Latest articles

Introduction

Toyota Finance Services (TFS), a subsidiary of the well-known automaker, has confirmed that they were hit with a ransomware attack. TFS detected unauthorized access to some of its systems in Africa and Europe after cybercriminals claimed an attack on the company. The cybercriminals, also known as the Medusa ransomware gang, claims responsibility for the attack.  

Summary Of the Incident

The Medusa ransomware gang had listed ‘Toyota Financial Services’ to its data leak site on the dark web and demanded a ransom payment of $8,000,000 to delete allegedly stolen data. The cybercriminals published sample data that included financial documents, hashed account passwords, passport scans, etc. to prove the intrusion. As of right now, the incident is limited to Toyota Financial Services Africa & Europe. A spokesperson announced that the process of bringing their systems back online is already underway.  

How to Stay Safe

1. Reset All Passwords – If you are reusing passwords across different websites, reset those passwords and employ hard-to-guess, complex passwords on those websites.  
2. Password Manager – To keep track of your complicated passwords, think about investing in a password manager. Password managers, like 1Password, place a secret key on your password manager to add a unique extra layer of security.  

How Richter Guardian can help you

Richter Guardian can help you determine if some of your user accounts were involved in a previous breach:

• Our platform can determine compromised credentials through comprehensive dark web monitoring.

• Call us or send us an email at: +1 844-908-3950 and support@www.richterguardian.com if you are unsure about a situation.  

INTRODUCTION

AI-powered tools are now integrated into various platforms, from office software and operating systems to image editors and chat applications. But how can you use ChatGPT, Gemini, DeepSeek, and other AI-powered tools without compromising your digital security?

AVOID SHARING SENSITIVE INFORMATION WITH AI CHATBOTS

OpenAI’s privacy policy indicates that user data may be utilized to enhance AI performance. When using services like ChatGPT, Sora, or Operator, your interactions could be used to train AI models.

According to a study done by Harmonic Security, 8.5% of prompts contained sensitive information.

Never input sensitive personal information such as passwords, passport or banking details, addresses, phone numbers, names, or any confidential business data. If necessary, replace sensitive details with placeholders like asterisks or “REDACTED.”

For professionals, especially software engineers leveraging AI for code review, it’s crucial to strip out any information that could reveal company secrets and/or application structure.

Everything shared with an AI chatbot has the potential to be stored and analyzed.

FREE AI SERVICES COME WITH HIGHER RISKS

Many free-tier AI tools explicitly state that they train on user data. Organizations using AI should consider investing in paid AI services like ChatGPT Enterprise, which ensures that user inputs and outputs are not utilized for training purposes.

Experts recommend paid plans as a more secure option for businesses looking to mitigate risks.

BEST PRACTICES FOR SAFE AI USE IN THE WORKPLACE

For businesses looking to integrate generative AI tools while minimizing security risks, Harmonic Security suggests shifting away from outright bans and instead implementing effective AI governance strategies. These include:

• Establishing clear AI usage policies and enforcing workflows.
• Monitoring AI tool usage in real time to track inputs and ensure compliance.
• Restricting the use of free AI tools that train on input.
• Classifying sensitive data to prevent exposure.
• Educating employees on responsible AI use and associated risks.

HOW CAN RICHTER GUARDIAN HELP YOU?

Richter Guardian can provide solutions to enhance your cyber hygiene, reducing the risk of data breaches and security threats when using AI tools. By following our recommended practices, individuals and organizations can leverage AI safely while protecting their sensitive data.

Introduction

A recent article published by CBC news highlighted a concerning scam that involved the Bank of Montreal (BMO). The scam managed to exploit vulnerabilities associated with the two-factor authentication (2FA) system of the bank. This advisory aims to provide an overview of the issue, its implications, and recommendations.

Summary of the Incident

The scam primarily targeted customers with lines of credit. Perpetrators pose as bank employees and use a combination of phishing techniques and flaws in the 2FA process to gain unauthorized access to customers’ accounts, subsequently making unauthorized transactions.

Implications

1. The trustworthiness of 2FA is at stake. Customers generally perceive 2FA as a robust security measure, but this incident underscores potential vulnerabilities.
2. The scam demonstrates that even with the second layer of authentication, user accounts can be compromised if the process isn’t foolproof.
3. Potential loss of customer trust in banking institutions due to such vulnerabilities.

Recommendations

1. Stay Informed: Regularly update oneself about the latest scams and phishing techniques. Always be skeptical of unsolicited calls or emails asking for personal or banking information.
2. Use Advanced Security Features: Wherever possible, use advanced security features like biometric authentication or hardware-based security keys.
3. Monitor Accounts: Regularly check bank accounts for unauthorized transactions and report any discrepancies immediately.
4. Stay Educated: Participate in security awareness sessions provided by your Richter Guardian team, the bank or other trusted organizations.

How Richter Guardian can help you

While 2FA is an essential security feature, it is not infallible. Richter Guardian clients should be proactive in understanding its limitations and continuously seek ways to enhance their security posture.

• Call us anytime you are unsure. If you receive a call from someone purporting to be your bank and you are unsure, call us to help you determine the legitimacy of their communication.  

• Schedule a one-on-one call with our analyst to review the two-factor authentication security measures that may be available to you through your bank.  

Table 1 – Levels of two-factor authentication that may be available to protect your bank account.  

Introduction

The public biotechnology and genomics firm, 23andMe, confirmed on their website on October 6, 2023, that certain 23andMe customer profile information was circulating on hacker forms. The information that has been exposed from this incident includes full names, usernames, profile photos, sex, date of birth, genetic ancestry results, and geographical location. As a result, 23andMe have notified their customers, and have pushed for them to reset their passwords and enable multi-factor authentication (MFA).

How the Attack Happened

The hackers used credential stuffing to gain access to a set of user accounts on 23andMe. Credential stuffing is a type of cyber attack in which a hacker uses stolen usernames and passwords (obtained from another breach or purchased off the dark web) to access other websites in which the users are registered. Users that recycled their breached login credentials on 23andMe may have been the entry point for this attack.  

A subset of the compromised users opted into 23andMe’s DNA Relatives feature, which allowed for hackers to scrape the data of their DNA Relative matches.  

The number of accounts affected has not been released or disclosed by 23andMe.

If you think you may have been affected by this recent breach, reset your password, and opt for MFA on 23andMe. While the account may or may not be compromised, it is important that cybercriminals do not leverage your breached credentials to access other websites in which you may have an account on.  

How to Stay Safe

1. Reset All Passwords – If you have the bad habit of reusing passwords across different websites, reset those passwords and employ hard-to-guess, complex passwords on those websites.  
2. Password Manager – To keep track of your complicated passwords, think about investing in a password manager. Password managers, like 1Password, place a secret key on your password manager to add a unique extra layer of security.  

How Richter Guardian can help you

Richter Guardian can help you determine if some of your user accounts were involved in a previous breach:

• Our platform can determine compromised credentials through comprehensive dark web monitoring.

• Call us or send us an email at: +1 844-908-3950 and support@www.richterguardian.com if you are unsure about a situation.  

Sources

1. “Addressing Data Security Concerns”. 23andMe. 2023 October 6. Retrieved 10 October 2023.  

Introduction

The tourism industry is crawling back to pre-pandemic numbers thanks to travel and lockdown restrictions being lifted globally. Unfortunately, cybercriminals have also come up with a new and sophisticated campaign to breach the systems of booking sites, hotels, and travel agencies. Subsequently, the cybercriminals use the systems of the compromised hotel or travel agency to send phishing emails to existing customers.  

Summary of Hotel and Travel Agency Phishing Scam

1. The Entry Point – The campaign starts with the threat actor inquiring about a reservation with the hotel or travel agency. Upon booking the stay, the threat actor uses ‘advanced social-engineering techniques’ to inquire about specific or special accommodations.  
2. Tricking Employees – After establishing a sense of urgency with the hotel employee, the threat actor sends over a URL via email, which supposedly contains crucial documents relevant to their accommodations. The URL provided directs the hotel employee to a genuine hosting site (Google Drive, Dropbox, etc.) and the hotel employee downloads an archive file thinking that it contains important documents.
3. Malicious Executables – The archive file that was downloaded by the hotel employee contained malicious executables (malware) that would infiltrate the hotel employee’s computer. From there, the malware operates stealthily to capture login credentials, financial information, and other sensitive data without the hotel employees being aware.  
4. New Target – Once threat actors have successfully compromised the hotel’s system, the threat actors can move onto using the hotel’s communication channel to target legitimate customers.  
5. Phishing – The threat actors can now send phishing messages disguised as legitimate requests from the compromised hotel or travel agency. The phishing messages will ask for additional credit card verification from the customer. Since the message comes directly from the booking site through a legitimate communication channel, the customer has no reason to doubt the legitimacy of the email.  

How to Stay Safe

1. Avoid Clicking on Unsolicited Links – Always be skeptical of unsolicited links, even when they originate from a trusted source. Check URLs for any indicators of deception.  
2. Take Your Time – Threat actors, phishing emails, and sketchy requests for payments will typically call for immediate action. Take your time to discern any emails that require you to transfer sensitive information.  
3. Trust Your Instincts – If you are suspicious about a suspicious email, call the hotel or travel agency directly to confirm that the communication is indeed legitimate.  

How Richter Guardian can help you

Richter Guardian can help you navigate complex phishing scams:

• Your onboarded mobile and endpoint devices are protected; the protection service can detect suspicious links and will work to block insecure websites.

• Call us or send us an email at: +1 844-908-3950 and support@www.richterguardian.com if you are unsure about an email or situation. Call us to help you determine the legitimacy of their communication.  

INTRODUCTION​

On February 2, 2024, AnyDesk confirmed a recent cyberattack that resulted in hackers gaining access to the company’s production systems. The breach involved the theft of source code and private code signing keys. ​

AnyDesk is a widely used remote access solution that is popular among enterprises for remote support and accessing colocated servers.AnyDesk became aware of the attack after they detected an incident on their production servers. Following a security audit, they identified a compromise on their systems and implemented a response plan in collaboration with CrowdStrike.​

Following the disclosure of the breach, cybersecurity company Resecurity promptly announced that an individual is attempting to vend the credentials of over 18,000 AnyDesk customers on a well-known cybercrime forum. The seller is seeking $15,000 in cryptocurrency for the compromised credentials.​

IMPLICATIONS AND RECOMMENDATIONS​

Although AnyDesk claims that passwords were not stolen in the attack, the threat actors still managed to successfully breach their production systems. ​

1. If you use AnyDesk, modify your password. ​
   ​
2. If the same password for AnyDesk is employed on other platforms, modify your password on those platforms aswell. ​

HOW RICHTER GUARDIAN CAN HELP YOU​

1. Our platform includes dark web monitoring – a service that can determine whether compromised credentials have been found on the dark web. ​
2. Call us or send us an email at: +1 844-908-3950 and support@www.richterguardian.com if you are unsure. If you receive a call from someone purporting to be technical support or receive a pop-up regarding the safety of your device and you are unsure, call us to help you determine the legitimacy of their communication.

Introduction

Cyber criminals have been carrying out technical support scams for over a decade. As technology evolves, so do the techniques of fraudulent tech support scammers, making it difficult for people to discern whether the technical support team they’re speaking to is legitimate. Technical support scams are so common that the FBI’s Internet Crime Report of 2022 reported that ‘Tech Support Crime’ had over 30,000 recorded victims in 2022.  

Summary of A Technical Support Fraud

Technical support scammers use many different techniques to trap people and gain access to their computers and other devices. After they convince you that there is a problem, they request an exorbitant fee in return for their help. Here are two of the most common methods technical support scammers use to trick their victims:

1. Phone calls, emails and text messages – Technical support scammers may call, email or send a text message and pretend to be a computer technician from Apple, Microsoft, or any well-known technology company. They will assure you that there is a problem with your computer, and request that you give them remote access to your computer to help remediate the issue.
2. Pop-up warnings – Technical support scammers may trick you with pop-up windows; it may look like an error or warning message from your device, and it may use similar graphics from trusted websites. The pop-up will often provide a phone number that you can call to get help. The phone number will lead to a fraudulent tech support worker.  

Recommendations

1. Stay Informed – Always be skeptical of unsolicited calls, emails or text messages that report a problem with your device.  
2. Prevent Remote Access – When a technical support scammer has you on the line, they will convince you to provide them remote access to your device in order to run diagnostic tests. Do not provide remote access to your device.  
3. Trust Your Instincts – If you are suspicious about an unexpected message, call, or request for personal information or money, it is safe to assume it may be a scam.  
4. Stay Educated – Participate in security awareness sessions provided by your Richter Guardian team, your bank or other trusted organizations.  

How Richter Guardian can help you

We understand that misleading pop-ups or warnings about your device through a call can cause uncertainty. Richter Guardian’s monitoring system and concierge service can give you peace of mind:

• Your onboarded mobile and endpoint devices are monitored by us. If there is a problem with your device, we will contact you to provide specific details about any potential alerts. Our experts can help you remediate the issue.

• Call us or send us an email at: +1 844-908-3950 and support@www.richterguardian.com if you are unsure. If you receive a call from someone purporting to be technical support or receive a pop-up regarding the safety of your device and you are unsure, call us to help you determine the legitimacy of their communication.  

INTRODUCTION​

TikTok’s extensive data collection, including personal information and device usage patterns, raises privacy and security concerns, particularly due to its China-based parent company, ByteDance. While some experts argue that TikTok’s data collection is not inherently malicious, others express skepticism about the transparency of its practices.

WHAT TIKTOK GATHERS FROM YOU​

TikTok collects various types of information from users:

1. Personal Data: Tiktok has access to personal data like contacts, calendars, information about which device you’re using, which operating system and your location.​
2. ​TikTok monitors the content you engage with and for how long – similar to Facebook. ​
3. Device Usage: TikTok monitors how you use your device and how it functions, including “keystroke patterns or rhythms, battery state, audio settings and connected audio devices,”.​
4. Location Data: TikTok can collect precise GPS information about its users. ​​

IMPLICATIONS OF DATA COLLECTION​

Data collection by social media platforms like TikTok can pose several risky implications for everyday users:​

1. Privacy Concerns: Social media platforms often collect extensive personal data, including contacts, location, and browsing habits. This raises concerns about user privacy, especially if this data is shared or sold to third parties without consent.​
2. ​Targeted Advertising: User data is often used to create targeted advertising campaigns. While some users may find this convenient, others may feel uncomfortable with the level of personalization and the potential manipulation of their preferences and behaviors.​
3. Data Breaches: Storing large amounts of personal data increases the risk of data breaches. If a platform’s security measures are breached, users‘ sensitive information could be exposed, leading to identity theft, financial fraud, or other forms of cybercrime.​
4. Surveillance and Tracking: Social media platforms track users‘ online activities across different websites and devices to create comprehensive profiles. This surveillance can infringe on user privacy and autonomy, as individuals may feel constantly monitored and manipulated by algorithms.​
5. Political Manipulation: Social media platforms have been implicated in spreading misinformation, propaganda, and divisive content. By collecting user data and targeting specific demographics, malicious actors can exploit social media for political manipulation and influence campaigns.

HOW RICHTER GUARDIAN CAN HELP YOU​

Call us or send us an email at: +1 844-908-3950 and support@www.richterguardian.com if you are unsure. Connect with our cyber concierge to verify the legitimacy of a situation.

INTRODUCTION

On February 16, 2024, Wyze Labs encountered a service outage, resulting in connectivity issues for numerous users. The disruption persisted for almost nine hours, with the cameras remaining offline during this period. Wyze Labs identified Amazon Web Services (AWS), their partner, as the source of the security outage.

While working to restore camera functionality, Wyze faced an additional security concern. Some users reported encountering incorrect thumbnails and Event Videos in their Events tab. Disturbingly, unauthorized individuals could enlarge images or view videos from strangers’ Wyze cameras. 13,000 users inadvertently gained surveillance access to other homes.

Although the company released a statement that over 99.75 percent of Wyze’s user base remained unaffected by the breach, 0.25 percent still experienced a serious violation of their privacy.

In response to this incident, Wyze has implemented an additional layer of verification for users seeking access to video content via the Events tab, aiming to prevent such privacy breaches in the future.

RECOMMENDATIONS

Major professionally monitored security systems, like Wyze, are not perfect. Home security cameras are understandably used in many homes to enhance safety and security. If you own and/or use a security camera, it’s important to be aware of the risks associated with these devices. Follow these steps to ensure you are protected:

1. Regularly update camera firmware as home security cameras can be vulnerable to hacking, which may lead to unauthorized access to your device.
2. Use strong and unique passwords and enable two-factor authentication. Many cameras come with default passwords that are easily guessable, making them vulnerable to hacking. Change the default password to something strong and unique.
3. Avoid placing cameras in sensitive areas like bedrooms and bathrooms.

INTRODUCTION​

​A wave of SMS phishing attacks targeting Canadians with lures regarding unpaid road toll fees have been rolling out since the beginning of the year. 407 ETR has been warning customers to beware of fraudulent texts impersonating the company. The message is designed to deceive people into clicking on a malicious link, which would leave people vulnerable to personal data theft. ​

HOW TO SPOT A REAL MESSAGE​

407 ETR will use specific communication methods to interact with customers that use the express toll route. If you are a customer that uses the 407, take note of these legitimate communication channels:​

• 407 ETR sends payment reminder text messages from a six-digit short code. Messages don’t contain any personal or account information and include a link to their secure payment web page. Their texts will never include a direct link to pay.​
• 407 ETR makes outbound automated payment reminder calls. These calls will not ask you for your personal information. ​
• 407 ETR will only send emails from info@407etr.com or communications@407etr.com. Ensure that the emails you receive do not have spelling errors. ​

HOW RICHTER GUARDIAN CAN HELP YOU​

• Call us or send us an email at: +1 844-908-3950 and support@www.richterguardian.com if you are unsure. Connect with our cyber concierge to verify the legitimacy of a situation.​
  ​
• Transunion identity protection is included on our platform. Transunion identity protection will alert you of any unusual activity on your credit monitoring report that could indicate fraud.