Unmonitored Account Hacking, Dirty Out-of-Office Tricks and Phone Malware Attacks

Cybercriminals and hackers have found a few new spins on old techniques to steal your data and your money.  Here are some of the newest techniques, which are just surfacing in the past couple of weeks.

Deceased Employee’s Account Hacked, More Than 100 Systems Compromised.

Hackers recently used an unpatched software flaw to gain access to a business network, and then searched for an administrator account that would allow them access to the whole network without drawing suspicion.

They found one – a domain administrator that had passed away three months earlier.  Unmonitored accounts are often targeted during hacks, but using the information of someone who recently died to gain access to a network is especially cruel if it was done intentionally.

In this case, the company had kept the account active because they hadn’t had time to change administrator credentials for all of the services this account was used to manage.

Since it wasn’t being monitored, hackers were able to use it to steal company data, and then lock that data up by encrypting it.  They spent a month on the network undetected before launching the ransomware – but probably could have remained there undetected for much longer if they had wanted to monitor communications or steal data at a later point.

Read more at Threatpost

 

Criminals Used Out-of-Office Notifications Over Christmas For Lies and Extortion

While you were enjoying Christmas vacation, criminals found a new way to extort people out of money by tricking them into thinking they had been compromised.

Before leaving for the holidays, many employees set out-of-office autoreplies or forwarded incoming email to another in-office colleague.  Cybercriminals reconfigured their own email headers to take advantage of this out-of-office reply functionality. When the criminals sent an email to the out-of-office employee, it seemed as if the hacker’s email was instead coming from the recipient’s own email address.

In this email, the criminal falsely claimed that they had control of the employee’s account – hence why the email was coming from the employee’s account, to the employee’s account. The criminal demanded a ransom payment (in Bitcoin, of course) for the employee to avoid having their files shared online.  The moral here: if someone claims to have access to your account, first make sure they actually do.

Read more at Dark Reading

 

That Wasn’t a Collaboration App

Personal email accounts are being targeted with phishing emails asking them to download a collaboration application and join their co-workers on the platform.  Some people are downloading the application, but they aren’t getting a collaboration application – they’re getting malware.

This is just one of many ways that hackers are targeting mobile devices; nearly half of companies had a user with a compromised mobile device access some portion of their network in 2020.  The scariest statistic: over one-third of compromised users continued accessing corporate email with the device after it was infected, and 11% accessed business cloud storage, as malware was potentially monitoring their activity and keystrokes.

Read More at Wandera