Skip to Main Content View Text-Only

The City of Portland, Oregon

Office of Management & Finance

Bureau of Technology Services

BTS HelpDesk: 503-823-5199

1120 SW 5th Avenue, Suite 1111, Portland, OR 97204

Welcome to our blog. Here we will let you know the latest happenings in the information security world.


The malware that usually installs ransomware and you need to remove right away

By Brian Ventura

If you see any of these malware strains on your enterprise networks, stop everything you're doing and audit all systems.

In this ZDNet article, the author describes various major malware families that are catastrophic to organizations. If these malware strains are found on our network, we need to clean quickly and scan the rest of the network for additional infections:

https://www.zdnet.com/article/the-malware-that-usually-installs-ransomware-and-you-need-to-remove-right-away/

Microsoft Urges customers to move away from phone MFA

By Brian Ventura

Microsoft's Director of Identity Services wrote an article urging customers to move away from phone (call or SMS) uses for Multifactor authentication.

On November 10th, 2020, Microsoft wrote an article outlining the dangers of using Phone-based Multi-Factor Authentication (MFA). They include both phone calls and SMS messages as dangerous due to the lack of security in the global phone system.

This is the latest in a series of changes recommending and now urging organizations like the City to move away from phone calls and text messages. The recommendation is to move to no-cost authentication applications like Microsoft Authenticator and Google Authenticator.

https://techcommunity.microsoft.com/t5/azure-active-directory-identity/it-s-time-to-hang-up-on-phone-transports-for-authentication/ba-p/1751752

Informational: Technology Communication

By Nelson Zenzano

New Outlook Phishing Alert Button (PAB)

We are releasing a Phishing Alert Button (PAB) to both Outlook and the Office 365 web client. This feature will make it easier to report suspicious emails to BTS for review and take necessary action. Clicking on this button will report the suspicious email to BTS and delete the email from your mailbox. No further action is required from the user, like forwarding the email or opening a helpdesk ticket to report the suspicious email.

The below pictures show this feature option in different email clients.

Key Takeaways:

  • New button added to the Outlook      and browser clients
  • Clicking on the button will      report the e-mail to Helpdesk and Information Security
  • Clicking on the button will      delete the email
  • Clicking on the button for a suspicious e-mail, will not generate a helpdesk ticket
  • E-mails reported in a pop-out      window will need to be closed manually

The button does not replace the reporting requirement if you click the link or open the suspicious email's attachment 

  • Please reference QA Knowledge Article KCS6539
  • Please reference Knowledge Article KCS6613
  • Please      reference Escalation Article KCS6607

 

Massive Fraud Against State Unemployment Insurance Programs

By Brian Ventura

Please be aware of fraud during this new normal. Fraudsters are looking for any way to trick us

The content below is directed at state agencies, however is relevant to City of Portland employees. Some of our co-workers, friends and colleagues are on unemployment. Some of our co-workers, friends and colleagues are in Washington State and may be affected.

Also, this is an example of how fraudsters will find ways to exploit any process where they can steal money or information. Are there City of Portland processes that could be similarly attacked? If you have a concern, please contact BTS Information Security so we can provide security expertise and tools.

Massive Fraud Against State Unemployment Insurance Programs

The United States Secret Service has received reporting of a well-organized Nigerian fraud ring exploiting the COVID-19 crisis to commit large-scale fraud against state unemployment insurance programs. The primary state targeted so far is Washington, while there is also evidence of attacks in North Carolina, Massachusetts, Rhode Island, Oklahoma, Wyoming and Florida. It is extremely likely every state is vulnerable to this scheme and will be targeted if they have not been already.

In the state of Washington, individuals residing out-of-state are receiving multiple ACH deposits from the State of Washington Unemployment Benefit Program, all in different individuals’ names with no connection to the account holder. A substantial amount of the fraudulent benefits submitted have used PII from first responders, government personnel and school employees. It is assumed the fraud ring behind this possess a substantial PII database to submit the volume of applications observed thus far.

This fraud network is believed to consist of hundreds, if not thousands, of mules with potential losses in the hundreds of millions of dollars. The banks targeted have been at all levels including local banks, credit unions, and large national banks.