PHISH & TELL 018

👋 WELCOME to Phish & Tell™️, from Security Done Easy™️

🎣 TOP CYBERSECURITY NEWS STORIES OF THE WEEK

Top stories of the week, how they are relevant to you, and what to do about them.

1. Chatbot‑powered attacks automate extortion

   Source: The Hacker News, Anthropic Disrupts AI-Powered Cyberattacks Automating Theft and Extortion Across Critical Sectors

   Anthropic, a technology company, said a hacker used its chatbot to break into networks and steal data from at least 17 organizations. The attacker ran the chatbot on a laptop to look for weaknesses, gather passwords and decide which files to take. The tool even chose how much money to demand by analyzing the victim’s finances. Anthropic has since created tools to spot and block this kind of misuse.
   Why it matters: Smart chatbots can now carry out tasks that once required a team of hackers. They can plan attacks, steal data and set ransom amounts without much human guidance.
   What to do: Keep an eye out for strange scans or logins. Protect sensitive files with strong passwords. Use a second step when logging in (like a code sent to your phone) to keep criminals from reusing stolen passwords.

2. Ransomware gang targets online storage and deletes backups
   Source: The Record, Microsoft warns of ransomware gang shifting to steal cloud data, lock companies out of systems

   Microsoft warns that a ransomware group has shifted from locking up computers to stealing data stored online and destroying the backups. In a recent attack, the gang broke in by finding an account that didn’t use multifactor authentication. They then stole sensitive information, destroyed backups, and tried to lock the victim’s files so they couldn’t be recovered. Microsoft says the criminals often reach out through Microsoft Teams to demand payment.
   Why it matters: Many businesses rely on online storage. If criminals gain admin access and erase backups, they can shut down your business and demand payment to release your own data.
   What to do: Turn on two‑step verification for all accounts, especially any with admin privileges. Test that you can restore backups from copies that aren’t connected to the internet or that can’t be changed. Limit who is allowed to create or delete backups and watch for strange activity in your online accounts.

3. Fake confidentiality agreements deliver malware via “Contact Us” forms
   Source: The Record, Hackers use fake NDAs to deliver malware to US manufacturers

   Check Point researchers report that hackers are targeting U.S. industrial and tech firms by abusing website contact forms. They pose as potential partners, maintain conversation for up to two weeks and eventually send a ZIP file containing malware. The attackers use legitimate‑sounding domains (some registered as early as 2015) to bypass security filters.
   Why it matters: This patient, tailored approach can trick busy small‑business owners into downloading malware. It shows that threat actors are willing to invest time to gain trust through legitimate‑looking communications.
   What to do: Treat unsolicited NDA or contract requests with caution. Don’t download or open ZIP archives from unknown contacts, even if the conversation seems professional. Implement a process for vetting new business inquiries and use email and file‑scanning tools to check attachments.

4. Survey: smart‑tool cyber threats surge, but training lags
   Source: Morningstar, Cyber Attack Surge, 73% of Businesses Hit

   A survey of 406 U.S. small‑business owners by Clutch found that 73% of businesses have experienced a cyber incident, with 75% of those occurring in the past year. Despite this, employee training remains underfunded even though human error is a leading cause of breaches. Among businesses with fewer than 200 employees, 58% reported being attacked yet 13% still believe they aren’t vulnerable.
   Why it matters: Many women‑owned small businesses lack dedicated IT teams. The survey shows that cyber incidents are the norm, not the exception, and that misperceptions about risk persist.
   What to do: Don’t just buy tools – spend time teaching your staff how to spot fake emails and phone calls. Never assume your business is too small to be a target. Let employees know they should speak up if they see something odd, and if you don’t have an in‑house IT team, think about hiring an outside company to help watch over your systems.

5. Patch alert – update Apple devices, Linksys extenders and Chrome browsers
   Source: Check Point Research, 25th August – Threat Intelligence Report

   Researchers highlighted serious security holes discovered in three widely used products:

   • Apple devices: A flaw in the way iPhones, iPads and Macs handle image files could let an attacker take control just by sending a malicious picture. Apple released fixes on Aug 20.

   • Linksys extenders: Certain Linksys RE‑series Wi‑Fi range extenders have a software bug that could allow hackers to take over the device from afar.

   • Google Chrome: Google found a bug in its Chrome browser that could let a harmful webpage run programs on your computer.

   Why it matters: Phones, internet routers and web browsers are everyday tools for business. When criminals can break in just by sending a picture or tricking you into visiting a website, they can spy on your work or use your device as a stepping stone to other systems. Many home office routers and personal devices don’t get updated promptly, making them a weak link.
   What to do: Install the latest updates on your iPhone, iPad and Mac as soon as possible, and set your devices to update automatically. If you own a Linksys RE‑series extender, check the manufacturer’s website for a firmware update or consider replacing it if none is available. Update Chrome (or any Chrome‑based browser) and enable auto‑updates. Remind everyone in your company to apply updates promptly on all their devices.

Not sure what applies to your business or what your options are? Let’s talk.

🔍 In Case You Missed It (ICYMI)

I guess I should say in case I missed it this time — I missed last week’s newsletter. End of week exhaustion got me.

• This week’s blog post: Zero Trust vs. Zero Day: What Small Businesses Really Need to Know »  

• Last week’s blog post: Cybersecurity Without the Fear Factor: How Trauma-Informed Practices Keep You Safe and Empowered »

• We have a free 3-page PDF resource: How to Identify and Avoid Scams: A Simple Guide »

• Follow us on LinkedIn, Facebook or Instagram. Youtube is in the works (subscribe to get notified when I finally start getting these videos out there!)

🤖 The LOL-gorithm

🧷 THE SAFETY SNAP

Your Phone Knows Where You Sleep – Here’s How to Stop Oversharing 📍

Smartphones constantly collect location data. The NSA warns that mobile devices “store and share device geolocation data by design”, revealing daily routines and sensitive movements. Attackers can use this data to profile you or your family.

✅ Instead:
• Give apps as few permissions as possible: set location settings to “Never” or “While Using”.
• Reset or disable your advertising ID regularly to reduce ad tracking. Apple’s “Ask App Not to Track” and Android’s option to delete the advertising ID stop apps from tracking you across services.
• Review app permissions often. The NSA notes that many apps request location access they don’t need. Disable permissions for anything that causes concern and avoid posting real‑time location updates on social media.

Tip: Location risks aren’t limited to phones. Fitness trackers, smart watches, medical devices and connected cars can all expose location data. Be mindful of what you share.

💬 A PERSONAL NOTE

“I still managed to carve out time for a morning run and a dinner with my girlfriends. Those little resets are everything.”

Sounds sincere, right? I asked an AI app to find the ten most relevant articles for the newsletter so I could review and choose from them, and gave it a link to my last issue as an example. AI thought it would help me by writing my personal note, too. This was pure hallucination, and that is why I check everything I request of AI. I do not run. lol

What’s really happening is that my kids have been in school for a week and two already have Covid. :-/ From two different schools, not even from each other. My other two and I are crossing our fingers and holding our breath that we don’t get it next ;-)

👂 TELL ME

Are you finding this newsletter helpful? Do you have questions or topics you’d like me to cover? Let me know :-) [email protected]

You’re subscribed to Phish & Tell™️ because your business is worth protecting.

🩷