October Security Snippet

October is National Cybersecurity Awareness Month! In this month’s article, we touch on Ransomware, and dive into the world of social engineering—a tactic cybercriminals use to manipulate individuals into revealing personal information or taking certain actions they usually wouldn’t. We’ll discuss the importance of patching, which means updating software regularly to fix security vulnerabilities. Also included are a few best practices that can help you and your organization stay one step ahead of the threats. Read on to learn more about how to protect yourself and your organization from these common risks.

Government Advisory - Ransomware

Recently, an advisory was released warning the public of a critical ransomware threat called RansomHub. Ransomware is a type of malicious software that attackers use to lock and keep you from your files or computer systems, making them inaccessible. The attackers then demand payment, or a “ransom,” to unlock them. Essentially, it’s like a digital hostage situation where you’re asked to pay to regain access to your own data.

Here’s a brief excerpt from their advisory:

Since its inception in February 2024, RansomHub has encrypted and exfiltrated data from at least 210 victims representing the water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation, and communications critical infrastructure sectors.

The affiliates leverage a double-extortion model by encrypting systems and exfiltrating data to extort victims. It should be noted that data exfiltration methods are dependent on the affiliate conducting the network compromise. The ransom note dropped during encryption does not generally include an initial ransom demand or payment instructions. Instead, the note provides victims with a client ID and instructs them to contact the ransomware group via a unique .onion URL (reachable through the Tor browser). The ransom note typically gives victims between three and 90 days to pay the ransom (depending on the affiliate) before the ransomware group publishes their data on the RansomHub Tor data leak site.

Actions to take today to reduce your chance of being directly impacted by RansomHub:

• Install updates for operating systems, software, and firmware as soon as they are released.

  • Patch early, and patch often!

• Require phishing-resistant MFA (i.e., non-SMS text-based) for as many services as possible.

  • Use a mobile application like Google Authenticator (iOS / Android) or any of the other MFA options out there

  • Using an authenticator app can be a bit confusing, if it’s your first time, here’s a quick YouTube Video to get you started.

• Train users to recognize and report phishing attempts.

  • All the technology in the world can’t save you if you are tricked into giving away your secrets.

  • A healthy level of skepticism goes a long way when you are online.

Social Engineering

At first glance, ransomware might not seem connected to social engineering, but the two are closely linked. Attackers often rely on social engineering tactics—manipulating people’s trust or curiosity—to trick them into clicking a link or downloading a file received via email or text message (phone calls are also a common attack vector leveraged by attackers). With just one click, your device could be infected, making you an unknowing victim of ransomware or other attacks.

Social engineers are often driven by financial gain, and one way they target people is through malicious software like Trickmo, a type of banking trojan (article). Banking trojans are designed to sneak onto your phone or computer without you knowing. Once there, they steal your banking details and even attempt to transfer money directly from your accounts. Trickmo goes further by displaying fake screens to trick you into entering your phone’s PIN or unlock pattern, allowing attackers even more control. It also intercepts the SMS codes sent for secure logins, bypassing security measures (check out our previous article on phishing-resistant MFA options for more on this).

Another way that social engineers target people is through a tactic called “Pig butchering,” which is a type of financial scam where criminals build trust with their targets over time—often through online relationships or social media. They "fatten up" the victim by encouraging them to invest more and more money, using a fake trading application, in what seems like a lucrative opportunity. Once they’ve gained enough trust and the victim has invested heavily, the scammers disappear with the money, leaving the victim with nothing. This strategy is even more intimidating because the applications were stored on both the Google Play and Apple App Stores. These applications have been taken down from the app stores already, but threat actors are now using social engineering tactics to trick users into downloading and installing the applications from unauthorized sources.

Steps to take to avoid falling victim to Social Engineering:

• Set up and use MFA (as referenced above)

  • Never give out your code from your MFA application

  • Your IT department, bank, or the FBI will NOT ask you for this information… EVER!

• Use unique passwords EVERYWHERE

  • Password managers are great solutions to help keep track of all the unique passwords

  • Avoid using patterns in your passwords (Fall2024! is not as secure as you think it is)

• Enroll in Security Awareness Training

  • Either through your company, free videos on YouTube, or by [contacting us](mailto:support@systemsecured.com?Subject=Support) for our training offerings.

A final note on social engineering: while attackers often aim to steal money, sometimes their goal is simply to create confusion and distrust. One alarming tactic, reportedly linked to Russia, involves spreading misinformation on social media platforms like X (formerly Twitter) and LinkedIn to undermine public confidence in political candidates. Unfortunately, the sheer volume of false information makes it difficult for news outlets and social platforms to catch everything, allowing harmful narratives to slip through. This tactic highlights just how impactful and far-reaching social engineering can be beyond financial motives.

Strategies to help handle misinformation

• Verify Before Sharing: Always fact-check information using multiple, reputable sources before sharing it, especially if it’s emotionally charged or seems sensational.

  • Reliable sources often provide more context and nuance, which can help spot potential propaganda.

• Be Cautious of Emotional Manipulation: Propaganda often plays on strong emotions like fear, anger, or pride.

  • If a message feels designed to provoke, take a step back and evaluate it objectively to avoid being swayed by emotional triggers.

  • If a message seems to align with your beliefs perfectly, beware of confirmation bias as well. Threat actors know what people want to hear and will often play to that fact.

• Diversify Your Information Sources: Relying on a range of news outlets and perspectives can help you see a fuller picture and recognize biased or misleading information.

  • This approach reduces the chances of unknowingly accepting propaganda as truth.

Patching

In this last part of our blog, we’ll focus on the technological side of ransomware preparedness: patching. Regularly applying patches—those critical software updates—significantly lowers the risk for both individuals and businesses. Too often, we ignore the ‘update available’ notifications on our apps, phones, or computers. However, taking just a few minutes to apply these patches is a small step that can save you from much bigger, more costly issues down the road. Think of patching as a simple preventative measure, like an ounce of prevention that’s far easier than dealing with a pound of cure.

Browsers have become a common source of vulnerabilities. Earlier this month, issues in Safari have been detected that bypassed the browser’s built-in privacy controls. Staying vigilant with updates and security practices is crucial, no matter the platform. Similarly, a zero-day vulnerability has been reported in the Firefox browser, which has already been exploited in real-world attacks. This vulnerability can be easily weaponized through methods like watering hole attacks, where attackers infect legitimate websites to target specific users, or drive-by downloads, which can install malware without the user’s knowledge (here's a safe example from our website that shows drive-by downloads in action). This discovery underscores the importance of keeping browsers updated to protect against emerging threats. Lastly, Chrome recently faced a zero-day vulnerability that was exploited in an advanced social engineering campaign tied to North Korea. In this case, attackers stole the source code of a tank video game, then they launched a sophisticated AI-driven marketing campaign on social media complete with AI-generated images and promotional materials. This well-crafted campaign led unsuspecting users to the website that hosted the game, which, in reality, was a vehicle for ransomware. This example shows just how far attackers will go to make their schemes appear credible and emphasizes the need for caution, even with seemingly legitimate promotions.

Browsers aren’t the only applications under attack—other types of software require consistent patching, too. For instance, Samsung recently patched a vulnerability that attackers began exploiting in real-world scenarios within just a week of its disclosure. This quick turnaround underscores the importance of applying patches promptly and frequently, as cybercriminals move fast to exploit unpatched software. Unpatched software remains one of the most common paths for a breach.

How to stay on top of patches:

• Enable Automatic Updates: Whenever possible, enable automatic updates for your operating system, applications, and browsers to ensure you receive patches as soon as they’re available.

• Set a Regular Patch Schedule: For systems that don’t update automatically, establish a consistent schedule (e.g., weekly or monthly) to manually check and apply any available patches.

• Prioritize Critical Updates: Focus on installing security updates marked as critical or high priority first, as these typically address the most serious vulnerabilities.

  • Critical and High ratings typically mean the attack is easy to accomplish and/or can cause extensive damage

• Monitor Vendor Advisories: Subscribe to advisories from software vendors (e.g., Microsoft, Apple, Google) to stay informed of new vulnerabilities and patches for the software you use.

• Test Patches in a Controlled Environment: For businesses, test patches on non-essential systems first to avoid potential compatibility issues before rolling them out widely.

If you’re interested in learning more or have any questions, we would love to help guide you through your security journey. Contact us to schedule a consultation