Guest | Contact Us | Print Page | Sign In
News Blog
Blog Home All Blogs
These comments can be viewed by all visitors to the site.

 

Search all posts for:   

 

Top tags: Executive Committee  DFS  Regulations  Land Records  County Clerk  EC  Reg 208  technology  cybersecurity  agenda  Nassau County  COVID-19  NYS Dept Tax & Finance  Chaptered bills  NYC  ALTA  change management  Coronavirus  FinCEN  Reg 206  Suffolk  Fannie Mae  Long Island  NYC DOF  US Treasury  Consumer protection  Convention  cyber  Fees  Municipal Liaison 

A Sneaky New Phishing Attack: Corrupted Word Documents
Posted By Robert Treuber, Monday, December 16, 2024

Re-posted from SECURITY BUZZ by Genady Vishnevetsky, Chief Info Security Officer  Stewart Title Guaranty Company

 

There's a new phishing campaign that's using a clever trick - corrupted Word documents. This technique allows malicious content to pass through to the user without detection by any email security tools.

The attacker intentionally (slightly) corrupts the attached Word document so that antivirus and security scanners can't scan it. Because the file has a .docx extension, when the unsuspicious victim opens it, Microsoft Word detects the corruption and asks the user if they want to repair it. If the user confirms, Word will repair and open the file.

Inside the recovered file is a QR code that leads to a credential harvesting page that steals both the user's credential and the MFA.

The timing of this attack is impeccable. Security firm Any.Run, which discovered it, found that the email appeared to come from Human Resources and focused on end-of-the-year benefits and bonus payouts.

Takeaways:

  • Hackers frequently time and theme their attacks to seasonal, disaster or business events - always stay alert during business seasonality (i.e., end-of-month, quarter, year activities, benefits, payouts, income-tax events)
  • Attackers continuously attempt to find ways to stay under the radar of security technologies - always proceed with caution
    • Every attachment from an unknown source should be considered malicious until proven otherwise
    • Any new behavior (recovery of corrupted attachment) should be a red flag
  • QR codes have alarmingly become mainstream for cybercrooks due to the inability to analyze the destination with the naked eye. Scrutinize all QR codes and avoid using them in emails and attachments if possible.
  • Do not enter any credentials on the site you landed on from the email or attachments unless it came from a trusted and verified source
Dec 13, 2024 9:38 AM
Genady Vishnevetsky

Tags:  cybercrime  cybersecurity 

PermalinkComments (0)
 

Fake Emergency Data Requests on the Rise
Posted By Genady Vishnevetsky - Chief Info Security Officer Stewart Title Guaranty Company, Thursday, December 12, 2024

The following was originally posted to the ALTA Open Forum Security Buzz.

Cybercriminals are exploiting a system designed for emergencies to steal your personal information. The FBI has issued a warning about a concerning trend: the increasing use of fraudulent emergency data requests (EDRs) by cybercriminals.

EDRs are legitimate tools that law enforcement uses to obtain information from online service providers in urgent situations where there isn't enough time to secure a warrant or subpoena. These requests are usually approved as long as they originate from a valid law enforcement email address.

Unfortunately, cybercriminals are exploiting this process by utilizing hacked police and government email accounts to send fake EDRs. This makes it challenging for companies to verify the authenticity of the requests, placing them in a difficult situation.  

If a company refuses to comply with what appears to be a legitimate request, it could have serious consequences if there is a real emergency. Conversely, if they comply, it may result in the exposure of sensitive customer information to criminals.

Examples of This Scheme in Action:

  • Cybercriminals are selling access to hacked .gov email addresses, including US credentials, which they claim can be used for EDRs
  • One individual, known as "Pwnstar," is selling fake EDR services, claiming to have access to government emails from over 25 countries
  • Another tactic involves the use of forged court-approved subpoenas sent through compromised email accounts
  • Cybercriminals are even using Kodex, a platform designed to verify law enforcement requests, to make their fake requests appear more legitimate

Verizon's transparency report indicates a high compliance rate with EDRs, with records being provided in approximately 90% of cases. This highlights the effectiveness of this tactic. Financial institutions and cryptocurrency platforms are particularly concerned about fake EDRs being used to freeze or seize funds.

Takeaways:

  • Our data is at risk: All this means our personal information is more vulnerable than ever. It's a stark reminder that cybercriminals are constantly finding new ways to exploit systems, even those designed for emergencies.
  • Financial institutions are particularly vulnerable: Banks and cryptocurrency platforms are prime targets for this kind of scam because fake EDRs can be used to steal money directly from customer accounts. It's a wake-up call for these institutions to step up their security measures.

Both law enforcement agencies and companies need to be more vigilant. Law enforcement needs better cybersecurity to protect their systems, and companies need more robust verification processes to weed out these fake requests. This isn't going away anytime soon, so staying ahead of these criminals is an ongoing challenge.

Tags:  cybercrime  cybersecurity  EDR 

PermalinkComments (0)
 
Contact Us

120 Broadway, Suite 945
New York, NY 10271

212. 964. 3701

info@nyslta.org

Quick Links
Our Mission

The New York State Land Title Association, Inc. advances the common interests of all those engaged in the business of abstracting, examining, insuring titles, and otherwise facilitating real estate transactions. The Association promotes the business and general welfare of its Members and protects real property title holders’ ownership rights.