Recent Posts

Clone Phishing

Clone PhishingClone phishing attacks are a new type of social engineering attack that can be more difficult to detect than typical phishing emails. Clone phishing attacks generally use a clone of a legitimate email to entice users to click a link or enter information. A standard clone phishing tactic would be an email that looks like it’s from PayPal on the same day of the month you typically receive your account balance notification. The email would look exactly like the one users receive every month and might even show a high or past-due balance to create urgency and make users more likely to click the link.

Another form of clone phishing can be a follow-up to an initial email. Clone phishing emails can appear to come from a company or colleagues inside your business if a business email compromise (BEC) has occurred. Hackers will resend the previous email and refer to updated links or resources in the new email. Since the attack is based on a previously received email, users are more likely to click on the new email to see what changed. Cloning the original email creates a more trusting environment where users are less likely to check links or email addresses. In the event of a business email compromise, the email could come from a real and trusted email address, increasing the likelihood that users will click the malicious link.

Like other phishing campaigns, the malicious links ask for personal information, login credentials, or credit card information which should be the first red flag for users. Criminals are also using clone phishing tactics to install malware which can be more challenging to detect.

Users should be aware of this new phishing tactic and be reminded to ‘think before you click’ especially during the holiday season. Like other phishing tactics, criminals try to create urgency with clone phishing to steal data. Click here to read our blog post on Holiday Phishing.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Back to Basics, Cybersecurity, Recent Posts, Small Business

Hive Ransomware

Hive ransomwareThe FBI and U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an alert on the increased impact of Hive ransomware on businesses. “As of November 2022, Hive ransomware actors have victimized over 1,300 companies worldwide, receiving approximately US$100 million in ransom payments, according to FBI information.” from CISA alert. The attackers use Hive ransomware as a ransomware-as-a-service (RaaS) model and target a wide range of industries, from government and critical infrastructure to communication and manufacturing. However, the group targets Healthcare and Public Health (HPH) businesses by a large margin over all other sectors.

The group uses various attack vectors to infiltrate business networks. Investigation into the ransomware group has shown Hive gained access through remote desktop applications and virtual private networks (VPNs) with single-factor and multi-factor authentication (MFA) logins. The group also used traditional phishing emails with malicious logins to install malware. After gaining access, the group tried to cover its tracks by terminating processes related to backup and antivirus. They also deleted system logs that could help the company realize they have been infected.

The ransomware price is negotiated on the dark web, and criminals demand payment in Bitcoin. Hive actors also threaten to publish stolen data or reinfect business networks if the victim refuses to pay the ransom. “Hive actors have been known to reinfect—with either Hive ransomware or another ransomware variant—the networks of victim organizations who have restored their network without making a ransom payment.” from CISA alert.

The healthcare and public health sector was the leading industry targeted by ransomware in 2021 by a large margin. Financial services came in second with about one-third the number of attacks as healthcare. The healthcare sector is a favorite target for hackers because of the inconsistency of cybersecurity across the industry. Additionally, healthcare facilities store highly sensitive and personal data, so the probability of payment is higher when the criminal threatens to publish the data.

The alert listed several mitigations and preparations for a cyber incident, including monitoring external remote connections and implementing a recovery plan. Read the complete alert here.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Back to Basics, Cybersecurity, Information Security, Recent Posts, Small Business

Holiday Phishing

Holiday PhishingAs the holiday season quickly approaches, hackers are hard at work targeting businesses and consumers. Now is an excellent time to review traditional phishing methods and the evolution of tactics we’ve seen this year. Even though most people can recognize and avoid email phishing attacks, they still account for 90% of data breaches. This time of year, consumers look for deals in their emails, and criminals are getting much more strategic with phishing campaigns.

Hackers are trying to steal a wide variety of data with phishing techniques, including personal and financial information, login credentials for retail sites, or business login credentials to install malware and steal business data. Since the pandemic, shopping from work computers and accessing work data from personal computers has become such common practice criminals are using retail phishing tactics to attack business resources.

Email phishing is still the top phishing tactic, even with all the consumer education and email filtering. Phishing emails typically create urgency or work on the reader’s emotion to click a link. Phishing email campaigns target a large number of users, normally sent out to thousands of people, hoping a percentage will click on the link.

Spear phishing is the next most prominent type of phishing. Spear phishing campaigns target individual users with information pertinent to that person. Spear phishing emails may use your name, city, bank, workplace, or other publicly available information.

Smishing is the third most prominent type of phishing. Smishing uses text or SMS messages to initiate the attack. Common smishing techniques are fake discount deals, delivery confirmation, and password recovery.

All phishing attack vectors attempt to create urgency or work on the emotions of the user. They may offer a black Friday deal or say that your account needs attention because the password has been changed. A common vector is to ask the user to confirm an expensive online order or show a fake shipping confirmation for a retailer you frequent. The holiday season is a great time of year to remind employees and family members of the dangers and tactics of phishing campaigns.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Back to Basics, Cybersecurity, Information Security, Recent Posts, Small Business

Phishing-Resistant MFA

Phishing-Resistant MFAThe US Cybersecurity and Infrastructure Security Agency (CISA) published a fact sheet for businesses and industry professionals on phishing-resistant multi-factor authentication (MFA) implementation. MFA is an extra step beyond a password to access an account or information. Traditional MFA notifications via text message are susceptible to SIM swapping or push bombing. Both attack vectors take advantage of people who can be persuaded to hand over credentials through phishing.

“CISA strongly urges all organizations to implement phishing-resistant MFA as part of applying Zero Trust principles. While any form of MFA is better than no MFA and will reduce an organization’s attack surface, phishing-resistant MFA is the gold standard and organizations should make migrating to it a high priority effort,” CISA notes in its tip sheet.

Phishing, by definition, takes advantage of people, so phishing-resistant MFA seeks to remove the human factor from the authentication process.

The fact sheet highlights two phishing-resistant authentication methods, FIDO and PKI. FIDO is the most widely available method and can utilize physical tokens, embedded mobile or laptop authenticators, or biometric authenticators. PKI-based authentication is less common in public but is the primary form of MFA used by the government, with smart cards used to unlock computers. Read our blog post about FIDO here.

The fact sheet highlights how businesses should start thinking about phishing-resistant MFA implementation. High-priority targets like email systems, file servers, and remote access systems are most commonly targeted by hackers and should be protected first. Business owners should also think about protecting high-value users first. Employees with access to customer personal identifiable information (PII), like system administrators, attorneys, and human resources staff, should be at the top of the list of implementations.

The fact sheet also highlights user awareness. Not all products support phishing-resistant MFA, so the CISA recommends focusing on the services that support the authentication method first, like email hosting platforms. The gradual rollout will help users become accustomed to the new process so services can continue to be added as they add the capability. Read the full fact sheet here.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Recent Posts