Subscribe to our Newsletter!

Subscribe to Blog

Follow Me

KnowBe4 Security Awareness Training Blog

Current Articles | RSS Feed RSS Feed

CyberheistNews Vol 4, # 43 CryptoWall Ransomware Claims Fresh Victims

 
CyberheistNews Vol 4, # 43
KnowBe4
Stu Sjouwerman's New Security Newsletter Don't miss the Fave Links! Case Studies Resources About Us Contact Us
Facebook LinkedIn Blog Twitter YouTube YouTube
 

CyberheistNews Vol 4, 43

Editor's Corner

KnowBe4

New Ad-borne CryptoWall Ransomware Claims Fresh Victims

The phones have been ringing off the hook here at KnowBe4. Not customers of ours but people who were hit with CryptoWall V2.0, needed Bitcoin urgently, did a websearch and wound up with us because of our crypto-ransom guarantee.

The folks at Proofpoint just wrote a long blog post explaining exactly why this is. In a nutshell, CryptoWall V2.0 now uses poisoned ads on dozens of major sites like Yahoo, AOL and Match.com to infect networks. Malicious ads are nothing new in themselves, but second-gen ransomware using them is worrisome.

Proofpoint said: "The sites themselves were not compromised; rather, the advertising networks upon which they relied for dynamic content were inadvertently serving malware". This means a so-called drive-by-download where the user does not have to click on anything. Up to now, CryptoWall was spread via spam with infected email attachments and download links sent by the Cutwail botnet.

The website visitors hit by this malvertising are people who run unpatched versions of Adobe Flash. The poisoned ads silently ‘pull in' malicious exploits from the FlashPack Exploit Kit, hence the "drive-by-downloads".

According to security researchers at Dell SecureWorks, more than 830,000 victims worldwide have been infected with ransomware, a 25% increase in infections since late August when there were 625,000 victims.

The first ransom usually has a deadline of 4-7 days and demands about $500. Even the bad guys understand it's not always easy to get your hands on Bitcoins quickly. But when this first deadline is not made, the ransom doubles to roughly $1,000, depending on Bitcoin exchange rates.

Counting the ransom payments to CryptoWall's Bitcoin addresses, Proofpoint estimates that the attackers make $25,000 per day. Recent data taken directly from the CryptoWall ransom payment server shows since August 2014 an additional 205,000 new victims have been claimed.

Here are 5 suggestions on what to do about it:

    1. Do not use mapped drives, period. Use UNC names instead to connect to servers. Apart from close to real-time (snapshot) fileserver backups I also strongly recommend to deploy ad blockers for all the browsers in your organization if you have not already done so already, or make sure you use endpoint security that has ad-blocking built-in.

    1. Continue to focus on all endpoints being fully patched, Windows and all third party apps. Also, configure endpoint browsers to only execute plug-in content when clicked rather than automatically. Uninstall apps that are not absolutely needed, make your attack surface as small as possible.

    1. Some browsers like Google Chrome and Mozilla Firefox allow you to enable click-to-play for plug-in based content, which can stop the automatic execution on exploits that target browser plug-ins. Deploying a whitelisting product on all machines is also something you could look at, whitelisting will stop ransomware cold.

    1. Technologies for lifecycle malware detection carry different names, including targeted threat protection (TTP), targeted attack protection (TAP), and "click-time link scanning". Whatever you call it, you want it in place.

  1. Having an Acceptable Use Policy (AUP) in place that forbids employees to use their machines for private browsing and have an edge device that blocks selected groups of websites (like all social media) is also something you should have in place.

 

You could also open an account with coinbase.com, get approved, (takes a few days) create a wallet and buy a few Bitcoin just to have them in case you get hit and your backup fails.

And obviously stepping all employees through effective security awareness training is a must these days. Find out how affordable this is for your own organization. Click on the link and get a quote:
http://info.knowbe4.com/dont-get-hit-with-ransomware-0?

What's Really the #1 Hot InfoSec Topic?

There is an enormous amount of noise in the security space, so how do you know what people really talk about and think is the most important topic? Well, we created the Hackbusters site for that. Hackbusters grabs feeds from hundreds of security sites, blogs and other sources. We track which topics are most liked, shared, retweeted and favored, and we built an algorithm that bubbles up the -real- hot topics. We tweet when a #1 hot security topic bubbles up. Follow this new service @Hackbusters on Twitter and you will get tweets with the actual breaking hot security news:
https://twitter.com/hackbusters

PS: If you want this data via a browser instead of twitter, you can go here:
http://hackbusters.com/breaking

Here's a Halloween Phishing Security Test

OK, so it doesn't always have to be doom and gloom. We decided a bit of levity for Halloween might be a fun way to get the security message across. That's why we have a Phishing Security Test template ready for you that you can send to all employees announcing the Zombie Apocalypse: CNN has Breaking News: Re-animated Corpses Come to Life in Morgue!! You will find it in the system templates, as a Current Event.

Quotes of the Week

"At the center of your being you have the answer; you know who you are and you know what you want." - Lao Tzu, Philosopher

"Do you want to know who you are? Don't ask. Act! Action will delineate and define you." - Thomas Jefferson. U.S. President

Thanks for reading CyberheistNews! Please forward to your friends. But if you want to unsubscribe,
you can do that right here

Thanks for reading CyberheistNews! Warm Regards, Stu Sjouwerman | Email me: feedback@knowbe4.com
Facebook LinkedIn Blog Twitter YouTube YouTube
KnowBe4

PCI DSS 3.0 Compliant in Half the Time at Half the Cost

It's time to get and stay PCI DSS 3.0 compliant. Never a better time to start using a new tool that will save you half the time and money: KnowBe4 Compliance Manager 2015. It comes with a pre-made PCI DSS 3.0 template that you can immediately use to get compliant and maintain compliance in a business-as-usual process.

Escape from Excel-Hell!

Most organizations track PCI compliance using spreadsheets, MS-Word, or proprietary self-maintained software. This is inefficient, error prone, costly, and a risk in itself. GET and STAY PCI DSS 3.0 compliant with KnowBe4 Compliance Manager™.

Fill out the form for a live web-demo, we will show you how easy this is:
http://info.knowbe4.com/_kcm_pci_30

KnowBe4

Koler Android Ransomware Now Spreads in U.S. as Text Worm

Android phones have by far the largest market share, and thus are mobile malware target #1. There is now a new variant of the Koler malware that spreads itself via text messages and holds the phone hostage until the ransom is paid.

Worm.Koler displays localized ransomware messages in at least 30 countries, but 75% of this latest Koler variant infections were seen in the U.S.

Researchers from mobile security firm AdaptiveMobile discovered a new variant named Worm.Koler that spreads via SMS spam and social engineers users into opening a shortened bit.ly URL, turning Koler into an SMS worm. Perhaps this is why at the moment Google simply blocks any and all bit.ly URLs.

When a phone is infected, it will send an SMS message to all contacts in the device's address book stating: "Someone made a profile named -[the contact's name]- and he uploaded some of your photos! is that you?" followed by a Bitly link.

When a victim falls for the trick and taps the link, they are redirected to a Dropbox page with a download link for a 'PhotoViewer' app that, if installed, will cause the ransom screen to pop up, claiming the device has been locked up because of having illicit content and users must pay $300 via MoneyPak to 'waive the accusations.'

What to do about it:

If you see a sudden ransom screen on your phone, do not pay. Koler does not actually encrypt the files, so you can eliminate this pest from your phone by these simple two steps:
    1) Reboot your phone in "Safe Mode"
    2) Remove the "PhotoViewer: app using the normal Android uninstall tool.

To protect yourself from similar future threats, have the "Unknown Sources" option turned off in your Android device' security settings menu. This will block the user's ability to install app from unknown sources, but only from the official Google Play store. Here is the AdaptiveMobile blog post:
http://www.adaptivemobile.com/blog/koler-police-ransomware-gets-its-worm-on

How to boot Android in Safe Mode (I learned something new here!)
http://www.talkandroid.com/guides/beginner/how-to-boot-your-android-phone-or-tablet-into-safe-mode-for-troubleshooting/

KnowBe4

CryptoLocker... Is This Really My Life?

This is a very funny blog post. Michael Cooper wrote: "This is NOT a cautionary tale. I won't sell you anything here, but I hope you get a smile and a chuckle. It's too good not to tell.

"Our firm was recently engaged by a new client - a small building services firm with only a few employees. They had been operating as many small clients do - short on IT infrastructure, policies or procedures - seat of their pants type stuff. Their network was without Windows domain and the file server was a simple Linux based NAS device.

"This in of itself is not the end of the world, but they came bearing gifts for us - infected with Cryptolocker - and all files on their NAS were now encrypted and unusable. Backups were always something they were meaning to do... Yeah, there is a phrase that describes this - something about being up some kind of creek missing a paddle." Keep on reading here:
https://www.linkedin.com/pulse/article/20141022170914-3397855-cryptolocker-is-this-really-my-life

KnowBe4

Cyberheist 'FAVE' LINKS:

* This Week's Links We Like. Tips, Hints And Fun Stuff.

SUPER FAVE: The most epic airline safety video ever made - starring Elijah Wood and Peter Jackson:
http://www.flixxy.com/the-most-epic-airline-safety-video-ever-made.htm?utm_source=4

Helmet camera view of an intense obstacle race through the narrow alleys of the old city of Porto, Portugal:
http://www.flixxy.com/motorcycle-race-through-the-city-of-porto.htm?utm_source=4

Young magician Moritz Mueller from Germany has a brilliant smooth touch and impresses even experienced magicians with his superb skill:
http://www.flixxy.com/amazing-coin-magic-by-moritz-mueller.htm?utm_source=4

David Blaine spooks Harrison Ford by making a card disappear from a deck and then having it reappear rolled up inside an orange:
http://www.flixxy.com/david-blaine-magic-amazes-harrison-ford.htm?utm_source=4

Watch the 10 most awesome low-pass jet fly-bys:
http://www.flixxy.com/best-low-pass-jet-fly-bys.htm?utm_source=4

Lockheed has made a technological breakthrough with an inexhaustible and environmentally friendly power source - the Compact Fusion Reactor:
http://www.flixxy.com/unlimited-clean-power-compact-fusion-reactor-by-lockheed.htm?utm_source=4

Cars being loaded onto a ferry in rough seas in Greece. Correct timing is of the essence. (Warning...Loud Volume!):
http://www.flixxy.com/loading-a-ferry-during-rough-seas-in-greece.htm?utm_source=4

Using nothing more than water vapor, a projector, and some motion tracking software, the Leia Display System creates interactive holograms:
http://www.flixxy.com/interactive-display-system.htm?utm_source=4

Glen Dell flies his Extra 300 aerobatics aircraft low enough for Nick de Wit to backflip his dirtbike over it:
http://www.flixxy.com/dirtbike-backflips-over-aerobatic-plane.htm?utm_source=4

This is more fun than anything else, but it paints a scary picture. Social Engineering on a country fair. How to get people's personal infos (it's so easy!)
https://www.youtube.com/watch?v=CFDZSPPYu80

Four singers from the Philippines with an amazing performance of 'Let It Go' at the Korean talent show 'SuperStar.' These gals are great!:
http://www.flixxy.com/amazing-group-from-philippines-sing-let-it-go-on-korean-talent-show.htm?utm_source=4

 
KnowBe4
Facebook LinkedIn Blog Twitter YouTube YouTube

Koler Android Ransomware Now Spreads in U.S. as Text Worm

 

Kohler Worm RansomwareAndroid phones have by far the largest market share, and thus are mobile malware target #1. There is now a new variant of the Koler malware that spreads itself via text messages and holds the phone hostage until the ransom is paid.

Worm.Koler displays localized ransomware messages in at least 30 countries, but 75% of this latest Koler variant infections were seen in the U.S.

Researchers from mobile security firm AdaptiveMobile discovered a new variant named Worm.Koler that spreads via SMS spam and social engineers users into opening a shortened bit.ly URL, turning Koler into an SMS worm. Perhaps this is why Google at the moment simply blocks any and all bit.ly URLs.

When a phone is infected, it will send an SMS message to all contacts in the device's address book stating: "Someone made a profile named -[the contact's name]- and he uploaded some of your photos! is that you?" followed by a Bitly link.

When a victim falls for the trick and taps the link, they are redirected to a Dropbox page with a download link for a 'PhotoViewer' app that, if installed, will cause the ransom screen to pop up, claiming the device has been locked up because of having illicit content and users must pay $300 via MoneyPak to 'waive the accusations.'

What to do about it:

If you see a sudden ransom screen on your phone, do not pay. Koler does not actually encrypt the files, so you can eliminate this pest from your phone by these simple two steps:

  1. Reboot your phone in "Safe Mode"
  2. Remove the "PhotoViewer: app using the normal Android uninstall tool.

To protect yourself from similar future threats, have the "Unknown Sources" option turned off in your Android device' security settings menu. This will block the user to install app from unknown sources, but only from the official Google Play store. Here is the AdaptiveMobile blog post:
http://www.adaptivemobile.com/blog/koler-police-ransomware-gets-its-worm-on

How to boot Android in Safe Mode (I learned something new here!)
http://www.talkandroid.com/guides/beginner/how-to-boot-your-android-phone-or-tablet-into-safe-mode-for-troubleshooting/

Ad-borne Cryptowall Ransomware Claims Fresh Victims

 

01 yahoo finance malvertisementThe phones have been ringing off the hook here at KnowBe4. Not customers of ours but people that were hit with CryptoWall V2.0, needed bitcoin urgently, did a websearch and wound up with us because of our crypto-ransom guarantee.

The folks at Proofpoint just wrote a long blog post explaining exactly why this is. In a nutshell, CryptoWall V2.0 now uses poisoned ads on sites like Yahoo, AOL and Match.com to infect networks.

They said: "The sites themselves were not compromised; rather, the advertising networks upon which they relied for dynamic content were inadvertently serving malware".

This means a so-called drive-by-dowload where the user does not have
to click on anything. Up to now, CryptoWall was spread via spam with infected email attachments and download links sent by the Cutwail botnet.

The website visitors impacted by this malvertising are people who run vulnerable versions of Adobe Flash Player. According to Proofpoint "the malvertisements silently ‘pull in' malicious exploits from the FlashPack Exploit Kit”.

According to security researchers at Dell SecureWorks, more than 830,000 victims worldwide have been infected with ransomware, a 25% increase in infections since late August when there were 625,000 victims. 

The ransoms demanded usually are $500 and double when the deadline is exceeded to $1,000, with that deadline normally being 4 to 7 days. Even the bad guys understand it's not always easy to get your hands on bitcoin fast. Counting the ransom payments to CryptoWall's Bitcoin addresses, Proofpoint estimates that the attackers make $25,000 per day.

Recent data taken directly from the CryptoWall ransom payment server shows a total of just over one $1,000,000 had been paid from March through August 2014, and since then a further 205,000 new victims have been claimed.

So, apart from (close to) real-time fileserver backups I now also strongly recommend to deploy ad blockers for all the browsers in your organization if you have not already done that, or make sure you use endpoint security that has ad-blocking built-in. Focus on all endpoints being fully patched, Windows and all third party apps. Also, configure endpoint browsers to only execute plug-in content when clicked rather than automatically.

Some browsers like Google Chrome and Mozilla Firefox allow you to enable click-to-play for
plug-in based content, which can stop the automatic execution on exploits that target browser plug-ins. Deploying a whitelisting product on all machines is also something you could look at.

Having an Acceptable Use Policy (AUP) in place that forbids employees to use their machines for private browsing and have an edge device that blocks selected groups of websites (like all social media) is also more and more something you should have in place.

And obviously stepping all employees through effective security awareness training is a must these days. Find out how affordable this is for your own organization. Click on the button and get a quote:

Stop RansomWare

What's -Really- The #1 Hot Security Topic?

 

hackbusters LogoThere is an enormous amount of noise in the security space, so how do you know what people really talk about and think is the most important topic? Well, we created the Hackbusters site for that. Hackbusters grabs feeds from hundreds of security sites, blog and other sources, we track which topics are most liked, shared, retweeted and favored, and we built an algorithm that bubbles up the -real- hot topics. We tweet when that real hot security topic bubbles up. Follow this new service @Hackbusters on Twitter and you will get between 2 and 6 tweets a day with the actual hot security topics!

https://twitter.com/hackbusters

Survey Finds Half of Holiday Shoppers Will Avoid Hacked Stores

 

Hacked Retailers Will HurtHuffington Post Survey: "As another holiday shopping frenzy nears, a new survey suggests that many consumers plan to avoid the growing number of retailers that have been hacked.

Nearly half of people -- 45 percent -- say they would “definitely not" or "probably not” shop this holiday season at retailers like Target or Home Depot that acknowledged computer breaches exposed customer credit card data, according to a survey released Monday by CreditCards.com.

In addition, 48 percent said they are more likely to use cash more often this holiday season out of concern over the numerous cyberattacks against retailers, according to the survey of 865 credit and debit card holders.

“It’s a clear sign that people are at least somewhat concerned about shopping in a place that has had a data breach,” said Matt Schulz, a senior industry analyst at Creditcards.com. full survey at HuffPost.

Another good reason to step all employees through effective security awareness training, and send them regular simulated phishing attacks to keep them on their toes with security top of mind. 

CyberheistNews Vol 4, # 42 Ransomware Hits Admin Workstation and Kills 7 Servers

 
CyberheistNews Vol 4, # 42
KnowBe4
Stu Sjouwerman's New Security Newsletter Don't miss the Fave Links! Case Studies Resources About Us Contact Us
Facebook LinkedIn Blog Twitter YouTube YouTube
 

CyberheistNews Vol 4, 42

Editor's Corner

KnowBe4

Ransomware Hits Admin Workstation and Kills 7 Servers

Here is a tale of Ransomware that will make your blood run cold, very appropriate with Halloween around the corner. This is the real story of what happened last week, in their own words:

"We are a 250 employee non-profit and we heavily rely on our computer systems in almost everything we do. Yesterday, one of our admin workstations was hit with CryptoWall Version 2.0, and because this workstation had drives mapped to all our servers, and the administrator had permissions, all our seven servers got encrypted and we were dead in the water.

CryptoWall took just 55 minutes to encrypt 75 Gigs of information, and it had penetrated most of our network before we found out what was happening, isolate the workstation and get it disconnected from the network. We had backups of the seven servers but it would take days to restore those, so we opted to find out if we could decrypt the files first.

Luckily we had just signed up for KnowBe4’s Kevin Mitnick Security Awareness Training, which came with a crypto-ransom guarantee in case something like this would happen. We called them and got instant help with this very urgent problem.

They had bitcoins ready in a wallet and were able to pay the $500 ransom within hours. The CryptoWall criminals were actually also pretty quick, and we were issued our decryption key soon after. We immediately started to decrypt all the files with the provided decryption tool and pulled an all-nighter. It was amazing how long it took to get through all of the data. It finally completed at around 8:30 am. So we estimate about 18 hours of running the decrypt tool on our 75 gigs of data.

So far it only appears that one older database file was corrupted during the encryption, but we restored it from our backup and all is fine. I can’t say enough about KnowBe4’s quick response and support with this situation. We dodged a very big bullet here.

While only a portion of our staff have completed the training, something tells me more will complete the training requirement after this event. Thank you very much!
" - Q.M. IT Director

As you can see, ransomware hitting a key employee like an admin or perhaps a CEO, controller, or CFO with a lot of access, can do immense damage. Having all employees step through security awareness training and sending them simulated phishing (and now also vishing) attacks, is an essential element of your defense-in-depth!

Why security awareness training? Ransomware, that's why! Find out how affordable this is for your organization. Get a quote now:
http://info.knowbe4.com/dont-get-hit-with-ransomware-0

P.S. Ransomware goes Prime Time. This week's episode of The Good Wife has a whole office infected with ransomware that throws them into turmoil. Great for a lunchbreak and to forward to management:
http://www.cbs.com/shows/the_good_wife/video/

Scam of the Week: Ebola Phishing Grows in Volume

I have warned before that Ebola phishing attacks would be more and more prevalent, as a result of the mass-media spending increasing amounts of time covering this threat.

And sure enough, it was only a matter of time until you could see phishing and malware attacks using social engineering to trick users into clicking on links or opening attachments.

The US-CERT (United States Computer Emergency Readiness Team) has issued a warning about it, and they advise users to keep an eye out for fraudulent emails of this kind, in order to stay safe from malicious cyber campaigns.

I would use this CERT notification and send the link to your users. It's short, easy to understand, and it's official so it may make a bigger impression than normal. Feel free to copy/paste/edit this blurb:

"I would like to alert you all of a recent increase in scams related to Ebola. Please double check anything you receive via email or see on social media related to Ebola, like emailed warnings, web-alerts, news updates and possibly even videos. The only way to get news about this is straight from a reputable source. Also, do not fall for fake websites that solicit online donations for Ebola victims. Verify the site is legit before you donate anything. I have said it before and I am saying it again: "Think Before You Click!"

Here is an official message from the U.S. Government about Ebola scams:
https://www.us-cert.gov/ncas/current-activity/2014/10/16/Ebola-Phishing-Scams-and-Malware-Campaigns

No Time to Figure Out Sandworm and Poodle?

Paul Ducklin at Sophos issued a one-minute video where he quickly describes what these vulnerabilities are, illustrated by a little graphic. Very handy to know and a great service from Sophos:
http://nakedsecurity.sophos.com/2014/10/18/oops-sorry-about-that-60-sec-security-video/

Quotes of the Week

"If everything seems under control, you're just not going fast enough." - Mario Andretti

"You don't burn out from going too fast. You burn out from going too slow and getting bored." - Cliff Burton

Thanks for reading CyberheistNews! Please forward to your friends. But if you want to unsubscribe,
you can do that right here


You can read CyberheistNews online at our Blog!:
http://blog.knowbe4.com/bid/398370/CyberheistNews-Vol-4-41-Scam-of-the-Week-Whatsapp-Gold-Security-News-Roundup

Thanks for reading CyberheistNews! Warm Regards, Stu Sjouwerman | Email me: feedback@knowbe4.com
Facebook LinkedIn Blog Twitter YouTube YouTube
KnowBe4

New PCI 3.0 Rule - Needs to Be Continuous All Year

Heads-up. This quote is straight from the NEW PCI 3.0 standard:

"To ensure security controls continue to be properly implemented, PCI DSS should be implemented into business-as-usual (BAU) activities as part of an entity’s overall security strategy. This enables an entity to monitor the effectiveness of their security controls on an ongoing basis, and maintain their PCI DSS compliant environment in between PCI DSS assessments."

This is exactly what KnowBe4 Compliance Manager allows you to do.

Most organizations track PCI compliance using spreadsheets, word processors or proprietary self-maintained software. This is inefficient, error prone, costly, and a risk in itself. Keep your PCI compliance in real-time with KnowBe4 Compliance Manager™.

Get PCI 3.0 compliant in half the time and half the cost. Fill out the form for a live web-demo:
http://info.knowbe4.com/_kcm_pci_30

KnowBe4

Russian Cybercrime Rakes In $2.5 Billion These Last 12 Months

There is a Russian computer forensics outfit called Group-IB. They released a report October 15th which goes into great detail on how Russian cybercrime makes its money. The picture is not pretty but very interesting.

Russian cybercrime raked in $2.5 billion between mid 2013 and mid 2014, and the biggest contributor to that revenue stream was the Target hack. Why? While financial fraud is still a big earner -- accounting for $426 million -- it's being surpassed by the simple buying and selling of credit card data. The carding business brought in a whopping $680 million. Here is a backgrounder on why all this Russian cybercrime.
http://blog.knowbe4.com/bid/398140/Why-All-This-Russian-Cybercrime-in-Five-Minutes

A short summary of other bad news: ATM hacks are on the rise. Spamming still pays well. New criminal groups are hitting the scene, specializing in mobile threats. And POS attacks will only get worse, because they can deliver data that's 10 times more profitable than your average plaintext credit card number.

Sara Peters, Senior Editor at Dark Reading, took apart the new 70-page IB-group report and has a good article about it:
http://www.darkreading.com/russian-hackers-made-$25b-over-the-last-12-months-/d/d-id/1316631

The report itself can be downloaded here:
http://report2014.group-ib.com

KnowBe4

KnowBe4 Console User Management Improvements

We have some exciting news for existing users and organizations that are looking at subscribing to Kevin Mitnick Security Awareness Training. Significant improvements have been made to the user management section of your KnowBe4 console.

An existing user said: "I am happy to see that the console is still being developed and extended. The latest change in the user console where you can see the training progress of an individual user is a great improvement. So I’m pleased."

Here are the new features:

Delete users improvements

Delete will not actually delete the users but they will be marked as ‘archived’. Archived users will not show in any user management screens. To “Delete” a user you go to the users page and select from the drop down on the right of the table the "Delete" option. You can filter by "Only deleted users" to find all deleted users. You can "Restore" users from the individual settings menu or "Restore selected" option. If a user is deleted and later imported, the user will be automatically restored

Bulk user delete

- You can now delete users in bulk from a CSV file

Users

When a user signs up, the screen will provide more information on what to do if the email they’re trying to sign up with is in use already: "Email has already been taken? Try to Resend confirmation instructions or Reset password." Users page now has a better layout, shows total number of users, grouped. We capture more information, so account admins can better manage the users: Location, Division, Manager Name, Employee Number. You can now see individual user details, overall statistics on clicks, opened attachments and training status.

Groups:

We redesigned the index page and you now have an option to remove all users from a group in the groups list. The group details page was redesigned to be more user friendly, you can now export users in a group to CSV, and we added a feature to be able to delete all users in a group.

KnowBe4

Symantec Intelligence Report (SIR): September 2014

It's that time of month again, the latest Symantec Intelligence Report just dropped. All the latest on the bad things the bad guys are trying to do. Ben Nahorney is one of their top Cyber Security Threat Analysts as well as the chief architect of the SIR.

Symantec Intelligence aims to provide the latest analysis of cyber security threats, trends, and insights concerning malware, spam, and other potentially harmful business risks. Here is a snippet that is relevant for this issue:

"The average number of spear-phishing attacks rose to 53 per day in September, after a 12-month low in August. Spear-phishing activity has returned to levels seen earlier in the summer, but is still down from the 12-month average of 85 attacks per day." Much, much more at:
http://www.symantec.com/security_response/publications/monthlythreatreport.jsp

KnowBe4

This Is a Data Privacy Survey for Your HR People

It's about Employment Verification Outsourcing & Employee Data Privacy Trends. Data privacy is a hot button issue. Does your firm outsource employment verification processing to a third party employment verification vendor? Does your firm understand its obligations to its employees under the Fair Credit Reporting Act (FCRA)? Take this survey to weigh in on this crucial topic. Leave a comment with your Email address for a chance to win a $150 Amazon gift card. All responses are confidential. Please forward this survey to your HR people. Here's the link:
https://www.surveymonkey.com/s/GYCL69V

KnowBe4

Cyberheist 'FAVE' LINKS:

* This Week's Links We Like. Tips, Hints And Fun Stuff.

This week's episode of The Good Wife has a whole office infected with ransomware that throws them into turmoil. Great for a lunch break and to forward to management:
http://www.cbs.com/shows/the_good_wife/video/

Need a 4-minute "feel-good-shot-in-the-arm?" I assure you you will feel better with this one. Turn up the volume and ENJOY this collection of dance clips from almost 40 movies, from dance movies to comedies, from Fred Astaire to Michael Jackson:
http://www.flixxy.com/movie-dancing-compilation.htm?utm_source=4

A novel way to move a couch from the third story of an apartment building. Will it work or be a disaster?:
http://www.flixxy.com/epic-couch-moving.htm?utm_source=4

A compilation of clips from America’s Funniest Videos of the 24 best cats and dogs talking like humans:
http://www.flixxy.com/24-pets-who-can-talk-like-humans.htm?utm_source=4

Super Typhoon Vongfong as the astronauts saw it from the International Space Station on October 9, 2014:
http://www.flixxy.com/super-typhoon-seen-from-the-international-space-station.htm?utm_source=4

It all begins when she is meeting her girlfriend for lunch at a cafe ... Cafe Lip-Dub Proposal "Marry Me"
http://www.flixxy.com/cafe-lip-dub-proposal-marry-me.htm?utm_source=4

The human powered airplane 'Airglow' flown by Mike Truelove at the Icarus Cup 2012 on a 1km (0.62 mile) stretch:
http://www.flixxy.com/human-powered-aircraft.htm?utm_source=4

 

A commercial for a new Toyota, and they pulled _all_ the tricks out of the photography bag for this one:
http://youtu.be/9wDPPmHBZu0

 

FlameStower Charger: Charge USB Devices with Fire. Really!
http://www.gadgetify.com/flamestower/

 

"Lady is a tramp" on Vimeo. This is called surrealism. I think it's weird!
http://vimeo.com/108100081

 

Jonathan Mann performs a song he wrote using only the iOS 8 QuickType autocomplete feature. Riot:
http://www.flixxy.com/ios-autocomplete-song-by-jonathan-mann.htm?utm_source=4

 

The Sukhoi Su-35 and Su-37 pilots show the amazing maneuverability of their aircraft at an air show in Dubai:
http://www.flixxy.com/sukhoi-su-35-and-su-37-air-show-demo.htm?utm_source=4

 

 
KnowBe4
Facebook LinkedIn Blog Twitter YouTube YouTube

Scam Of The Week: Ebola Phishing Grows In Volume

 

Ebola Email Scams Growing In VolumeI have been warning here before that Ebola phishing attacks would be more and more prevalent, as a result of the mass-media spending increasing amounts of time covering this threat.

And sure enough, it was only a matter of time until you could see phishing and malware attacks using social engineering to trick users into clicking on links or opening attachments.

The US-CERT (United States Computer Emergency Readiness Team) has issued a warning about it, and they advise users to keep an eye out for fraudulent emails of this kind, in order to stay safe from malicious cyber campaigns.

I would use this CERT notification and send the link to your users. It's short, easy to understand, and it's official so it may make a bigger impression than normal.

Feel free to copy/paste/edit this blurb:

"I would like to alert you all of a recent increase in scams related to Ebola. Please double check anything you receive via email or see on social media related to Ebola, like emailed warnings, web-alerts, news updates and possibly even videos. The only way to get news about this is straight from a reputable source. Also, do not fall for fake websites that sollicit online donations for Ebola victims. Verify the site is legit before you donate anything. I have said it before and I am saying it again: "Think Before You Click!"

Here is an official message from the U.S. Government about Ebola scams:

https://www.us-cert.gov/ncas/current-activity/2014/10/16/Ebola-Phishing-Scams-and-Malware-Campaigns

Russian Cybercrime Rakes In $2.5 Billion These Last 12 Months

 

Sara Peters at DarkReadingThere is a Russian outfit called Group-IB. They released a report October 15th which goes into great detail on how Russian cybercrime makes its money. The picture is not pretty but very interesting.

Russian cybercrime raked in $2.5 billion between mid 2013 and mid 2014, and the biggest contributor to that revenue stream was the Target hack. Why? While financial fraud is still a big earner -- accounting for $426 million -- it's being surpassed by the simple buying and selling of credit card data. The carding business brought in a whopping $680 million. Here is a backgrounder on why all this Russian cybercrime. 

A short summary of other bad news: ATM hacks are on the rise. Spamming still pays well. New criminal groups are hitting the scene, specializing in mobile threats. And POS attacks will only get worse, because they can deliver data that's 10 times more profitable than your average plaintext credit card number.

Sara Peters, Senior Editor at Dark Reading, took apart the new IB-group report and has a good article about it:

http://www.darkreading.com/russian-hackers-made-$25b-over-the-last-12-months-/d/d-id/1316631

Ransomware hits admin workstation and kills 7 servers

 

describe the imageI wanted to share a horror story with you, something that happened to somebody the day before yesterday. This is what happened in their own words:

"We are a 250 employee non-profit and we heavily rely on our computer systems in almost everything we do. Yesterday, one of our admin workstations was hit with CryptoWall Version 2.0, and because this workstation had drives mapped to all our servers, and the administrator had permissions, all our seven servers were encrypted and we were dead in the water.

CryptoWall took just 55 minutes to encrypt 75 Gigs of information, and it had penetrated most of our network before we found out what was happening, isolate the workstation and get it disconnected from the network. We had backups of the seven servers but it would take days to restore those, so we opted to find out if we could decrypt the files first.

Luckily we had just signed up for KnowBe4’s Kevin Mitnick Security Awareness Training, which came with a crypto-ransom guarantee in case something like this would happen. We called them and got instant help with this very urgent problem.

They had bitcoins ready in a wallet and were able to pay the $500 ransom within hours. The CryptoWall criminals were actually also pretty quick, and we were issued our decryption key soon after.  We immediately started to decrypt all the files with the provided decryption tool and pulled an all-nighter. It was amazing how long it took to get through all of the data. It finally completed at around 8:30 am. So we estimate about 18 hours of running the decrypt tool on our 75 gigs of data.

So far it only appears that one older database file was corrupted during the encryption, but we restored it from our backup and all is fine. I can’t say enough about KnowBe4’s quick response and support with this situation. We dodged a very big bullet here.

While only a portion of our staff have completed the training, something tells me more will complete the training requirement after this event. Thank you very much!" - Q.M. IT Director

As you can see,  ransomware hitting a key employee like an admin or perhaps a CEO, controller, or CFO with a lot of access, can do immense damage.

Having all employees step through security awareness training and sending them simulated phishing (and now also vishing) attacks, is an essential element of your defense-in-depth! 

Find out how affordable this is for your organization. Click the button:

  Stop RansomWare

Warm regards,

Stu Sjouwerman

Founder and CEO, KnowBe4

 

PS: Want to understand why all this Russian Cybercrime is happening? Here is a 5-minute explanation!

The Snappening - Snapchat naked selfies have leaked - but how?

 

Little GhostSnapchat is supposed to not keep pictures and basically delete ("self-destruct") any pictures automatically. The ghostly cloud service itself was not hacked, but many megabytes of saved images have leaked... how?

Snapchat itself denies being hacked and blames an unauthorized third party which would have downloaded the "private" selfies to a website called Snapsaved which is accessible to the Internet, and was in turn hacked itself.

Snapsaved was being smart and reverse-engineered the API that Snapchat provides. This Application Programming Interface allowed Snapsaved to circumvent the “instant deletion” feature of Snapchat’s own mobile app, and save zillions of pictures to disk.

So, if you, friends, or underage family members have ever exposed any private parts to someone on Snapchat – there is a chance that this picture is now in the hands of hackers, and intimate photographs...could technically qualify as child pornography. Ouch, that gets you right in Federal pen.

Internet users, and especially teenagers should understand that anything you put on the Internet is there forever, and that is why you don't push your cell phone in your pants because it will bite you in the butt sometime later.

Security Awareness Training is a must for any Internet user! More about this at Infosecurity magazine.

 


 

All Posts