| |
CyberheistNews Vol 4, 33
Editor's Corner
New Ransomware Threat: TorrentLocker
iSIGHT partners discovered a new ransomware strain, which uses "marketing" components of CryptoLocker and CryptoWall but underneath the surface, the code is completely different from these two earlier ransomware families. They have called this new strain "TorrentLocker", for reasons you will see below.
Despite its unique code, the malware tricks victims into thinking that it's CryptoLocker by copycatting the CryptoLocker ransom message. The design of the ransom page looks more like CryptoWall. The malware installs itself on the infected machine and injects a binary into a legitimate process.
This injected binary contains the functionality to encrypt files using the Rijndael algorithm. Once files are encrypted, the victim is prompted with a ransom message and a decryption deadline. The victim is required to purchase Bitcoins and send the payment to the Bitcoin address provided.
The malware and its configuration reside in the Windows Registry, in \Software\Bit Torrent App\ for continued persistence on the infected machine. The registry contains items such as the original binary, ransom message, install locations, autorun key and number of encrypted files.
This strain has been spotted in Australia first, apparently the bad guys are using the aussies as their beta test and then go worldwide. More at:
http://www.isightpartners.com/2014/08/analysis-torrentlocker-new-strain-malware-using-components-cryptolocker-cryptowall/
I have said it before and I will say it again, it's high time to make 100% sure that your backups really work and can actually be restored at a moment's notice. Also, step all users through effective security awareness training to prevent ransomware attacks from happening. Why Security Awareness Training? Ransomware, that's why... Find out how affordable this is for your own organization. Get a quote now:
http://info.knowbe4.com/ransomware-cryptolocker-guarantee_primary_14-08-19
KnowBe4's Email Exposure Check Discovers Data Breach
You are probably aware of the free one-time Email Exposure Check (EEC) we can run for you. We find all the email addresses of your domain that are out there available on the Internet. If we can find them, so can the bad guys!
Recently the EEC we ran for a customer discovered several of that customer's email addresses listed on a website ending with the file extension '.sql'. We inspect all suspicious EEC results, and this particular result was a complete dump of that company's customer's database and to add insult to injury, it was even indexed by Google.
This information was publicly available and exposed to the Internet for several months. The information within the database included:
* Over 34,000 Full name, address, phone number, email, usernames, plain-text passwords and purchases made
* Over 200 plain-text full credit card numbers with expiration dates.
After further investigation it was determined that a portion of this data had been posted on Twitter several months prior by a known hacker group.
This is the kind of thing that the Email Exposure Check may uncover for you, apart from the email addresses of your employees and on which (hacker) sites we found these addresses, which constitutes your phishing attack surface.
We have a special offer for you. Even if you already have run your one-time free EEC, you are eligible for another one! And if you haven't done so already, request your free one-time Email Exposure Check here:
http://info.knowbe4.com/free-email-exposure-check-14-08-19
Find out what your phishing attack surface is. It's free. Do it now.
Quotes of the Week
"A day without laughter is a day wasted." - Charlie Chaplin
"Nothing has more strength than dire necessity." - Euripides (480 - 406 BC)
Thanks for reading CyberheistNews! Please forward to your friends. But if you want to unsubscribe,
you can do that right here
|
Why Security Awareness Training? Ransomware, That's Why...
Ransomware attacks cause downtime, data loss, possible intellectual property theft, and in certain industries a ransomware attack is considered a data breach.
Multiple ransomware strains are now attacking your end-users. You cannot just rely on your filters - you also have to step your end-users through effective security awareness training. Since September 2013, ransomware has become vicious, has inspired several copycats, and the first strains of second-generation ransomware have been identified.
Here are some real system administrator quotes of sites hit with ransomware:
1. "Just Paid Cryptolocker - We got infected, found our backups did not work and we had to pay."
2. "Went through this 2 weeks ago - We had backups, but that meant we lost a day and a half."
3. "CryptoDefense deleted my Shadow Volume Copies - that really caused a major problem."
4. "Cryptolocker SUCKS" - This really is the nastiest thing on the web at the moment."
5. "Ouch. This stinks" - Our comptroller opened the attachment, and her PC got infected. The phishing email passed through hosted email filtering, our "advanced" firewall and the AV on the workstation."
Get a Quote for your organization now and your users trained ASAP. If your files get encrypted due to human error after your user steps through our training, KnowBe4 will pay the crypto-ransom. Find out how affordable this is for your organization. Click on the link and GET A QUOTE NOW: http://info.knowbe4.com/ransomware-cryptolocker-guarantee_primary_14-08-19
Tennessee Firm Sues Bank Over $327K Cyberheist
Brian Krebs wrote: "An industrial maintenance and construction firm in Tennessee that was hit by a $327,000 cyberheist is suing its financial institution to recover the stolen funds, charging the bank with negligence and breach of contract. Court-watchers say the lawsuit — if it proceeds to trial — could make it easier and cheaper for cyberheist victims to recover losses.
"In May, 2012, Kingsport, Tenn.-based Tennessee Electric Company Inc. (now TEC Industrial) was the target of a corporate account takeover that saw cyber thieves use a network of more than four dozen money mules to siphon $327,804 out of the company’s accounts at TriSummit Bank.
"TriSummit was able to claw back roughly $135,000 of those unauthorized transfers, leaving Tennessee Electric with a loss of $192,656. Earlier this month, the company sued TriSummit in state court, alleging negligence, breach of contract, gross negligence and fraudulent concealment.
"This lawsuit, if it heads to trial, could help set a more certain and even standard for figuring out who’s at fault when businesses are hit by cyberheists (for better or worse, most such legal challenges are overwhelmingly weighted toward banks and quietly settled for a fraction of the loss).
"Consumers who bank online are protected by Regulation E, which dramatically limits the liability for consumers who lose money from unauthorized account activity online. Businesses, however, do not enjoy such protections." Read the whole story here:
http://krebsonsecurity.com/2014/08/tenn-utility-sues-bank-over-327k-cyberheist/
Usually, the bad guys get into the computer of the Controller or CFO with spear-phishing attacks which take over the machine of that employee. These attacks can be prevented by effective security awareness training.
http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/
Fascinating Read: "The Making Of A Cybercrime Market"
Sean Martin at CSO wrote: "I recently had the opportunity to speak with two representatives from the Netherlands-based security research firm Fox-IT, Maurits Lucas, InTELL Business Director, and Andy Chandler, VP of WW Sales & Marketing. Collectively, the two shared an in-depth story of cybergang warfare suitable for Hollywood". You should read this as your Lunch & Learn this week, and find out about the first cloud-based Malware as a Service. By the way, you can translate most of these developments to the coming wave of criminal ransomware:
http://cwonline.computerworld.com/t/8995663/987374514/686203/17/
NSA's MonsterMind Aims To Detect And Stop Cyber Attacks Instantly
WIRED magazine had the scoop, by directly talking to Edward Snowden. An NSA program known as MonsterMind, currently under development, is being designed to detect and stop cyber attacks against the US; the system would also be capable of launching retaliatory cyber attacks. Described in broad terms, the program would analyze metadata to detect anomalous network traffic.
SANS Editor Murray states (and I fully agree) "Interesting 'aim.' However, it smacks of the infamous Internet 'kill switch,' is very dangerous, and its use might probably exceed the authority of the NSA. Operation of the Internet is best left in the hands of those professionals who do it minute by minute and day by day." Here is the whole article, interesting reading:
http://www.wired.com/2014/08/nsa-monstermind-cyberwarfare/
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
How big are the planets and stars floating in our Universe and how big can they get?
http://www.flixxy.com/orders-of-magnitude-star-size-comparison.htm?utm_source=4
Very funny: Robin Williams as Ivan Yakonov from 'The Russian Idol' on 'American Idol Gives Back 2008. RIP:
http://www.flixxy.com/very-funny-robin-williams-the-russian-idol.htm?utm_source=4
OM/ONE: The world's first levitating Bluetooth speaker. Dang this is cool, we doubled our office floor space last week and I bought one for our new conference room:
http://youtu.be/XCfhdmC7oMY
Microsoft Fixes Shaky Time-lapse Videos with Hyperlapse Technology:
http://time.com/3103468/microsoft-time-lapse-hyperlapse/
Aussie scientists create a "water tractor beam". This is only the beginning. I am sure we will be able to create real tractor beams in the near future:
http://www.gizmag.com/water-tractor-beam/33293/
Disney algorithm has asymmetrical objects in a spin, this is technically very interesting:
http://www.gizmag.com/disney-algorithm-asymmetrical-shape-spin/33301/?
'Chattanooga Choo Choo' performed by the all female Russian music group 'Soprano 10'. Yes, in Russian! Who would have EVER imagined this 20 years ago....
http://www.flixxy.com/chattanooga-choo-choo-by-soprano-10.htm?utm_source=4
Aerobatic pilot Ernest Artigas was keen to propose to his girlfriend Olivia in an original way - Upside down!:
http://www.flixxy.com/unusual-inverted-marriage-proposal.htm?utm_source=4
The most amazing stage magic ever - sawing a woman in half using clear see-through boxes. Magician twins Gary and Paul received the "Best International Stage Magicians of the Year" World Magic Award 2009 for this illusion:
http://www.flixxy.com/best-international-stage-magicians.htm?utm_source=nl
The Ural-4320 is a general purpose off-road 6x6 truck built in Russia, designed for transporting cargo, people and trailers on all types of roads and terrain:
http://www.flixxy.com/ural-4320-off-road-6x6-truck.htm?utm_source=4
High-tech magician does pretty cool tricks with CD's for the French TV show "The World's Greatest Cabaret":
http://www.flixxy.com/high-tech-magic-the-worlds-greatest-cabaret.htm?utm_source=4
|
|
