More Orgs Suffered Successful Phishing Attacks in 2021 Than in 2020

Enterprise organizations appear to be falling even further behind in their battle against phishing threats despite heightened awareness of the problem and efforts to curb it.

A new study shows that in 2021 more organizations experienced at least one successful email-based phishing attack than the year before. There were also more opportunistic and targeted phishing attacks last year compared with 2020, as well as phishing attacks involving ransomware and business email compromise (BEC).

Researchers recently analyzed data from a survey of 600 IT and security professionals and another survey of 3,500 employees from seven countries, including the US, UK, France, Germany, and Australia. The researchers also analyzed data gathered from some 100 million simulated phishing attacks and more than 15 million emails that end users reported as being suspicious.

Seventy-eight percent of organizations experienced a ransomware attack in which a phishing email was the initial infection vector. Seventy-seven percent reported a phishing-related BEC incident — an 18-point increase from 2020. Overall, 12% more organizations reported being victims of an indiscriminate or opportunistic phishing attack, while organizations reporting more targeted spear-phishing and BEC attacks went up 20%.

Roy Miehe | MspPortal Partners Inc. | Ceo/President
Bitdefender and Barracuda Distributor for Msp’s
“Where Service and Technical Skills Count”

Hackers slip into Microsoft Teams chats to distribute malware

Hackers slip into Microsoft Teams chats to distribute malware

Security researchers warn that some attackers are compromising Microsoft Teams accounts to slip into chats and spread malicious executables to participants in the conversation.

More than 270 million users are relying on Microsoft Teams every month, many of them trusting the platform implicitly, despite the absence of protections against malicious files.
Simple but efficient method

Researchers at Avanan, a Check Point company that secures cloud email and collaboration platforms, found that hackers started to drop malicious executable files in conversations on Microsoft Teams communication platform.

The attacks started in January, the company says in a report today, and the threat actor inserts in a chat an executable file called “User Centric” to trick the user into running it.

Once executed, the malware writes data into the system registry installs DLLs and establishes persistence on the Windows machine.
“In this Teams attack, hackers have attached a malicious Trojan document to a chat thread. When clicked on, the file will eventually take over the user’s computer” – Avanan

Manage Microsoft Teams settings for your organization
Here you can turn on or turn off file sharing and cloud file storage options. read Article and turn off file sharing

Users can upload and share files from cloud storage services in Teams channels and chats. Cloud storage options in Teams currently include Dropbox, Box, Citrix files, Google Drive, and Egnyte. Turn on the switch for the cloud storage providers that your organization wants to use.

Using either the above solution and fixing the issues or

Use Bitdefender/MspPortal Partners malware protection in combination of Barracuda/MspPortal Partners Spam, Phishing malware protection

Roy Miehe | MspPortal Partners Inc. | Ceo/President Bitdefender /MSP Aggregator – Distributor “Where Service and Technical Skills Count”

Google Releases Security Updates for Chrome (Must Apply)

Google Releases Security Updates for Chrome (Must Apply) (Review update)
02/15/2022 07:25 AM EST

Original release date: February 15, 2022

Google has released Chrome version 98.0.4758.102 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. One of these vulnerabilities has been detected in exploits in the wild.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update as soon as possible.

I have always supported Firefox. As bad as I personally think Facebook is, I think Google products and browser are worse.

Roy Miehe | MspPortal Partners Inc. | Ceo/President Bitdefender /MSP Aggregator – Distributor “Where Service and Technical Skills Count”

CISA Adds Nine Known Exploited Vulnerabilities to Catalog

Original release date: February 15, 2022

CISA has added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.
CVE Number CVE Title Remediation Due Date
CVE-2022-24086 Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability 3/1/2022
CVE-2022-0609 Google Chrome Use-After-Free Vulnerability 3/1/2022
CVE-2019-0752 Microsoft Internet Explorer Type Confusion Vulnerability 8/15/2022 not good
CVE-2018-8174 Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability 8/15/2022 not good
CVE-2018-20250 WinRAR Absolute Path Traversal Vulnerability 8/15/2022
CVE-2018-15982 Adobe Flash Player Use-After-Free Vulnerability 8/15/2022
CVE-2017-9841 PHPUnit Command Injection Vulnerability 8/15/2022
CVE-2014-1761 Microsoft Word Memory Corruption Vulnerability 8/15/2022 not good
CVE-2013-3906 Microsoft Graphics Component Memory Corruption Vulnerability 8/15/2022 not good

The two agencies also shared a list of measures that can help admins mitigate BlackByte attacks: 2-14-2022

The two agencies also shared a list of measures that can help admins mitigate BlackByte attacks: 2-14-2022

Thanks to Bleeping Computer

  1. Implement regular backups of all data to be stored as air gapped, password protected copies offline.
  2. Ensure these copies are not accessible for modification or deletion from any system where the original data resides.
  3. Implement network segmentation, such that all machines on your network are not accessible from every other machine.
  4. Install and regularly update MspPortal Partners/Bitdefender antivirus software on all hosts, and enable real time detection.
  5. Install updates/patch operating systems, software, and firmware as soon as updates/patches are released be careful of this look at KB’s first.
  6. Review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts.
  7. Audit user accounts with administrative privileges and configure access controls with least privilege in mind. Do not give all users administrative privileges.
  8. Disable unused remote access/Remote Desktop Protocol (RDP) ports and monitor remote access/RDP logs for any unusual activity.
  9. Consider adding an email banner to emails received from outside your organization.
  10. Disable hyperlinks in received emails MspPortal Partners/Barracuda
  11. Use double authentication when logging into accounts or services.
  12. Ensure routine auditing is conducted for all accounts
  13. Ensure all the identified IOCs are input into the network SIEM for continuous monitoring and alerts.
  14. Do you want Security Updates Emailed to you Subscribe to blog (bottom  of News page)

     

    Roy Miehe | MspPortal Partners Inc. | Ceo/President

    Bitdefender /MSP Aggregator – Distributor

    “Where Service and Technical Skills Count”

The Texas attorney general’s office sued Meta’s Facebook on Monday

Mon, February 14, 2022, 10:10 AM
WASHINGTON (Reuters) -The Texas attorney general’s office sued Meta’s Facebook on Monday, alleging that the social media giant violated state privacy protections with facial-recognition technology that collected the biometric data of millions of Texans without their consent.

The lawsuit accuses Facebook of capturing biometric information from photos and videos that users uploaded without consent, disclosing the information to others and failing to destroy it within a reasonable time.

“This is yet another example of Big Tech’s deceitful business practices and it must stop. I will continue to fight for Texans’ privacy and security,” Attorney General Ken Paxton said in a statement.

The lawsuit was first reported by the Wall Street Journal, which cited a person familiar with the matter as saying that the state was seeking hundreds of billions of dollars in civil penalties

“The scope of Facebook’s misconduct is staggering,” the lawsuit said. “Facebook repeatedly captured Texans’ biometric identifiers without consent not hundreds, or thousands, or millions of times — but billions of times,” the lawsuit said.