A quick Saturday digest of cybersecurity news articles from other sources.
Social Security Scam Alert
The Social Security Administration will never threaten, scare, or pressure you to take an immediate action.
If you receive a call, text, or email that…
- Threatens to suspend your Social Security number, even if they have part or all of your Social Security number
- Warns of arrest of legal action
- Demands or requests immediate payment
- Requires payment by gift card, prepaid debit card, internet currency, or by mailing cash
- Pressures you for personal information
- Requests secrecy
- Threatens to seize your bank account
- Promises to increase your Social Security benefit
- Tries to gain your trust by providing fake “documentation,” false “evidence,” or the name of a real government official
…it is a SCAM!
Do not give scammers money or personal information – Ignore Them!
- Protect yourself and others from Social Security-related scams
- Try to stay calm. Do not provide anyone with money or personal information when you feel pressured, threatened, or scared.
- Hang up or ignore it. If you receive a suspicious call, text, or email, hang up or do not respond. Government employees will not threaten you, demand immediate payment, or try to gain your trust by sending you pictures or documents.
- Report Social Security-related scams. If you receive a suspicious call, text, or email that mentions Social Security, ignore it and report it to the SSA Office of the Inspector General (OIG). Do not be embarrassed if you shared personal information or suffered a financial loss.
- Get up-to-date information. Follow SSA OIG on Twitter @TheSSAOIG and Facebook @SSA Office of the Inspector General for the latest information on Social Security-related scams. Visit the Federal Trade Commission for information on other government scams.
- Spread the word. Share your knowledge of Social Security-related scams. Post on social media using the hashtag #SlamtheScam to share your experience and warn others. Visit oig.ssa.gov/scam for more information. Please also share with your friends and family.
New Dangerous and Persistent “Metamorphic” Malware Strain Called Tardigrade
Michael Kan at PCMag reported on this new strain of Windows malware. It can constantly adapt to avoid detection and was first found targeting the biotech industry, including the infrastructure behind vaccine manufacturing, according to security researchers.
The warning comes from a non-profit called BIO-ISAC, which focuses on information sharing to protect the biotech industry from cybersecurity threats. The threat is setting off alarm bells because it goes beyond typical polymorphic malware, which will only rewrite part of its computer code to evade detection. Instead, the uncovered malware goes even further by completely recompiling its code during each infection when it first connects to the internet.
This “metamorphic” ability prevents the malware from leaving a consistent signature behind, making it harder for antivirus programs to spot. According to Wired, one security researcher tested the malware almost 100 times and “every time it built itself in a different way and communicated differently.”
As a result, BIO-ISAC has dubbed the malware Tardigrade, the microorganism that can survive extremely hot and cold conditions, including the vacuum of outer space. But unlike a real tardigrade, the malware can secretly hijack a computer system to steal and modify files.
Contains the sneaky ability to spread both via phishing emails and USB devices
The nonprofit first uncovered the malware this past spring when one of its member companies, Biobright, investigated a ransomware attack on a large, unnamed biomanufacturing facility. The security researchers obtained the ransomware along with the program that loaded the malicious coding, which turned out to be unusually complex.
BIO-ISAC has since uncovered the Tardigrade malware attacking a second facility. This prompted the group to issue Monday’s warning to the biotech industry, saying it believes Tardigrade is “actively spreading in the bio-economy.”
In addition, it contains the sneaky ability to spread both via phishing emails and USB devices. Definitely a reason to step your users through new-school security awareness training and send them frequent social engineering tests.
Blog post with links to the full article at PCMag:
Quantinuum shifts conversation from counting qubits to perfecting cybersecurity solution
The new quantum company plans a hardware agnostic approach combined with Honeywell’s H1 and Cambridge Quantum’s tket.
Deloitte: Don’t rule out Wi-Fi 6 as a next-generation wireless network
5G is not the only game in town, according to the firm in a prediction for 2022. 6 Ghz Wi-Fi also is gaining traction.
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com