Image of green shield depicting protection against threats

Cyberthreat Prevention

Threat actors continue to be active and take advantage of our business  to commit fraud. SUMA in collaboration with its cybersecurity partners presents the latest security topics to create awareness and educate members to avoid the pitfalls.

OUCH! Newsletter: Securing The Generation Gap
Trying to securely make the most of today’s technology can be overwhelming for almost all of us, but it can be especially challenging for family members not as used to or as familiar with technology. Therefore, we wanted to share some key steps to help secure family members who may be struggling with technology and might misunderstand the risks that come with using it.
From “SANS” Chris Dale (12/02/2020)
 
Gritzman said to defend against future attacks on mobile devices, users should avoid jailbreaking or rooting any devices, ensure all system updates and app updates take place on time, and obtain apps directly from official app stores.
From “IT Pro” Rene Millman (12/17/2020)

The FBI, CISA, and MS-ISAC assess malicious cyber actors are targeting kindergarten through twelfth grade (K-12) educational institutions, leading to ransomware attacks, the theft of data, and the disruption of distance learning services. Cyber actors likely view schools as targets of opportunity, and these types of attacks are expected to continue through the 2020/2021 academic year. These issues will be particularly challenging for K-12 schools that face resource limitations; therefore, educational leadership, information technology personnel, and security personnel will need to balance this risk when determining their cybersecurity investments.
From “Cybersecurity and Infrastructure Security Agency” (12/10/2020)

If you get a call, text, email — or even someone knocking on your door — claiming they can get you early access to the vaccine, STOP. That’s a scam. Don’t pay for a promise of vaccine access or share personal information.
From “Federal Trade Commission” Colleen Tressler (12/08/2020)

The gang behind the Ragnar Locker ransomware posted an ad on Facebook in an attempt to publicly shame a victim so it would pay a ransom. Security experts say the innovative tactic is indicative of things to come.
From “Bank Info Security” Doug Olenick (11/13/2020)

Data Privacy Day is a global effort — taking place annually on January 28th — that generates awareness about the importance of privacy, highlights easy ways to protect personal information and reminds organizations that privacy is good for business. Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the Jan. 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Data Privacy Day is observed annually on Jan. 28.
From “National Cybersecurity Alliance” (1/05/2020)

Scammers are calling people and using the names of two companies everyone knows, Apple and Amazon, to rip people off. Here’s what you need to know about these calls.
From “Federal Trade Commission” Alvaro Puig (12/03/2020)

A new Zoom-themed phishing attack is circulating through email, text and social media messages, aiming to steal credentials for the videoconferencing service. The Better Business Bureau (BBB) warned last week that the attack uses Zoom’s logo, and in a message tells recipients that their Zoom accounts were suspended and to click a link to reactivate; or that they missed a Zoom meeting, and to click a link to see the details and reschedule.
From “Threat Post” Lindsey O’Donnell (12/01/2020)

This shift is just getting started. IoT-enabled scams and hacks quickly ramped up to a high level – and can be expected to accelerate through 2021 and beyond. This surge can, and must, be blunted. The good news is that we already possess the technology, as well as the best practices frameworks, to mitigate fast-rising IoT exposures.
From “Security Boulevard” Byron Acohido (11/09/2020)

The traditional holiday season is a busy time for many people as they prepare for celebrations and shop for gifts. But it's also a busy time for scammers as they devise ways to cheat and steal, sometimes through phishing campaigns that try to trick people into divulging personal information.

From “Tech Republic” Lance Whitney (11/13/2020)


Ahead of Black Friday/Cyber Monday, Inky reports that cybercriminals are targeting shoppers with brand forgery attacks. Cybercriminals are stealing the source code from well-known brands to create their lookalike web sites. This makes it very difficult for shoppers and even industry experts to detect the forgery.

From “Enterprise Times” Ian Murphy (11/13/2020)


Companies and business leaders in the IT space have been increasingly raising awareness about cybersecurity, bringing up some of the most common threats and gaps in IT security for businesses, to help them to step up with the latest solutions.

From “Business 2 Community” Caterina Bassano (11/13/2020)


How you prepare as a business can make the difference between staying in business or not. When it comes to cyber threats, there is a connection between misfortune and cyberattacks because cybercriminals prey on your generosity, curiosity, fear, and greed.

From “Business 2 Community” Steven Imke (11/02/2020)


Choosing a vendor to meet your cybersecurity needs is not an easy task. To help you, we have created this checklist with some questions you should consider asking current or potential vendors. It is not exhaustive, but gives you a good start. If you don’t understand some or any of these questions, consider having a business partner or colleague help you interview vendors. And always remember to engage in a Service Level Agreement and contract with the vendor so all expectations are clearly articulated.

From “National Cybersecurity Alliance” (10/2020)


A recently uncovered banking Trojan targeting Android devices can spy on over 150 apps, including those of banks, cryptocurrency exchanges and fintech firms, as a way to gather credentials and other data.

From “Bank Info Security” Prajeet Nair (11/12/2020)


The FTC just announced a case against videoconferencing service Zoom about the security of consumers’ information and videoconferences, also known as “Meetings.” The FTC claimed that Zoom failed to protect users’ information in a variety of ways.

From “The Federal Trade Commission” Alvaro Puig (11/09/2020)


The increasing use of Internet of Things (IoT) devices by remote employees was another major source of concern for security professionals, with 45% believing them to pose serious security risks as they can be easily controlled by remote hackers and compromise corporate infrastructure. This was supported by Bitdefender’s data, which revealed that suspicious IoT incidents in households surged by 46% from January to June.

From “Info Security Magazine” James Coker (11/03/2020)


Top cybersecurity trends include the hacking of time, machine learning data poisoning, implosion of data privacy, and more.

From “Zawya” Morey Haber (11/03/2020)


A common misconception about cyber attackers is that they use only highly advanced tools and techniques to hack into peoples’ computers or accounts. In reality, they have learned the easiest way to access our devices, accounts and data is to simply ask for them. Learn how these attacks work and how to easily spot and stop them.

From “SANS” Christian Nicholson (11/09/2020)

Deep Dive: Fighting Back Against The Fraud Plaguing P2P Payment Apps

Payment app users also have to take security into their own hands. The first step is often fixing poor password hygiene. A recent study from data analytics firm FICO found that only 37 percent of bank customers use separate passwords for different accounts, for example, while 22 percent use two to five passwords across all their online profiles. This represents a massive security risk as a data breach that compromises a single account could give fraudsters access to any other account using the same password.

From “Pymnts.com” (10/20/2020)

Instagram Bug Allows Account Takeover Attacks

A critical Instagram bug could allow attackers to convert a mobile device into a spying tool through an Instagram account takeover, according to Check Point researchers. If an Instagram user saved a malicious image and then opened an Instagram app, the bug would be activated, granting the attacker full access to the app and critical features of the device. The Instagram bug originated from a third-party library used in uploading pictures on the Instagram app.

From “CPO Magazine” Alicia Hope (10/12/2020) 

Cybersecure My Business Related Links

Here are helpful links from the National Cyber Security Alliance's (NCSA's) sponsors, partners and friends to help you keep your business secure.

From “National Cyber Security Alliance” (10/01/2020) 

The FTC Chairman Is Not Writing To You

If you saw an email from FTC Chairman Joseph Simons, it wasn’t. From him, that is. Scammers pretending to be him are emailing, though. They’re trying to trick you into turning over personal information, like your birth date and home address, which could help them scam you. So: if you get an email from the Chairman of the Federal Trade Commission about getting money because of an inheritance or relief funds related to the impact of the COVID-19 pandemic — or anything else — do not respond. Do not give out your personal information. But do hit “delete.”

From “Federal Trade Commission” Karen Hobbs (10/01/2020)

Treasury Department Warns Against Paying Hackers Involved In Ransomware Attacks

The Treasury Department on Thursday issued two adversaries highlighting the dangers of ransomware cyberattacks, and warning against paying ransoms demanded by hackers. “Demand for ransomware payments has increased during the COVID-19 pandemic as cyber actors target online systems that U.S. persons rely on to continue conducting business,” OFAC wrote in its advisory. “Companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations.”

From “The Hill” Maggie Miller (10/01/2020)

Microsoft Digital Defense Report

This report makes it clear that threat actors have rapidly increased in sophistication over the past year, using techniques that make them harder to spot and that threaten even the savviest targets.

From “Tech Republic” R. Dallon Adams (9/30/2020) 

CISA Releases Telework Essentials Toolkit

The Cybersecurity and Infrastructure Security Agency (CISA) has released the Telework Essentials Toolkit, a comprehensive resource of telework best practices. The Toolkit provides three personalized modules for executive leaders, IT professionals, and teleworkers. Each module outlines distinctive security considerations appropriate for their role.

From “CISA” (9/30/2020)

5 More Things To Know About Ransomware

Ransomware attacks are getting more expensive, which is one reason why you should have an incident response plan. Tom Merritt provides more information about this cybersecurity threat.

From “Tech Republic” Tom Merritt (9/28/2020)