CyberHoot Newsletter - Volume XII

Ransomware Task Force Forming

The damaging effects of ransomware hit $11.5 billion in 2019 and doubled in 2020 as new, more damaging and dangerous strains of ransomware (Maze, Sodinokibi, Ryuk, Dharma) hit companies. In December 2020, high-profile security vendors officially took action, teaming up with the Institute for Security and Technology (IST) to form a Ransomware Task Force (RTF). Some of the high-profile members included McAfee, Microsoft, and Rapid7 alongside cyber advocacy groups such as the Cyber Threat Alliance and Global Cyber Alliance.

IRS Impersonation Attack

AbnormalSecurity reported recent phony IRS-based phishing attacks on an estimated 15-50 thousand email inboxes. The attack’s purpose was to gain personal information that would allow hackers to perform ID theft or tax refund fraud. This attack had victims completing a fake W-8BEN IRS tax form as a PDF attachment. However, when compared to the real W-8BEN tax form on the IRS website, the form in the email asks for much more personal information. Enough personal information in fact to steal one’s identity.

IRS Pin Protection in 2021

The Internal Revenue Service (IRS) announced, at long last, that in January 2021 taxpayers can apply for an Identity Protection Personal Identification Number (IP PIN). This single-use code blocks identity thieves from fraudulently submitting a tax return in your name to collect your tax refund! This is a long-overdue security measure to the US tax system. Until now, IP PINs were only issued to victims of ID theft or tax refund fraud. CyberHoot recommends everyone get your IP PIN!

Close Proximity iPhone Hack

Google’s Project Zero cybersecurity researcher Ian Beer discovered how he could break into a nearby iPhone and steal personal data from it. He exploited a weakness in Apple’s Wireless Direct Link (AWDL), a wireless connectivity protocol for sharing data between Apple devices. His attack did not require victim interaction and resulted in complete control of an iPhone. Following responsible disclosure practices, he reported the issues to Apple and they quickly issued a patch. Beginning with iOS 13.1.1x and Mac OS 10.15.3x you are no longer at risk.

‘Smart’ Doorbell Vulnerabilities

With the holiday season officially behind us, now may be a great time to find hi-tech deals, but CyberHoot requests you proceed with caution. As always, you know to be wary of “too good to be true” deals and to watch out for Black Friday Scams. But, you should also know that some of the hi-tech equipment you’re buying may introduce new risks, alongside the touted benefits, to your lives. This blog discusses security risks with a popular item from this past holiday season, ‘Smart’ Doorbells.

Customer Spotlight

"I know that we’re doing everything we can here at Infinite Imaging by leveraging CyberHoot training for all my employees. I also feel peace of mind knowing my Manager IT provider is doing likewise and training their staff with it as well. I cannot stress enough how comforting it is to see an employee forward me a phishing attack email noting he/she didn’t click but wanted me to know it was caught and destroyed."

Bill Hurley

Owner | Infinite Imaging

CyberHoot's Newest Infographic

Cybrary Term of the Month

Clickbait

Clickbait is Internet content that uses overemphasized or misleading headlines to lure a person into clicking a link. Once the link is clicked, it brings the user to another website that contains multiple advertisements and sometimes malicious content. The most common objective of clickbait is to drive page views on websites, whether for their own purposes or to increase advertising revenue. Clickbait can also be used in phishing attacks, either driving users to a different page where they enter personal information or having users click links that installs malware.