CyberHoot Newsletter - Volume XIII

Emotet Operation Takedown

In January of 2021, law enforcement and judicial authorities across the globe disrupted one of the most notable botnets of the past decade: Emotet. Investigators have taken control of its infrastructure in an internationally-coordinated operation. For readers who don’t know, Emotet is malware operated by a Russian cybercrime organization first detected in 2014.

WordPress Site Risks

WordPress websites account for more than one-third of all websites on the Internet. WordPress is both flexible and powerful and runs some of the most used Internet sites such as Disney, FaceBook, and Sony. It is also heavily used by Small to Medium-sized Businesses (SMBs). Unfortunately, these SMBs can neglect the security of their WordPress sites. Timothy Chiu, VP of Marketing at K2 CyberSecurity, found more than 1.5 million WordPress sites with critical vulnerabilities, often linked to one of 50,000+ plugins that improve WordPress functionality.

Ubiquiti Security Breach

Ubiquiti, a large vendor of cloud-enabled Internet of Things (IoT) devices such as Wi-Fi Access Points, Video Recorders, and Security Cameras faced a security incident. Ubiquiti stated an incident at a third-party cloud provider potentially exposed customer information including user credentials to remotely manage Ubiquiti devices. The company sent an email urging customers to change their passwords and enable multi-factor authentication as soon as possible.

Chrome Extension Privacy Concerns

Browser extensions are tools that help with spelling/grammar, finding deals, storing passwords, or blocking ads; users don’t consider helpful tools being malicious in any form at all. Have you installed one of these “productivity” plugins or extensions without looking carefully into the tool’s characteristics? If you haven’t wondered or checked, you’re not alone. The vast majority of people don’t check a browser extension’s security; however, not worrying about this could put you at significant risk. A recent experience and some additional research done by CyberHoot staff showed just how dangerous extensions can be.

PayPal Smishing Attack

A PayPal text message phishing campaign was discovered that attempts to steal your account credentials and other sensitive information. This form of a phishing attack, through text messages, is called Smishing. Hackers send malicious texts or SMS messages tricking someone into giving them sensitive information. Smishing can be more effective than phishing because people are more trusting of text messages than emails. A campaign monitor study showed 98% of text messages are responded to within 90 seconds whereas only 20% of emails are responded to within 90 minutes. Most people are concerned and aware of the dangers of links in emails but may not be as aware of the dangers involved with links in text messages.

Customer Spotlight

"The team at Cyberhoot has been very friendly, professional, and helpful throughout the time we have used the product over the last 18 months. We are only a small company with fewer than 100 employees and a large compliance obligation, Cyberhoot was one of the few companies that allow a small company to use its services for less than 150 employees. The training and phishing modules are continuing to grow and they are always open to feedback and will make changes to improve the overall experience. Using the short videos 1 to 2 times a month to deliver training works a lot better with our staff and I have had positive feedback that this way is much better than a large training block once a year. We are so pleased with the product, that we have been recommended it also to our own clients."

Anonymous

IT Infrastructure Manager

February Press Release

Cybrary Term of the Month

Hypervisor

A Hypervisor, also known as a Virtual Machine Monitor or VMM, is software that creates and manages virtual machines (VMs). A hypervisor allows a computer to maintain many guest VMs by virtually sharing its resources, such as memory and processing. Hypervisors can be used personally to run multiple operating systems on your own computer. For example, a user can have a MacBook Pro as their physical computer, but using a hypervisor they can run a Windows OS. Hypervisors are used by companies to balance the computing needs of various types of servers efficiently by sharing a common core of CPU, Memory, and storage across a variety of production servers. CyberHoot runs all of its infrastructure on a series of virtual machines orchestrated by a Hypervisor.