MVP Blog

Search Our Site

Credential Stuffing

trojanHorse.pngEvery year it seems there’s a constant slew of major hacks at big companies that end up with millions of username/password pairs being compromised. These results in the real world are what’s known as credential stuffing. Credential stuffing is when hackers use long lists of stolen login credentials in a large-scale automated attempt to log into various websites. Therefore users should make their credentials more secure and not something not commonly used.

Banking Trojans

In network security terms, a Banker trojan- horse or (Banker Trojan) is a malicious program used to obtain confidential information about victims via online banking and payment systems. How a banking trojan works is it disguises itself as a genuine app or software that users download and install. Once installed it positions itself in a way to access your banking details. Once it has the login information, it can beam it back to the malware developer granting them access to your bank account. Easy right?

Quantum Cryptography

Quantum cryptography is the science of exploiting quantum mechanical properties to execute cryptographic tasks. Essentially, quantum cryptography is based on the usage of individual particles/waves of light (photons) and their intrinsic quantum properties to develop an unbreakable cryptosystem - essentially because it is impossible to measure the quantum state of any system without disturbing that system. It is theoretically possible that other particles could be used.

 


 

momo.pngMomo, with its bulging eyes and stringy hair, reportedly appears on sites or apps like WhatsApp, Facebook and YouTube, sometimes in conjunction with kids’ videos meant to depict the popular game "Fortnite" or kids show character Peppa Pig. A trend called the “Momo Challenge” has been stirring up fervor in recent weeks. This terrifying doll asks the viewer to participate in challenges that range from innocuous to deadly including murdering and suicide. This “character” has been appearing around the internet for at least a year, according to international police agencies and news outlets. These videos are targeting children.

Educating Your Children

While the MoMo challenge is nothing more than a viral hoax, it still lays the underlying problem that your kids need to be educated and careful when on the internet, even if you think they are watching something as simple as their favorite kid show on YouTube. It’s not just this creepy character that kids need to be aware of on the Internet but of various things from disturbing content to cyber criminals aiming to extort information. 

History

To clear things up, this isn’t the first sighting of “the Momo challenge” but it has resurfaced, and people are still unaware of its presence on the internet. This is nothing more than an internet hoax that is reappearing that reminds us to watch over what our kids are doing on the internet and what they might be, being exposed to.

 


 

What is SIM Swapping?

SIM for Cellphone.jpgSIM swapping is a technique that mainly involves the social engineering (or manipulation) of a target’s mobile phone provider. Using personal information obtained on their target, a hacker will attempt to persuade the target’s mobile phone provider to port their phone number over to a SIM card belonging to the hacker. Once the swap occurs, the hacker has essentially hijacked their target’s mobile phone number. One-time passwords, verification codes, and two-factor authorization that goes through a user’s mobile device via phone call or text message gets sent to the hacker.

College Student Steals Millions

College student, 20-year-old Joel Ortiz of Boston, accepted a plea deal for stealing more than $5 million in cryptocurrency from more than 40 victims. Cyber theft has recently and is continuing to be a huge threat to the crypto-currency community. Ortiz pled guilty to the crime and was sentenced to 10 years in prison as part of his plea deal.

You’re Just Lucky

You’re just lucky you haven’t been breached. Over the last few years, several SIM hijackers have been arrested, such as 21-year-old Nicholas Truglia who stole a million dollars in crypto, however authorities say Ortiz is the first person ever to be convicted of a crime involving SIM swapping. This just goes to show Ortiz is not the only person using this social engineering technique but was just one of the many to get caught. These are millions of dollars we are talking about, in the form of digital currency. Be protected and stay engaged in cyber security practices!

 


 

Went Phishing Again…

phising.jpgSophisticated hackers launched a successful phishing campaign that stole more than $800,000 from Cape Cod’s Community College. According to a Cape Cod Times report “Next-generation endpoint security solutions, if installed on all systems, would have stopped and prevented the attack.” Working with banking officials, the West Barnstable, Massachusetts college was able to recover around $300,000 of the funds.

Attack Details

  • The Phishing email appeared to have been sent from another college.
  • The person who clicked the email open had no suspicions at first, but when something seemed off, contacted the school’s IT department who ran a diagnostic test and found a polymorphic virus embedded in the phishing email.
  • The hackers set up a fake URL address for TD Bank and made nine fraudulent transfers totaling $807,130 from the college’s financial account. The hackers also placed calls to fool employees and validate the transactions.
  • The college recently installed next-generation endpoint protection software — but only on a portion of systems. Had the security been installed on all systems, the virus infection would have been avoided.

School Districts Under Attack

This is the second time in recent months that hackers have stolen money from the higher education industry in the United States’ New England region. An attack in June 2018 stole an estimated $1.4 million from 21 account holders at the Connecticut Higher Education Trust (CHET). Outages that have crippled colleges have also been Hacker-generated, for example, the Wisconsin outage that triggered three days of class cancellations.

Forgetful Users

Every year, technology like smartphones and laptops are lost in taxis, coffeeshops and elsewhere. Any security plan that doesn’t account for these “user error” conditions, is going to have difficulty from the very start. Teach routines like places to search before leaving a location or create "rituals" around packing up and leaving. These will help remind people to look around them before leaving. Also, mobile device management like a log-in authentication could help minimize damages.

Thieves

Sometimes laptops get stolen by people who want to sell them on Craigslist, but sometimes laptops get stolen by people who are trying to steal your data. These data-hungry attackers are often found in parking lots and coffee spots normally visited by high-value targets. Always be mindful about where your laptop is, as well as using the public Wi-Fi at your favorite coffee shop. 

USB Trojans

Hackers have created a trojan that makes exclusive use of USB devices in order to spread. As with most cyber-security practices, the first line of defense is changing user behavior. In order to defend against USB Trojans is to first make sure that anti-malware systems are Up-To-Date and aggressive. The second step is to make sure there is a procedure for randomly appearing USB sticks. 

Phishing Emails

Phishing emails are fraudulent emails appearing to come from a legitimate business or enterprise. These messages usually link you to a fake website or may get you to provide private information that is later used to obtain your personal data. Be on the lookout. Educate yourself and your staff.

 


 

Contact Us Today!