Protecting Against Deceptive Cyber Threats

In the vast interconnected world we live in, where any single click can lead to malware and compromise, being aware, is being secure. Recently, a cunning attack has re-surfaced: ads masquerading as a NordVPN software product promotion on Bing.  CyberHoot originally reported Malvertising attacks like this back in Oct. 2023. Learning what happened here, and in previous attacks, will help protect you from similar online threats you face.

Understanding the Threat

The ad in question lured users with promises of NordVPN services, a reputable Virtual Private Network (VPN) provider known for enhancing online privacy and security. However, behind the fake ad lay a sinister plot to distribute the “Sectoprat malware“> Sectoprat is malicious software  (aka: “malware“) designed to compromise your system and steal sensitive information.

Recognizing Red Flags

1. Unsolicited Promotions: If an ad pops up out of the blue, especially offering deals that seem too good to be true, proceed with caution. Legitimate companies usually don’t resort to intrusive and urgent advertising tactics. Hackers hope you will react to these without thinking it through. Stop, pause, and think before you click.
2. Misspellings or Odd URLs: Take a closer look at the URL displayed in the ad. Misspellings, strange characters, or domains that differ from the official website are telltale signs of a potential scam.  This URL manipulation or obfuscation is called typo-squatting.
3. Unsolicited Downloads: Legitimate services don’t force downloads upon users. If clicking on an ad prompts an immediate download without your consent, it’s likely malicious.  Kill the browser tab or whole browser if necessary.  For stubborn pop-ups rebooting your computer may be required to clear things up.
4. Check for HTTPS: Secure websites use HTTPS protocol. If the website linked in the ad lacks HTTPS encryption, it’s safer to steer clear.

Safeguarding Yourself

1. Ad Blockers: Consider using ad blockers to minimize exposure to potentially harmful advertisements. These tools filter out suspicious ads and reduce the risk of accidental clicks.
2. Verify Sources: Before engaging with any online promotion, verify its legitimacy. Visit the official website of the service being advertised to confirm the offer.
3. Stay Informed: Keep yourself updated on the latest cyber threats and common tactics used by scammers. Awareness is your best security against malicious actors and their tactics. Subscribe to our monthly Newsletter here.
4. Use Reputable Services: Stick to well-known, trusted brands when it comes to online services like VPNs. Research providers thoroughly before making a decision. Never react to an advertisement you see regardless of how compelling it might be.

Top 10 Mitigations to help Protect against this Attack:

1. Enforce Employee Policies: Govern employees with policies that strictly prohibit the installation of software without involvement from the IT department. This ensures that all software installations are vetted and approved, reducing the risk of malware infiltration.

2. Remove Administrative Rights: prevent users from inadvertently installing malicious software like the Sectoprat malware, by removing administrative rights from their workstations. By limiting user permissions, you restrict the ability for unauthorized software installations, enhancing overall security posture.

3. Control Software Installation: Only allow trusted employees to install software from reputable sources, avoiding risky installation methods such as downloading from unverified Dropbox folders, similar to the initial attack vector observed in this case.

4. Email Alert System: Implement an email alert system that notifies employees about emails originating from outside the organization. Include a banner in such emails to raise awareness among employees, indicating that the IT team would not request the installation of a VPN client through unsolicited emails.

5. Cyber Literacy Training: Conduct regular cyber literacy training sessions for employees and subcontractors. Utilize awareness videos to educate them about common cyber threats such as social engineering, phishing attacks, and the importance of password hygiene.

6. Phishing Simulations: Test employees’ awareness and response to phishing attacks using positive outcome, educational, hyper-realistic simulations. Platforms like CyberHoot offer effective simulations to evaluate and improve employees’ ability to detect and thwart phishing attempts. Learn about HootPhish today!

7. Annual Risk Assessment: Perform an annual risk assessment of your organization, including comprehensive vulnerability scanning and penetration testing. This proactive approach helps identify and address potential security vulnerabilities before they can be exploited by malicious actors.

8. Risk Management Framework: Establish a robust risk management framework within your company to systematically assess, prioritize, and mitigate risks. By integrating risk management practices into your cybersecurity strategy, you can effectively manage and reduce potential threats.

9. Virtual CISO Consultation: Consider hiring a virtual Chief Information Security Officer (CISO) to provide expert guidance on risk assessment, cybersecurity program development, and risk mitigation strategies. A virtual CISO can offer specialized expertise and support tailored to your organization’s needs.

10. Cyber Insurance Coverage: Purchase cyber insurance to provide financial protection in the event of a cybersecurity incident. Despite diligent planning and prevention measures, having cyber insurance ensures that your organization is prepared for unforeseen security breaches and their associated costs.

Conclusion

Remember, cybercriminals excel at manipulating trust and exploiting familiarity to deceive unsuspecting users. Stay attentive and employ basic security measures to protect yourself against cyber threats. If something seems too good to be true, it probably is. Trust your instincts and prioritize caution to safeguard your online presence.