Default title

REPOSTED FROM THE KNOWBE4 WEBSITE

We partner with KnowBe4 for obvious reasons

REPOSTED FROM THE ORIGINAL POST AT KnowBe4

Here is the triple-threat scam which was discovered by our friends at Malwarebytes:

Comcast has a search page called Xfininity that serves tons of searches. On this page is a malicious ad (served by Google) from "Sat TV Pro" which claims to compare Direct TV to Comcast TV. The user clicks and gets redirected to a compromised site which has an Exploit Kit (EK) running.

The EK infects first the workstation with ransomware and then redirects to a fake Xfinity site.

The fake Xfinity site pops up a message from "Comcast's security plugin" that the workstation is infected (correct, the bad guys just did that!) and that the user needs to call tech support. The toll free number goes to scammers who will try to charge the user's credit card to "fix" the box.

Dang, they get craftier by the month with these "double payloads" where social engineering, exploit kits, and ransomware are combined. If they don't get you one way they will try to get you the other way. This is a good example of cyber crime gangs cooperating and sharing "revenues" because the toll-free scammers are unlikely to be the same guys as the ransomware team. If you want the technical detail, you can see the flow of the scam at the Malwarebytes blog. This particular scam was reported to Google and Comcast, but there will be other scams very similar to this one. The bad guys have whole campaigns stacked up with attacks like this, and it's like whack-a-mole.

So I would send the following out. Feel free to copy/paste/edit this Scam Of The Week and email it to your employees, friends and family.

"More and more, legit-looking advertising served on major websites turns out to be malicious. Bad guys pay for and posts ads that they hope you will click on. But if you click on those ads, you get redirected to a compromised website. That malicious site might infect your computer with ransomware, and/or display popups that claim your PC has a virus and tell you to dial a toll-free number. If you call that number it will be answered by scammers who claim they are Microsoft but will try to charge your credit card to fix your computer. What to do? You need to stay vigilant at all times and "Think Before You Click":

Don't click on links in emails but go to the website you want to visit using your browser.
Do not click on display ads on websites but go to the website you want to visit using your browser.

If you get popups that claim your computer has a virus and you need to dial a toll-free number, close your browser, and if this happens in the office, call the IT helpdesk.

In the office, IT will update your computer with the latest versions of software, but at the house you also need to update your applications to their latest versions. If you don't do that, and you wind up on a compromised website, it will try to install malware on your computer. Remember, both in the office and at the house, you need to "Think Before You Click".

Talk to ALT8 about your mobile device security concerns. We would be happy to review your current policies and help you evaluate and understand your risks.

Visit KnowBe4

RECENT THREAT POSTS

- Tara Seals
FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks
The infamous Carbanak operator is looking to juice its ransomware game by recruiting IT staff to its fake Bastion Secure "pen-testing" company.
- Lisa Vaas
REvil Servers Shoved Offline by Governments – But They’ll Be Back, Researchers Say
A multi-country effort has given ransomware gang REvil a taste of its own medicine by pwning its backups and pushing its leak site and Tor payment site offline.
- Tara Seals
Cisco SD-WAN Security Bug Allows Root Code Execution
The high-severity bug, tracked as CVE-2021-1529, is an OS command-injection flaw.
- Elizabeth Montalbano
Threat Actors Abuse Discord to Push Malware
The platform’s Content Delivery Network and core features are being used to send malicious files—including RATs--across its network of 150 million users, putting corporate workplaces at risk.
- Becky Bracken
U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn
Meanwhile, Zerodium's quest to buy VPN exploits is problematic, researchers said.
- Tara Seals
TA551 Shifts Tactics to Install Sliver Red-Teaming Tool
A new email campaign from the threat group uses the attack-simulation framework in a likely leadup to ransomware deployment.
- Lisa Vaas
Gigabyte Allegedly Hit by AvosLocker Ransomware
If AvosLocker stole Gigabyte's master keys, threat actors could force hardware to download fake drivers or BIOS updates in a supply-chain attack a la SolarWinds.
- Nate Warfield
Why is Cybersecurity Failing Against Ransomware?
Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense challenges in changing that status quo.
- Elizabeth Montalbano
Ransomware Sinks Teeth into Candy-Corn Maker Ahead of Halloween
Chicago-based Ferrara acknowledged an Oct. 9 attack that encrypted some systems and disrupted production.
- Lisa Vaas
Google Crushes YouTube Cookie-Stealing Channel Hijackers
Google has caught and brushed off a bunch of cookie-stealing YouTube channel hijackers who were running cryptocurrency scams on, or auctioning off, ripped-off channels. 

Archives

Leave a Reply

Your email address will not be published. Required fields are marked *

four + 8 =