Pop up – Demo

Subscribe Form Popup

ShareThis

Microsoft-365-business-Popup

We're here to help Fill out the simple form below & one of our IT experts will be in touch
  • This field is for validation purposes and should be left unchanged.

Mercury IT Managed Services | Brisbane | Gold Coast | Melbourne Logo
1300 668 223 Client login

News

Home / News / Cyber Insights with Mercury IT- March 2022
Contact Us
15 MarNews

Cyber Insights with Mercury IT- March 2022

March Cyber Insights

Welcome to Cyber Insights, this month we highlight two extreme security breaches, a scam relating to the war in Ukraine and share some tips on staying safe from piggybacking (it’s not what you think).

LATEST SCAM 

The recent war in Ukraine has gathered a lot of attention. Unfortunately, cybercriminals often take advantage of world events to prey on your emotions. Now more than ever, it’s important to watch out for phishing attacks and disinformation campaigns. Cybercriminals may use several different tactics to scam you. For example, cybercriminals may try to trick you into sending money using cryptocurrency. The cybercriminals may take advantage of your sympathy by pretending to be Ukrainians in need of financial assistance.

Cybercriminals may also try to catch your attention and manipulate your emotions by spreading disinformation. Disinformation is false information designed to intentionally mislead you. Cybercriminals may spread disinformation in the form of emails, text messages, or social media posts. Don’t fall for these scams.

Follow the tips below to stay safe:

  • Avoid making donations to unknown users. If you would like to donate to support a cause, donate directly through a trusted organisation’s website.
  • Watch out for social media usernames that only consist of random letters and numbers. These accounts may be run by bots instead of legitimate users.
  • Stay informed by following trusted news sources. If you see a sensational headline, be sure to do research to verify that the news story is legitimate.

LATEST BREACH

Extreme

Exploit: Misconfiguration
New South Wales Department of Customer Service: Regional Government Agency

Risk to Business: EXTREME

 

A real data exposure mess has brewed in New South Wales, Australia thanks to a government-run QR code-based COVID-19 check-in program. The COVID Safe Businesses and Organisations dataset was discovered loose on the internet and it included data for sensitive sites and organisations alongside data about run-of-the-mill companies.

Some of the sensitive data posted gave details about the physical facilities and locations of prisons, critical infrastructure networks including power stations and tunnel entry sites as well as dozens of shelters and crisis accommodation centers. Even national security-related locations were exposed. In this program, businesses and organisations registered as COVID-safe to access a QR code for staff and customers to check-in at their physical locations. The program has been discontinued.

Read more here >>

Extreme

Exploit: Phishing
OpenSea: NFT Trading Marketplace

Risk to Business: EXTREME

Online NFT marketplace OpenSea has been embroiled in controversy after a cyberattack cost investors their NFT. There’s been a lot of back-and-forth on this one. A phishing attack perpetrated on the platform’s users is purportedly to blame for the incident that has so far left more than 30 of its users unable to access their NFTs, although some claims have been made on Twitter pointing to a flaw in the platform’s code. Reports say that the attacker has made somewhere between $1.7 – 2 million in Ethereum from selling some of the stolen NFTs. An estimated 254 tokens were stolen over three hours

Read more here >>


CYBERSECURITY TIPS

Piggybacking – Courtesy that could cost you

To kids, piggybacking is when someone jumps on your back and you carry them around for a while. In the business world, piggybacking is when you let someone that you do not know enter a door that you just opened. A lot of organisations rely on biometrics, key cards, or even regular keys to open locked doors. These could be doors to get into the building, parking garage, a particular office. Piggybacking is when someone you do not know, waits for you to open a locked door, and enters in behind you.

Many people allow this to happen because they want to be nice and courteous and open doors for people, you may even hold the door open for them. While this may be a nice gesture in public places, at the workplace, this could end up costing you. The bad guys, just like they would try and trick you with a fake email, are targeting your good nature, to gain access into a secured building.

If someone you do not know, is trying to enter the door behind you there are a couple of things you can do to still be courteous and follow the rules.

  • Ask them where they are going and who they are there to see, then escort them to the office of the person they are going to see, and verify that they are supposed to be there.
  • Kindly decline to let them in and explain that your organisation has a strict no-piggybacking rule.

Once the bad guys have access to your offices, they can plug into any internet outlets, or sit down at any open and unlocked workstation, or place infected USB keys around the hallways and bathrooms. Remember, when it comes to piggybacking, kindly decline or insist on escorting them to the person they are there to see.

Find out more about cybersecurity for your business here or book a complimentary consultation with our Chief Information Security Officer, Chris Haigh here

About the author

Mercury IT