MVP Blog

Search Our Site

What is SIM Swapping?

SIM for Cellphone.jpgSIM swapping is a technique that mainly involves the social engineering (or manipulation) of a target’s mobile phone provider. Using personal information obtained on their target, a hacker will attempt to persuade the target’s mobile phone provider to port their phone number over to a SIM card belonging to the hacker. Once the swap occurs, the hacker has essentially hijacked their target’s mobile phone number. One-time passwords, verification codes, and two-factor authorization that goes through a user’s mobile device via phone call or text message gets sent to the hacker.

College Student Steals Millions

College student, 20-year-old Joel Ortiz of Boston, accepted a plea deal for stealing more than $5 million in cryptocurrency from more than 40 victims. Cyber theft has recently and is continuing to be a huge threat to the crypto-currency community. Ortiz pled guilty to the crime and was sentenced to 10 years in prison as part of his plea deal.

You’re Just Lucky

You’re just lucky you haven’t been breached. Over the last few years, several SIM hijackers have been arrested, such as 21-year-old Nicholas Truglia who stole a million dollars in crypto, however authorities say Ortiz is the first person ever to be convicted of a crime involving SIM swapping. This just goes to show Ortiz is not the only person using this social engineering technique but was just one of the many to get caught. These are millions of dollars we are talking about, in the form of digital currency. Be protected and stay engaged in cyber security practices!

 


 

Went Phishing Again…

phising.jpgSophisticated hackers launched a successful phishing campaign that stole more than $800,000 from Cape Cod’s Community College. According to a Cape Cod Times report “Next-generation endpoint security solutions, if installed on all systems, would have stopped and prevented the attack.” Working with banking officials, the West Barnstable, Massachusetts college was able to recover around $300,000 of the funds.

Attack Details

  • The Phishing email appeared to have been sent from another college.
  • The person who clicked the email open had no suspicions at first, but when something seemed off, contacted the school’s IT department who ran a diagnostic test and found a polymorphic virus embedded in the phishing email.
  • The hackers set up a fake URL address for TD Bank and made nine fraudulent transfers totaling $807,130 from the college’s financial account. The hackers also placed calls to fool employees and validate the transactions.
  • The college recently installed next-generation endpoint protection software — but only on a portion of systems. Had the security been installed on all systems, the virus infection would have been avoided.

School Districts Under Attack

This is the second time in recent months that hackers have stolen money from the higher education industry in the United States’ New England region. An attack in June 2018 stole an estimated $1.4 million from 21 account holders at the Connecticut Higher Education Trust (CHET). Outages that have crippled colleges have also been Hacker-generated, for example, the Wisconsin outage that triggered three days of class cancellations.

Forgetful Users

Every year, technology like smartphones and laptops are lost in taxis, coffeeshops and elsewhere. Any security plan that doesn’t account for these “user error” conditions, is going to have difficulty from the very start. Teach routines like places to search before leaving a location or create "rituals" around packing up and leaving. These will help remind people to look around them before leaving. Also, mobile device management like a log-in authentication could help minimize damages.

Thieves

Sometimes laptops get stolen by people who want to sell them on Craigslist, but sometimes laptops get stolen by people who are trying to steal your data. These data-hungry attackers are often found in parking lots and coffee spots normally visited by high-value targets. Always be mindful about where your laptop is, as well as using the public Wi-Fi at your favorite coffee shop. 

USB Trojans

Hackers have created a trojan that makes exclusive use of USB devices in order to spread. As with most cyber-security practices, the first line of defense is changing user behavior. In order to defend against USB Trojans is to first make sure that anti-malware systems are Up-To-Date and aggressive. The second step is to make sure there is a procedure for randomly appearing USB sticks. 

Phishing Emails

Phishing emails are fraudulent emails appearing to come from a legitimate business or enterprise. These messages usually link you to a fake website or may get you to provide private information that is later used to obtain your personal data. Be on the lookout. Educate yourself and your staff.

 


 

crytojacking.jpgCryptojacking is the practice of using a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge. Cryptojacking has become a more popular way for cyber-criminals to extract money from targets in the form of cryptocurrency. Widely publicized hacks, like ransomware attacks, are some of the ways the hackers are Cryptojacking.

Four Young Hackers Booked In South Korea

Four young hackers have been arrested in a cryptojacking case involving over 6,000 computers in what is allegedly South Korea’s “first” known case of its kind, Korean English-language news outlet Aju Daily reports Nov. 8. The cryptojacking campaign is said to have lasted two months, as of October 2017, but resulted in mined crypto worth only around one million ($895).

Cryptocurrency In The US

International cybersecurity firm Group-IB has shown that the number of compromised accounts has risen 369 percent since 2017. Data shared with Hard Fork shows that a staggering third of all victims were in the US. Every single one of the top 19 exchanges has been breached; 720 usernames and passwords were stolen in total.

Prevention

Now, more than ever, it’s a good idea to increase your knowledge of cyber-attacks and pay attention to who you conversate with about cryptocurrency in public. Set a complicated password and until the exchanges sort out their security issues, don’t keep too much on any particular exchange.

 


 

MmadisonCounty.jpgadison County employees were unable to send emails one evening when a ransomware virus infected their computer systems. The virus has had crippling effects on the county’s ability to conduct business according to Madison County’s clerk Kim Muir. Ransomware viruses work by cutting off a user’s access to files and other important systems while demanding a ransom for it back.

Madison County’s Game Plan

The virus was discovered on October 4th, when an employee was checking to make sure the court’s new Odyssey system would run properly for the next day. “We don’t know a lot about how it happened or anything. We’ve got great IT people working to get our systems back up to where they need to be,” Muir says.

Update

Many of the files that were encrypted have since been restored. Muir says they still do not have access to email but hope to have that too, soon restored. The ransomware virus ended up costing the county just under $200,000. Lisa Cannon (IT Director) said the ransomware breach affected over 600 personal computers and up to 75 servers. Weeks were spent recovering data.

Prevention

Ransomware and other viruses can be easily avoided with 24/7 monitoring of computer networks, strong anti-virus, software patches, and updates, as well as end-user training. Reach out to your IT support team or person whether it be internal or external and make sure all of these things are being taken care of so you can avoid being the next Madison County.

 


 

Contact Us Today!