Friday the 13th falls on a Friday this month. Should you exercise even more cybersecurity awareness? I suggest no less than any other day. Hackers are just as likely to prey on superstitious beliefs as any other.
This week the there is a chance for a remote worker or digital nomad to strike it big, in exchange for useful information. The US Department of State is offering up to a $10,000,000 award leading to the arrest of key leadings of the Conti ransomware variant transnational organized crime group.
The Conti group perpetrated hundreds of ransomware instances internationally in recent years. If you know the wrong kind of people, you can see your way to a lifetime of digital nomadic freedom with the offered reward.
Jester Stealer
Email Phishing
Jester Stealer is a purchasable hacking malware tool, currently leveraged by Russian nation-state threat actors, among others. Malware is delivered in an email attached Excel file which downloads a malicious executable if Excel macros are enabled.
European travelers especially should be cautious opening emails with subject lines related to the Ukrainian conflict like “chemical attack”, “Кібератака” (meaning cyberattack in Ukrainian), or appearing to come from the Computer Emergency Response Team of Ukraine (CERT-UA).
It is worth repeating to say we users are our own worst enemy by manipulation through social engineering tricks. Stay vigilant.
Living on the road means having ready access to important documentation, often digitally. Loss to ransomware while abroad is devastating. Protect your important digital information with encrypted backups in one or more cloud offerings.
Recommendations and References:
Exercise caution with email attachments and verify senders. Have dependable, encrypted, online backups.
A Social Engineering White Paper
[White Paper] Social Engineering: What You Need to Know to Stay Resilient (thehackernews.com)
The Hacker News article is a good summary of a social engineering attack pattern. Pattern awareness is helpful in reducing susceptibility to being duped.
As an independent self-employed digital nomad, you may not see yourself as being in a targeted group. While threat actors often target specific companies and their employees, service consumers are also frequently targeted. Emails and fake websites disguised as legitimate services prey on individual consumers.
Recommendations and References:
Know the web addresses for your services like financial institutions. Enable multi-factor authentication (MFA), and do not share MFA codes you receive with others. Be as cautious of texts as you are with email.