News

As election season approaches, the importance of safeguarding our democratic processes has never been more critical. Ensuring election security is not just the responsibility of government bodies but also of every individual voter. This blog post aims to provide valuable insights and practical tips for consumers to protect their votes and understand the mechanisms in place to secure elections.

Understanding Election Security

Election security encompasses a broad range of practices designed to ensure the integrity, confidentiality, and accessibility of the voting process. This includes safeguarding against cyber threats, ensuring the accuracy of voter registration databases, protecting the physical security of voting equipment, and maintaining transparency in the vote counting process. As voters, being aware of these elements helps us appreciate the complexity and importance of secure elections.

Tips for All Voters

1. Verify Your Voter Registration

One of the first steps to secure your vote is to ensure that you are registered correctly. Check your voter registration status well in advance of the election day through your local election office or official state website. This helps to avoid any last-minute issues and ensures your eligibility to vote.

2. Be Wary of Misinformation

Misinformation can spread rapidly, especially during election periods. Rely on official sources for information about polling locations, voting procedures, and deadlines. Avoid sharing unverified information on social media and report any suspicious content to the relevant authorities.

3. Use Trusted Voting Methods

Whether you are voting in person or by mail, make sure to follow the recommended procedures. If voting by mail, request your ballot from a verified source and return it through secure methods such as official drop boxes or by mail with sufficient time to ensure it is received before the deadline.

4. Protect Your Personal Information

Scammers often target voters to steal personal information. Be cautious of unsolicited phone calls, emails, or texts asking for your personal details. Official election offices will not request sensitive information such as your Social Security number via these methods.

5. Report Irregularities

If you notice anything unusual at your polling place or have concerns about the voting process, report it immediately to election officials. This includes any signs of tampering with voting machines, suspicious behavior, or attempts to intimidate voters.

Special Tips for First-Time Voters

1. Understand the Voting Process

Familiarize yourself with the voting process in your area. This includes knowing your polling location, understanding what identification is required, and learning about the different ways you can cast your vote. Many states provide detailed guides and resources for first-time voters.

2. Plan Ahead

Plan your voting day in advance. Decide whether you will vote in person or by mail, and make sure you have all necessary documentation ready. If you are voting in person, consider going during off-peak hours to avoid long lines.

3. Educate Yourself on the Candidates and Issues

Before you head to the polls, research the candidates and issues on the ballot. This will help you make informed decisions and feel more confident in your choices.

4. Seek Assistance if Needed

Don’t hesitate to ask for help if you need it. Election officials and poll workers are there to assist you. Additionally, many organizations offer support for first-time voters, including transportation to polling places and information hotlines.

Other Tips for Ensuring a Secure Election Experience

Stay Informed About Security Measures

Understand the security measures your state has implemented to protect the election process. This might include the use of paper ballots, post-election audits, and cybersecurity protocols. Being aware of these measures can increase your confidence in the election’s integrity.

Participate in Early Voting

If your state offers early voting, take advantage of it. Early voting can reduce the stress of long lines and crowded polling places on election day, making the process smoother and more secure.

Encourage Civic Engagement

Encourage friends and family to vote and educate them about election security. A well-informed electorate is a key component of a secure and fair election.

Stay Updated on Election News

Keep up with reputable news sources to stay informed about any potential security threats or changes in the voting process. This will help you stay prepared and responsive to any issues that might arise.

By following these tips and staying vigilant, every voter can contribute to a secure and fair election process. Remember, your vote is your voice, and protecting it is essential for the health of our democracy. Happy voting!

The post What You Need to Know About Election Security appeared first on McAfee Blog.

The operation targeted several significant malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader and Bumblebee

The cyber-attack, which occurred in December 2023, forced First American to shut down some systems

A global law enforcement operation has disrupted the 911 S5 botnet, a global network of compromised devices used to facilitate criminal activity

1Password’s Steve Won discusses why modern security solutions, such as passkeys, can substantially reduce the risk of credential-based attacks

The new flexible, interactive custom dashboard experience uses actionable data to optimize user operations and workflows.

No word on how this backdoor was installed:

A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack.

The software, known as the JAVS Viewer 8, is a component of the JAVS Suite 8, an application package courtrooms use to record, play back, and manage audio and video from proceedings. Its maker, Louisville, Kentucky-based Justice AV Solutions, says its products are used in more than 10,000 courtrooms throughout the US and 11 other countries. The company has been in business for 35 years.

It’s software used by courts; we can imagine all sort of actors who want to backdoor it.

As the name implies, spear phishing attacks are highly targeted scams. They often occur in professional settings, where the scammers go after one “big phish,” such as a ranking employee with access to finances or data. From there, the scammers employ social engineering (aka manipulation) to trick the target into transferring funds to them or giving them access to sensitive company systems. Sometimes, it’s a mix of both.

Some of the most striking examples of spear phishing attacks come from the Shamoon2 attacks seen in Saudi Arabia back in 2016. Successive waves of attacks ultimately infected machines with malware and destroyed systems.

So, how did this specific spear phishing attack work, exactly? Cybercriminals targeted specific organizations in Saudi Arabia with emails that included malicious attachments in them. Then, when victims clicked and opened the attachment, they were infected, valuable company data was taken and systems were quickly wiped.

Spear phishing has been around for quite some time yet remains as effective as ever. Spear phishing’s success is based on familiarity. Usually, cybercriminals pretend to be an organization or individual that you know and include a piece of content—a link, an email attachment, etc.—that they know you’ll want to interact with.

For example, cybercriminals have taken advantage of tragedies in the headlines and used targeted emails claiming to be a charitable organization asking for donations. In the case of Shamoon2, the attackers lured in victims with a tempting email attachment sent from organizations the victims were likely to trust. But instead of giving to their charity of choice, or opening a seemingly harmless workplace attachment, victims then self-infect their systems with malware.

Moreover, we have seen spear phishing attacks take on an entirely new form with the advent of AI deepfakes. Now, instead of reaching out to victims via email, sophisticated scammers create deepfakes that pose as employees on video calls. All in real-time. Such was the case in Hong Kong in February 2024 where a host of deepfakes pressured a company’s finance officer into transferring $25 million to the scammers running the deepfakes.[i]

Moral of the story: spear phishing (and regular phishing) attacks can be tricky. However, fear not, there’s a lot you can do to stay on top of this threat.

For starters:

Go straight to the source.

Spear phishing attacks can be easily deceiving. In fact, cybercriminals have been able to impersonate known, credible charities or an employer’s business partners and customers. So, if you receive an email from an organization asking for donations or a partner asking you to open a file you didn’t request, a good rule of thumb is to go directly to the organization through a communications channel other than email. Go to the company’s site and do more research from there. That way, you can ensure you’re gaining accurate information and can interact with the right people, rather than cyber-attackers.

Always check for legitimacy first. Spear phishing emails rely on you—they want you to click a link, or open an attachment. But before you do anything, you always need to check an email’s content for legitimacy. Hover over a link and see if it’s going to a reliable URL. Or, if you’re unsure about an email’s content or the source it came from, do a quick Google search and look for other instances of this campaign, and what those instances could tell you about the email’s legitimacy.

Fraudsters do their research — keep your guard up.

Fraudsters select their victims carefully in these targeted attacks. They hunt down employees with access to info and funds and then do their research on them. Using public records, data broker sites, “people finder” sites, and info from social media, fraudsters collect intel on their marks. Armed with that, they can pepper their conversations with references that sound more informed, more personal, and thus more convincing. Just because what’s being said feels or sounds somewhat familiar doesn’t always mean it’s coming from a trustworthy source.

Clean up your online presence.

With that, employees can reduce the amount of personal info others can find online. Features like McAfee Personal Data Cleanup can help remove personal info from some of the riskiest data broker sites out there. I also keep tabs on those sites if more personal info appears on them later. Additionally, employees can set their social media profiles to private by limiting access to “friends and family only,” which denies fraudsters another avenue of info gathering. Using our Social Privacy Manager can make that even easier. With just a few clicks, it can adjust more than 100 privacy settings across their social media accounts — making them more private as a result.

[i] https://metro.co.uk/2024/02/05/horrifying-deepfake-tricks-employee-giving-away-20-million-20225490/

The post How to Protect Yourself From a Spear Phishing Scam appeared first on McAfee Blog.

Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed “the largest ever operation against botnets,” the international effort is being billed as the opening salvo in an ongoing campaign targeting advanced malware “droppers” or “loaders” like IcedID, Smokeloader and Trickbot.

Operation Endgame targets the cybercrime ecosystem supporting droppers/loaders, slang terms used to describe tiny, custom-made programs designed to surreptitiously install malware onto a target system. Droppers are typically used in the initial stages of a breach, and they allow cybercriminals to bypass security measures and deploy additional harmful programs, including viruses, ransomware, or spyware.

Droppers like IcedID are most often deployed through email attachments, hacked websites, or bundled with legitimate software. For example, cybercriminals have long used paid ads on Google to trick people into installing malware disguised as popular free software, such as Microsoft Teams, Adobe Reader and Discord. In those cases, the dropper is the hidden component bundled with the legitimate software that quietly loads malware onto the user’s system.

Droppers remain such a critical, human-intensive component of nearly all major cybercrime enterprises that the most popular have turned into full-fledged cybercrime services of their own. By targeting the individuals who develop and maintain dropper services and their supporting infrastructure, authorities are hoping to disrupt multiple cybercriminal operations simultaneously.

According to a statement from the European police agency Europol, between May 27 and May 29, 2024 authorities arrested four suspects (one in Armenia and three in Ukraine), and disrupted or took down more than 100 Internet servers in Bulgaria, Canada, Germany, Lithuania, the Netherlands, Romania, Switzerland, the United Kingdom, United States and Ukraine. Authorities say they also seized more than 2,000 domain names that supported dropper infrastructure online.

In addition, Europol released information on eight fugitives suspected of involvement in dropper services and who are wanted by Germany; their names and photos were added to Europol’s “Most Wanted” list on 30 May 2024.

“It has been discovered through the investigations so far that one of the main suspects has earned at least EUR 69 million in cryptocurrency by renting out criminal infrastructure sites to deploy ransomware,” Europol wrote. “The suspect’s transactions are constantly being monitored and legal permission to seize these assets upon future actions has already been obtained.”

There have been numerous such coordinated malware takedown efforts in the past, and yet often the substantial amount of coordination required between law enforcement agencies and cybersecurity firms involved is not sustained after the initial disruption and/or arrests.

But a new website erected to detail today’s action — operation-endgame.com — makes the case that this time is different, and that more takedowns and arrests are coming. “Operation Endgame does not end today,” the site promises. “New actions will be announced on this website.”

Perhaps in recognition that many of today’s top cybercriminals reside in countries that are effectively beyond the reach of international law enforcement, actions like Operation Endgame seem increasingly focused on mind games — i.e., trolling the hackers.

Writing in this month’s issue of Wired, Matt Burgess makes the case that Western law enforcement officials have turned to psychological measures as an added way to slow down Russian hackers and cut to the heart of the sweeping cybercrime ecosystem.

“These nascent psyops include efforts to erode the limited trust the criminals have in each other, driving subtle wedges between fragile hacker egos, and sending offenders personalized messages showing they’re being watched,” Burgess wrote.

When authorities in the U.S. and U.K. announced in February 2024 that they’d infiltrated and seized the infrastructure used by the infamous LockBit ransomware gang, they borrowed the existing design of LockBit’s victim shaming website to link instead to press releases about the takedown, and included a countdown timer that was eventually replaced with the personal details of LockBit’s alleged leader.

The Operation Endgame website also includes a countdown timer, which serves to tease the release of several animated videos that mimic the same sort of flashy, short advertisements that established cybercriminals often produce to promote their services online. At least two of the videos include a substantial amount of text written in Russian.

The coordinated takedown comes on the heels of another law enforcement action this week against what the director of the FBI called “likely the world’s largest botnet ever.” On Wednesday U.S. Department of Justice (DOJ) announced the arrest of YunHe Wang, the alleged operator of the ten-year-old online anonymity service 911 S5. The government also seized 911 S5’s domains and online infrastructure, which allegedly turned computers running various “free VPN” products into Internet traffic relays that facilitated billions of dollars in online fraud and cybercrime.

Proofpoint discovered over 125,000 emails linked to this scam cluster in the past year