Cyber Insights | August 2024
Mercury IT
Mercury IT is an Australian innovative Information, Communication & Technologies (ICT) providing customer focused IT
SCAM ALERT
Pastejacking - Cybercriminals are trying to trick you into running malicious code using PowerShell, a powerful tool for executing commands on your computer. This technique is known as “pastejacking”, which involves copying and pasting malicious code into your computer and then allowing it to run.?
This scam begins when you receive what appears to be an urgent email that contains an attachment. If you try to open the attachment, an error will display that says, “Failed to connect to the ‘OneDrive’ cloud service, to fix the error you need to update the DNS cache manually.” The message also provides a few lines of code and instructions on how to copy and paste it into a Windows PowerShell Terminal.
The message urges you to take action, which is exactly what scammers want. If you follow their instructions, you will run a malicious command on your machine. The code will install malware, giving the scammers access to your personal data.?
? Follow these tips to avoid falling victim to Pastejacking:
Exploit: Supply Chain Hacking
AT&T: Telecom Company
Risk to Business: EXTREME
Telecommunications giant AT&T disclosed in a regulatory filing on Friday that hackers had breached a cloud platform containing customer data, accessing records of subscribers’ calls and text messages over a six-month period in 2022. The compromised data includes phone numbers, aggregate call duration, and some cell site details, according to AT&T. Reports suggest that AT&T paid the hackers over $307,000. An AT&T spokesperson informed CNBC that the cloud service was owned by Snowflake, the embattled cloud data platform also implicated in the recent Neiman Marcus breach. Read more here
Exploit: Hacking
The Walt Disney Company: Entertainment Company
Risk to Business: SEVERE
The Walt Disney Company’s internal communications on Slack have been leaked online, revealing sensitive information about everything from advertising campaigns to interview candidates. The hacker group NullBulge has claimed responsibility for the breach, announcing in a blog post that they released over one terabyte of data from 10,000 Disney Slack channels. The conversations include computer code, studio technology discussions, the management of Disney’s corporate website, software development discussions and information on unreleased projects, with the leaked conversations dating back to at least 2019. NullBulge stated that they gained access to the information by compromising the computer of a Disney software development manager. The group said they chose to hack Disney to protect artists’ rights and compensation. This story was still developing at press time. Read more here
Engaging with others through videos has become a standard part of our everyday lives. Whether you’re joining a video conference at work or watching your favorite celebrity on Instagram, videos are everywhere. However, can you really trust what you’re seeing? The rise of deepfake technology could make it difficult to know if what you are watching is real or fake.
What is Deepfake Technology?
Deepfake technology uses AI and machine learning to create realistic audio and video spoofs. These spoofs combine real footage of one person with the words or actions of another. While deepfake technology has been around for years, it is now easier to use and harder to recognize. For example, there are mobile apps that allow you to replace a celebrity’s face with your own to create surprisingly realistic videos.
How Could Cybercriminals Use This Technology?
There are a number of ways that the bad guys could use deepfake technology. One way cybercriminals are using this technology is to impersonate celebrities. Spoofing influential people could be used to spread false information designed to intentionally mislead you. This is a tactic known as disinformation. On a smaller scale, this technology could be used to impersonate executives in your organisation. Imagine receiving a phone call from your CEO asking you to send money or confidential information. However, it isn’t actually your CEO, but a cybercriminal spoofing their voice with deepfake technology!
What Can I Do to Stay Safe?
To stay safe from deepfake spoofs remember these?tips:
If you would like to discuss your cybersecurity needs, book a complimentary consultation here