• Home
  • Cybersecurity Services
  • BREAKING NEWS
  • Cybersecurity Forensics
  • Awareness Training
  • IT Audits
  • Virtual Director
  • Contact US
  • More
    • Home
    • Cybersecurity Services
    • BREAKING NEWS
    • Cybersecurity Forensics
    • Awareness Training
    • IT Audits
    • Virtual Director
    • Contact US
  • Home
  • Cybersecurity Services
  • BREAKING NEWS
  • Cybersecurity Forensics
  • Awareness Training
  • IT Audits
  • Virtual Director
  • Contact US

A New Evil Proxy Phishing-as-a-Service Platform Beats MFA

EvilProxy

Researchers at Resecurity have discovered a new Phishing-as-a-Service (PhaaS) platform called "EvilProxy" that’s being offered on the dark web. EvilProxy is designed to target accounts on a variety of platforms, including Apple, Facebook, GoDaddy, GitHub, Google, Dropbox, Instagram, Microsoft, Twitter, Yahoo and Yandex.

Notably, EvilProxy has the ability to steal session cookies, which allows it to access accounts without needing a username, password or multifactor authentication (MFA) tokens.

"EvilProxy actors are using Reverse Proxy and Cookie Injection methods to bypass 2FA authentication – proxyfying victim's session," the researchers write. "Previously such methods have been seen in targeted campaigns of APT and cyberespionage groups, however now these methods have been successfully productized in EvilProxy which highlights the significance of growth in attacks against online-services and MFA authorization mechanisms....

Recent Cisco Hack by Ransomware Because of a Phishing Attack

  • In a recent Forbes article, Cisco confirmed that they were hacked by a ransomware group as the group of cybercriminals published a partial list of files that were claimed to be exfiltrated.


  • While there was no ransomware deployed during the attack, the Security Incident Response Team noted that the initial attack vector was through a successful phishing attempt of an employee's personal Google account. This in turn, led to the compromise of the company's credentials and access to their VPN.


  • One user's honest mistake can potentially have a major impact on your organization. If an attack is successful, your organization can be severely damaged due to the financial loss. We highly recommend implementing frequent phishing tests and new-school security awareness training to your users. Remember - the stronger the human firewall, the stronger your organization is at stopping these types of attacks in the future!

3 reasons why MSPs are targeted by hackers

MSPs in particular are being targetted by attackers more and more frequently, putting additional pressure on providers to both shore up on and deliver cybersecurity.  One MSP can serve hundreds of businesses with thousands of users and devices.

Our company Virtual IT Security recovered a company from a $900,000 RansomWare attack caused by MSP negligence.  
 

#1 MSPs serve multiple clients with greater number of endpoints

The MSP channel has been growing rapidly for years, and it has only gained more momentum with accelerated digital transformation during the pandemic. This means more customers are trusting MSPs with more of their business data.


#2 An MSP’s distributed network can facilitate widespread attacks

In addition to there being more MSP customers out there for hackers to target, MSP networks are also vulnerable to widespread, distributed attacks. It’s not just about having a lot of victims to exploit, but about hitting them at the same time. These types of attacks are typically associated with ransomware.


#3 MSPs don’t have control over every aspect of a client’s security posture

While an MSP might be given stewardship of a company’s data, they may not be engaged with other security practices such as providing a client’s employees with security training or developing security policies. 

Hotel's Recent Data Breach Caused by Social Engineering

This week Marriott International, one of the largest hotel chains, suffered their second data breach of 2022. The attack by a group named "Group with No Name" (GNN) took place in early June and they used social engineering to trick one of the hotel employees into granting access to that associate's computer.
 

Monthly short training reinforcement followed by simulated phishing tests
"Organizations need to ensure that all employees are frequently educated about social engineering, receiving training at least once a month followed by simulated phishing tests, to see how well employees understood and applied the training," said Roger A. Grimes, Data-Driven Defense Evangelist at KnowBe4.
 

Assess your employees for their strengths and weaknesses through Security Awareness Training.

 

Virtual IT Security recovers company from Ransomware attack

$900,000 Ransomware attack thwarted by Virtual IT Security

Virtual IT Security's SWAT team had been working for two weeks to run down and clean up a $900,000 ransomware attack for a prominent award-winning, global professional services firm.  

"WANT TO LEARN MORE"?

FBI Warns LinkedIn Fraudsters Are Now a Significant Threat

" CNBC reports. Sean Ragan, the FBI's special agent in charge of the San Fran and Sacramento field offices, told CNBC in an interview that cryptocurrency scams have been particularly widespread recently.


"This type of fraudulent activity is significant, and there are many potential victims, and there are many past and current victims," Ragan said. "So the criminals, that's how they make money, that's what they focus their time and attention on," Ragan said. "And they are always thinking about different ways to victimize people, victimize companies. And they spend their time doing their homework, defining their goals and their strategies, and their tools and tactics that they use." 


LinkedIn stated in a blog post last week, "While our defenses catch the vast majority of abusive activity, our members can also help keep LinkedIn safe, trusted, and professional. If you do encounter any content on our platform you believe could be a scam, be sure to report it so that our team can take action quickly. "This includes anyone who asks you for any personal information, including your LinkedIn account credentials, financial account information, or other sensitive personal data. We also encourage you to only connect with people you know and trust. If you'd like to keep up with someone you don't know but that publishes content that is relevant to you, we encourage you to follow them instead."  "WANT TO LEARN MORE"?

How Hackers Steal Your Passwords and How To Defend Yourself

Despite the world's best efforts to get everyone off passwords and onto something else (e.g., MFA, passwordless authentication, biometrics, zero trust, etc.) for decades, passwords have pervasively persisted.


Today, nearly everyone has multiple forms of MFA for different apps and websites AND many, many passwords. The average person has somewhere between three to seven unique passwords that they share among over 170 websites and services.

Here are some related statistics:

 • The average person has 19 passwords - but 1 in 3 don't make them strong enough

 • The average employee manages nearly 200 passwords

 • The average business user has 191 passwords 


Unfortunately, those passwords often get stolen or guessed. This is why I recommend the following password policy guide. 


Most computer security experts agree with these policy recommendations, but more than a few readers might be shaking their heads, especially at the recommendations to use 20+ character passwords/passphrases. 


Why in the world would anyone need a 20+ character password to protect against password hacking attacks? Major Categories of Password Attacks  In general, password attacks fall into four different major categories:

 • Password theft

 • Password guessing

 • Password hash theft and cracking

 • Unauthorized password resetting or bypass 

WANT TO LEARN MORE?

Copyright © 2018 Virtual IT Security - All Rights Reserved.

Powered by GoDaddy