Skip to Main Content View Text-Only

The City of Portland, Oregon

Office of Management & Finance

Bureau of Technology Services

BTS HelpDesk: 503-823-5199

1120 SW 5th Avenue, Suite 1111, Portland, OR 97204

Welcome to our blog. Here we will let you know the latest happenings in the information security world.


COVID-19 Cyber threats - April 2020

By Christopher Paidhrin

COVID-19 pandemic hits the internet as well. Be cautious out there.

City of Portland Cybersecurity highlights:

  • The City continues to protect and manage City technology networks, servers and computers with robust security capabilities. The City is able to protect laptops even when they are 'off' the City network.
  • Please remember that on Wednesday's to leave your laptops powered on so that they can collect the patches and updates they need.
  • In addition, BTS teams are deploying expanded secure remote access services (VPN) and encouraging all City employees to use Office 365 access whenever possible.

COVID-19 Websites Cyber threats

Not all COVID-19 websites are safe. 48,000 COVID-19 related web domains have been registered this year.

Scammers are eager to cash in on the pandemic.

If you'd like the scary details, Sophos has an article for you: https://news.sophos.com/en-us/2020/03/24/covidmalware/

 

  • For all Oregon Health related COVID-19 resources please check the City of Portland's main page for COVID-19 links.

 https://www.portlandoregon.gov/

FBI resource:   https://www.fbi.gov/coronavirus

COVID-19 Malware and Ransomware threats

Not only are there misleading websites there are a myriad of malware and ransomware threats. Several links are included, below, to narrow your research.

Quick To Do List:

  • Don't Click on unfamiliar hyperlinks
  • Don't download unsolicited attachments
  • Don't provide confidential information without verifying the request
  • Remember that BTS HelpDesk will never ask for your password
  • Remember that no one should ever ask for your username and password, or ask to use them. Ever.

COVID-19 malware and ransomware resources:

https://www.bleepingcomputer.com/news/security/new-coronavirus-themed-malware-locks-you-out-of-windows/

https://www.bleepingcomputer.com/news/security/new-coronavirus-ransomware-acts-as-cover-for-kpot-infostealer/

https://www.itproportal.com/news/new-coronavirus-malware-trashes-windows-pcs/

https://blog.checkpoint.com/2020/04/02/coronavirus-update-in-the-cyber-world-the-graph-has-yet-to-flatten/

Be safe when you go outside, and when you go online.

+++

Magecart hacker group hits 17K Amazon "S3" hosted web domains -- credit card data attack

By Christopher Paidhrin

17,000 domains 'hit' (so far) including 2,000 of the 'biggest sites in the world'.

FYI,

Cyber-attacks happen every day, but the bad actors are targeting where the money is (credit card data) and personally identifiable information (PII) as a side benefit.

"The Magecart hackers have a singular focus: credit card skimming."

https://www.wired.com/story/magecart-amazon-cloud-hacks/

-- There's nothing for consumers to do. Website services need to properly configure and secure their payment processing websites.

NYT: How to Protect Your Digital Privacy

By Christopher Paidhrin

New York Times article provides holistic guidance for securing your online privacy

Thorin Klosowski, a staff writer for Wirecutter, offers sound advice on securing online accounts, using a password manager, blocking 'trackers', keeping your devices patched, turning on device location (should you lose it), and using encryption when possible.

https://www.nytimes.com/guides/privacy-project/how-to-protect-your-digital-privacy?utm_source=sharetools&utm_medium=email&utm_campaign=website&emc=eta1

Stay safe out there.