CyberheistNews Vol 4 #46 Nov 25, 2014
The "New Stuxnet" Discovered Called Regin - How Does It Work?
Symantec researchers discovered "the new Stuxnet", but it has been in operation since at least 2006. Obviously a highly advanced spying tool, better than the best malware out there. If you look at the list of countries infected, it is clear that this is built by the USA with perhaps some help from others.
The NSA is likely behind this one, and Symantec published a 22-page report and blog post on the Regin malware, which it described as a powerful cyberespionage platform that can be customized depending on what type of data is sought. Here is a link to their PDF:
If Regin does turn out to have been active and hidden for 8 years, the discovery means that nation states are still having a 100% success rate in avoiding all antivirus products, which is very bad news for companies trying to protect their networks and crown jewels.
Symantec has been quietly trying to analyze this critter for the last 12 months. It has five separate stages, each one depending on the previous stage to be decrypted. It also uses peer-to-peer communication, which avoids using a centralized command-and-control system to exfiltrate stolen data.
It's also not clear yet how users become infected with Regin. Symantec figured out how just one computer became infected so far, which was via Yahoo's Messenger program. Possibly the user was a victim of social engineering, but it could just as well be a zero-day in Messenger itself which infects a PC without any interaction from the user.
In any case, stepping your users through effective security awareness training is a very good idea with malware like this out there. Find out how affordable this is for your organization today.
How Hackers Exfiltrate Corporate Data Using Video
Hackers have turned to cloud services to make large data transfers outside of hacked sites. The latest trick uses consumer video sites. There are two reasons that video sites are a great way to steal data. The first one is that they are widely allowed by companies and used by employees for legit things like training, demos and company marketing. Second, when a hacker needs to exfiltrate a lot of data, disguising it as video makes sense, because video files are usually large, and make up a very large part of network traffic.
How the Attack Works
Once the attacker has the crown jewels, they split the data into compressed files of identical sizes, similar to how the RAR archive format transforms a single large archive into several smaller segments. Next, they encrypt this data and wrap each compressed file with a video file. In doing so, they make the original data unreadable and further obscure it by hiding it inside a file format that typically has large file sizes. This technique is sophisticated; the video files containing stolen data will play normally.
They upload the videos containing stolen data to a consumer video sharing site. While they’re large files, it’s not unusual for users to upload video files to these types of sites. If anyone checked, the videos would play normally on the site as well.
After the videos are on the site, the attacker downloads the videos and performs the reverse operation, unpacking the data from the videos and reassembling it to arrive at the original dataset containing whatever sensitive data they sought to steal. Here is the chalktalk how it works: http://youtu.be/lFKn1agkNXA
What To Do About It:
You need next-generation breach detection. These tools solve, in essence, a classic big-data problem. To be effective, these tools need to analyze a great variety of data in high volume, and at great velocity, to determine potential breaches. Most important, the tools must be precise; too many false positives and their reports will quickly be ignored, which is what happened at Target. A new crop of next-generation startups are working on this, for example:
And obviously you would start with stepping all employees through effective "new school" security awareness training, because 91% percent of successful data breaches start with a spear-phishing attack. Ask for a quote and find out how affordable this is for your organization:
The Industrialization of Hacking
Here is some data to help you get more IT security budget. This is a very short summary, but it's got the essentials for management.
Cybercrime has gone pro. Stealing data is big business, either hacking into companies and steal credit card data and sell this in the cyber underground market, or to gain access to your organization's intellectual property (designs and/or source code) which allows a foreign competitor to instantly catch up on your years of very expensive R&D.
The last 5 years, a revolution has taken place in hacking. What once was a hobby is now done at industrial-scale with 100% criminal supply lines, facilitated by escrow services. These teams of black hats are extremely well-funded, and backed by organized cybercrime cartels and nation states. The Financial Industry has recognized this and is doubling their IT security budget. You should take their example before your organization is on the front page of the newspaper as the next data breach.
2015 Kevin Mitnick Security Awareness Training Released
KnowBe4 built the first fully integrated security awareness training and phishing platform, and we are excited to release the yearly refresh which will make your human firewall even stronger.
This brand-new, high quality web-based interactive training uses case-studies, live demonstration videos and short tests along with automated phishing tests. The earlier case studies were replaced with new, recent ones: Target, Home Depot and Chase Bank. With the surge of ransomware like Cryptolocker and CryptoWall in 2014, Kevin Mitnick's videos were updated and now include this new threat of ransomware.
The training specializes in making sure employees understand the mechanisms of spam, phishing, vishing, spear-phishing, malware and social engineering and also includes a condensed 15-minute version for executives that specifically focuses on Advanced Persistent Threats..
The course is available in your console, but you need to click the course itself, and then the "Visible to users" checkbox to make it available for your users. Ask your Customer Success Manager for more detail.
We have also translated 13 Hints & Tips Templates in German, French, Italian, Spanish, Chinese and Swedish. They are available in your Campaign Template pull-down menu. Soon you will also see more international phishing security test templates.
Quotes of the Week:
"The beginning of wisdom is to call things by their right names." - Chinese Proverb
"Spiritual relationship is far more precious than physical. Physical relationship divorced from spiritual is body without soul." - Mahatma Gandhi
Warm Regards, Stu Sjouwerman | Email me: email@example.com
PCI DSS 3.0 Compliant In Half The Time At Half The Cost
It's time to get and stay PCI DSS 3.0 compliant. Now that the new 3.0 standard goes into effect, it's a great time to start using a new tool that will save you half the time and half the cost becoming compliant: KnowBe4 Compliance Manager 2015.
It comes with a pre-made PCI DSS 3.0 template that you can immediately use to get compliant and maintain compliance in a business-as-usual process.
Escape from Excel-hell!
Most organizations track PCI compliance using spreadsheets, MS-Word, or proprietary self-maintained software. This is inefficient, error prone, costly, and a risk in itself. Get and stay PCI DSS 3.0 compliant in half the time and at half the cost with KnowBe4 Compliance Manager™.
Get a short, live web-demo, and we will show you how easy and affordable this is!
Software Support Cybercrime Scam
This week the FTC shut down a $120M tech support scam that consumer software buyers should be aware of. Two telemarketing firms were at the center of this FTC investigation, but there are many more that have yet to be shut down.
This type of scam has evolved into an extremely lucrative business practice that many consumer software companies are now pushing on their paying customers.
Typically when software is purchased online, customers receive a link to download the software with a license key to activate the service.
In an attempt to get as many customers calling in to these support call centers, many software companies are not delivering the link to download or the license key to activate their newly purchased software.
Instead, customers are instructed to call these tech support centers for "Activation Assistance" or "Installation Assistance". This is a dirty trick to get as many people calling into these support call centers as possible. In most cases, a free PC diagnosis is offered and the telemarketer will remotely access the customer's computer and use social engineering to sell needless tech support services.
I had the pleasure of speaking with the owner of one of these remote tech support firms and what I learned was astonishing. As a digital marketing professional for a software company, the conversation started off with an offer to pay $5 for every phone call I could refer to a call center in India. This is an alarming high amount to pay for each phone call, so I assumed a high number of those calls would turn into paying customers, but I had no idea how many. Through this discussion I learned that 30% of US customers who call into telemarketing centers are purchasing these types of tech support services. WOW!
Software companies stand to gain in some cases 40-50% on each sale they refer to these call centers, in some cases that's an additional $150-200 from customers who purchased a $30 piece of software. In some verticals such as registry repair, PC cleaners and driver updating software, it is actually hard to find a software company that is not referring customers to these types of call centers because the sheer amount of revenue that is produced.
Avoiding this scam is easy. Before you purchase software online, try to make sure that you will instantly get your license key. In case you are instructed to call a support number to "activate or install" the software you just purchased, you should request a refund right away. These types of software companies are putting their customers at risk and are not the type of company you should trust. (Hat tip to Kara Kritzer)
InfoSec Pro Industry Survey - Enter For An iPad!
As a leading information security professional, you know better than most what key issues the industry is facing now, and have good insights into what's looming on the horizon. Let your voice be heard!
(ISC)2 is conducting its 6th Global Information Security Workforce Study (GISWS). All survey participants will be entered into a raffle for a chance to win one of six (6!) iPads. Survey results will be available in early 2015. Don't miss your chance to be a part of this important industry survey!
2015 Prediction: Expect Massive Spikes In Global Information Security Threats
By Frank Ohlhorst at TechRepublic wrote: Global security threats will continue to increase next year and are as certain as death and taxes, according to a recent report.
Increases of global information security threats remain as much a certainty as death and taxes, at least according to the latest Information Security Survey from PWC. That report, which was published in October, highlights several troublesome trends and provides valuable information for those concerned with enterprise IT security. Nonetheless, interpreting the information delivered into applicable best practices remains a challenge for many IT security professionals. Especially those who will be assigned the task of keep their organizations from becoming one of the latest statistics in the battle against cybercrime.
PWC rightly points out that cyber security has become a persistent business risk and that threats (both to the economy and intellectual property) are on the rise. The report goes on to identify some very troubling incidents, including:
More than half (53%) of global securities exchanges have experienced a cyber attack (IOSCO Survey) In South Korea, some 105 million payment card accounts were exposed in a security breach (Symantec Corp) City officials in Verden, Germany announced the theft of 18 million email addresses, passwords and other information (TechWeek, Europe) Cyber thieves stole more than $45 million from worldwide ATM accounts of two banks in the Middle East (CNet.com)
Amnesty International launched the Detekt tool to scan for state surveillance spyware on phones and PCs. It was developed by security expert Claudio Guarnieri. I wonder if this puppy detects Regin.
A group of security and technology experts that fight for the respect of human rights experts have launched a new tool dubbed Detekt that allow the detection of the government surveillance malware on mobile devices and PCs. Amnesty in one the members of the Coalition Against Unlawful Surveillance Exports, the alliance that fights to avoid violation of human rights
Detekt was developed by the Italian security expert Claudio Guarnieri, it was launched last Thursday in partnership with Amnesty International, British charity Privacy International, German civil rights group Digitale Gesellschaft and US digital rights group the Electronic Frontier Foundation.
Cyberheist 'FAVE' LINKS:
This Week's Links We Like. Tips, Hints And Fun Stuff.
Super Fave: Ken Block's Gymkhana Seven: Wild In The Streets Of Los Angeles. This is a custom-built 1965 Mustang with 845 horses:
Semi-Truck Jump Over A Formula 1 Car - Epic World Record. A giant semi-truck jumps over a speeding Formula 1 car and sets a world distance record of more than 83 feet:
Wingsuit flying BASE jumper Espen Fadnes makes history acting as a flying carpet for skydiving canopy flyer Bjørn Magne Bryn in Romsdalen Valley, Norway:
Want a good chuckle? Star Wars Pranks in Paris with Luke Skywalker, R2D2, Chewbakka and Darth Vader:
Waddington airfield in Lincolnshire, England is the perfect spot to see F16, F18, B-17, Saab 2000 and even the Avro Vulcan close-up when they come in for a landing:
Tiny hamsters celebrate Thanksgiving just like it was in 1621. Cute for the kids:
Svein Aasjord and Trond Ivarsøy had stopped their boat to watch humpback whales in the distance feeding on herring, and then suddenly their boat was surrounded:
Watch until the end!! Not only can illusionist Darcy make doves appear out of nowhere, he also has an even bigger trick up his sleeve:
Undoubtedly one of the most amazing performances of 'Swan Lake.' An outstanding display of grace, balance and art. Tchaikovsky would be proud:
The Toyota Mirai hydrogen-fueled family car is emission free and can be refueled in 5 minutes, providing a range 300 miles on a full tank of hydrogen:
Have you ever wondered why rivers almost never run straight? Find out in this cute, instructive, 3-minute video by MinuteEarth:
Stop Thief! A squirrel grabs a GoPro camera and climbs up a tree to record the owner on video. Location: Montréal, Canada:
Penn and Teller perform awesome live magic on 1986 Saturday Night Live. If you can't figure out how they do it - all is revealed at the end: