2022 November Cyber Bytes

Parcel Delivery Scams Are On The Rise: Do You Know What To Watch Out For?

As package delivery scams that spoof dhl, usps and other delivery companies soar, here’s how to stay safe not just this shopping season

Source: Phil Muncaster (welivesecurity.com) on October 26, 2022

Where there are users to be scammed and money to be made, cybercriminals won’t be far behind. So it was during the pandemic, when internet users eager to get hold of the latest COVID news were susceptible to scams. At one point, Google claimed to be blocking 18 million daily phishing emails related to the unfolding situation. The pandemic also led to a surge in e-commerce which will long outlast the virus. There was an estimated 56% increase in online sales between 2019 and 2021, and the numbers are only predicted to grow. That presents another opportunity for online fraudsters masquerading as delivery companies. With the holiday season approaching, it means you should be on the lookout for delivery scams designed to steal your data and your cash, or even infect your computer.

How common are fake delivery scams?
E-commerce has never been easier. In just a few mouse clicks or swipes of our smartphone, we can have items from all over the world delivered to our doorstep. But this ease of use can also be our undoing. Can you remember all the items you ordered over the past two weeks, where they were bought, and what company is shipping them? Scammers are primed to take advantage, by sending out phishing emails and texts impersonating delivery companies, which claim something is wrong and urge users to click through. According to the latest ESET Threat Report, the May-August 2022 period saw a six-fold increase in detections of shipping-themed phishing lures versus the January-to-April 2022 period. These emails often involved fake DHL and USPS requests to verify shipping addresses and contributed to ESET’s blocking 28% more phishing URLs than in the first four months of the year, amounting to almost 4.7 million. This bumped the category of phishing sites faked with the logos of delivery and logistics firms into third place behind social media and finance (banking) among the top targets for phishers.

What are the bad guys after?
So what happens if you click on malicious links in these emails? Usually, they’ll take you to a fake site where you’ll be asked to enter more details to prove your identity, or pay a non-existent fee. But sometimes, just by clicking, you could unwittingly download malware to your device. To recap, fraudsters may be after your account passwords, which can be used to hijack these online accounts, or other personal and financial information, such as banking logins or credit card details, for follow-on fraud. Any of this can also be done via malware that steals information like passwords from your PC, or even extort you via ransomware. Phishing and its variants was the most common cybercrime type by volume of reported incidents last year, according to the FBI, making cybercriminals over US$44m. However, the real cost is likely to be much higher, as scams are often not reported.

What do delivery scams look like?
We all get so many parcels delivered to our homes today that it can be tough keeping track of them. We’ve become accustomed to seeing messages in our inbox or on our phone from logistics companies, updating us about scheduled delivery times and other information. Sometimes we’re required to reply. It is these messages that the scammers try to mimic.

They could be:

•    a request for an additional payment to complete delivery
•    a demand for payment due to a supposedly incorrect delivery address
•    a request for email verification (password) in order to track a (non-existent) parcel
•    a request for name, full address and phone number, due to “delivery failure”

There are also multiple varieties of smishing (phishing via text) scams of this sort, which leverage the fact that many delivery companies also update their customers via SMS. They use similar techniques – creating a sense of urgency that rushes the recipient into making the wrong decision. In the case of smishing, users may be even more likely to click through as:

•    They may be distracted and on the move
•    There’s no way to check for a fake sender domain (only a phone number, which can be easily faked)
•    There are typically fewer words in a text, and therefore fewer opportunities to spot poor grammar
•    There’s no logo for the bad guys to spoof

How to stay safe from the scammers
Fortunately, there’s plenty you can do to combat the risk of delivery scams in the run-in to the busy shopping season. Consider the following:

•    Don’t click on links to enter personal information, including login credentials and financial information, from an unsolicited email or text message
•    Regularly back up your device
•    Look out for the tell-tale signs of a phishing scam: urgency, out-of-the-blue requests for financial or other information, imposter URLs, spelling and grammatical errors, and requests for money in return for delivery
•    If you receive an email that looks suspicious, visit the official website of the delivery company rather than follow a link embedded into the message
•    Download reputable multi-layered security software with anti-phishing capabilities to all your devices

As the holiday season approaches, there’s an even greater chance that we’ll either lose track of what we’ve bought or we’ll be expecting gifts purchased by others. Get delivery-scam smart today to avoid a potentially fraught start to the holidays.

8 Questions To Ask Yourself Before Getting A Home Security Camera

As each new smart home device may pose a privacy and security risk, do you know what to look out for before inviting a security camera into your home?

Source: Phil Muncaster (welivesecurity.com) on October 3, 2022

Security cameras were once the preserve of the rich and famous. Now anyone can get their hands on one thanks to technological advances. The advent of the Internet of Things (IoT) has created a major new market – for manufacturers of devices like connected doorbells and baby monitors, and more sophisticated whole-of-property systems. Connected to home Wi-Fi networks, these devices allow owners to watch live video footage, record video for later and receive alerts when out of the house. Yet these same features can also expose households to new risks if the camera is compromised and/or the footage is leaked. Not all vendors have as big a focus on security and privacy as they should. That means you need to ask the right questions before starting. Here are some examples:

1. Do I actually need a security camera?
First up, it’s time to decide if a home security camera is really necessary or if you’re only interested in getting one because everyone else seems to. Part of this decision-making process may be working out what type of set-up to get: whether you need a full CCTV system requiring professional installation, or a cheaper connected camera that can be up-and-running quickly and is controlled via a smartphone app.

2. Am I aware of the security and privacy risks?
This is critical. While home security cameras are meant to protect the household, getting one might, in fact, unwittingly put the household at greater risk. In a worst-case scenario, remote or local hackers could access live feeds to spy on family members or case out the property to see if it’s empty. Both scenarios can be unnerving, especially as you would have little warning that this was happening. One way hackers could gain access to these feeds involves accessing the home wireless network, perhaps by guessing or brute-forcing the Wi-Fi password. A more likely scenario, however, is an attack in which they guess or crack your account passwords or exploit an unpatched firmware vulnerability.

3. Have I checked the security pedigree of the vendor?
With so many models on the market, it pays to research what’s on offer, and the reputation of different vendors. If you’re serious about security, you’ll want a reputable brand with a strong track record on building reliable products with good consumer ratings for security and privacy. Things like prompt patching, strong encryption, enhanced log-in security and watertight privacy policies are important. And if engineers are required to fit a system, how much access are they granted? One US home security technician was able to spy on hundreds of homes over a four-and-a-half year period after adding his email on set-up.

4. Do I know what happens to footage and data?
Another potential element of risk is related to the vendor itself. Do you know if the video data is stored on-site or in the provider’s cloud datacenter? In its latest transparency report, Amazon-owned Ring claimed to have turned over an unprecedented volume of its customers’ footage to the US authorities last year, including some cases without the consent of the device’s owner. Many camera owners may feel uncomfortable about such policies.

5. Do I know how to secure the camera?
Once you’re aware of the major security and privacy risks involved, it’s worth familiarizing yourself with what’s needed to ensure these devices run safely. Default passwords should always be changed to something strong and unique. For added safety, use two-factor authentication whenever it’s available. Also, devices should be regularly updated to the latest firmware. Choose a reputable vendor with a track record of manufacturing properly secured devices and shipping firmware updates. Switching off remote viewing of video footage will offer an added peace of mind and minimize the chances of a hacker accessing it.

6. Do I know how to configure the right smart home settings?
It’s not all about the settings on the camera itself. Your home router is the gateway to the smart home and could be a source of security risk if not properly configured. UPnP and port forwarding functions, which allow devices to find others on the same network, could be hijacked by hackers to access smart cameras. That’s why they should be switched off on the router, although it might prevent some applications and devices from working.

7. Do I know how to check if the camera has been hacked?
As mentioned, it can be difficult to spot if a security camera has been hijacked. Two of the things to look out for would be abnormal movements of the camera or strange voices or sounds coming from it. If suddenly you can’t log in because the password to your account has changed, then that clearly isn’t a good sign either. Another possible avenue to consider is increased data usage or poor performance. If the device is being accessed by an unauthorized user, your camera may run slower because of limited memory and CPU power. This isn’t a fool-proof check though – it may also be the result of something more mundane like a poor internet connection.

8. Am I aware of the impact on others?
Getting a home security camera is not just about your own security and privacy. It could also impact the rights of your neighbors if a camera captures images of people outside the boundary of your property. Under the GDPR, these individuals also have privacy rights that must be respected. It’s a good idea to position cameras so as to minimize any intrusion, and to be as transparent as possible with neighbors. 

There’s plenty to consider before buying a home security system. And like any purchase, the more up-front research you can do on it, the better.

Protect Your Farm: Don’t Let Cyberattacks Hold Your Data for Ransom

Source: Clinton Griffiths (Agweb.com) on October 21, 2022

On July 15, 2021, employees at Augusta Cooperative Farm Bureau Inc., were watching the clock and thinking about their evening plans. Suddenly, at 4 p.m., all 85 computers flashed, and the screens went white. The next morning the phone rang with an answer: Cyberhackers were on the line demanding a ransom. Five minutes later, the criminals took down the website for the ag retailer in Staunton, Va.  

“It’s all still pretty fresh in our mind,” says Brad Brown, assistant general manager of the cooperative. The issue took a month to resolve, and the same could happen to you.  “One could ‘lose the farm’ because of an unforeseen cyberattack,” says Steve Cubbage, precision ag consultant for Farmobile. “If you are a farmer who has connected data to the ‘cloud,’ or the CEO of a co-op, you are a target, and this threat is not going away.” Agriculture is now one of the top 10 industries targeted by cyberattackers. In the fall of 2021, per the FBI, six grain cooperatives were targeted during harvest, and two were targeted this past spring. One related business management software company faced a hacker that demanded $30 million in July 2021. That also led to several ag cooperatives being infected.  

“The agriculture community can no longer sit here and say we’re not a target,” says Andrew Rose, cybersecurity and agroterrorism consultant. “The potential impact of a successful attack on our food and agricultural supply chain is dawning on people.” He points to the ransomware attack on JBS USA in May 2021. Hackers shut down one of the world’s largest meat packers, forcing 13 plants to stop operations until the company paid an $11 million ransom in bitcoin. It caught the attention of the White House and people across the industry. “We have to realize food security is national security,” says Sean Riley, chief technology officer for the state of North Dakota. 

Traditionally, online threats came from hackers or people who gained access to a computer or network with the purpose of stealing valuable information (bank account numbers, social security data, tax information, etc.).  Now, cybercriminals lock systems or encrypt files and hold them for ransom. These bad actors are betting you or the companies you do business with will be willing to pay to regain access.  “Your files are encrypted, and they shut everything down leaving you only a phone number to call,” says Brian Grant, director of food and agribusiness at Cottingham & Butler. “It is meant for shock and awe, and they don’t want you to be able to think straight at the time.” Hackers will also go through your files and see if personal or trade secrets are present and worth selling to others on the dark web. Here are just a few staggering statistics: 
•    Roughly 90% of all indictments are from overseas actors, including China, Russia, Ukraine and North Korea. 
•    Payments now average between $570,000 and $800,000, depending on who you ask. 
•    The amount being charged or paid for ransom has increased by 395% over the past two years.

“The ransom requested is always higher, but it’s often negotiated down,” says David Cumbow, principal architect for Palo Alto Networks, a cybersecurity firm.  The threat is so serious that earlier this year the FBI did something unprecedented. It issued a public advisory warning about cyberattacks because of the potential to disrupt significant and essential parts of the agricultural industry during critical parts of the season. “We’re using our law enforcement avenues, the intelligence community is using theirs, as is the Department of Defense,” says Henry Heim, FBI supervising special agent. “We also manage the national cyber investigative joint task force with 30 partnering agencies from across law enforcement, the intelligence community and more.” Cross-industry teams are working to identify who is behind the attacks and hopefully arrest them.  “America is the largest producer of food in the world because we have the intellectual property, the farmers, the supply chain and everyone wants to get that information,” says Garrett Bladow, senior advisory engineer with Dragos and former technical lead at the National Security Agency. 

In early May, CNN reported tractors and combines stolen from a Ukrainian dealership and moved 700 miles to Chechnya had been remotely disabled. The same software used to help diagnose technical issues and allow farmers to track their equipment in the field had been refocused to limit that equipment’s use.  Experts say if it can be used by the good guys to stop bad guys, there’s always risk of it being leveraged the opposite direction.  “I was working for a machinery manufacturer and their equipment had auto steer,” Bladow recalls. “We were able to make two tractors crash into each other.” 

Bladow has been working in the computer technical world for years, both privately and publicly. He helped to write some of the software currently used in the industry and knows what’s possible.  “Let’s say you set your seed depth,” Bladow explains. “We could change those values and set it from 1" to 8" and now the field won’t grow.” That’s why researchers with the University of Nebraska-Lincoln are studying cybersecurity for agricultural machinery and technology. Santosh Pitla, an associate professor of advanced machinery systems, is looking closely at autonomous tractor and agricultural robotics “You could have really smart equipment — an autonomous machine with a lot of computers, sensors and artificial intelligence — but if it has a weak link with respect to cybersecurity, all that intelligence is of no use,” he says. “Providing safe and secure agricultural machinery is important for food and national security.” Bladow agrees, noting the threat goes beyond national security to competitive and financial issues.  “For instance, are you sending telemetry from your combine that shows how many bushels per acre you’re harvesting? What would that information mean for the futures market?” Bladow asks. “If there are people who can get into those systems and aggregate that data, they have the ability to set trends or do whatever nefarious thing they want to do.”

A farm run by a single computer or two is often using popular business software to track expenses, manage agronomy and sort data. The entirety of a farm’s business sitting in one place makes it vulnerable to attacks.  “As more devices are hooked up to networks and more tasks are turned over to automation, the opportunity and potential reward for cyberattackers will only grow exponentially during the next several years,” says Farmobile’s Cubbage. That’s why many in the industry are working to be better prepared — and warning farmers to be proactive. “Just one farmer sitting on his or her farm is so interconnected,” Rose says. “How their grain or livestock feeds up through the food and agricultural supply chain is critical. If we take food out of the equation, it will take about three weeks for the government to fall.”  

Cyberattacks = Big $
Ransomware, a malicious software designed to block access to a computer system until a sum of money is paid, is the biggest threat: 

•    $812,369: the average ransomware payment
•    $1.4 million: the average total cost to remediate a ransomware attack
•    30 days: the average time to recover from a cyberattack
•    90%: of attacks affect the target company’s ability to operate

Michigan Medicine Notifies Patients Of Health Information Breach

Compromised employee email accounts could have exposed health information of about 33,850 patients

Source: uofmhealth.org on October 27, 2022

ANN ARBOR, Mich. — Michigan Medicine is notifying approximately 33,850 patients about employee email accounts that were compromised which may have exposed some of their health information.

From August 15 through August 23, 2022, a cyber attacker targeted Michigan Medicine employees with an email “phishing” scam. In this scam, the attacker lured employees to a webpage designed to get them to enter their Michigan Medicine login information. Four Michigan Medicine employees entered their login information and then inappropriately accepted multifactor authentication prompts which allowed the cyber attacker to access their Michigan Medicine e-mail accounts. Michigan Medicine learned the email accounts were compromised on August 23, 2022. The accounts were disabled as soon as possible so no further access could take place and password changes were made.

No evidence was uncovered during the investigation to suggest that the aim of the attack was to obtain patient health information from the compromised email accounts, but data theft could not be ruled out. As a result, the email accounts and their contents were presumed compromised.  Thus, all the emails and any attachments to them required a detailed, thorough review to determine if sensitive data about one or more patients was potentially impacted. This review was completed on October 17, 2022. Affected patients will be notified by letter. Notices were mailed to the affected patients or their personal representatives starting October 19, 2022 and will be completed on October 26, 2022. 

Some emails and attachments were found to contain identifiable patient information such as:  Name; medical record number; address; date of birth; diagnostic and treatment information; and/or health insurance information. The emails were job-related communications for coordination and care of patients, and information related to a specific patient varied, depending on a particular email or attachment. As soon as Michigan Medicine learned that the email accounts were compromised, the accounts were disabled so no further access could take place and immediate password changes were made. Additional technical safeguards on our email system and the infrastructure that supports it were also put in place to prevent similar incidents from happening. The email accounts did not contain any credit card, debit card or bank account numbers. One patient received separate notice because their Social Security Number was involved.  

Robust training and education materials are used to increase employee awareness of the risks of cyberattacks. This includes sending regular, simulated phishing emails (imitations) that Michigan Medicine initiates and manages so employees are trained on what to look for, and how to identify and report them. The employees involved in this incident had previously been involved in these training exercises, and they are subject to disciplinary action under Michigan Medicine policies and procedures. Michigan Medicine is very sorry and deeply regrets this incident has occurred.  Michigan Medicine also is assessing the ability to place additional technical safeguards on our email system and the infrastructure that supports it to prevent similar incidents from happening. “Patient privacy is extremely important to us, and we take this matter very seriously. Michigan Medicine took steps immediately to investigate this matter and is implementing additional safeguards to reduce risk to our patients and help prevent recurrence,” said Jeanne Strickland, Michigan Medicine chief compliance officer.

Those concerned about the breach who do not receive a letter may call the toll-free Michigan Medicine Assistance Line: 1-833-814-1736. Calls will be answered from 9 a.m. to 9 p.m. (Eastern Time), Monday through Friday, except holidays.  
 While Michigan Medicine does not have reason to believe the accounts were compromised for the purpose of obtaining patient information, as a precautionary measure, all affected patients have been advised to monitor their medical insurance statements for any potential evidence of fraudulent transactions. Information about potential identity theft is available from the Federal Trade Commission at www.identitytheft.gov/#/Warning-Signs-of-Identity-Theft.

Cookies & Cybersecurity: What's the Connection?

Source: cm-alliance.com on August 26, 2022

Browser ‘Cookies’ are a very important tool on the internet today. Their emergence dates back to 1994 and discussions around Cookie Consent are more than a decade old now. However, even today, many avid internet users do not understand why they are used and when they should be enabling Cookies and when they should definitely not be accepting them.  

In this guest blog, we discuss all about Cookies and their connection to internet safety and data privacy.  A thorough understanding of Cookies is essential to making sure you use them the right way. By ensuring that you’re using Cookies correctly, you can make a huge difference to the safety of your sensitive data and confidential information. On the other hand, recklessly enabling Cookies can have the exact opposite impact. You could be risking how your sensitive information is stored and shared if you accept Cookies on every site you browse.    When you visit a site, you will usually find a pop-up message containing an agreement to use Cookies on that website. Technically speaking the technology is supposed to make your online browsing experience on the site better. For example, the site will remember your username, password, and activity preferences that you generally do on the website. Basically, the website will always remember who you are so you won’t have to enter certain information again and again every time.  But what exactly are Cookies and how do they work? The next few sections will answer all your questions. 

What Are Browser Cookies? 
Cookies are small files that are placed on a user's computer when they visit a website. Basically, Cookies are created so that the website can find out what activity the user has done in the past. For example, Cookies allow a site to track the buttons or pages that have been opened by the user in a previous session. Cookies may also store information such as name, email address, and home or work address.  This will be recorded if you have entered this information on a website. And, there is often confusion between Cookies and cache. The main difference between the two is that cache only stores data online for the purpose of speeding up access to the browser or application. Meanwhile, Cookies store information about the activities you do on a website so that the site can display content that suits you. Cookies are often seen as harmful because there's speculation that one of the methods that malicious cyber criminals use to obtain personal data is through them. As a preventive measure, you can hide your IP address. The natural next question is - how to hide my IP address?. By using a VPN. But remember, always use reputable services so you can always have the best possible protection.

Functions of Cookies
The presence of Cookies will make your experience in browsing websites or applications more comfortable. The reason is that this technology offers a variety of advantages that can benefit users and site owners.  Here are some of the functions: 

•    Save login information: First of all, one of the main functions of Cookies on websites is to store user login information. This is quite important, especially to improve the user experience on the website.  With Cookies, users do not need to write username and password repeatedly when visiting the same website. 
•    Provide personalized content and references: Cookies are a technology on the site that is able to provide content and references to users. For example, Cookies will remember the type of content you have often seen and will then recommend similar content to you. This is supposed to improve your user experience and enhance the engagement with the site. 
•    Remembering site settings: Cookies are a technology that can remember site settings after being modified by users. For example, it will remember language preferences, color modes, and resolutions selected by users on the site. So, later, when the user accesses the website again, it will automatically provide the settings according to the previous choice, thereby keeping the user experience seamless and enjoyable. 
•    Enabling targeted marketing: Finally, Cookies are a technology that can drive the marketing needs of site owners. Most companies, in particular e-commerce sites, tend to use Cookies to target products to their customers.

Information such as search terms, keywords, and geographic locations are collected for their marketing campaigns. In fact, social networking sites like Facebook use Cookies to serve ads that are relevant to each user's needs.

Types of Cookies
There are three types of Cookies that are most commonly used today. These are:

•    Session Cookies: This means the Cookies will be deleted after you close a site. Session Cookies do not collect information from the device you are using. 
•    Persistent Cookies: In contrast to the previous type, this one is a Cookie that is stored on the hard drive permanently until you delete it manually. Persistent Cookies are used to find out things like user behavior or preferences on certain sites. An easy example is the use of language, the theme used, and so on. 
•    Third-party Cookies: The next type is third-party Cookies, which means that a third party places Cookies on a site for a specific purpose. This means the Cookies are being created by a site you are not even browsing. Usually, this is for advertising purposes. With these Cookies, don't be surprised if you often see ads that match your search on search sites or online shopping sites. Third-party cookies present the highest cybersecurity risks. Several cyber attacks, and even ransomware attacks, are often the result of exploiting third-party cookies. 

Should You Erase Cookies? 
Cookies on their own are not a serious security threat as such. However, it is important to understand that the information stored in Cookies can be easily hijacked and lead to serious consequences. For users, using Cookies safely and smartly should be one of the most important security measures undertaken on a regular basis. One must always use an updated browser and also frequently delete Cookies where required. It’s certainly a good idea to block third party Cookies as this presents the most significant security risk.  Businesses should also provide cybersecurity training to their staff about using Cookies wisely and thereby protecting the business’ systems networks against serious cyber threats. Using a VPN and removing Cookies on a regular basis is a great way to stay safer online, while enjoying a good browser experience.