Weekly Security Roundup with Clinton Pownall

By Clinton Pownall
 President & CEO
 Computer Business

Phishing Uses LinkedIn for Bait.  LinkedIn is a great platform for business networking. Unfortunately, that has attracted the attention of hackers and other bad actors for some years now. CyberNewsreports on a study released by Atlas VPN, which analyzed information from the third quarter of 2020 and found “For the third year in a row, phishing scams have referenced LinkedIn in their subject lines of emails more than any other website.” Unfortunately, the social engineers behind phishing e-mails are good at what they do. The Atlas VPN report found that “Top-clicked LinkedIn phishing emails include such subject lines as ‘You appeared in new searches this week!’, ‘People are looking at your LinkedIn profile’, ‘Please add me to your LinkedIn network’, and ‘Join my network on LinkedIn.’” The report found that e-mails mentioning LinkedIn within the subject line were opened 47% of the time, compared to 15% for Twitter-based subject lines, and 12% for Facebook. One safeguard is to go directly to your LinkedIn account, rather than opening such e-mails directly. Or at least take a good hard look at the email address to make sure it is actually from LinkedIn, and not a subtle spoofed variation.

Cybercrime Cost the World More than $1Trillion Last Year. Recently I wrote of research estimating a $1 billion cost for global ransomware. Now McAfee reports that total cybercrime for 2019 totaled $1 trillion—a 50% increase from 2018. McAfee notes that the cost represented just over 1% of total global GDP. Steve Grobman, McAfee’s Senior Vice President and CTO, writes: “The severity and frequency of cyberattacks on businesses continues to rise as techniques evolve, new technologies broaden the threat surface, and the nature of work expands into home and remote environments.” In addition to direct losses from theft, the report points to hidden costs including system downtime, reduced efficiency, incidence response costs, and damage to brand and reputation.

Get Your IRS ID Protection PIN to Protect Against Scamsters. I think we’ve all heard about the scamster identity thieves who get access to someone else’s Social Security number, and then uses it to file for a phony tax return—with the funds going to themselves, not the taxpayer. Krebs on Security writes that Starting next month the Internal Revenue Service will allow all taxpayers to apply for an identity protection personal identification number (IP PIN), a single-use code designed to block identity thieves from falsely claiming a tax refund in your name. Previously, this was only available on a limited basis, including to those, after the fact, who had already been hacked. Krebs reports the IRS will launch its “Get IP PIN” tool by mid-January, and notes that meanwhile you can also contact the IRS about its “secure access authentication” process.

Hackers Steal Nearly $1 Million from Philadelphia Food Bank. Here’s yet another to file under Thieves have no honor. Philabundance, a Philadelphia food bank, was defrauded of a reported $923,553 recently through a cybercrime that apparently involved e-mail social engineering that induced the organization to wire funds to the bank account of a fraudster posing as a construction company that had done work for the organization. Philabundance, which has operated for 35 years, and last year distributed 26 million pounds of food, notes: “We have enhanced our IT security systems and financial controls to provide added protection for every single dollar we raise.” Note: This food bank isn’t alone. There is a long list (and likely an even longer list of unreported incidents) of spear phishing attacks against senior executives who are tricked into authorizing a large payment—usually by wire transfer—to fraudsters. Such attacks usually involve spear phishing, in which a bad actor gains access to an organization’s e-mail system and other corporate resources, and takes the time to determine who the CEO or CFO is, their communication style, and even their schedule, and then mimics an e-mail that appears to be coming from them, requesting transferring funds to what turns out to be a fraudulent account. This is just another example of why it is so critically important to secure your IT resources—and constantly educate employees about phishing, spear phishing, and other social engineering attacks.

North Korea is a Cyber Attack Superpower. When it comes to cybercrime, North Korea is proving to be a good student. That’s the take away from a recent Dark Reading article titled “Inside North Korea’s Rapid Evolution to Cyber Superpower.” In addition to espionage, it appears that North Korea is in it for the money. The article notes: “Its financial motivation sets North Korea apart from other nation-state groups, especially the ‘Big Four—Russia, China, Iran, and North Korea.” But espionage is still a big part of their focus. Dark Reading quotes Josh Burgess, Technical Lead and Threat Intelligence Adviser at CrowdStrike, as saying: “I would say that really the evolution and the complexity of their attacks evolved along with the motive of their attacks, which brings us to where we are at today, this dual-pronged approach—not only the financial element, but also economic espionage, also national security espionage.”   

Tips for Securing Your Home Wi-Fi. With more people working on computers from home than any other time in history—it is safe to guess—special care needs to be taken to secure the Wi-Fi connection used to connect with workplace networks and other online resources. Naked Security has a brief and helpful list of steps you can take to help ensure your Wi-Fi connections are secure.

Clinton Pownall is the President & CEO of Computer Business Consultants and has been in the IT field since 1990. Pownall served in the U.S. Navy for six years as a Weapons Systems Technician and has a Bachelor of Science in Computer Engineering. Through Computer Business, he was one of the first to pioneer VoIP technology using satellite communications. Pownall serves on several boards and committees and has a strong affiliation with various education groups, local school districts, and served in regional efforts of the Bill & Melinda Gates NextGen Foundation. He serves as a Vice President of the Board of Director for the Orlando Shakes Theater and is heavily involved in the South Lake Chamber of Commerce, West Orange Chamber of Commerce, and the Orlando Economic Partnership.