Sunday, October 29, 2017

Payroll Scam - 10/27/2017

SUNY has made the college aware of a payroll scam that is being sent out. The scam is being sent from a ".edu" address and the subject line states "URGENT: Message from Payroll Department". The message tells the user that their October pay stub is ready for online review and provides a link to review the pay stub to correct a webtime entry error. Please be aware of this scam that is going around. Our payroll department does send out pay reminders but does not provide a link and if there is a pay error a member of our payroll office will directly contact you. If the link was clicked please contact the IT Department for further action.  

Thank you,
CCC IT 

Thursday, October 26, 2017

Scam of the week - 10/26/2017 - Bad Rabbit Ransomware

KnowBe4

There is a new worldwide ransomware ourbreak
It has elements of NotPetya.

Bad_RabbitOrganizations in Russia, Ukraine and a few hours later also the U.S. are under siege from Bad Rabbit, a new strain of ransomware with similarities to NotPetya.
 
The outbreak started Tuesday and froze computer systems in several European countries, and began spreading to the U.S., the latest in a series of attacks.
 
Department of Homeland Security’s Computer Emergency Readiness Team issued an alert saying it had received “multiple reports” of infections.
Russia’s Interfax news agency reported on Twitter that the outbreak shut down some of its servers, forcing Interfax to rely on its Facebook account to deliver news.
Bad Rabbit Starts With Social Engineering
The outbreak appears to have started via files on hacked Russian media websites, using the popular social engineering trick of pretending to be an Adobe Flash installer. The ransomware demands a payment of 0.05 bitcoin, or about $275, from its victim, though it isn’t clear whether paying the ransom unlocks a computer’s files. You have just 40 hours to pay.
Bad Rabbit shares some of the same code as the Petya virus that caused major disruptions to global corporations in June this year, said Liam O’Murchu, a researcher with the antivirus vendor Symantec Corp.
Based on analysis by ESET, Emsisoft, and Fox-IT, Bad Rabbit uses Mimikatz to extract credentials from the local computer's memory, and along with a list of hard-coded credentials, it tries to access servers and workstations on the same network via SMB and WebDAV.
The hardcoded creds are hidden inside the code and include predictable usernames such as rootguest and administrator, and passwords straight out of a worst passwords list. (Note To Self: all user passwords need to be strong, step all employees through a strong password training module ASAP.)
As for Bad Rabbit, the ransomware is a so-called disk coder, similar to Petya and NotPetya. Bad Rabbit first encrypts files on the user's computer and then replaces the MBR (Master Boot Record).
Ouch, that basically bricks the workstation. 

Tuesday, October 24, 2017

Corning E-mail Server Upgrade Email 10/24/2017

A week ago, the Information Technology department worked with SUNY SOC (Security Operations Center) and conducted a  phishing training campaign. A total of 232 emails containing “Corning E-mail Server Upgrade” Phishing content was sent out to full-time employees and 67% of the recipients opened the email. From that 67% only about 13% clicked on the link, this resulted in 9% of those who received the email clicked the link and submitted information. IT discussed our results with SUNY, in comparison to the 2016 Verizon data breach research where 12% of the recipients opened the link, we had 13% opened.  IT would also like to thank everyone for participating in this phishing training campaign and thank you for your cooperation.  Keep in mind, we will be conducting more training campaigns in the future so please continue to question the validity of your received emails.  Remember, when in doubt, please give us a shout! Ext. 9555

If you would like to see a quick 5-minute training video to help identify Phishing emails, please click on this link http://sysadm.mediasite.suny.edu/Mediasite/Play/0f1bf10a5d91403e945bee5e9421cfe41d

If you would like to review actual phishes and see how they are identified please check out UAlbany's wiki page called "Catch of the Day" at this link https://wiki.albany.edu/display/public/askit/Catch+of+the+Day;jsessionid=0D955AE4B13C3DDB5A1EFECF960484AF 

Finally, here is our Phishing Campaign report from SUNY https://drive.google.com/open?id=0Bwvistqeol3HaG9nTTBUMGpXUWs

Friday, October 13, 2017

Scam of the Week - 10/13/2017

And again—it is enough to make you nauseous—low-life scum on the internet is using a tragedy and try to scam money out of people that want to help the victims.
The Nevada Attorney General’s office is investigating reports of fake online charities collecting donations on behalf of victims that were killed or wounded at a shooting at a country music festival in Las Vegas Oct. 1. Officials are partnering with GoFundMe and other social media sites to take down these fraudulent pages.
There has been at least one Facebook page that has been shut down in light of the recent tragedy that was soliciting fraudulent donations. The Attorney General’s office is also aware of other complaints and pursuing those as well. 
“There continue to be sham charities and websites seeking to profit from this horrific tragedy,” said Nevada Attorney General Adam Laxalt. “Complaints from local consumers continue to be the best source of information for our Bureau of Consumer Protection in investigating claims of misrepresentation.”
Steve Weisman wrote: "Scammers will call you, text you, email you or set up websites with the intent to steal your charitable donations. In the case of phony charity websites, they are sometimes set up to appear to be those of legitimate charities with which you may be familiar".
At the risk of sounding like a broken record, I suggest you send employees, friends and family an email about this Scam Of The Week, feel free to copy/paste/edit:
"Heads-up! Bad guys are exploiting the Las Vegas shooting. There are fake Facebook pages, tweets are going out with fake charity websites, and phishing emails are sent out asking for donations to bogus Vegas Charities. 
Don't fall for any scams. If you want to make a donation, you can go to http://www.charitynavigator.org before you consider giving to any charity. This free website will let you know if the charity is legitimate or a scam. It will also tell you how much of what it collects actually goes toward its charitable work and how much it spends on salaries and administration expenses. 
Do not click on any links in emails or text you might get. Whatever you see in the coming weeks about Las Vegas disaster relief... THINK BEFORE YOU CLICK.
For KnowBe4 customers, we have a phishing template, in Current Events titled: "Fox Breaking News: ISIS Releases Video Claiming Responsibility for Las Vegas Shooting (Link)". Send this to your employees to inoculate them against disaster relief scams like this.  
Warm regards, and let's stay safe out there.