Author: comptroller

A Story of Cat Phishing

Thomas Brewster of Forbes published the story of how hackers cat phished a Deloitte’s employee.

An employee at Deloitte, one of the Big Four accounting firms, fell victim to a fake Facebook account in late 2016. The attacks, believed to have been perpetrated by Iranian government spies, occurred around the same time as a separate hack, which affected Deloitte’s data.

Mia Ash is a fictional woman created by the hacker crew known as OilRig, which cybersecurity firm SecureWorks believes is sponsored by the Iranian regime. In July 2016, Mia’s controllers targeted a Deloitte cybersecurity employee, engaging him though the social network in conversations about his job. As the online relationship grew, the employee offered to help his new friend Mia set up a website for her alleged business. Eventually, the controller behind Mia exploited the positive rapport to convince the Deloitte employee to open a malicious document sent by Mia on his work computer. Though it’s not believed that particular malware infected the wider company network, according to the sources, it illustrated the ability of the controllers to gain the employee’s trust.

The Mia Ash persona was built on the photos and profile information of a real woman from Romania, Cristina Mattei. With alluring images and active avatars across Facebook, WhatsApp and LinkedIn, Mia was a convincing fraud, described previously by SecureWorks cybersecurity researcher Allison Wikoff as one of the most developed fake personas she’d ever seen.

Mia was convincing enough to gain the internet friendship of the cybersecurity professional and, after sending messages for months convinced him to open a file, supposedly containing some of her photos, on a work laptop. Fortunately for Deloitte, the malware inside, (a tool dubbed PupyRat designed to pilfer credentials for corporate systems), didn’t make it onto the company network.

To Deloitte’s credit, its cybersecurity protections prevented the malware from reaching its network.

An attack like this takes a lot of time to prepare and execute and the attacker must believe there is something of sufficient value to be gained to make all that effort worthwhile.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

Stupid Automated Comments

Anyone with a website that allows people to make comments, is likely to be familiar with comments appearing that make no sense.

May be these are from people struggling with a second language or maybe from idiots, but quite often they are from automated systems that churn out comments from sets of standard phrases and try to load them on websites against old blog posts, articles etc.

Why do they do this?

Mostly to try to get web links onto Internet sites – maybe to their own website or blog or to one they are being paid to get links for. People pay only a few dollars for hundreds of back links so it cannot be a careful process and the comments must be mass produced and automated.

Here’s a few examples from recent stupid comments.

  • It’s not my first time to pay a quick visit this web site, i am browsing this site dailly and get nice facts
    from here daily.
  • This slot game has 5 reels and a massive 20
  • I need to to thank you for this fantastic read!! I certainly loved every little bitof it. I’ve got you bookmarked to check out new things you pos
  • I don’t even know how I ended up here, but I thought this post was good.I do not know who you are but definitely you are going to a famous blogger if you are not already  Cheers!
  • I’m not that much of a online reader to be honest but your blogs really nice, keep it up!I’ll go ahead and bookmark your website to come back in the future. All the best
  • Hey there! Would you mind if I share your blog with my Facebookgroup? There’s a lot of folks that I think would really  appreciate your  Please let me know. Cheers

The comments are always against old posts as they know that Google will largely ignore comments against new blog posts so as to stop people over populating their own posts with comments.

The comments are anything the scammer thinks will be accepted. But never accept such comments or you may find your site is deluged by random meaningless comments and that will annoy any genuine readers.

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

How to Stay Safe from Ransomware

Ransomware is when a hacker gets software onto your computer that can lock you out or encrypt the data files. Once the attack has succeeded, the hacker puts up a message screen on the computer announcing the attack and demanding a payment be made in order to get the decryption key or password to unlock the files.

Most of these attacks are the encrypting type and examples include CryptoLocker, Locky and CrytpoWall.

Ransomware commonly uses multiple evasion techniques to avoid being found by anti-virus programmes and is often able to spread from one computer to another on the same network.

The primary protection against ransomware is up to date anti-virus and anti-malware software and regular backups. Plus, you can consider the following:-

  • If your anti-virus or anti-malware has anti-ransomware options then enable that protection
  • Do regular scans of all drives
  • Ensure any important files and data are also copied onto Internet storage or other external storage
  • Never click on links in emails unless you are sure they are safe
  • Never open email attachments that you do expect
  • Delete spam emails and anything suspicious
  • Beware dodgy websites that may download drive-by malware.

In conclusion, ransomware is a real problem – don’t be caught out with out of date backups.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature