The following alerts are the most serious security issues TCN Contractors will have to currently contend with. Please read and fortify your system against these attacks.

MELTDOWN and SPECTER

Issue Summary: The Meltdown/Specter exploit is a security vulnerability that has been discovered in Most modern (after 1999) Computer CPU’s. Currently “Meltdown” effects Intel and ARM processors (Intel is in many modern pc’s and ARM is in a significant portion of smart phones/tablets/etc). Specter effects ALL CPU’s on the market.

This exploit allows a hacker to extract information from your computer like passwords, encryption keys, and other secrets (Like PHI).

Resources: PC World has a full write up with many tech details about this:  http://www.pcgamer.com/what-you-need-to-know-about-the-meltdown-and-spectre-cpu-exploits/

ZDnet has a similar article plus links to other articles detailing various aspects of how this exploit will effect users: http://www.zdnet.com/article/meltdown-spectre-ibm-preps-firmware-and-os-fixes-for-vulnerable-power-cpus/

Recommendations: There are currently security patches for Windows 7, 8.1 and 10; therefore, make sure you have Windows Update runnin. Update ASAP. There is also an update for Apple iOS systems that will prevent the exploit for several of their core apps (mail, browser, commerce, etc). Most browsers have patched themselves to avoid this as well so make sure to get the newest/current version of Firefox/Chrome/Opera/Internet Explorer. It is recommended to also update your computer’s BIOS if a patch has been released, but this should be handled by a trained local tech that is HIPAA compliant and has a signed BAA with you.

The Bad News: Because of the nature of computer CPU’s the patches to stop this exploit are anticipated to effect the speed of the computer. It will vary, but you may notice your system performing slower, less responsive, or sluggish. This is an unfortunate side effect of the fix.

Related: Because this exploit will effect online “cloud” systems and services, it is advised you inquire with your banks and any sites/companies you frequently use to verify they had taken measures to prevent your data being leaked.

 

KRACK

  • Issue Summary: KRACK, or Key Reinstallation AttaCK, is an exploitation which breaches part of the authentication between a device and a router over a Wi-Fi connection.  Once the breach occurs, it allows the nearby hacker to eavesdrop on any traffic in a Wi-Fi network to and from any devices connected via W-Fi.
  • Resources / Links: ☛ PCWorld (all the details, clearly explained and easy to understand): https://www.pcworld.com/article/3233308/security/krack-wi-fi-security-flaw-faq-tips.html
    ☛ ZDnet (clear details with information on manufacturer updates and patches): http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/
  • Recommendations: Update all computers, smartphones, tablets, and routers as soon as possible.  Some devices, such as ones running Windows, already have an update which addresses this available.  If an update isn’t yet available, check with the manufacturer’s support for your device or router.  If your router was provided to you by your Internet service provider, contact them for an update. Also, if you were given access to use a TCN WorkSpace, use it for ALL work you do in TCN (which is policy).  These connections are encrypted just like a VPN and will keep nearby hackers using the KRACK exploit from snooping any PHI you’re handling.

RANSOMWARE

  • Issue Summary: Viruses like this work in two parts. Phase one: They infect the pc through either an infected email, website, or web link. Then via an exploit in Microsoft’s security, they proceed to infect any other computers on the same network. Phase two:  They will encrypt the data on every infected PC and post a ransom message that the users have to pay a fee to the hackers to get it decrypted.
  • Variants: WannaCry, WannaCrypt, Petya, NotPetya, BadRabbit
  • Resources / Links :   https://www.cnet.com/news/wannacry-wannacrypt-uiwix-ransomware-everything-you-need-to-know/
  • Recommendations :  
    1. Make sure your computer is up to date (Windows Updater, Apple Updates) to prevent the infection from spreading to other pc’s.
    2. Avoid strange emails, do not click links you are unfamiliar with, use careful browsing habits (including Googled results).
    3. Do not keep any ePHI on your computer.
    4. Notify TCN IT of what exactly you are seeing. Taking a picture with your phone and emailing it to us helps!
    5. Do not turn off, touch, wipe or bring the pc to a local tech until TCN confirms so.
    6. Do NOT pay the ransom fee. There is no guarantee they will give you a key, or that the key actually removes the virus.

Phishing Attack Uses GDPR as Bait

Attackers know that companies are sending a lot of emails to customers about GDPR—and that makes them prime opportunity for phishing attacks.

With the looming GDPR May 25 deadline almost here, people are receiving emails from companies changing their data privacy policies and cyber crime is having a field day. Just one example are phishing attacks made to look like Airbnb, according to research from Redscan.

Their research began after an email supposedly sent from Airbnb’s customer support line was found to be a phishing attack asking users to update their personal information like credit card information because they were not “GDPR compliant”.

The fake Airbnb notification used a spoofed address like “@mail.airbnb.work”. Airbnb is taking action and has their Trust and Safety team investigating.

Expect other, similar campaigns to hit the wires in the next few weeks. In the meantime, I suggest you send this email to your employees, friends and family. You’re welcome to copy/paste/edit:

“There is yet another email scam you need to watch out for. New European data privacy regulation is going into effect May 25th. It’s called General Data Protection Regulation (GDPR) and bad guys are using it as bait, claiming you’re not compliant and you are violating this new regulation.

Do not click on links in emails, or open suspicious attachments that claim any kind of problem with “GDPR”. Delete the email or click on the Phish Alert Button to forward it to IT and delete if from your inbox.”

Executive Email Phishing Scams

Another common tactic we’ve seen recently is a scammer pretending to be an executive of the company (such as Mark or Neal). In that email, the scammer will try to trick the victim into clicking a link or emailing back.

Here is an example of what an email may look like:

From: “CEO Man” <obviouslyascam@gmail.com>
To: you@codingnetwork.com
Sent: Thursday, May 30, 2019, 05:00:00 PM
Subject: Demand

I am planning a surprise for some of the staff with gift cards and your confidentiality would be appreciated in order not to ruin the surprise. I need you to get some purchase done, email me once you get this.Send me a quick reply if you are free, thanks

Regards

In this instance, the supposed CEO is using generic language that can easily fool the unwary. However, if you look at the way it’s written, it is not very well written. Also, it doesn’t actually have a signature, nor is from the correct email. These are your clues that this is a scam!

Whenever you see an email like this, please do these two things:

  1. Verify with the executive (using their own TCN contact information) that this is indeed a scam.
  2. Forward the email to IT Support (support@codingnetwork.com) so we can investigate.

Never, under any circumstances, reply to or click on anything in any of these emails.