Attacks

To protect against ransomware attacks, organizations should: · Regularly back up data, air gap backups, and password-protect backup copies offline. · Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides. · Implement network segmentation. · Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location · Install updates/patches operating systems, software,…

Read More

Companies with well-known brand names should continuously monitor domain name registrations to identify potential typo-squatting attacks impersonating their brand name. The Uniform Domain-Name Dispute Resolution Policy can be used by companies to reclaim brand-infringing domains. If the infringing domain is being used to deliver malware, most domain registrars will honor a request for an immediate take-down of the offending domain. Binary Defense Counterintelligence services include monitoring of typo-squatting domain names and review of impersonating websites.…

Read More

BitKeep recommends that anyone who may have installed the trojanized app should first download the official app from a trusted source like the Google Play Store, create a new wallet, and transfer all funds to it before removing the malicious version of the app. Any wallets created via the malicious app should be treated as compromised. In general, Binary Defense recommends only installing applications from the official app stores, such as Google Play for Android…

Read More

Data breaches involving healthcare or insurance information could result in insurance fraud. In addition to the normal precautions such as placing a freeze request with the major credit bureaus and monitoring financial accounts for unusual transactions, victims of medical data breaches should also be aware that identity thieves might attempt to get expensive medical procedures using their stolen insurance information. Carefully check “Explanation of Benefits” (EOB) forms or online claims notifications and promptly inform health…

Read More

The primary risk introduced by this breach is the combination of the unencrypted metadata with customer account information. With those two pieces of information, malicious actors can put together a profile of websites the exposed customers have accounts on, combine that with open source intelligence (OSINT) from social media, and perform activities such as spearphishing, vishing, or other social engineering techniques against employees. Additional social engineering awareness training may be effective over the next couple…

Read More

Pay-per-install services aren’t new, but their presence usually indicates a reasonable degree of confidence by the service provider that their malware will provide the desired end state to their client. Primarily, companies should keep any Detection and Response systems (EDR/MDR/XDR/etc.) and Anti-Virus (AV) up-to-date to identify the latest detected malware campaigns. Additionally, netflow analysis and DNS monitoring can help detect command and control (C2) and data exfiltration, which requires an understanding of baseline user behavior…

Read More

Although this proof of concept (PoC) was crafted for academic proposes, it does establish that if an attacker were to trick a victim into downloading the right application, these types of data could be extracted from the victim’s phone calls. The researchers suggest that phone manufacturers should ensure sound pressure stays stable during calls and place the motion sensors in a position where internally originating vibrations are either leaving motion sensors unaffected, or at the…

Read More