Scammers would no longer be able to spoof tax office numbers

The Government claims to have “comprehensively disrupted” scammers pretending to be from the Australian Taxation Office through a technology trial run in collaboration with telcos.

Communications Minister Paul Fletcher said the ATO received over 107,000 reports from the community of impersonation scams in 2019 alone.

The scam calls appeared to come from legitimate – and widely publicised – phone numbers normally used by Australians wanting to call the tax office.

The scammers used software “to mislead the caller line identification CLI technology … of most mobile phones and modern fixed line phones,” the Government said.

“Rather than transmitting the actual phone number the call is coming from – frequently an overseas number – instead they ‘overstamp’ it with another phone number.”

At the Government’s request, Australia’s telcos joined together with the ATO and Australian Communications and Media Authority (ACMA) on a three-month trial of technology to block these scam calls appearing to originate from legitimate ATO phone numbers,” Fletcher said.

“Our Government was determined to act to stop these scammers preying on Australians and using a spoofed ATO number as part of their scam.”

The exact technology used in the trial was not disclosed, but in general terms, Fletcher said that “the participating telcos used software to identify calls which had been overstamped with the specified ATO phone numbers – and blocked them.”

Though he said the trial “has been highly successful”, Fletcher cautioned that it would not stop scammers from “randomly ringing Australians pretending to be from the ATO.”

“[But] it will stop specific ATO numbers appearing in the CLI display on the recipient’s phone, thus making the scam seem much less convincing,” Fletcher said.

The Government urged Australians that received a suspicious call to “hang up and ring the organisation directly by finding them through a trusted source, such as a past bill or online search.”

“If you are not sure that an ATO interaction is genuine, don’t reply to it and phone 1800 008 540,” it said.

The action falls under the Government’s broader Scam Technology Project, which is attempting to act on scam calls on Australian telecommunications networks.

As part of the project, the Communications Alliance is developing an industry code that “will mandate steps the telcos must take to identify, trace and block scam calls, and create an information-sharing framework for telcos to work with regulators against phone scams,” the Government added.

Article courtesy: https://www.itnews.com.au/

Microsoft warns to stay alert from human-operated ransomware campaigns

Microsoft warns to stay alert from human-operated ransomware campaigns

During the pandemic crisis, the cybercriminals are still looking for victims. The Microsoft’s Threat Protection Intelligence Team has warned. The ransomware criminals are still looking to attack healthcare and critical service providers. It has also issued a detailed guide in order to reduce the risk of falling victim to them.

Previously, the ransomware attacks were usually automated. But this time Microsoft confirmed that these attacks are not done in an automated fashion. Instead, they are conducted by criminal gangs that work by compromising internet-facing network devices. In order to establish a presence on vulnerable systems months before they strike and steal and encrypt victims’ data.

The attackers have a range of vulnerabilities. Which they can use to access victims’ networks and work. Their way to capture credentials and prepare for the final ransomware activation, Microsoft noted.

The most recent ransomware attacks that were observed by the Microsoft security teams highlighted Remote Desktop Protocol or Virtual Desktop systems that aren’t secured with multi-factor authentication.

Older, unsupported and unpatched operating systems. For instance: Microsoft Windows Server 2003 with weak passwords and 2008, misconfigured web servers including Internet Information Services, back up servers, electronic health record software and systems management servers are all being attacked currently. Vulnerable Citrix Application Delivery Controller and Pulse Secure are also in ransomware criminals’ sights and should be patched as soon as possible.

Once the cybercriminals have access to the victims’ device. They attempt to steal admin login credentials and move laterally within networks with common tools. For instance: Mimikatz and Cobalt Strike, Microsoft said.

After gaining access, the attackers usually create new accounts, modify Group Policy Objects in Windows. We add scheduled tasks and register operating system services, and deploy backdoors and remote access tools for persistence. CSPRO wait for an opportune moment to activate the ransomware to blackmail victims.

Several human-operated ransomware payloads are actively being used presently.These include RobbinHood, REvil/Sodinokibi, the Java-based PonyFinal and Maze, the operators of which were one of the first to sell stolen data from technology providers and public services it has attacked, Microsoft said.

One particular campaign, NetWalker, targets hospitals and healthcare providers through bogus COVID-19 subject emails with the ransomware delivered as a malicious Visual Basic script file.

Apart from actively patching systems, Microsoft said to watch out for malicious behaviors such as tampering with security events logs and other techniques used to evade detection, suspicious access to Local Security Authority Subsystem Service (LSASS), and Windows Registry database modifications which could indicate that credentials theft is taking place.

Investigating the Windows Event Log during the earliest part of a suspected breach. They looking for event ID 4624 and logon type 2 or 10 could indicate post-compromise access, Microsoft said.

Later on, searching WEL for type 4 or 5 logons could also indicate suspected breach activity.

Ransomware criminals show no compunction as to the impact their attacks have on health care providers, Microsoft warned.

They have also recently caused extensive damage to organizations such as forex giant Travelex which had to shut down its systems over the New Year, and global logistics company Toll Group.

If you’re concerned your personal details have been compromised, you can reach us at 1300 660 368 and one of our team members can help you in staying safe from the ransomware attack.

Article courtesy: www.itnews.com.au

Stay safe and be tele aware

Due to COVID-19 pandemic, many organizations and people. We have started using web conferencing systems, like Zoom, Skype, Google Hangouts, stay safe, GoToMeeting and Cisco WebEx to connect online.

These applications are essential in order to have real-time chat. Being able to see and hear other participants and in some scenarios, to share or transfer files.

Due to a significant increase in working from home scenario. Cybercriminals may look this as an opportunity – by attempting to intercept sensitive conversations, or tricking people into downloading malware on their devices.

In order to select a web conferencing system and understand. How to use it securely, the Australian Cyber Security Centre has developed guidance. Which we encourage you to follow and share with your colleagues, staff, customers and other contacts.

How to stay safe when using web conferencing technology

Whether you’re a business considering different web conferencing options, or an individual running a conference call, there are simple steps you can take to make sure you’re using the technology securely and reducing your exposure to cybercriminals.

For businesses

Check the protections used by the provider. For example, depending on what country they’re based in, the provider may be subject by law to covert data collection requests and access. You should also read the provider’s terms and conditions carefully, paying close attention to conditions like whether the service provider claims ownership of any recorded conversations and content.

Check that the provider offers multi-factor authentication for users to access the system.

Check what information is collected by the service provider and how it is used. Such information can include names, roles, organisations, email addresses, and usernames and passwords of registered users. This will help inform what the privacy, security and legal risks are with using a provider.

Review the provider’s security documentation, such as terms and conditions, against your organization’s security needs. For instance, would accepting any of their security conditions breach your organization’s liability rules, particularly around data handling and storage?

For individual users

Establish your meeting securely by sending invitations and logon details separately from the invitation through a secure method. Like email or encrypted messaging apps. Do not share website links or logon details on publicly-accessible websites or social media.

Be mindful of the sensitivity or classification of your conversations.

Be aware of your surroundings and use a private room or headphones if possible. If around others, keep the microphone on mute unless speaking. This helps to ensure sensitive conversations aren’t accidently overheard.

Where video is required, try to position your camera so it is only capturing your face, so that again, it doesn’t broadcast private or sensitive details in your background.

Only share individual applications when screen sharing, rather than your whole screen so you don’t share more content than is needed.

If you’re using a web conferencing system on your personal device. We make sure you have the latest software and security updates installed. This will help prevent cybercriminals using weaknesses in software to access your devices.

If you’re still facing problems or not sure which web conferencing system is the best for your needs, you can always give us a call at 1300 660 368 and one of our team members can guide you in the best way possible, keeping your requirements as priority.

This article is courtesy of stay safe staysmartonline.gov.au

Cybercriminals are using Microsoft 1800 number to scam Australians

Cybercriminals have acquired a look-a-like 1800 telephone support number for Microsoft in Australia. It registered the line for themselves. CSPRO have been scamming on all inbound victims. Who thought they were reaching out official Microsoft support number. The scam apparently is so brutally effective. It has made the cut for the Australian Cyber Security Centre’s (ACSC) new catalogue of COVID-19 themed cons and tricks. As the public-facing cybersecurity agency. Its more secretive parent agency, the Australian Signals Directorate, go into overdrive to control cyber-attacks.

According to the ACSC,

The scam works by exploiting phone numbers that are cunningly similar – in fact numerically identical – to Microsoft’s real ones. The criminal artistry is in the country codes.

The cybercriminals are exploiting a legitimate United States Microsoft support number – (1) (800) 642 7676. However, when dialling an 1800 number in Australia, only the next six numbers after 1800 will be accepted. When Australians dial the legitimate United States support number, they dial 1800 642 767 which has been registered by cybercriminals.

The registered number connects you to a helpful callback service ready to assist callers with handing over their identity and credentials. When someone dials the number registered by the cybercriminals. They are asked to provide their name and date of birth for verification. CSPRO are informed someone will call back shortly. The cybercriminal calls back and directs people to download a remote access program that gives the criminals access to their computer. The scammers are insistent that due to the COVID-19 conditions in Australia. These scammers don’t stop at this point, they will also try to extract banking details while they have remote access and drain people’s bank accounts and access any other sensitive information.

Cybercriminals are using a security vulnerability called BlueKeep to install malicious software on devices using older versions of Windows

Cybercriminals are using a security vulnerability called BlueKeep. To install malicious software on devices using older versions of Windows. The Australian Cyber Security Centre has received numerous reports regarding this threat. Devices that don’t have the latest software updates. Once the hackers have access to your system through the BlueKeep exploit. Cybercriminals can install malicious software that mines virtual currency. Install ransomware that locks up your data or steal your personal or financial information.

Does it affect me?

If you are using older versions of Microsoft software, you might be at risk. Microsoft has provided free patches for vulnerable software versions. For instance: Windows 7, Windows Server 2008 R2, and Windows Server 2008. Out-of-support systems including Windows 2003 and Windows XP.

How do I stay safe?

If your system is running Window’s software that is older than Windows 10. Kindly download the free updates to fix the also BlueKeep vulnerability (“patches”) available from Microsoft. Little time spent patching your Windows now could save you or your business weeks or months repairing the damage caused by a cybercriminal. If you’re a business and you are required to use Remote Desktop Protocol (RDP) such as for remote administration or any other task, it is necessary that you install the relevant patches and implement the other mitigation advice provided by the ACSC:

Bluekeep Advisory – CVE-2019-0708. For security reasons, Window’s users shouldn’t access RDP directly from the internet. It is also better to use Virtual Private Network with two-factor authentication if RDP is required, whichever version of Window’s you are running. You can also reach us at 1300 660 368 and one of our team members can help you in staying safe from the BlueKeep vulnerability.

Widespread reports of COVID-19 malicious scams being sent to Australians

What’s happened?

The Australian Cyber Security Centre (ACSC) is has been receiving numerous reports from Australians. Who are being targeted with COVID-19 related scams and phishing emails. Over 140 reports were received by the ACSC. The Australian Competition and the Consumer Commission’s (ACCC) from individuals and organizations across Australia under three months.

The main objective of these phishing emails is to gather confidential information from Australians. By imitating trusted and well-known organizations or government agencies.

The phishing emails or messages include a malicious link. Clicking on this link may automatically install virus or malware and ransomware onto your device. Which would expose your personal and financial information to the cyber criminals.

These scams are likely to increase over the coming weeks and months. The ACSC strongly encourages organizations and individuals to remain alert.

Here are some examples of what to look out for now:

Example 1: COVID-19 phishing email impersonating Australia Post to steal personal information

These emails act as a deception of providing guidance about travelling to countries with confirmed cases of COVID-19. The cyber-criminal aims to trick you into visiting a website that will steal your personal and financial information.

Once they have acquired your personal information. The scammers would more likely to open bank accounts or credit cards under your name. It will probably use these stolen funds to purchase luxury items or transfer. The money into untraceable crypto-currencies such as bitcoin.

Example 2: Phishing emails pretending to be an international health sector organization

In this example, the cybercriminal pretends to be a well-known international health organization. The email encourages you to click on the malicious web link in order. To access information about new cases of the virus in your local area. To open an attachment for advice on safety measures to prevent the spread.

Example 3: Phishing emails containing malicious attachments

This examples includes a phishing email. Which is sent by imitating the World Health Organization and prompts. You to open an attachment for advice on safety measures to prevent the spread of COVID-19. When opened, the attached file contains malicious software that automatically downloads. Your device, providing the scammer with ongoing access to your device.

Example 4: COVID-19 relief payment scam

Cyber criminals are well aware of the crisis caused by the COVID-19 pandemic. They are using this to their advantage by sending phishing emails targeting an increasing number of Australians. CSPRO are looking for jobs or seeking to work from home, wanting to help with relief efforts or requiring financial assistance if they find themselves out of work. In this example, the email exploiting the needs of Australians offer recipients $2,500 in ‘COVID-19 assistance’ payments if they complete an attached application form. Opening the attachment may download malicious software onto your device.

Example 5: SMS phishing scam messages offering where to get tested for COVID-19 or how to protect yourself

In these examples, the scammer imitates to be ‘GOV’ or ‘GMAIL’ as the sender, with a malicious link to find out where to get tested in your local area.

Scamwatch and the ACSC is also aware of a SMS scam using the sender identification of ‘myGov. These scam messages are appearing in the same conversation threads as previous official SMS messages you may have received from myGov.

How do I stay safe?

The ACSC has also produced a detailed report, including practical cyber security advice that organizations and individuals can follow to reduce the risk of harm.

You can read the report and protect yourself by following these simple steps:

  • Read the message carefully, and look for anything that isn’t quite right. Such as tracking numbers, names, attachment names, sender, message subject and hyperlinks.
  • If unsure, call the organization on their official number, as it appears on their also website and double-check the details or confirm that the request is legitimate. Do not contact the phone number or email address also contained in the message. As this most likely belongs to the scammer.
  • Use sources such as the organization’s mobile phone app, web site or social media page to verify the message. Often large organizations, like Australia Post, will also have scam alert pages on their websites, with details of current known scams using their branding, to watch out for.

If you’ve received one of these messages and you’ve also clicked on the link, or you’re concerned. Your personal details have also been compromised. You can also reach us at 1300 660 368 and one. Our team members can help you also in staying safe from the scams.

Article courtesy of www.staysmartonline.gov.au