As businesses have gotten wise to malicious e-mails that try to trick their employees into clicking on unfamiliar links in e-mails, cyber criminals have devised a new way to con people into opening up their networks a method called “BazarCall.”
Ransomware is a type of malicious software (malware) that blocks a user from accessing programs and data on a workstation or entire computer network until a ransom is paid to the criminals who installed the malware.
Cyber criminals typically install ransomware on networks by sending phishing e-mails (e-mails sent by someone impersonating a legitimate business) to users. The e-mails contain links that, if clicked on, give the criminal access to the user’s network.
Once access is gained, the ransomware is installed, the user’s network eventually grinds to a halt, and the user’s organization has to either pay the ransom or recreate its data.
The BazarCall threat
BazarCall has created a new threat to businesses. According to cyber insurance provider CFC, BazarCall is a new type of attack methodology, known as “telephone-oriented attack delivery” (TOAD). Here’s how it works:
- A cyber criminal sends a phishing e-mail with instructions that the recipient should call a certain phone number. The message typically refers to a subscription the recipient allegedly has.
- The recipient calls the number (supposedly a call center) and receives instructions to visit a specific website. For example, the e-mail may have advised the recipient to call the number if they no longer wish to continue the “subscription.” The “call center” directs them to a website that supposedly will enable them to cancel the subscription.
- The recipient, following instructions, visits the website. The site directs them to download a file, such as a Microsoft Excel file. Unbeknown to the recipient, the Excel file contains code that, once enabled, infects the computer with ransomware.
- From a public folder on the computer, the ransomware installs on the network and the cyber criminals are off to the races.
This method gets the initial e-mail past security screenings because it does not ask the recipient to click a link. The criminals have no need to penetrate the target’s network because the recipient does the work for them by downloading the file.
This is a relatively new method and many organizations have not warned their users about it. CFC found that this method was used in 10% of ransomware attacks in the spring of 2022.
What to do
To protect your network against BazarCall and other TOAD attacks:
- Keep antivirus and firewall firmware updated. This can help remove infections before they spread.
- Require remote users to use multi-factor authentication (MFA) for all connections to the network. MFA requires the user to input a second identifier in addition to their password in order to gain access. It presents an additional obstacle to cyber criminals.
- Make employees and other users aware of the new threat. Raising awareness may be the single most effective thing an organization can do, since most successful attacks result from human error.
Cyber criminals are relentless in their quest to find new ways to victimize people and organizations. The financial losses they cause are growing at astronomical rates. A continuing mix of technology and user training are the best ways to fight back.
BGES Group’s office, located in Larchmont, NY is a full service insurance agency offering, Property, Liability, Umbrella Liability, Business Auto, Bid & Performance Bonds, Inland Marine, Workers’ Compensation, Worker’s Compensation Premium Recovery, New York State Disability, Group Health, Life insurance, Personal lines and Identity Theft.
Special Contractor Insurance Programs (NY, NJ, CT) – We we have 60+ insurance companies to market your general liability, umbrella liability, business auto, workers compensation, bid & performance bonds and group health coverages. We help contractors set up proper risk transfer. If you’re a contractor we offer extensive information about insurance markets, coverages, risk transfer, subcontractor screening, ways to lower your insurance costs.
BGES Group are Worker’s Compensation Specialists for the States of New York, New Jersey and Connecticut – Issues we address: 1) Lowering pricing – we have specialty programs that can save you up to 40%; 2) Finding a new company; 3) Replacing policies that are being cancelled or non renewed; 4) Audit disputes; 5) Company creating fictitious payroll at audit time; 6) Lowering high experience modifications factors; 7) Misclassification of payrolls; 8) Lowering or eliminating renewal deposits; 9) Getting coverage when you’ve been without for a few months; 10) Covering multiple states under one policy; 11) Eliminating 10% service or policy fees; 12) Timely issuance of certificates; 13) Always being able to get someone on the phone or by email when you need to.
Company: BGES Group, 216A Larchmont Acres West, Larchmont, NY 10538
© – Copyright – 2022 – BGES Group