CyberheistNews Vol 4, # 20 CryptoLocker Goes Spear-Phishing



CyberheistNews Vol 4, # 20
KnowBe4
Stu Sjouwerman's New Security Newsletter Don't miss the Fave Links! Case Studies Resources About Us Contact Us
Facebook LinkedIn Blog Twitter YouTube YouTube
 

CyberheistNews Vol 4, 20

Editor's Corner

KnowBe4

☣ READ THIS FIRST: CryptoLocker Goes Spear-Phishing

NOTE: Please forward this to the same people that you forwarded the initial CryptoLocker warning to.

You may be familiar with a site called Spiceworks. They have free system admin and network management software, and their business model is advertising to the hundreds of thousands that use the software. Their forums are a great indicator of what happens in the trenches of defending against malware. One thread that is incredibly popular has the title: "We fought a cryptovirus (and the virus won)."

The discussion goes on for many pages and indicates the level worry about this new wave of ransomware. Another indicator is Google Trends, which is currently at "100" which represents the peak search interest for the term CryptoLocker, and indicates that the level of infections out there is going up.

It looks like the CryptoLocker gang is ratcheting up their attack level, probably as a response to competition from the CryptoBit and CryptoDefense gangs. The latest CryptoLocker infections are caused by emails sent to companies that have job postings at sites like Craigs List. The bad guys look for job postings, and send resumes carrying the CryptoLocker malware as a payload.

The moment anyone opens these resumes, the ransomware kicks in and downtime is the result. Problem is, people involved with hiring are very often the people with the most access; the owner, CEO, HR or department heads.

Meanwhile, a fourth ramsomware strain is doubling in size. Researchers at Damballa Threat Research wrote on their blog that the number of Kovter infections doubled over the last month from 7,000 to 15,000 infections. These guys use the worst kind of shock to make people pay, in the form of first displaying child pornography and copying it to the victim's drive before encrypting their system and holding it hostage. Yikes.

It largely depends on how you have organized your backups, but reading about mitigating the many "crypto" infections, it takes from a few hours to a few days, and varies from an annoyance to significant losses because of lost files and lost time. The United States Computer Emergency Readiness Team (US-CERT) has a page about CryptoLocker and how to prevent it. Please note points 4, 5 and 6:
http://www.us-cert.gov/ncas/alerts/TA13-309A

I am quoting one of the spiceworks comments, made by Andrew-VEC on page 7: "If you enable Software Restriction Policy in GPO and utilize your AV product's application whitelisting feature, you will have reduced significantly the attack surface for most forms of malware. It can be annoying as you build restrictions for programs that don't install into Program Files or that launch off of CD, but knowing that a typical end user won't be able to run arbitrary programs creates peace of mind in protecting the network.

"You just need to employ typical best practices: LUA model, software restrictions, web filtering, AV filtering at the gateway, deep packet inspection on hosted services, encryption of protected files at rest and in motion, share access restrictions, data loss prevention techniques, and testing of backups/restores. Of course, always keep on the training. Your weakest point in any security model is the person who touches the keyboard."

Obviously I agree 100% with this. Stepping your users through effective education will make them think -twice- before they click on a link or open a possibly infected attachment. The fun part is you get to schedule a whole year's worth of simulated phishing attacks (set-it-and-forget-it), and send reports of repeat offenders to management.

Get a quote now for the highly effective Kevin Mitnick Security Awareness Training. Click on the orange button at the right side of the screen to find out how affordable it actually is! (Again, please forward to your friends)
http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/ PS, If your antivirus product does not have a whitelisting feature, consider taking a look at the MalwareShield Beta which will block any crypto virus: This is the page where you can download the (early) beta:
http://www.knowbe4.com/malwareshield-betadownload/

Scam Of The Week: Fake Purchase Orders

This could be a very expensive scam to fall for, so keep on reading.

Earlier this year there were reports in the press about a wave of purchase order scams targeting university suppliers. But recently, scammers have expanded their scheme by targeting industrial construction contractors and their suppliers. Scammers use social engineering, fake emails, fake PO's, and fake shipping addresses to get shipments sent to them without payment.

This is a numbers game and can easily be expanded to your industry as well, so send this alert to the managers that are in charge of your sales, purchasing and shipping departments.

In the most recent version of this scam, an industrial and commercial construction company in Garden Grove, California, KGM, Inc was used to generate fake PO requests for various supplies. Using email as the primary method of communication, or in some cases a phone, the scammers will attempt to get a quote for products from a given vendor. Once the quote is delivered, the scammers will either develop a fake PO, or forge an existing one, and have the vendor ship the products on Net 30-terms. Otherwise, they'll use a (stolen) credit card to pay for the items directly.

You need to do some sort of pattern recognition, and/or be "context-aware" (see article below) and carefully "vet" orders that seem out of the ordinary before they get shipped. Full Article at CSO:
http://www.csoonline.com/article/2155920/social-engineering/purchase-order-scams-now-targeting-construction-suppliers.html

Microsoft To XP: "You Are Dead To Us".

This week, Redmond reminded all of us still running XP that we would not receive security updates on Patch Tuesday or any future patches of any kind.

Microsoft spokesman Brandon LeBlanc said on a company blog: "If you are still on Windows XP you will not receive any security or non-security updates through Windows Update or Microsoft Update. Because support has ended for Windows XP, we are no longer releasing updates to the general public for Windows XP going forward."

LeBlanc reiterated Redmond's message to ditch XP and upgrade to a current version like Windows 8.1. "We continue to encourage customers still on Windows XP to upgrade to a modern, more secure operating system like Windows 8.1," he said.

Well, sure, that would be nice if you -can-. There are a multitude of reasons that an upgrade is not doable just yet: budget, ill-behaved mission critical apps that only run on XP, hardware not up to snuff for an upgrade to Win 8.1, compatibility issues and many more

In the mean time, XP users have literally been hung out to dry with vulnerabilities no longer being patched. Not good. If you are sticking with XP, here are 10 things you need to do:
http://blog.knowbe4.com/bid/377532/Sticking-With-WinXP-10-Things-You-Must-Do

Quotes of the Week

"Constant kindness can accomplish much. As the sun makes ice melt, kindness causes misunderstanding, mistrust, and hostility to evaporate." - Albert Schweitzer - Humanitarian (1875 - 1965)

"The only way of finding the limits of the possible is by going beyond them into the impossible." - Arthur C. Clarke - Sci-Fi Writer

Thanks for reading CyberheistNews! Please forward to your friends. But if you want to unsubscribe,
you can do that right here


And here is a funny cartoon about end-users that you might enjoy!
http://blog.knowbe4.com/bid/386493/And-in-THIS-corner-we-have-Dave

Thanks for reading CyberheistNews! Warm Regards, Stu Sjouwerman | Email me: feedback@knowbe4.com
Facebook LinkedIn Blog Twitter YouTube YouTube
KnowBe4

New Whitepaper: Improving The Compliance Management Process

How much can you save on compliance costs?

Only 13% of the organizations Osterman surveyed are “very satisfied” with the way that they manage regulatory compliance issues, despite the fact that 63% consider regulatory compliance to be “very important”.

Osterman's research found that you typically spend 19% of your compliance and audit time each year on tracking requirements and another 31% on gathering and maintaining audit evidence. Because these two activities alone consume fifty percent of your compliance efforts, how much can you save on overall compliance costs? Download this whitepaper and find out ...
http://info.knowbe4.com/whitepaper-osterman-14-05-20

KnowBe4

NIST's New Approach to Cybersecurity Standards

Applying Engineering Values to IT Security. The National Institute of Standards and Technology is developing new cybersecurity standards based on the same principles engineers use to build bridges and jetliners.

At the University of Minnesota College of Science and Engineering's Technology Leadership Institute on May 13, NIST Fellow Ron Ross unveiled a draft of NIST Special Publication 800-160, Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems. The guidelines recommend steps to help develop a more defensible information technology infrastructure, including the component products, systems and services that constitute the infrastructure. This is an interesting 10-minute interview:
http://www.bankinfosecurity.com/interviews/applying-engineering-values-to-infosec-i-2322?rf=2014-05-14-eb

KnowBe4

Avivah Litan on 'Context-Aware' Security

This is a good short interview by a well-known Gartner analyst that you can use as ammo to get budget.

A multi-layered approach known as "context-aware security" is the most effective strategy for fighting both insider and external cyberthreats, says Gartner analyst Avivah Litan, who explains how this strategy works.

"Context-aware security is about making your systems smarter," Litan says in an interview with Information Security Media Group at the Fraud Summit Chicago, where she was a featured speaker. "Right now, there's not a lot of situational awareness in our security systems, so they're pretty linear. We can't tell a good action from a bad action, in many cases, because we lack that situational awareness."

The use of context-aware security is not yet common, Litan says, because most security vendors have just begun building into their systems a few of the many necessary capabilities, starting with device ID and location.

In the interview, Litan describes:

   - The role of data analytics in this new approach to security;

   - How multiple layers of intelligent security can help pinpoint
   the most relevant alerts that systems generate;

   - How context-aware security might have helped to detect the Target breach
   and Edward Snowden's activities at the National Security Agency;

   - Why continuous profiling of users, accounts and devices is essential
   to fraud detection. "The only thing that's going to work in fraud
   detection and security is continuous profiling of your users, your
   accounts and your devices and looking to see if new activity ...
   correlates with what you expect," she says.

Litan, a vice president at Gartner Research, is a recognized authority on financial fraud. She has more than 30 years of experience in the IT industry. Her areas of expertise include financial fraud; authentication; access management; identity proofing; identity theft; fraud detection and prevention applications; and other areas of information security and risk. She also covers security issues related to payment systems and PCI compliance. Listen to the 10-minute interview at BankInfoSecurity:
http://www.bankinfosecurity.com/interviews/avivah-litan-on-context-aware-security-i-2317?rf=2014-05-15-eb

KnowBe4

Book: NSA Installing Spyware on Network Equipment

Guardian journalist Glenn Greenwald will soon release a book which among other things describes how the NSA intercepted shipments of routers, servers, and other network devices bound for overseas destinations and installed spyware on the equipment before sending it on its way. To add insult to injury, this is the very same thing that the US government accused China of these last few years. Excerpts from Greenwald's coming book were published in The Guardian.
http://www.cnet.com/news/nsa-reportedly-installing-spyware-on-us-made-hardware/

KnowBe4

Cyberheist 'FAVE' LINKS:

* This Week's Links We Like. Tips, Hints And Fun Stuff.

Roy Raphaeli’s style of magic differs from the Las Vegas stage magicians in that everything is performed right in front of your eyes. How the HECK does he do this??? I have watched this numerous times and cannot figure it out:
http://www.flixxy.com/roy-raphaeli-card-trick.htm?utm_source=4

A cat video to end all cat videos: Cat comes to the rescue of a child being attacked by a vicious dog and runs the dog off before he can do more damage:
http://www.flixxy.com/heroic-cat-saves-child-from-vicious-dog-attack.htm?utm_source=4

Enjoy the footage of Wizz Air's Airbus A320 low pass over downtown Budapest during an airshow on May 1 2014. Wow that guy is flying _REALLY_ low:
http://www.flixxy.com/pilots-view-of-airbus-a320-low-pass-over-the-danube-in-budapest.htm?utm_source=4

How well is the Tesla Model Sit doing against the new Benz S550? Surprise @ Head 2 Head:
https://www.youtube.com/watch?v=z87U8qVxNio

A cat video to end all cat videos: Cat comes to the rescue of a child being attacked by a vicious dog and runs the dog off before he can do more damage.
http://www.flixxy.com/heroic-cat-saves-child-from-vicious-dog-attack.htm??utm_source=4

The Lion Whisperer Kevin Richardson plays soccer with a pack of wild lions to promote his wildlife sanctuary and Van Gils suits:
http://www.flixxy.com/worlds-first-kevin-richardson-playing-soccer-with-wild-lions.htm?utm_source=4

A single man embarks on a city adventure with only the lost business cards of a mysteriously beautiful woman to guide him:
http://www.flixxy.com/heineken-the-city.htm?utm_source=4

Meet OutRunner, the world's first remotely controlled robot running up to 20 mph on various terrain with up to 2 hours of battery life:
https://www.kickstarter.com/projects/138364285/outrunner-the-worlds-most-advanced-running-robot

Magician Marcel Kalisvaart with his amazing performance at the "Cirque d'Hiver Bouglione" in Paris, France:
http://www.flixxy.com/the-prince-of-illusions.htm??utm_source=4

Girl surfing with dolphins in the Sea of Cortez. How awesome is this?
http://www.flixxy.com/girl-surfing-with-dolphins.htm??utm_source=4

This German Short-haired Pointer gets around the agility course in record speed. Look at this little guy go like greased lightning: FUN !
http://www.flixxy.com/fastest-dog-in-the-universe.htm?utm_source=4

Last but not least, from the archives, this one is simply awesome with some very funny wipe-outs:
http://www.flixxy.com/best-of-web-4-by-zapatou.htm??utm_source=4

 
KnowBe4
Facebook LinkedIn Blog Twitter YouTube YouTube

 

Related Pages: Spear Phishing




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews