Tag Archives: Hackers

Can You Spot the Bait in a Phishing Attack?

Hackers are always trying to find creative and new ways to steal data and information from businesses. While spam (unwanted messages in your email inbox) has been around for a very long time, phishing emails have risen in popularity because they are more effective at achieving the desired endgame. How can you make sure that phishing scams don’t harm your business in the future?

Phishing attacks come in many different forms. We’ll discuss some of the most popular ways that hackers and scammers will try to take advantage of your business through phishing scams, including phone calls, email, and social media.

Phishing Calls
Do you receive calls from strange or restricted numbers? If so, chances are that they are calls that you want to avoid. Hackers will use the phone to make phishing phone calls to unsuspecting employees. They might claim to be with IT support, and in some cases, they might even take on the identity of someone else within your office. These types of attacks can be dangerous and tricky to work around, particularly if the scammer is pretending to be someone of authority within your organization.

For example, someone might call your organization asking about a printer model or other information about your technology. Sometimes they will be looking for specific data or information that might be in the system, while other times they are simply looking for a way into your network. Either way, it’s important that your company doesn’t give in to their requests, as there is no reason why anyone would ask for sensitive information over the phone. If in doubt, you should cross-check contact information to make sure that the caller is who they say they are.

Phishing Emails
Phishing emails aren’t quite as pressing as phishing phone calls because you’re not being pressured to make an immediate decision. Still, this doesn’t lessen the importance of being able to identify phishing messages. You might receive tailor-made customized phishing messages with the sole intent of a specific user handing over important information or clicking on a link/attachment. Either way, the end result is much the same as a phone call phishing scam;

To avoid phishing emails, you should implement a spam filter and train your employees on how to identify the telltale signs of these messages. These include spelling errors, incorrect information, and anything that just doesn’t belong. Although, phishing messages have started to become more elaborate and sophisticated.

Phishing Accounts
Social media makes it incredibly easy for hackers to assume an anonymous identity and use it to attack you; or, even more terrifying, the identity of someone you know. It’s easy for a hacker to masquerade as someone that they’re not, providing an outlet for attack that can be somewhat challenging to identify. Some key pointers are to avoid any messages that come out of the blue or seemingly randomly. You can also ask questions about past interactions that tip you off that they may (or may not) be who they say they are.

Ultimately, it all comes down to approaching any phishing incident intelligently and with a healthy dose of skepticism.

Hackers are aggressively targeting law firms’ data

Behind every splashy headline is a legal industry that’s duking it out – helping to support entrepreneurs and big corporations in a power struggle to dominate their industry. From patent disputes to employment contracts, law firms have a lot of exposure to sensitive information.  Because of their involvement, confidential information is stored on the enterprise systems that law firms use.

This makes them a juicy target for hackers that want to steal consumer information and corporate intelligence.

For an example of this, look no further than the Panama Papers – “…an unprecedented leak of 11.5m files from the database of the world’s fourth biggest offshore law firm, Mossack Fonseca.”

This was devastating, but it is only one example among many. Just a few weeks ago news broke that a ransomware attack was successfully executed against yet another multinational firm – DLA Piper. This ransomware attack left the firm, with estimated revenues of $2.5 billion, completely without access to its own data.

“Law firms are the subject of targeted attacks for one simple reason,” says John Sweeney, President of LogicForce. “Their servers hold incredibly valuable information. That includes businesses’ IP, medical records, bank information, even government secrets. For hackers looking for information they can monetize, there is no better place to start.”

These headlines, buried among the others, make it clear that the legal industry is facing an unprecedented cyber-security challenge. And solving this problem starts with helping firms realize they’ve been victims.

40% of firms did not know they were breached in 2016

The Law Firm Cybersecurity Scorecard includes an array of assessments – from cyber defenses, crisis management procedures, and post-hack responses. The report comes to a chilling conclusion: “…40% of surveyed law firms had experienced a data breach in 2016 and did not know about it.”

Part of the challenge is the skyrocketing cost of cybersecurity. Hiring an in-house team simply isn’t feasible for most firms. Instead they rely on consumer-grade technology that is ill-equipped for the threats they are facing.

The solution, as we’ve seen in many industries, is to outsource cybersecurity to trusted firms that can offer heavy-hitting, managed solutions at an affordable rate. SaaS (Software as a Service) is long overdue in this space, and thankfully it’s becoming more and more available.

An evolving threat matrix

Real-time industry expertise is an important part of the solution – something software alone can’t handle.

Today’s hackers hold a strategic advantage because of the growing numbers of devices and associated vulnerabilities. Every access point is a potential breach. A knowledgeable, sophisticated team can create security solutions specially crafted to meet the challenges that law firms face.

One of the greatest challenges in modern security is the Internet of Things (IoT). Everything from the appliances in the breakroom to the smartphones in the pockets of employees create dynamic networks – communicating information in a way that opens up opportunities to hackers.

The threat goes beyond teams. An individual attorney uses a plethora of electronic devices, all networked together to provide a more streamlined work environment. And human intelligence, served up to hackers through social media, only makes targeted cyber-attacks easier.

Preparing for data breaches

There are things attorneys and other legal professionals can do to start upping their defenses.

  1. The American Bar Association has published a comprehensive guide for law firms – including both methods for preventing and responding to cyber-attacks.
  2. Firm managers need to create a data security plan that speaks to every member of their team. Educate employees on strategies for identifying phishing attacks and other dangerous threats aimed at fooling people into compromising networks.
  3. Engage outside IT security experts and have risk assessments completed on a regular basis. If you can identify vulnerabilities, you can put a plan in place to minimize or eliminate them.
  4. Communicate and enforce a password policy that limits access and requires authorized users to regularly change their credentials.
  5. Conduct a weekly check for patches or other updates to computer security software.
  6. Develop a comprehensive breach response plan. After you’ve been hacked, it will be too late to develop a competent response that protects the Firm’s reputation.

It’s my hope that companies will wake up to the realities of cyberthreats.  I’ve witnessed the horrible pain and anguish that comes from the breach of an unprepared company. If you understand the threat, and then use honest assessment to develop improvements and response plans, you will find that operating in the digital age doesn’t have to be a nightmare.



How Hackers Can Disrupt ‘911’ Emergency System and Put Your Life at Risk


What would it take for hackers to significantly disrupt the US’ 911 emergency call system?

It only takes 6,000 Smartphones.

Yes, you heard it right!

According to new research published last week, a malicious attacker can leverage a botnet of infected smartphone devices located throughout the country to knock the 911 service offline in an entire state, and possibly the whole United States, for days.

The attacker would only need 6,000 infected smartphones to launch automated Distributed Denial of Service (DDoS) attacks against 911 service in an entire state by placing simultaneous calls from the botnet devices to the emergency numbers.

However, as little as 200,000 infected mobile phones could knock the 911 emergency call system offline across the entire US.

Where does the Problem Lies?

Researchers from Ben-Gurion University of the Negev’s Cyber-Security Research Center say the problem is in the fact that current US Federal Communications Commission (FCC) regulations demand all calls to 911 must immediately be routed to emergency services, regardless of the caller’s identifiers.

In other words, mobile carriers re-route all 911 emergency calls to a local Public Safety Answering Point (PSAP) without even verifying the caller’s identity or whether the caller is subscribers to the mobile network.

These identifiers could be a phone’s International Mobile Subscriber Identity (IMSI) and International Mobile Station Equipment Identity (IMEI) codes, which tell whether the caller is a subscriber to their service and identity of the mobile equipment, respectively.

How can Attackers Carry Out such Attacks?

All an attacker need is a mobile botnet to launch TDoS (Telephony Denial of Service) attacks. The attack can be carried out in two ways:

  • By infecting smartphones with malware, or
  • By buying the smartphones needed to launch the TDoS attack.

The researchers Mordechai Guri, Yisroel Mirsky, and Yuval Elovici note in a paper [PDF] that an attacker could exploit cellular network protocols by placing a rootkit or persistent, low-level malware within the baseband firmware of a mobile phone.

The rootkit can then mask and randomize all cellular identifiers, causing the cell phone to have no genuine identification within the cellular networks.

“Such anonymised phones [bots] can issue repeated [911] emergency calls that can not be blocked by the network or the emergency call centers, technically or legally,” the team notes in the paper.

Secondly, an attacker could simply buy 6,000 or 200,000 smartphones, which could cost $100,000 or $3.4 Million – a small sum for state-sponsored attackers – to jam 911 emergency system in an entire state or across the whole country respectively.

This TDoS attack should not come as a surprise, as during the 9/11 terror attack on the Twin Towers in New York City, thousands of legitimate callers collectively dialing 911 caused DDoS attacks on both telephony network as well as the emergency reporting system.

Of course, the team did not perform this attack in an actual, nationwide system. It created a small simulated cellular network based on North Carolina’s 911 network and attacked it instead.

The team bot-infected Samsung Galaxy S3, S4 and S5 smartphones running Android 4.4 and 5.x operating system to test their work.

How can we prevent such DDoS campaign against our Emergency Services?
Such attacks are currently difficult to block, as PSAPs have no way to blacklist fake calls. Also, blocking at the network level is not possible beyond selectively turning off cellular service in bot-infested areas.

However, researchers suggest some countermeasures that can mitigate such attacks, which includes:

  • Storing IMEIs and other unique identifiers in a phone’s trusted memory region (like ARM-processor design TrustZone), where malware can not alter them.
  • Implementing a mandatory “Call Firewall” on mobile devices to block DDoS activities like frequent 911 calls.

Since these changes would require government cooperation, security professionals, cellular service providers, emergency services, and others, it is hard to expect such significant changes in reality anytime soon.

Hackers demand ransom payment from Kansas Heart Hospital for files

WICHITA, Kan. A hospital held hostage by hackers and denied access to its files until it pays a ransom. It’s a crime that’s been reported across the country, and now it’s happened in Wichita.

It’s called “ransomware” – hackers hijack your computer and hold the data until you pay up.

The Kansas Heart Hospital is the latest victim of this attack.

The hospital’s president, Dr. Greg Duick, says the hackers never got access to patient information, but the attack did cause problems.

“Kansas Heart Hospital had a cyber attack occur late Wednesday evening,” Duick said. “We suspect, as attacks other parts of the country, this was an offshore operation,” he said.

Duick says hackers holding hospital files hostage is very common.

“Upwards of 45% of hospitals have received some kind of cyber attack. And multiple hospitals had additional attacks,” he said.

About 9pm Wednesday, a hospital employee lost access to files.

“It would be like you’re working on your computer and all of a sudden, your computer says, sorry can’t help you anymore,” Duick said. “It became widespread throughout the institution.”

Hackers got into the system, and locked up the files, refusing to give back access unless the hospital paid up.

“I’m not at liberty because it’s an ongoing investigation, to say the actual exact amount. A small amount was made,” Duick said.

But even after the hospital paid, the hackers didn’t return full access to the files. Instead, they demanded another ransom. The hospital says, it will not pay again.

“The policy of the Kansas Heart Hospital in conjunction with our consultants, felt no longer was this a wise maneuver or strategy,” Durick said.

The hospital was aware that an attack like this might happen, and it did have a plan

“That plan went into immediate action. I think it helped in minimizing the amount of damage the encrypted agent could do,” Durick said.

“The patient information never was jeopardized and we took measures to make sure it wouldn’t be,” he said.

Durik also says the attack never impacted patient treatment and will help the hospital strengthen its response to future hackers.

Ransomware is so common that many hospitals, Kansas Heart, have insurance to help cover costs of cyber extortion.

The hospital is working with it’s IT team and security experts restore the rest of the system.

Hospitals have become a favorite target of the ransomware scam. Earlier this year 10 Medstar facilities in the Washington region were part of a cyber attack that prompted the health care provider to shut down it’s computer system.

Also in February a California hospital paid $17,000 in ransom to regain access to its medical records.




Ecuador Bank Hacked — $12 Million Stolen in 3rd Attack on SWIFT System


Bangladesh is not the only bank that had become victim to the cyber heist. In fact, it appears to be just a part of the widespread cyber attack on global banking and financial sector by hackers who target the backbone of the world financial system, SWIFT.

Yes, the global banking messaging system that thousands of banks and companies around the world use to transfer Billions of dollars in transfers each day is under attack.

A third case involving SWIFT has emerged in which cyber criminals have stolen about $12 million from an Ecuadorian bank that contained numerous similarities of later attacks against Bangladesh’s central bank that lost $81 Million in the cyber heist.

The attack on Banco del Austro (BDA) in Ecuador occurred in January 2015 and, revealed via a lawsuit filed by BDA against Wells Fargo, a San Francisco-based bank on Jan. 28, Reuters reported.

Here’s how cyber criminals target banks:

  • Uses malware to circumvent local security systems of a bank.
  • Gains access to the SWIFT messaging network.
  • Sends fraudulent messages via SWIFT to initiate cash transfers from accounts at larger banks.

Over ten days, hackers used SWIFT credentials of a bank employee to modify transaction details for at least 12 transfers amounting to over $12 Million, which was transferred to accounts in Hong Kong, Dubai, New York and Los Angeles.

In the lawsuit, BDA holds Wells Fargo responsible for not spotting the fraudulent transactions and has demanded Wells Fargo to return the full amount that was stolen from the bank.

The lawsuit filed by BDA in a New York federal court described that the some of these attacks could have been prevented if banks would have shared more details about the attacks with the SWIFT organization.

Wells Fargo has also fired back and blamed BDA’s information security policies and procedures for the heist and noted that it “properly processed the wire instructions received via authenticated SWIFT messages,” according to court documents.

According to reports, the heist remained a secret for a long time and now disclosed when BDA decided to sue Wells Fargo that approved the fraudulent transfers.

SWIFT did not have any idea about the breach, as neither BDA nor Wells Fargo shared any detail about the attack.

“We were not aware,” SWIFT said in a statement. “We need to be informed by customers of such frauds if they relate to our products and services so that we can inform and support the wider community. We have been in touch with the bank concerned to get more information, and are reminding customers of their obligations to share such information with us.”

It turns out that the security of SWIFT itself was not breached in the attack, but cyber criminals used advanced malware to steal credentials of bank’s employees and cover their tracks.

In February, $81 Million cyber heist at the Bangladesh central bank was carried out by hacking into SWIFT using a piece of malware that manipulated logs and erased the fraudulent transactions history, and even prevented printers from printing those transactions.

Warning to HR Directors of Phishing Scam Seeking Employee W-2’s


Peyton SmithWritten by:  Peyton Smith
Shareholder, Litigation Section, Labor & Employment Practice Group at Munsch Hardt Kopf & Harr PC

I was contacted this week by the Director of Human Resources for a technology client with a request for immediate assistance tied to a data breach that has unfortunately, becoming alarmingly too frequent during the first three months of 2016.   She had received an email from the President of her company at the end of her workday, noting that their senior leadership was working on salary, bonus and budget forecasting for their company and requesting that she send to him the W-2’s for key company personnel via PDF.  The email was written in his typical conversational style and was signed in the manner in which he signed all his internal emails.  Further, his reply email listed a return email address to his direct email account.  Before she sent the information or replied, she confirmed the email and signature block and verified with a Vice-President that she could forward the requested information.  Upon review of the email and messaging, the Vice-President authorized the production of the requested information and employee W-2’s. Feeling well protected, the HR Director sent the email and W-2’s requested.

The email was unfortunately a scam with a hacker who had copied the President’s email signature block, matched his communication and signature style, word-for-word, including creating a “ghost” over his correct email address to cloak the email address to appear to be for the intended recipient.  My client was fortunate since they caught the data breach quickly but the information was now in the hands of someone outside the company who clearly had less than honorable ideas with what to do with the information they had gathered. Furthermore, hundreds of employees now had their W-2 information, including their name, address, social security numbers and other confidential information, taken by a skilled hacker.

In addressing this issue with my client in recent days, we learned that this current phishing scam is incredibly popular right now.  The FBI and local law enforcement advised us that there have been more than 700 reported similar cases of hackers fraudulently securing employee W-2 information in the month of March 2016 alone. The hackers appear to be targeting companies with less than 3,000 employees and the email requesting W-2 and similar employee information is nearly always directed to the human resources contact at the targeted company. The IRS has recently released an alert warning employers of this scam and to alert them to be increasingly vigilant in protecting company and employee information.  (See  the following link as to the latest alert: https://www.irs.gov/uac/Newsroom/IRS-Alerts-Payroll-and-HR-Professionals-to-Phishing-Scheme-Involving-W2s)   “This is a new twist on an old scheme using the cover of the tax season and W-2 filings to try tricking people into sharing personal data. Now the criminals are focusing their schemes on company payroll departments,” said IRS Commissioner John Koskinen. “If your CEO appears to be emailing you for a list of company employees, check it out before you respond. Everyone has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees.”

If you have not yet done so, employers are strongly encouraged to implement a proactive plan to decrease the risk of unauthorized disclosure of such information.  Each state has different requirements for employee protection and penalties which might be levied against employers for failing to implement appropriate safeguards for protecting employee confidential information, as well as the notice requirements in the event a data breach occurs.  In the event that a data breach occurs and confidential employee information has been accessed by unauthorized parties, employers should immediately address the issue with more aggressive internal safeguards, contact legal counsel regarding how best to strategically address internal and external legal ramifications of the breach, notify law enforcement (local and the FBI’s Cyber Crimes Division), and inform the IRS of the fraudulent access to employee social security numbers.  Simultaneously, employers have a duty to promptly inform employees of the breach and what increased protections have been put in place to decrease the risk of future data breaches.

In light of these concerns and the increased risk of hacking personal information, employers are also encouraged to review current insurance policies and to consider whether to purchase cyber insurance coverage. Additional security software for utilization by the human resources and accounting department might be a wise and worthy investment to consider as a deterrent to hacking vulnerability.  With the increased efforts of hackers seeking W-2 and other personal employee information, prudent employers will partner with their legal counsel to address such concerns prior to being a hacking victim.  When considering best practices in protecting employee information, employers should follow the adage  “the best defense is a good offense”.

Peyton N. Smith is a Shareholder in the Labor & Employment and Business Litigation practice groups at Munsch Hardt Kopf & Harr, P.C. and is based in the firm’s Austin office.