Hacker Tracker | December

Where are we in the world of cybersecurity? It’s easy to miss the cybersecurity threats and attacks happening right in our “backyard”. Our goal at PK Tech is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware–without being afraid–of the cybersecurity threats that are real threats for your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity.

Check out our monthly “Hacker Tracker” for the latest in cybersecurity hacks, breaches and updates.

Watch out for this triple-pronged PayPal phishing and fraud scam | 12.2.22

• Hackers sent a series of fraudulent messages to victims, claiming to be someone sending them a payment, sent from an @paypal email address.    
• However, there were a number of signs: misspellings, an unexpected payment and email, and an urgent “please call us as soon as possible”
• View the Source

Uber suffers new data breach after attack on vendor, info leaked online | 12.12.22

• Uber has suffered a new data breach after a threat actor leaked employee email addresses, corporate reports, and IT asset information stolen from a third-party vendor in a cybersecurity incident.
• Data was stolen in a breach on Teqtivity, which provides asset management and tracking services for the company.
• The threat actor named ‘UberLeaks’ began leaking data they claimed was stolen from Uber and Uber Eats on a hacking forum known for publishing data breaches.
• View the Source

These hackers used Microsoft-signed malicious drivers to further their ransomware attacks | 12.15.22

• Security firms have reported that multiple hacking groups have been using drivers signed by Microsoft in a series of attacks, including the deployment of Cuba ransomware. 
• The malicious but properly Microsoft-signed driver was used in an attempt to terminate endpoint-detection agents and antivirus on affected systems from multiple vendors. 
• The attacker would have gone through an elaborate set of processes with Microsoft and Certificate Authorities (CAs) in order to obtain a Microsoft-signed driver.
• View the Source

Lessons Learned: 

#1- Yes, phishing can be sneaky (that’s the whole point), but there are some telltale signs with most phishing attempts. We discuss how to easily prevent phishing attacks in our blog here, including using the SLAM method to identify potential threats. SLAM refers to a series of signs to watch out for and dictates what to do if you spot one of the SLAM acronyms. This recent three-pronged phishing attack is also an essential reminder of the importance of employee education around general cybersecurity and explicitly watching out for potential phishing attacks.

#2- From the Uber breach, we are reminded of the danger of third-parties vendors. Your cybersecurity practices can be rock solid, but the minute you welcome third-party vendors, you also accept their cybersecurity practices (and flaws) along with their services. We discuss this problem in our blog, Choose Your Vendors Carefully: Third-Party Breaches Cause Up to 26 Times the Damage Compared to a First-Party Breach. 

#3- Why does this development really matter? Because many security services will implicitly trust anything signed by Microsoft. Endpoint detection vendors are, in essence, forced into trusting signed drivers by Microsoft–this makes it difficult to distinguish between legitimate benign examples and malicious ones that slip through the security checks. Hackers are getting brazen and more sophisticated in their methods, which is a prime example.