Security Awareness Newsletter - October 2024
This is a newsletter I share internally as part of our internal security awareness program. Feel free to take and use in your organization. Created with help from ChatGPT
Spamouflage: State-Linked Influence Operations Target U.S. Elections
Summary: A Chinese state-linked influence operation, Spamouflage, is ramping up efforts to sway U.S. political discourse ahead of the 2024 election. By posing as U.S. voters and using AI-generated content, they spread divisive narratives on social media about sensitive issues like gun control and racial inequality. These tactics highlight the importance of vigilance against foreign influence campaigns and fake online personas.
Key Insight: Verify online sources and stay aware of potential influence operations.
Further Reading: Graphika Report
Lazarus Hackers Target Job Seekers with Malware-Laden Job Offers
Summary: The Lazarus Group is actively targeting job seekers, particularly those in blockchain-related fields, by disguising malware within fake job offers. The group utilizes platforms like LinkedIn, Upwork, and Telegram to distribute malicious software, including the "BeaverTail" malware, which steals credentials and cryptocurrency wallet data. Job seekers should be cautious of unsolicited job offers and avoid downloading unfamiliar files.
Key Insight: Always verify job offers and avoid downloading files from unknown sources.
Further Reading: GBHackers Article
Foreign Influence Operations Target U.S. 2024 Election
Summary: U.S. intelligence officials warn of increased influence operations from Russia, China, and Iran aimed at U.S. voters ahead of the 2024 election. These operations, while not yet disrupting voting infrastructure, spread disinformation through media, PR firms, and American influencers. A recent U.S. indictment highlights Russia's attempts to covertly funnel pro-Russian narratives into right-wing media, signaling the need for heightened vigilance as the election approaches.
Key Insight: Stay alert to disinformation and foreign influence in political content.
Further Reading: CyberScoop Article
Lowe's Employees Targeted by Google Ads Phishing Campaign
Summary: Lowe's employees were recently targeted by a phishing attack using fraudulent Google ads mimicking the MyLowesLife portal. Attackers designed fake login pages to steal employee credentials. This highlights the dangers of using search engines to access work-related sites. Employees should be reminded to avoid clicking on sponsored links and instead bookmark legitimate sites to protect against phishing attacks.
Tip: Always access work portals through bookmarks or trusted URLs, not through search engines.
Further Reading: Malwarebytes Blog
Email Breaches at Welcome Health & United Way of Connecticut
Summary: Welcome Health and United Way of Connecticut reported email account breaches compromising sensitive data. At Welcome Health, patient information and contractor Social Security numbers were exposed, while a phishing attack on United Way's employee email compromised data of up to 8,039 patients. Both organizations have responded with enhanced security measures and offered credit monitoring to affected individuals.
Further Reading: HIPAA Journal
False Claims of Hacked Voter Data Intended to Undermine U.S. Elections
Summary: The FBI and CISA have issued a joint public service announcement warning about false claims of hacked voter information. Foreign actors may spread disinformation to erode public confidence in U.S. elections, especially by exaggerating claims of compromised voter data. The agencies urge citizens to critically evaluate such claims and remind that much voter information is public.
Key Insight: Stay vigilant against disinformation campaigns designed to sow distrust in election processes.
Further Reading: CISA Announcement
Beware of Parking Payment Scams Involving Fake QR Codes
Summary: Drivers in the UK are being targeted by scammers who place fake QR codes on parking machines. These codes lead to fraudulent websites designed to steal payment information. The RAC warns drivers to avoid using unfamiliar QR codes and instead rely on cash, card, or official apps for parking payments. This "quishing" scam has been reported across multiple UK regions, with an increasing number of incidents.
Key Insight: Be cautious when scanning QR codes, especially in public places like parking machines.
Further Reading: RAC News
Florida Healthcare Data Leak Exposes Thousands of Doctors and Hospitals
Summary: A data breach at MNA Healthcare exposed sensitive information of over 14,000 healthcare workers and 10,000 hospitals, including encrypted Social Security Numbers, addresses, and job details. The breach, caused by a misconfigured database, increases risks of identity theft and fraud. Healthcare professionals and institutions are advised to enhance cybersecurity measures, monitor financial accounts, and consider identity theft protection.
Further Reading: Cybersecurity News
New Sextortion Scam Uses Photos of Victims' Homes
Summary: A recent wave of sextortion scams has taken a more personalized approach, including photos of victims' homes in threatening emails. Scammers claim to have recorded compromising footage through malware and demand Bitcoin payments to avoid releasing the videos. The photos are often pulled from online mapping services to increase intimidation. To stay safe, avoid responding to such emails, keep webcams covered when not in use, and report incidents to law enforcement.
Further Reading: Krebs on Security
Google Password Manager Now Syncs Passkeys Across Devices
Summary: Google Password Manager now automatically syncs passkeys across Windows, macOS, Linux, Android, and ChromeOS devices. Passkeys, which use biometrics like fingerprints and facial recognition, offer a more secure alternative to passwords. With this update, passkeys are encrypted and accessible on all devices, enhancing security and convenience for users. Google has also introduced a new PIN feature to ensure end-to-end encryption for synchronized data.
Further Reading: BleepingComputer Article
FTC Report Exposes Surveillance by Social Media and Streaming Giants
Summary: The FTC has released a report revealing that major social media and video streaming platforms engage in extensive data collection and surveillance of users, including children and teens. The report highlights inadequate privacy protections and raises concerns about the use of data for targeted advertising. The FTC recommends stronger privacy laws, data minimization, and enhanced safeguards for younger users.
Key Insight: Ensure your social media use is mindful of privacy risks, and review settings to limit data sharing.
Further Reading: FTC Report
Operation Overload: A Disinformation Threat Targeting U.S. Elections
Summary: Operation Overload, a Russia-linked disinformation campaign, is ramping up efforts targeting U.S. voters ahead of the 2024 presidential election. The operation uses AI-generated fake content, such as fabricated TikTok videos and doctored news articles, to spread false narratives. Recent emails aimed at smearing Vice President Kamala Harris highlight the evolving tactics. It's critical for newsrooms and voters to remain vigilant and fact-check claims.
Key Insight: Be cautious of AI-generated content that mimics legitimate sources to manipulate public opinion.
Further Reading: CheckFirst Report
Phishing Attack Uses Two-Step Approach to Evade Detection
Summary: A new phishing attack leverages a two-step process, using legitimate platforms like Microsoft Office Forms as an intermediary to evade detection. After clicking the phishing email link, users are directed to a legitimate form before being redirected to a fake login page designed to steal credentials. This sophisticated approach helps attackers bypass security filters by exploiting trusted platforms.
Key Insight: Be cautious of phishing links that utilize legitimate services as intermediaries before redirecting to malicious sites.
Further Reading: KnowBe4 Blog
Investment Scam Losses Surge Six-Fold Since 2021
Summary: The Better Business Bureau reports a six-fold increase in losses from investment scams since 2021. Scammers frequently exploit dating platforms and hacked social media accounts to lure victims into fraudulent cryptocurrency schemes. Victims are often promised high returns on investments, only to lose significant amounts of money. Common red flags include promises of guaranteed returns, little-known cryptocurrencies, and requests to share wallet details.
Key Insight: Be cautious of unsolicited investment offers and avoid sharing cryptocurrency wallet details with unverified individuals.
Further Reading: KnowBe4 Blog
HR-Related Phishing Tactics on the Rise
Summary: Threat actors are using HR-related phishing emails, posing as internal messages like "Updated Employee Handbook," to trick employees into clicking malicious links. These attacks often lead victims to fake login pages that steal their credentials. The emails appear legitimate, making it crucial for employees to be extra cautious with HR communications and verify any unusual requests directly with their HR department.
Key Insight: Always verify HR-related emails before clicking links or providing sensitive information.
Further Reading: Cofense Blog
Foreign Influence Operations Using AI to Target U.S. Elections
Summary: According to a recent ODNI election security update, foreign actors—primarily Russia and Iran—are increasingly using AI-generated content to influence U.S. voters. These actors are deploying manipulated media across various formats, including text, images, audio, and video, to spread disinformation and fuel divisive political narratives. As Election Day approaches, U.S. citizens should be vigilant about AI-generated content and misinformation campaigns.
Key Insight: Verify sources and be cautious of sensationalized or divisive media, especially content that seems AI-generated.
Further Reading: ODNI Election Security Update
Expert Tips to Identify Phishing Links
Summary: Phishing attacks are becoming more sophisticated, but there are key ways to spot phishing links. Security experts advise checking for suspicious URLs with complex characters, paying attention to redirect chains, and inspecting page titles or missing favicons. Attackers also abuse CAPTCHA and Cloudflare checks to mask phishing attempts. Tools like ANY.RUN’s Safebrowsing can help safely analyze suspicious links before engaging with them.
Key Insight: Always inspect URLs carefully and use tools to analyze suspicious links in a safe environment.
Further Reading: The Hacker News
The Dangerous Intersection Between Cybercrime and Harm Groups
Summary: A recent investigation reveals that some cybercriminals involved in ransomware attacks are also tied to violent online communities. These groups, often targeting young people, manipulate victims into self-harm or harming others. They use platforms like Telegram and Discord to coordinate harassment and extortion, demonstrating the increasing overlap between cybercrime and real-world violence.
Key Insights:
Cybercriminals are also involved in harm groups.
Young people are often victims of online manipulation.
Cybercrime is increasingly crossing into physical violence.
Read more: Krebs on Security.
Cyber Predators Exploit Healthcare Vulnerabilities with Ransomware and Data Theft
Summary: Cybercriminals are increasingly targeting healthcare organizations, exploiting weaknesses to steal patient data and extort hospitals via ransomware attacks. These criminals collaborate through darknet marketplaces, offering ransomware-as-a-service, and trading access to compromised healthcare systems. With attacks up 32% globally in 2024, healthcare remains a prime target due to its valuable data and often outdated security infrastructure.
Key Insights:
Healthcare sees an average of 2,018 attacks weekly, with APAC and Latin America hit hardest.
Ransomware-as-a-service empowers less experienced criminals.
Hospitals face high risks due to the critical nature of their operations.
Read more: Checkpoint Research.
Beware of Funeral Streaming Scams on Facebook
Summary: Scammers are exploiting Facebook by creating fake funeral streaming groups, tricking grieving families into providing credit card information to view a supposed service. These fraudulent groups use the deceased's images to appear legitimate and direct users to malicious websites requesting payment. This scheme preys on vulnerable people, often at their most emotional moments.
Key Insights:
Fake funeral streaming pages ask for credit card details.
Scammers use social media to create convincing, emotional traps.
Stay vigilant and verify event details before engaging.
Read more: Krebs on Security.
Phishing Campaign Exploits Google Apps Script for Sophisticated Attacks
Summary: A new phishing campaign manipulates Google Apps Script macros to target users across multiple languages. The phishing emails falsely claim to provide “account details” and include links to malicious pages mimicking legitimate Google services. Victims are tricked into disclosing sensitive information, leading to data theft and operational disruption.
Key Insights:
Attack uses Google’s infrastructure to appear legitimate.
Affected users may disclose sensitive data via a deceptive Google Apps Script URL.
Advanced email filtering, real-time URL scanning, and phishing awareness training are crucial defenses.
For more details, visit Checkpoint Research.
New Windows PowerShell Phishing Campaign Highlights Serious Risks
Summary: A recently discovered phishing campaign uses GitHub-themed emails to trick recipients into launching PowerShell commands, enabling the download of password-stealing malware. The attack uses social engineering techniques, disguising itself as a CAPTCHA verification process. By exploiting PowerShell’s automation capabilities, attackers gain unauthorized access to credentials stored on victims' systems.
Key Insights:
Attack targets GitHub users but could be adapted for broader use.
Exploits PowerShell to execute malicious commands.
Vigilance and disabling unnecessary PowerShell access are crucial defenses.
For more, visit Krebs on Security.
Phishing Attacks Exploit Content Creation and Collaboration Platforms
Summary: A recent phishing campaign abuses popular content creation and collaboration tools to trick users into clicking malicious links. Cybercriminals use legitimate-looking posts and documents with embedded phishing URLs, leading to credential theft through fake login pages. These attacks have been seen in both business and educational environments.
Key Insights:
Phishing emails from trusted platforms contain hidden threats.
Common platforms include design tools and document-sharing services.
Users should be cautious of unexpected links and suspicious login requests.
For more information, visit KnowBe4.
Scammers Exploit Virtual Shopping Lists to Target Walmart Customers
Summary: Cybercriminals are using Walmart’s virtual shopping list feature to scam customers by embedding fake customer support numbers. Clicking these links, often promoted via malicious ads, leads users to scammers who impersonate law enforcement or bank employees. Victims are coerced into transferring funds, often under false threats of legal consequences.
Key Insights:
Scammers misuse legitimate platforms like Walmart's shopping lists.
Ads can redirect to fake support numbers.
Stay vigilant of scare tactics and unsolicited requests for money.
For more details, visit KnowBe4.
Cyber Threats Looming for the 2024 U.S. Election
Summary: As the 2024 U.S. election approaches, cyber threats from nation-state actors, hacktivists, and cybercriminals are expected to rise. These include disinformation campaigns, phishing attacks, and attacks on electoral infrastructure. Businesses should brace for phishing campaigns and SEO poisoning targeting politically charged topics.
Key Insights:
Nation-state groups may conduct hack-and-leak operations and influence campaigns.
Expect a surge in phishing attacks and scams using election-related themes.
Businesses should implement advanced cybersecurity measures to mitigate risks.
For more details, visit ReliaQuest.
Timeshare Scam Linked to Mexican Drug Cartel Targets U.S. Owners
Summary: The FBI has issued a warning about a telemarketing scam targeting timeshare owners, linked to the Jalisco New Generation drug cartel. Scammers posing as buyers lure victims into paying advance fees for fraudulent timeshare sales. The funds are used to finance other cartel activities. Victims are often reluctant to report the scam due to fear or embarrassment.
Key Insights:
Scammers pose as buyers offering above-market prices.
Victims lose thousands in fraudulent fees.
Report scams to authorities to prevent further harm.
For more details, visit Krebs on Security.