XSolutions On Security vol 10

XSolutions scours the internet and brings you the cybersecurity news you need to know to protect your business.

Our mission: “Deliver true Managed IT Services by putting people first. Because, there is no time, for downtime.”

Beware — Google Play App Infects 500K Users!

ZDNet reports that an app on Google Play was a front for a malicious campaign. By the time Google removed the app, it had already infected more than half a million users.

The malicious app is called “Color Message.” It allows users to personalize their text messages. However, once downloaded, it unleashes the Joker malware.

Once installed, Joker:

Generates revenue by simulating clicks on malicious ads.
Subscribes the victim to premium services.
Sends the victim’s contact list to the hackers.

If you downloaded “Color Message” to your Android device, uninstall it immediately.

Tip – Watch Out For Man-in-the-Middle (MITM) Attacks

In a MITM attack, hackers place themselves between a user and their application, intercepting all traffic.

Knowing that you are a victim of MITM is not easy, but there are signs:

You’ve been redirected to a bogus site. Pay attention to where you are on the internet.
You receive popups claiming that you’ve been compromised or asking you to take immediate action.
Heed your browser’s warnings on website certificates that are expired, missing, or invalid. If you get such a warning, get off the site ASAP.

Here are some ways you can protect yourself:

Only use sites that start with “HTTPS://”. This indicates a secure connection. DO NOT enter any information on a site that is not secure, such as those starting with “HTTP://” (without the “S”).
Do not use public WIFI. Hackers lurk on public connections to do this very thing.
Use a VPN or Virtual Private Network when online. VPNs create a secure tunnel that encrypts the flow of data.

Why Are People Still Falling For These Scams?

A very disturbing post on Cyware mentioned that so far, 140,000 people have lost $150 million to Gift card scams.

The main scam: A “government” agency calls you to settle a debt, most likely, taxes. The scammer instructs you to pay the debt with gift cards.

Folks, no government, American or foreign, is going to accept a settlement using gift cards! Please instruct family members to NEVER buy gift cards to settle a debt. If they receive such a call, hang up immediately. It is a scam.

Be Mindful of The data You Hold!

Many business owners insist they do not have any information a hacker would want. However, a study by Webroot finds that most ransomware targets individuals and small businesses. Why?

Let’s think for a moment about the data even a very small business might have:

For Employees

Name
address
Social Security number
Telephone and cell numbers
Personal email address
Bank account information (for direct deposit)

For Clients

Name
Address
Telephone numbers
Email address
In some cases, bank account information
Credit card data

That is a lot of confidential information!

But, as famous old commercials say, “but wait, there’s more!” Your employee’s records are also likely to contain insurance information. So, you also have information on employee spouses and children as well.

How much will a data breach cost you? The theft of just 250 records can cost a small business over $100,000. This alone should encourage even the smallest companies to take cybersecurity seriously.

Make 2022 the year that you install cybersecurity best practices for your business.