Security Updates: Fake CAPTCHA, Abandoned User Accounts Cause Havoc and More
Attempts to access your personal data, and that of others, continue to evolve and become more sophisticated. They are relentless and, at times, can feel like they are lurking around every corner. One of the best things you can do to protect yourself is to be aware of what threats are out there, how they work, and do your best to protect yourself against them.
This post discusses several new threats, including a fake CAPTCHA, a lesson on how user accounts for people no longer working for you can be used to wreak havoc on your network, as well as a PowerSchool breach.
Security Updates: Fake CAPTCHA, Abandoned User Accounts Cause Havoc and More
Below are a list of current security threats including what you need to know and how you can best protect yourself.
Malwarebytes recently released an article discussing how a fake CAPTCHA is showing up on websites and users can inadvertently fall victim to this attack.
What you need to know: This attack utilizes a prompt most people are already familiar with - proving you are not a robot by clicking on images that include a specific item you are prompted with. Any attack that is able to use a system we are accustomed to seeing, will be more effective because we are automatically less suspicious.
For more specific information about this attack, read the full article from Malwarebytes.
What you can do: The good thing about this attack is that while it employs a security check we are used to seeing, it diverts from it once you check the box that you are not a robot and click to submit. From here, the attack prompts with a large box asking you to hit a series of keystrokes that are unusual and unexpected. This is your clue that something is not right. When what you would normally expect does not happen, but something unexpected occurs in its place, you need to stop and leave the site.
If users follow these steps from an infected website, they will infect themselves with malware. If you have a browser extension blocking malicious domains, this might be blocked before you get here. However, slowing down and questioning anything out of the ordinary is key here. If you are prompted with the above from a CAPTCHA, do not follow the instructions.
Abandoned user accounts
Abandoned user accounts, or network accounts created for employees that are no longer working for you, are a huge risk to any company. Whether the employee left the company or you let them go, businesses need to deactivate these accounts immediately.
What you need to know: It is important for businesses to track what accounts their users have created or acquired while in their employ. This is part of keeping their network safe, of preventing unauthorized access to network information and to prevent people who no longer work for you from sending communications to your other employees or to your clients as if they still work for you.
If businesses allow these accounts to remain active, they are at risk of being used by the former employee and of being targeted by an unauthorized user. If a legacy account is compromised, who is going to notice? If the employee was still active, they would likely notice their email being misused or files being accessed or removed. Without the employee to notice what is going on, there is an increased risk that the network could be compromised without being noticed for longer than would otherwise occur.
For a specific example, read this story of how a developer hurt his former employer.
What you can do: If you own a business, you must be sure to have someone managing user accounts. This includes deactivating accounts as soon as employees are no longer working for you, even if they initiated the move. Additionally, track equipment given to employees and make sure all items are returned. This includes security badges, laptops, and more. Lastly, having automatic and offsite backups ensures that if a disgruntled employee deletes a bunch of network files, you can quickly restore data and minimize employee down time.
PowerSchool, a K-12 software company that is a student information system software, was recently hacked and exposed the records of an unknown amount of student and teacher records. There are several estimates to how many records were breached, all of which are in the millions.
What you need to know: So far, according to an article from March 11, there is no proof the records have been released anywhere, though they have been breached. PowerSchool paid a ransom to keep the records from being released as threatened. The portal contained sensitive information which included names, social security numbers, medical data, addresses and more.
What you can do: Pay attention to your credit scores and credit reports. Check for new inquiries against your credit, reconcile your bank accounts regularly and if necessary, put a hold on your credit so no one can take out a line of credit or credit card in your name without you knowing about the attempt.
Unfortunately, new threats and variations of existing threats are not going to stop. Data is powerful and valuable. Being aware of what threats exist is one simple way to reduce your risk. Slow down when you see something unusual, even if it began as something you recognize. Question and really consider everything you click on in emails and websites because it may be this little bit of consideration that prevents a ton of wasted time trying to recover from malware, being hacked, or identity theft.
As always, slowing down to consider those items you click on and going directly to the source of something helps protect the integrity and privacy of your data!