Paul’s Perspective – New Year, New Scams

With a new year come new types of attacks. Here’s a few to be aware of…

Earlier this month, the FBI issued a warning against malicious behavior being seen. Attackers have been modifying USB flash drives and mailing these altered drives to businesses across the US.

These attacks are so successful because the USB drives are recognized by the affected computer as a keyboard input device. This allows it to bypass a lot of restrictions! Even companies that have strict controls to block the use of USB drives are prone to this attack.

Once plugged into a computer they run commands and execute malware silently in the background. This gives the attackers a foothold into the network where they can move around, steal data, and ultimately destroy systems with ransomware.

These tactics are sure to change now that they are public knowledge, however it’s good to know about past attacks.  Just as we learned about the tactics of emailing fraudulent COVID guidelines, fake gift cards, or fake thank you notes. Suffice it to say that everyone should ignore unsolicited USB drives and report any that are received.

———————

Microsoft recently warned about a phishing attempt that tricks users into granting an application permission to their mailbox. (See the screenshot below for reference.)

This type of attack is serious as it even bypasses MFA. Any prompt like the one below, asking for permissions, should not be allowed.

As we see the complexity of fraudulent activity continue to escalate, remember that our team at CompassMSP is here to answer your questions and assist you in the tireless work of keeping your organization safe.

If you would like to talk to someone about your cybersecurity needs and risks please use the form below.

 


 

Request A Free Consultation

  • Hidden
  • This field is for validation purposes and should be left unchanged.