Simply Cyber Newsletter #95

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your end users, peers, and executives. Support weekly security awareness with Simply Cyber Newsletter!

FOR END USERS

Quishing threat targets European electric car owners. “Quishing” is a phishing attack where scammers use fake QR codes to steal personal information or trick you into downloading malware. Recently, this scam has been targeting electric car charging stations, where fraudsters place counterfeit QR codes over legitimate ones. When users scan the fake code, they are redirected to a fraudulent website and asked to enter sensitive information, such as credit card details.

What you need to know: T"This is an example email that you can send to your end users or revise as a post on social media. Add some visual examples of QR codes being placed over others, just like the article shows.

Subject: Beware of QR Code Phishing Scams (Quishing)

Team,

As part of our commitment in keeping you informed about the latest cyber threats, I want to raise awareness about QR code phishing—also known as “quishing.” QR codes are used everywhere today - from parking meters, restaurants, kiosks, commercials, and more.

As QR codes become more common in both work and personal settings, scammers are finding new ways to exploit them, tricking people into scanning fake QR codes leading to malicious websites. Whether it’s a restaurant menu, a parking meter, or an email in your inbox, it’s critical to remain vigilant.

Below are some best practices to keep in mind before interacting with QR codes:

1. Always check the URL: After scanning a QR code, make sure the website address starts with ""https"" - this indicates a secure connection. This is especially important when entering personal or financial information. Also, watch for subtle signs of a scam, like misspellings or unusual domain names.

2. Search the company website directly: Before entering any personal or financial information, it’s a good idea to search for the company’s official website through a browser. This allows you to check and validate the URL that appears after scanning the QR code. How can you know, if you don't know?

3. Use more secure options: When available, use safer payment or login methods, such as company apps or direct browser links, rather than relying on QR codes.

4. Report suspicious QR codes: If a QR code looks like it’s been tampered with, such as a sticker placed over the original, avoid scanning it and report it.

By keeping these precautions in mind, you can protect yourself from falling victim to QR code phishing scams (quishing).

Something to consider: You’re at a conference, and someone hands you a flyer with a QR code for a giveaway. Do you scan it?

[Signature Block]

FOR PEERS

Mustang Panda exploits Visual Studio Code in new espionage campaign. A China-linked APT group, Mustang Panda, is leveraging Visual Studio Code's reverse shell capabilities in a new espionage campaign targeting government entities in Southeast Asia. This technique, first shown in September 2023, allows attackers to remotely execute code and exfiltrate data by abusing Visual Studio Code's environment.

What you need to know: Mustang Panda’s exploitation of Visual Studio Code to launch attacks targeting government entities should serve as a wake-up call for developers, engineers, and power users. This relatively new technique, which leverages reverse shell capabilities in Visual Studio Code, shows how attackers are adapting their methods to use common development tools for malicious purposes. Whether you’re using Visual Studio Code for work or as a hobby, it's critical to recognize the risks. Start conversations with your peers about securing these environments, monitor for suspicious activity, and implement best practices like minimizing unnecessary extensions and regularly updating software.

In addition to tightening security, regular code reviews and peer audits should be encouraged to catch any unusual configurations or suspicious behaviors early. Prioritize integrating security tools that flag unexpected network connections or command executions within your development environments.

FOR EXECUTIVES

Business Email Compromise has cost $55bn in ten years. The FBI has warned organizations to stay vigilant against Business Email Compromise (BEC) schemes, which have resulted in global losses of over $55.5 billion since 2013. BEC involves tricking individuals into transferring funds to cybercriminals posing as trusted entities, such as suppliers or senior executives. The FBI has offered key guidance to reduce the risk of BEC incidents, urging immediate action for potential victims.

What you need to know: It is crucial to address the growing threat of Business Email Compromise (BEC) with proactive steps that involve every department. As security professionals, we need to engage business leaders to implement a clear process for verifying any changes to payment information—specifically, requiring a direct phone call to the vendor or supplier for confirmation. In addition, you must emphasize the importance of training and awareness for all employees, helping them recognize BEC attempts and understand how to report suspicious activities. Encouraging a company-wide awareness program ensures that every team member knows how to spot and report potential threats, safeguarding both your financial resources and the reputation of your business.

Lastly, review your cybersecurity insurance policy and make sure that Business Email Compromise is covered, and if it is, make sure that you're doing the things that need to be addressed to ensure that you remain covered within your policy.

Stay current on trending topics, tips, events and resources in cybersecurity, connect with me on socials for new content, every day.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Thank you so much and see you again next Monday!

Have a great week, #TeamSC!

Gerry

SIMPLY CYBER CON

Simply Cyber Con is Coming This November!

When & Where: Friday, November 1 - Charleston, SC

Simply Cyber Con is now a hybrid event, available to attend IN-PERSON in Charleston, South Carolina, or VIRTUAL.

Speakers are presenting in-person on location in Charleston, SC, and will be streamed for virtual attendees. Register to attend in-person or remote now at simplycybercon.org.

DAILY CYBER THREAT BRIEF SIMPLY CYBER

Catch the most popular weekday cyber threat news analysis live stream around and meet the most supportive community ever. #TeamSC

Join us on the Daily Cyber Threat Brief, available on YouTube, LinkedIn, and your favorite podcast platform. Click the links below to favorite on your devices.

CAREER TRAINING FROM SIMPLY CYBER ACADEMY

Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class and Cyber 101 courses are below. Plus, a new course was just released, check it out! Visit academy.simplycyber.io to learn more.