World’s biggest cyberattack hits 150 countries and the threat is ‘escalating’

If you have not heard of the latest Malware threat that first appeared this past Thursday, then please take heed now.  It's a malware type known as ransomeware and is called WannaCry.  Cybersecurity experts say the initial targets were Russia, Ukraine and Taiwan but hospitals in the U.K., universities in China and global firms like FedEx were also under attack.

The malware is spreading by taking advantage of a vulnerability in Windows.  Microsoft release a patch in March but computers and networks that have not updated are at risk.  Microsoft has even released patches for unsupported older operating systems  including Server 2003 and Windows XP.  Computer already infected will not be helped by patching.

The ransomware attempts to seize control of an infected computer, encrypt files and then demand a ransom be paid before releasing control of the computer.

Cyberattack’s Impact Could Worsen in ‘Second Wave’ of Ransomware

On Friday an estimated 74 countries had reported infected computers.  Today that number has grown to 200,000 known victims in at least 150 countries.  Authorities are fearful that the numbers could spike with the start of the workweek on Monday when employees return and start using computers were the malware already is in hiding.

To read more; visit the links below.

http://fox59.com/2017/05/14/the-latest-100000-groups-in-150-nations-hit-by-cyberattack/

https://www.nytimes.com/2017/05/14/world/europe/cyberattacks-hack-computers-monday.html?_r=0

https://www.usnews.com/news/business/articles/2017-05-13/uk-working-to-restore-hospital-systems-after-cyberattack

Log in, look out:  Cyber chaos may grow at workweek’s start

https://www.washingtonpost.com/business/technology/log-in-look-out-cyber-chaos-may-grow-at-workweeks-start/2017/05/14/85d2a83c-3914-11e7-a59b-26e0451a96fd_story.html?utm_term=.86b98f20ff3a

Beware of Google Docs Phishing Attempt!

Heads up everyone.  There is a nasty email circulating that invites you to click on a Google Docs link.  It will appear to be from someone you know and is a phishing attempt that can open up a whole bunch of trouble for you if you click on the enclosed link.  Please don't do that, just delete the email.

The payload of the email is that the deception will give the keys to your GMail account to the bad guy who sent you the email.  Remember it was a phishing attempt that DNC head John Podesta fell for leading to his email correspondence being leaked.

"The counter-measures Google described are likely to stop the spread of the phishing attack but, as one security expert points out, the attacker has already had time to harvest millions of email addresses via victims' Gmail contact lists.

It seems such scams targeting Google accounts are becoming more common in recent months. As my colleague Robert Hackett reported in January in the article Everyone is falling for this frighteningly effective Gmail scam, hackers (usually posing as a trusted contact) have been sending around booby-trapped documents that look like ordinary PDFs."

To read more please see the links below on Fortune's website.

A Massive Google Docs Phish Might Have Stolen A Load Of Gmail Accounts - UPDATED

https://www.forbes.com/sites/thomasbrewster/2017/05/03/massive-google-gmail-phish-many-victims/#1bbaa89b42a1

http://fortune.com/2017/05/03/google-docs-scam/


What to do (from the first article link)

"For anyone who remains concerned, there are steps they can take. First, it's possible to note the phishing attempt by just looking at the message. It'll typically say something like: "Mr. Attacker has invited you to view the following document." And the recipient will be in the BCC field. That's the first clue something phishy is going on, added to the fact that the only other visible email address in the to field is hhhhhhhhhhhhhhhh@mailinator[.]com, a temporary account on Mailinator.

Then, go to https://myaccount.google.com/permissions and revoke any permissions given to an app called Google Docs. This should prevent any problems, just in case Google hasn't managed to get rid of the app already.

And in the future, if you're not expecting a Google Doc and a link looks suspicious, don't click through before validating with the sender that it's legitimate.

There is, sadly, one big problem for victims who clicked through: the attacker could have automated their scam (likely, given how they carried out the illicit operation) and hoovered up all their Gmail already. In this case, there's not much to be done other than hope nothing sensitive was stolen or that proactive measures are being taken against those who perpetrated the hack."