Pop up – Demo

Subscribe Form Popup

ShareThis

Microsoft-365-business-Popup

We're here to help Fill out the simple form below & one of our IT experts will be in touch
  • This field is for validation purposes and should be left unchanged.

Mercury IT Managed Services | Brisbane | Gold Coast | Melbourne Logo
1300 668 223 Client login

Cybersecurity

Home / Cybersecurity / Cyber Insights with Mercury IT- April 2023
Contact Us
14 AprCybersecurity

Cyber Insights with Mercury IT- April 2023

 

Cyber Insights April 2023

Welcome to the latest issue of Cyber Insights!  In this edition we discuss the latest scam involving BEC attacks, unpack the most recent security breaches and share some tips about Piggybacking including what it is and what to look out for!

Scam Alert

Recently, the US FBI has warned about business email compromise (BEC) attacks by cybercriminals trying to steal physical goods. BEC is when cybercriminals spoof business email accounts and impersonate executives to try and steal information, money, or products from an organisation.

In this recent BEC scam, cybercriminals start this attack by sending you phishing emails spoofing the domains of legitimate organisations, pretending to be employees of the organisation. In these emails, cybercriminals will ask to buy your business’ products, trying to trick you into thinking they’re making a legitimate business purchase order. If you agree to the order, the cybercriminals will send you fake credit payment information. These payments look legitimate and are only known as fraudulent after the products have been shipped. These scams can be hard to spot. So, learning how to keep yourself and your organisation safe is essential.

Follow the tips below to stay safe from similar scams:

  • To verify the legitimacy of an order request, reach out to the person who allegedly sent the email by phone or in person.
  • The email could be fake even if the sender’s email address is from a trusted domain. Cybercriminals can gain access to trusted domains to make their scams more believable.
  • When you receive an email, stop and look for red flags. For example, watch out for emails sent outside of business hours and emails containing spelling or grammatical errors.

 

Security Breaches

Exploit: Supply Chain Attack

QIMR Berghofer: Medical Researcher

Risk to Business : SEVERE

Patients who participated in Australia’s most extensive skin cancer study are learning that bad actors may have accessed their personal data as part of a data security incident at a third-party contractor for the medical research company QIMR Berghofer. Servers owned and operated by Datatime, a technology company hired by QIMR Berghofer to scan and process surveys, were hacked, resulting in the personal data of an estimated 1,000 Australians becoming exposed. As a result, impacted patients may have had data accessed by cybercriminals, including their names, address, and Medicare numbers. Datatime maintained that it intended to delete the survey data after 12 months, but hackers struck before that.  Read more here >>

Exploit: Malicious Insider

Twitter: Social Media Platform

Risk to Business :  SEVERE

Troubled social media giant Twitter has disclosed that some proprietary source code for Twitter’s platform and internal tools was exposed via GitHub. Twitter recently filed a California court filing to force GitHub to turn over data that could help the platform find the person responsible for the leak and give them information about any other GitHub users who may have downloaded the data. Twitter has also asked GitHub to take down the code. The New York Times reports that Twitter sources tell them that the company suspects an employee who left last year may be responsible for the leak. GitHub has not commented on whether or not it would comply with Twitter’s request. Still, the information has been available for several months.  Read more here >>

Cybersecurity Tips 

Piggybacking

To kids, piggybacking is when someone jumps on your back, and you carry them around for a while. In the business world, piggybacking is when you let someone you do not know enter a door you just opened. For example, many organisations use biometrics, key cards, or even regular keys to open locked doors. These could be doors to the building, parking garage, or office. Piggybacking is when someone you do not know waits for you to open a locked door and enters behind you.

Many people allow this to happen because they want to be friendly and courteous and open doors for people. You may even hold the door open for them. While this may be a nice gesture in public places, at the workplace, this could end up costing you. The bad guys, just like they would try to trick you with a fake email, are targeting your good nature to gain access to a secured building.

If someone you do not know is trying to enter the door behind you, you can do a couple of things to still be courteous and follow the rules.

  • Ask them where they are going and who they are there to see, then escort them to the office of the person they are going to see and verify that they are supposed to be there.
  • Kindly decline to let them in and explain that your organisation has a strict no-piggybacking rule.

Once the bad guys can access your offices, they can plug into any internet outlets, sit down at any open and unlocked workstation, or place infected USB keys around the hallways and bathrooms. Remember, when it comes to piggybacking, kindly decline or insist on escorting them to the person they are there to see.

Find out more about cybersecurity for your business here or book a complimentary consultation with our Chief Information Security Officer, Chris Haigh here

About the author

Mercury IT