Stay Secure on Spring Break!

On March 15th, 2018, posted in: Hackers by konweb

Spring break is in the air. In March millions of people (perhaps you?) will be taking to the road and sky to beat the cold and have some fun. Unfortunately the always present cyber-criminal element is also aware of this annual migration and ready to take full advantage of it.

Don’t Let Your Guard Down

As NBC reports, it is all too easy for hackers to set up fake wifi networks that will allow them to siphon off passwords, credit cards and other personal information from unsuspecting vacationers.


The Takeaway? Have fun, enjoy the warmth but think twice before you connect to a public WiFi network unless you have verified its trust.

read more

W-2 Fraud on the Rise Says FBI

On March 6th, 2018, posted in: spearphishing by konweb

Oh the joys of tax season! Nothing warms the heart quite like sending off checks to the IRS. Of course, before you can file your taxes you’ll need to get your W-2. And your friendly cybercriminal knows this and is more than happy to take advantage of your trust and expectations of communications about W-2 forms.

Batavia Fell Victim

You may recall that on February 6th we reported that the city of Batavia, IL fell victim to exactly this sort of scam. Well last week the FBI released Alert I-022118-PSA on the very same subject. It’s too bad that this report comes too late to help our friends in Batavia, but it will hopefully help others.

From the IRS:

Beginning in January 2017, IRS’s Online Fraud Detection & Prevention (OFDP), which monitors for suspected IRS-related phishing emails, observed an increase in reports of compromised or spoofed emails requesting W-2 information. Sometimes these requests were followed by or combined with a request for an unauthorized wire transfer.

The most popular method remains impersonating an executive, either through a compromised or spoofed email in order to obtain W-2 information from a Human Resource (HR) professional within the same organization.

Individual taxpayers may also be the targeted, but criminals have evolved their tactics to focus on mass data thefts.

If you or your organization suspects that it may have been compromised by a phishing scam of this type here is what you should do.


If notified quickly after the loss, the IRS may be able to take steps that help protect your employees from tax-related identity theft. To contact the IRS about a W-2 loss, email IRS at and provide the information listed below so the IRS can contact you. In the subject line, type “W-2 Data Loss” so that the email can be routed properly. Do not attach any employee personally identifiable information (PII) data.

Provide the following information in your email:

  • Business name
  • Business employer identification number (EIN) associated with the data loss
  • Contact name
  • Contact phone number
  • Summary of how the data loss occurred
  • Volume of employees impacted

Note: The IRS doesn’t initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. Any contact from the IRS will be in response to a contact initiated by you. Criminals, when they learn of a new IRS process, often create false IRS web sites and IRS impersonation emails.

How Konsultek Can Help

Spearphishing attacks are just one of many different types of security issues that we help clients with every day. As the unfortunate incident in Batavia shows, even organizations with just a few hundred employees can make attractive targets for scammers. Don’t fall victim. We’re here to help. Just call us and we’ll be happy to discuss your unique situation.


read more

Cisco’s Annual Cyber Security Report was released today and as always it is filled with interesting insights about both sides of the cyber security battle.

Insights into Hackers and Attackers

1. Adversaries are taking malware to unprecedented levels of sophistication and impact.

Malware, especially self-propogating “worm” malware such as WannaCry and Petya played a pivotal role in some of the biggest attacks and infections of 2017.

2. Adversaries are becoming more adept at evasion— and weaponizing cloud services and other technology used for legitimate purposes.

One trend is the use of encryption by hackers to protect themselves from detection, especially C2 types of activities.

3. Adversaries are exploiting undefended gaps in security, many of which stem from the expanding Internet of Things (IoT) and use of cloud services.

Defenders are deploying IoT devices at a rapid pace but often pay scant attention to the security of these systems.

Insights into Security Defenders

1. Budgets are perceived to be relatively stable, growing and appropriate.

2. Breaches appear to be the biggest driver of future investments and improvements in technology and process.

3. The use of outsourcing is growing as a means of dealing with security threats, especially in the areas of monitoring and incident response.

Konsultek’s Take

Cisco’s report is well written, easy to read and full of valuable insights. Many of these insights such as the growing reliance on outsourcing correlate closely with our own findings. As a pioneer in outsourced security solutions we too have seen strong growth in both the variety and volume of services our clients outsource to us.

Managed services are a cost effective way to improve security efficacy as well as scale security solutions in a growing organization. If either of these are of interest to you and your organization please give us a call to set up an introductory meeting.


read more

You could say that Mordechai Guri, director of the Cybersecurity Research Center at Israel’s Ben Gurion University, is obsessed with the “air gap”. His obsession, as described in depth in a fascinating article has resulted in some of the most arcane ways to beat the “air gap” ever devised.

Connectivity Beyond Wires and WiFi

One of the best ways to secure sensitive data is to have it stored on machines that are isolated from the network and Internet by both wire and WiFi, or so called “air gapped”. Makes sense, right? If your machine is not connected to the outside world it should be impossible to breach from the outside world.

Want to take your security a step further? Place your machine in a secured metal clad room or Faraday pouch to prevent the transmission of electrical signals.

Still Not Enough

What Mordechai has proven is that a hacker who is determined and skilled enough can overcome virtually any isolation if given enough time and resources.

Here is a list of some of his most creative ways to extract data to date:

  • Altering the noise the machine’s internal fan generates
  • by changing air temperatures in patterns that the receiving computer can detect with thermal sensors
  • by blinking out a stream of information from a computer hard drive LED to the camera on a quadcopter drone hovering outside a nearby window.

And a Couple of Videos Showing the Techniques in Action


The Saving Grace

The one saving grace and defense to most of these techniques is that they rely upon the system having been previously compromised with malware. The malware itself would likely have been injected via a corrupted USB drive – think Stuxnet. Still, fascinating research and a great reminder that the concepts of security need to constantly be challenged.



read more

Just to prove the point that no organization is too small for hackers to target, Batavia Illinois was hit with a spearphishing campaign last week.

According to the phishing attack affects several hundred employees, councilman and others receiving W-2 forms from the city of Batavia.

Classic Spearphishing

We’ve reported similar scams here in the past. The scammers leverage the trust and authority of an organization’s executive member to request sensitive information. In the case of Batavia the “executive” apparently requested that a file or files containing W-2 information be emailed to him. This has resulted in names, social security numbers, addresses and earnings being transferred to the scammers.

Wait, We’re Not Done Yet

While it is unclear whether Batavia also fell victim to a second ancillary wire transfer scam, according to the IRS more than one organization has been hit with a 1-2 punch this tax season. The second part of the scam is for an “executive” to request a wire transfer of funds, typically from the comptroller or someone in payroll.

Question Anything That Looks or Smells Phishy

Spearphishing works so well because the of the leveraged executive authority and because the request often seems totally reasonable and topical. Now of course is the heart of tax season and so it is perfectly reasonable for certain executives to be requesting tax related information. It is therefore incumbent for for organizations to train their employees to review all such requests closely to make sure they are real. A quick phone call is often all it takes to confirm the validity of a request and executives should laud the employee who makes that call rather than rebuke her.

The IRS has developed a whole educational series on the subject called Don’t take the Bait that could be used by any organization to raise awareness and begin to develop a culture of security.

How Konsultek Can Help

Spearphishing attacks are just one of many different types of security issues that we help clients with every day. As this attack shows, even organization with just a few hundred employees can make attractive targets for scammers. Don’t fall victim. We’re here to help. Just call us and we’ll be happy to discuss your unique situation.


read more