later learned that these pieces of information had already been stolen two years prior through a breach within the platform’s system.

It does not help with the fact that Facebook allows anyone to look for profiles using phone numbers.  Come to think of it. It would be easier for hackers to pull up a profile with an active phone number by entering a string of random digits following a geographical standard format.

To avoid being searched using your phone number or email address, click here for the instructions.

A separate yet similar incident also occurred to LinkedIn wherein half a billion of its users’ data were put up for sale on a forum notoriously used by hackers. The cybercriminals went as far as leaking a worth of $2 million of records to prove its authenticity. These records included full names, contact information, work positions and other professional details.


Have you been pwned?

If you have an account with a company or organisation that has suffered from a data breach, you have already been pwned. For example, if you created an account on Facebook 5 years ago using the email address firstname_lastname@domain.com and the social media site’s systems has just been hacked, it simply means your email address and other personal information may already be in the hands of bad actors.

To check if you’ve been pwned, click here.

With the personal data being all out in the open, including names and phone numbers, people whose information was compromised may very well be victimised again by smishing.


What is smishing?

Smishing is somewhat similar to phishing. However, instead of defrauding people through emails, these attacks are delivered via text messages or SMS—hence the name.

Smishing is a social-engineering fraud disguised as a legitimate contact source (banks, hospitals, government agencies, charities, etc.) and is designed to do either of the following:

  • Trick users into clicking on the link in the text message that would result in a malware download to gain access to more sensitive information stored in your device.
  • Route you to a fake website that mimics the genuine counterpart and asks you to enter your personal and sensitive information.

What is particularly dangerous about this scheme is that people tend to be more complacent in their text message activities than on emails, making the potential victims more vulnerable to these attacks.


How to avoid these attacks in general

There are many kinds of phishing attacks, and smishing is just one of them. To avoid being exploited by bad actors, here is a list of things you may want to share with your team members.

Scenario #1 – You have just received an email from a trusted organisation affiliated with you and is instructing you to click on the link or open an attachment with urgency.

  • Check if the email address is correct.
  • Poorly written content should be enough of an indication that it is a scam.
  • Call up the organisation and verify if they have indeed sent the email.

Scenario #2 – You have just received a text message with a link.

If you receive a text or a chat message without prompting anything to have that message sent to your device, move the message immediately to your trash bin.

Scenario #3 – A friend suddenly sends you a link with limited or no context at all.

  • Evaluate – ask yourself if it is natural for your friend (sender) to send you a link with little to no explanation.
  • Check your previous messages or conversation if it correlates with the link. If it does not, do not click on the link.
  • [Social Media Chat Channel] If there is no prior conversation available, visit the sender’s profile to see if it is an authentic account.
    • Pro tip: Check his/her timeline, photos, and friends (if visible). Suppose the profile does not have any recent activities displayed or the picture tab only has the profile or display picture. In that case, chances are the profile you are viewing is duplicated and used as bait in scamming people.

Scenario #4 – A friend has posted a link to an obscene video or website.

Do not click on the link even when your ‘friend’ encourages his contacts to visit the website. This could mean that the owner’s access has been blocked, and the profile may have already been compromised.

Scenario #5 – A stranger has tagged you in a post. (Popular among Facebook users.)

If you are not the type that engages in public posts, refrain from clicking on the notification, as this may very well be a case of spam.

Scenario #6 – When creating a profile or signing up for an online or offline account.

Do not submit any personal or sensitive information unless stated otherwise or there is a need for it.

Scenario #7 – Your trusted organisation has advised you to download software or a mobile application for convenient transactions.

  • Download the software from its official website only and not from generic sources.
  • Download the application only from a trusted application market such as Google Play Store for Android devices or the Apple App Store for iOS.
  • Make sure that the software or application you are downloading is the exact one advised. Verified applications usually come with a checkmark logo or icon.

The reality for us all is that no matter how secure we would like to believe our organisation is, there is always that tiny little loophole waiting to be exploited by cybercriminals. However, as users, we are still accountable for our actions, and our actions will ultimately determine our cybersecurity’s efficiency and efficacy.

For more information about incidents like this and how Vectra can help in training your teams to not fall for these tactics, click here to speak with a representative.