Having a dependable IT managed services team to protect your business data and quickly resolve any enterprise machine or gadget issue helps business owners sleep better at night and keep stress levels low.
But with all the security breaches, scams, and other threats happening lately, it is best to be prudent and armed with knowledge so you and your business can avoid being victimised by cyber attackers. Here are some of the latest cyber world updates this week:
Australians At Risk From Malware That Targets Office 365
More than a hundred thousand Australian businesses and hundreds of thousands more private users may be vulnerable to a new malware says Check Point, a cyber security firm. Local IT management services teams have recently been made aware of the dangerous malware called “zero-day” but it is now spreading across a new medium – office 365, which includes Outlook, PowerPoint, Excel, Word, and other office applications.
Cyber criminals are using office file attachments and sending invoices to unsuspecting victims to circumnavigate the protection protocols set up by managed IT services teams. If you or one of your employees opens such a file, it would say that the office document was created with an earlier software version and will ask permission to enable its contents. Make sure to inform all members of your staff to be wary of such emails and never to click on the the message to enable any content because that will automatically open the malicious file that will collect all your business data and then lock you out of your own systems. The hackers will then ask for a certain amount to be paid to let you gain back access to your files. If you or your staff encounters such a file, notify your IT management services group immediately so they can assess the situation and prevent further infection and damages to other machines.
False AGL Power Bills Containing Malware
The managed IT services community estimated that tens of thousands of Australians were targeted by cyber criminals since the start of this month. The cyber attackers are sending emails that supposedly came from AGL energy company. The emails contain bogus bills and send the recipient a link where one could download a copy of the bill. The downloaded bill copy saves onto the computer as a zipped file, which when extracted opens a malicious software that locks the computer down.
Check Point’s senior analyst Raymond Schippers mentioned that once the malicious file is downloaded, ransomware like Cryptolocker or Torrentlocker, the managed IT services team can only rid of the system of the ransomware by using a backup restore or by wiping the computer completely and starting over from scratch. The bogus AGL bills email has reportedly infiltrated many companies across the nation. The cyber attackers aimed for employees and business owners to open the emails and go to the link provided so that they can infect business computers and get paid handsomely for letting businesses gain back access to important business data. They also targeted businesses to gain access to information on legitimate corporate email addresses that they can later use to send more scam emails. It is best to get your managed IT services group to install more security measures, especially for filtering emails.
Check Point reported that the fake email was spread across many sectors, from finance, to education, to mining, and many other business fields and it has spread on a large scale throughout Australia. Check Point says that at least 10,000 users have downloaded the malware and many more are likely to be infected. Be on the lookout for URLs that say electricitybill.com or ehckyourbills.com or better yet, get your managed IT support team to block such websites that are definitely not legitimate websites of utility companies. Another indication that the email is suspicious is that it would contain a zip file because most utility companies send pdf file or something similar.
AGL recently released a statement saying that they have already reported the scam emails to the federal police, the ACC, and the scamwatch website. AGL advised that they will never send emails requesting for financial or banking details and that recipients of the scam emails should delete the email and add the sender to their spam list. They also advised users to run antivirus programs.