ICAHN Information Technology Blog

11.23.20

Visit any website these days, and it’s very likely that you will be viewing ads as well.  Sometimes these ads can be tempting, with many offering sales, promotions, or freebies to attract more clicks. Ads on certain websites can even be targeted specifically to you based on past browsing history, making you even more likely to click!

Remember this: just because you are on a reputable, well-known website, it does not mean that the ads on the website are safe to click as well.

How adspace can become infected: Advertisers do not sell their ads to websites one at a time. Websites that want to make money sell their advertising space to an ad network. Advertisers sign contracts with that ad network which then displays the ads on the participating websites. The ad network sits in the middle between the advertisers and the websites and manages the traffic and the payments.

Cybercriminals can take advantage of this system by fooling the ad networks into thinking they are a legit advertiser, but the ads which are displayed on major websites can be poisoned. If you browse to a page with a poisoned ad on it, that is enough to run the risk your PC will be encrypted with ransomware, which can hold your computer or your entire network hostage until you pay the cybercriminal a ransom.

Tips to prevent the effect of harmful ads:

  • Disable Adobe Flash on your computer - or at least set the Adobe Flash plug-in to "click-to-play" mode - which can block the automatic infections.
  • Keep up-to-date with all the security patches and install them as soon as they come out.
  • Download and install a reputable ad blocker plug-in for your browser. These prevent the ads from being displayed in your browser to start with. These ad blockers are getting very popular with hundreds of millions of people using them.

10.1.20

You've probably seen people wearing security badges at their place of business. Can you think of how many different organization badges you recognize in your area? Would you be able to recall the details of the badges you've seen?

Is there a picture on the badge? If so, do you know where it's located? How big is the picture? What color is the badge? Where is the person's name located on it? With all that information, do you think you could make one that looked similar?

That's the sort of detail the bad guys are taking note of when you aren't careful with your security badge. With the advancement of technology and image creation and editing becoming commonplace, it is increasingly easy for attackers to replicate the look and feel of security badges. Within hours, attackers can recreate your badge with their name and picture. They can then use this badge to gain access to your organization.

Badge Security - Do's and Don'ts

It's important that you are responsible for your security badge and practice proper badge use. If your organization has a formal policy on proper badge use, please refer to that policy. 

Here are some general guidelines on the do's and don'ts of badge security:

DO: Wear your badge at all times while inside the building.

DON'T: Do not wear your badge while you are in public place. When you wear your badge in public, you are also advertising where you work. Attackers can better target an organization or spear phish an individual, if they know their name and where they work.

DO: If you've lost your badge or suspect it has been stolen, make sure to report it as missing immediately.

DON'T: Never let others use your badge if they have forgotten theirs.

Next time you leave for lunch break or leave the office, put your ID in your purse or pocket so that others cannot easily gather that information from you.

7.15.20

Scammers are seeking to obtain personal information by impersonating Canadian hospital staff over the phone, NEWS 1130 reports. Vancouver Coastal Health issued an alert in which the healthcare provider warned people not to give out their personal information if they receive an unsolicited phone call from someone claiming to work for a hospital. The organization said the scammers may be spoofing the phone numbers of local hospitals, so people shouldn’t trust what appears on caller ID.

Click here for full article

7.6.20

How can you tell if an email is safe? Even if you catch red flags in an email, such as typos or poor grammar, an urgent demeanor, or even a spoofed domain, how can you truly decipher the safety of an email? An immediate step you can take is to watch out for more of the most critical tell-tale signs of a phishing email - a mismatched or fake URL. Hovering not only allows you a moment to think before proceeding, it allows you the opportunity to see where a link is going to redirect you. This is especially important because not all links lead to where they appear, or insinuate they'll go.

When you hover, check for the following to ensure you're staying safe and secure:

  • If the email appears to be coming from a company, does the hover link match the website of the sender?
  • Does link have a misspelling of a well-known website (Such as Micorsoft.com)?
  • Does the link redirect to a suspicious external domain appearing to look like the sender’s domain(i.e., micorsoft-support.com rather than microsoft.com)?
  • Does the hover link show a URL that does not match where the context of the email claims it will take you?
  • Do you recognize the link’s address or did you even expect to receive the link?
  • Did you receive a blank email with long hyperlinks and no further information or context?

If you notice anything about the email that alarms you, do not click links, open attachments, or even reply. If everything seems okay, but you're still not sure–verify! Ask your IT team or leadership if the email is legitimate before proceeding. Remember, you are the last line of defense to prevent cyber criminals from succeeding and making you or your company susceptible to an attack.

6.18.20

There has been a significant increase in DNS domain names containing blacklivesmatter or George Floyd's name, and there is a good chance some of those are owned by people with malicious intent. Social engineers and phishing creators love to use newsworthy events to foist new scams. They know that people's interest in the latest events, natural or otherwise, makes potential victims less likely to be as skeptical when an unexpected email ends up in their inbox, especially if that email is enraging. Natural calamities like earthquakes, tornados, floods, and hurricanes have always been phishing draws. Pandemics, celebrity deaths, political upheaval, cultural unrest, and riots are guaranteed to trick a higher number of unsuspecting victims into clicking on a malicious link or downloading a file that requires their password.

Click here for the full story

5.29.20

Data breaches continue to be one of the many things that keep IT security people up at night.  They are becoming more prevalent every day with many of them containing sophisticated and targeted attacks. It is important to note that not all attacks are initiated by externally facing bad actors.  A recent report from Verizon shows that 30% of all breaches were caused by internal users. Some of that was through inadvertently giving up information to outside entities through spoofing/phishing but unfortunately, far too many are caused by sheer negligence, complacency, apathy and ignorance. It is imperative that we remain vigilant in our education efforts within our organization to mitigate these threats. This can be done many different ways; through phishing campaigns, classroom discussions, or annual in-service training. Head on over to Verizon’s website to read the article in its entirety.

https://enterprise.verizon.com/resources/reports/dbir/

5.26.20

COVID-19 has changed the IT landscape for the foreseeable future.  During this tumultuous time it's imperative to remain vigilant and adhere to all security based guidelines, policies and procedures in place within your organization.  Unfortunately bad actors are being just as vigilant in their use of multiple attack vectors, in an attempt to infiltrate our organizations.  Jessica Davis over at healthitsecurity.com has released an article explaining one of the most recent attack vectors used by these bad actors and ways to mitigate the threats they pose.  Unfortunately, with an increase in employees working offsite our exposure to these attack vectors continues to widen.

https://healthitsecurity.com/news/hackers-using-covid-19-phishing-website-spoofing-for-credential-theft