Mar 14, 2019
It's time for another It's a Security Thing. Today, Craig talks about the malware attack on the office of CPAs Martin Hutchison and Hohman.
These and more tech tips, news, and updates visit - CraigPeterson.com
---
Related Articles
---
Below is a rush transcript of this segment, it might contain errors.
Airing date: 03/14/2019
Martin Hutchison And Hohman CPA - Missed The Signs And Got Hacked
Craig Peterson 0:00
Hey everybody. Craig Peterson here. We got another little security
thing. It's a security thing for you and man alive. This is
something I've seen happening more and more. We've got warnings out
from the federal government about this scam. This is a scam. I know
personally, a lot of people have gotten nailed for. I have a letter
sitting in front of me from some Certified Public Accountants. It's
Martin Hutchinson and Hohman and it is a firm out of Eureka,
California. Yeah, a they released, I'm glad they did this in
California, it is required by law. And that's true in many states.
In fact, the module and I'm just finishing up right now in my
security course that I've been writing and delivering. We talk
specifically about all of these different rules and regulations.
There's 47 different sets of them on the state level in the US. But
this is from their notice of data breach, and it goes on this
letter goes on for about two page I am pages. I am not going to
read this whole thing to you. But I'd be glad to send it to you if
you're interested. But here's what happened to them.
Craig 1:27
February 15, 2019, while trying to resolve an email failure. With
our email host Suddenlink I was directed to a website that gave a
phone number to call for immediate assistance. When I call this
number, the technician stated, he could certainly help he requested
access to my computer to understand the issue with the email. So so
far, we're talking about having an email problem. How many times
have we seen this people, email problems happen all the time. But I
pick up more hands because they're having an email problem. So he
had email this company sudden link and then he was directed to this
website. So he calls them up. So next up here, he requested access
to my computer to understand the issue with the email after I
installed the software necessary to give him remote access to my
computer, he pulled up some IP addresses on my computer screen and
stated that this was the reason for the email failure. I should
point out, this is a very, very common tactic, they'll usually drop
down into a shell, they'll get a net stat, they'll show the
interfaces on your computer. And this is far beyond even that
little thing far beyond what most people understand. But it's
enough to really give them a little bit of a leg up. So this guy
pulled up some IP addresses. He then insisted that in order to fix
the problem and prevent viruses from attacking, I would need to
allow him to install a program on our office's network server, I
told him no, and at that our local computer technician would be
contacted to deal with this. Now, again, we see this all of the
time, most of these local computer guys are not able to handle some
of these bigger problems. But I gotta tell you, I was impressed
with what happened and what his local computer guy did. At this
point. He stated that back to the letter that only a Microsoft tech
such as himself would be able to do this, this was a red flag is I
thought I was dealing with this Suddenlink technician. At that
point, I quickly disconnected my computer from the internet. And
from our office network. I then uninstalled the remote access
software, I had allowed him to install and turn the computer off.
This entire interaction lasted less than eight minutes. So here we
go. Martin Hutchinson and Hohman, certified public accountants,
Eureka, California, and they are admitting to what happened. Now,
he did do the right things here, things were a little suspicious,
he thought it was sudden link. So his first mistake was calling the
phone number that was listed on the website that the email directed
him to what he should have done is he knows he's getting his email
through Suddenlink, he should have called them up directly, look up
their website, call that number and make sure he talked to somebody
he knows a name, he recognizes over there in Suddenlink Okay, that
makes sense. So that was his very first mistake. So now he's on
with this guy. And this guy asked him to install some remote access
software. If you're dealing with us as a managed security services
provider, we already have software installed on your machines that
allow us to monitor the security to look into problems. So if
you're on the phone with them, and they say, Hey, we need to
install some software, there's your next alarm, don't allow them to
install software. They should have whatever's needed on your
machine already. Now, you might need to enable it, it should be,
you know, a little pop up and say, Hey, so and so's requesting
access our software when we request access pops up and says that so
and so from mainstream is taking control of the computer. So it
comes up on the screen, it stays on the screen. We can't get rid of
that message. You can't get rid of that message. You know, we're on
with you at that point. Okay, so there, there was his next little
alarm bells should have gotten off. Now he did have one go off
because he did realize that Microsoft technician such as himself,
this was Suddenlink but you know, Microsoft does do some certain
certifications. And maybe that's what the guys referring to but
shutting it all off made a whole lot of sense. So he unplugged the
network cables in his computer. Nowadays, a lot of these computers
are hooked up to Wi Fi, which is a bad idea, by the way for
businesses. But he pulled those computers out there absolute right
thing to do. He tried to install the software. My last module that
I put together and teaching talks about security breaches, he
should not have done that he should have immediately hit the power
button and then disconnect the cables and set the machine aside for
a professional cyber forensics person to have a look at this
because there who knows what happened, right? There could be a lot
of things that happen that could have had data exfiltration, this
might be something that the FBI or local law enforcement is
interested in, you need to preserve the state of the machines, that
was another mistake that he made. And then the technician came out
and the technician told them, Hey, this is a known scam. And the
technician ended up replacing the hard disk in the machine because
he said, this was a very sophisticated piece of malware that had
been installed on the machine.
So there you go. It's a security thing, a lot of stuff you should know and do. And again, these CPA guys, they did a decent job. They missed a whole bunch of red flags. they handled the post hack if you will post attack incorrectly. His computer guy handled it incorrectly. But now you know better don't you you know a little bit more about what to do. So that's today's security thing. I'm Craig Peterson. You can find me online. http://CraigPeterson.com. And make sure you subscribe to the newsletter to stay on top of this stuff. And this podcast. And you can get the podcast by going to http://CraigPeterson.com/iTunes. Hey, have a great day. We'll be back with another security thing.
Craig 8:03
There's always something to talk about. I just don't always have
the time take care. Bye bye.
---
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Message Input:
Message #techtalk
Follow me on Twitter for the latest in tech at:
For questions, call or text:
855-385-5553