Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    CyberheistNews Vol 4 #47 New Hybrid Ransomware Replicates Like A Virus

                                                                                                                 
                                                                                                       


                                                             
                               
                        
                   
                                                                                               
                                                           
                                                                                                                                  
     
                                                                        

    Heads Up! New Hybrid Ransomware Replicates Like A Virus

    Here is a powerful piece of ammo to get (more) IT Security budget. SophosLabs labs' blog reported about a new Ransomware strain with a  difference - this one is a true self-replicating parasitic virus!  They call it VirRansom.

    This new strain is a hybrid that combines CryptoWall-like functionality  with active self-replicating virus infections of all files it can find. And  like the cybercrime Reveton family of malware, it locks the PC's main screen  demanding 0.619 Bitcoin to let you back in. Yikes.

    Let me quote Sophos for a moment: "Worms vs. Parasitics: Most worms leave you  with one, or perhaps a handful, of infected files that weren't there before  and need to be deleted.

    "Parasitic viruses, in contrast, may leave you with hundreds of infected  files on each computer, or thousands, or more. If you leave even one of  those infected files behind after a clean-up, the infection will start  up all over again.

    "Worse still, the infected files can't just be deleted, because they are your  own files that were there before the infection started. That makes cleanup much  trickier." 

    The good news: The file encryption is not as advanced as CryptoWall, as  the key to decrypt the files is contained in the malware itself. Your antivirus  should soon be able to decrypt the files and restore them, unless the bad guys  are constantly changing the encryption keys in which case it may take a day or more before your AV catches up.

    The bad news: This is a full-fledged virus which will spread across  your network and doing a less than perfect job on the disinfection can  easily lead to reinfection of your whole network.

    CryptoWall-encrypted files that you can't or don't decrypt are harmless  garbage forever, but you can delete them. With VirRansom, files that you  don't decrypt are still recoverable, but also still actively infectious. 

    It gets nastier all the time. You can expect a VirRansom 2.0 soon where  they might implement "new features" like industrial-strength encryption like CryptoWall where you only get the decryption keys after payment, and things like infection of your email server, where emails are converted  to a worm for maximum dissemination of their malcode. (Think about the legal ramifications of something like this.)

    You can mitigate these types of threats through both technical measures  and enforcing security policy. First some technical approaches:

    • The very first thing you need to do is test the Restore function of your backups and make sure it works. And have a full set of backups offsite.
    • Start thinking about asynchronous real-time backups so you can restore files with a few mouse clicks.
      •  
    • Get rid of mapped drives and use UNC links for shared folders.
    • Whitelisting software, which only allows known-good executables to run, starts to look more attractive by the month.

     

    Looking at the security policy angle, it's time to enforce best practices, and one of those is of course prevent these types of infections to begin with, through effective 5-th generation security awareness training, as the  infection vector is your end-user opening up an attachment or clicking  on a link. Find out how affordable this is for your organization.  Get a quote now:
    https://info.knowbe4.com/kmsat_get_a_quote_now

    Shipping Problem Phishing Attacks - Here Is How They Look

    Last CyberheistNews issue, we warned that Black Friday and Cyber Monday  were behind us, and that criminal hackers have a "scam calendar" which  focuses on major shopping events exactly like this. Here are 4 actual examples  of these online e-commerce order or package shipment phishing attacks that  have come in over the last week. The first one is a bogus Home Depot order  that they want you to click on and make your PC into a botnet zombie.  Images at the full blog post here:
    https://blog.knowbe4.com/shipping-problem-phishing-attacks-here-is-how-they-look

    How Was Sony Pictures Hacked?

     

    Kevin Mandia, who was hired as the forensics expert wrote in a letter to  Sony's CEO that the breach was unprecendented, well-planned and carried out by an "organized group". It's the most destructive cyber attack  reported to date against a company on U.S. soil.

    As Terabytes of data were exfiltrated, there will be a treasure trove of confidential data which will be leaked over the next weeks or months. But how was Sony hacked? The Grugg recently tweeted: "Well, pretty much every  single hacked network in the news can be summarized: 'It started with  an email...'" I would not be surprised if this was the case with Sony as well.

    While security experts have been able to test the wiper malware employed  against Sony Pictures Entertainment, they say they have not yet exactly  determined how the malware infected Sony in the first place. "My educated  guess would be that someone was targeted [with] a spear phishing e-mail,  which granted access to a system," Tom Chapman, director of the  cyber-operations group at cybersecurity firm EdgeWave, tells Information  Security Media Group. "The hacker(s) then escalated privileges and took  control of the mail server and possibly the Active Directory. From there,  the hackers owned the system."

    The attackers appear to have had an edge, in that they seem to be very familiar  with Sony's network topology. "We have been investigating the attack and  discovered new pieces of malware that are likely related to the same  attackers," says security researcher Jaime Blasco, labs director of security  management and threat intelligence vendor AlienVault. "From the samples we  obtained, we can say the attackers knew the internal network from Sony  since the malware samples contain hardcoded names of servers inside Sony's  network and even credentials/usernames and passwords that the malware uses  to connect to system inside the network." 

    The North Koreans are highly likely to blame. You might think that a country that has problems delivering enough electricity to its citizens would not be that sophisticated, but their hackers are trained by the Russians and the Chinese and Pyongyang runs some of its hacking operations out of a luxury hotel in nearby Shenyang, China.

    It is obvious that Sony's defense-in-depth security policy was deeply flawed in either incorrectly stating the right procedures or failing  to enforce them. Not having the breach detection tools in place to spot  terabytes of data leaving the building is another epic fail. More:
    https://www.cuinfosecurity.com/sony-hack-destover-malware-identified-a-7638


    Warm Regards,
    Stu Sjouwerman



    Quotes Of The Week
     

    Quotes of the Week:

    "Limitations live only in our minds. But if we use our imagination, our  possibilities become limitless." - Jamie Paolinetti - Filmmaker

    "I believe that filmmaking - as, probably, is everything - is a game  you should play with all your cards, and all your dice, and whatever  else you've got. So, each time I make a movie, I give it everything I have.  I think everyone should, and I think everyone should do everything they  do that way." - Francis Ford Coppola, Movie Director

     

     

     

    Thanks for reading CyberheistNews!

    Please forward to your friends. 

     
     

    Security News
     

    PCI DSS 3.0 Compliant In Half The Time At Half The Cost

    It's time to get and stay PCI DSS 3.0 compliant.

    Now that the new 3.0 standard goes into effect, it's a great time to  start using a new tool that will save you half the time and half the  cost becoming compliant: KnowBe4 Compliance Manager 2015.

    It comes with a pre-made PCI DSS 3.0 template that you can use immediately  to get compliant and maintain compliance in a business-as-usual process.

    Escape from Excel-hell!

    Most organizations track PCI compliance using spreadsheets, MS-Word,  or proprietary self-maintained software. This is inefficient, error  prone, costly, and a risk in itself. Get and stay PCI DSS 3.0 compliant  in half the time and at half the cost with KnowBe4 Compliance Manager™.

    Get a short, live web-demo, and we will show you how easy and  affordable this is!

    https://www.knowbe4.com/demo_kcm

    Top 10 InfoSec Pain Points

    IT Analyst firm 451 Research (these guys are very good by the way,  check them out, link at the end) recently asked over 200 InfoSec  pros what their top information security pain points were. The  answers are very interesting. I'm only taking the Top 10, the list  went on to 30, but the percentages fell below 8% so I skipped them.

    Here is the list:

    1. Mobile Device Security - 16%
    2. User Behavior - 11%
    3. Vulnerability Management - 9%
    4. Security Awareness Training - 9%
    5. Hackers - 9%
    6. Third-party Security - 9%
      7.  
    7. Resource Constraints - 9%
    8. Monitoring - 8%
    9. Data Leakage Prevention - 8%
    10. Compliance/Auditing - 8%

     

    We are of course happy to mention that with effective security awareness training, you can actually DO something about the #2 headache, and  cover two out of your Top 5 problems! Check out the new 2015  version of Kevin Mitnick Security Awareness Training:
    https://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/

    And here is the website of 451 Research:
    https://451research.com/

    Phishing Lessons Learned in 2014? Employee Training Matters

    Our friends at Wombat created a good summary why security awareness training  is a must these days. Why? Organizations without security awareness programs -- and, specifically, new employee training -- reported average annual  financial losses of $683,000. Those with training totaled just $162,000  in average financial losses. So, save your organization half a million bucks  and use effective user-education. 

    "Bottom-line, companies that train their employees about cyber security  best practices spend 76% less on security incidents than their non-training  counterparts. Analysts now agree, including industry giant Gartner, which  has published a magic quadrant on security awareness training. A recent  article shows more: https://searchsecurity.techtarget.com/news/2240234092/Despite-skeptics-security-awareness-training-for-employees-is-booming

    SMS Bank And Account Phishing In The U.S. Triples

    Cloudmark observed an interesting trend: "SMS bank and account phishing  in the U.S. tripled in September and continues as the nation’s number one  category of reported SMS. However, some very notable cities such as New  York City have dodged these malicious attempts at users’ financial and  account details.

    "Over the past two months, we’ve seen a sharp increase in SMS phishing attacks  — jumping from only 15% of the nation’s bad texts in August to just above  46% in September. In terms of raw volumes, this represented a 58 percent  increase in the amount of reports for this type of attack." A snapshot of the  past six months is at the Cloudmark Blog:
    https://blog.cloudmark.com/2014/12/01/u-s-sms-phishing-attacks-on-the-rise-this-fall/

    SANS Released December Issue of OUCH!

    They said: "We are excited to announce the December issue of OUCH!  This month, led by Guest Editor Jake Williams, we explain what  anti-virus is, how it works and its limitations. Ultimately, our goal  is for people to understand that while anti-virus helps protect you,  it cannot detect nor stop all malware. As always, we encourage you to  download and share OUCH! with others." English Version (PDF):
    https://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201412_en.pdf

    SpiceWorks: "Do you ever test your users' security knowledge?"

    Laura asked on the SpiceWorks Security Forum: "We recently learned that  some IT admins will send fake phishing emails to their users to test  them (we discussed this in a recent article). If the user reports the  fake email to IT, they get a pat on the back, but if they click and  open the fake email, they're taken to a web page that admonishes them  for clicking it and teaches them how to spot a real phishing email.

    "I hear some are using a site called PhishMe that helps them send fake  phishing emails with a cute cat picture attached. But I wonder if any  Spiceheads have clever tactics for testing users??"

    Well, here is what the answers are. Read them, it's not a lot of time  but very interesting:
    https://community.spiceworks.com/topic/669881-do-you-ever-test-your-users-security-knowledge?page=1#entry-4077219

    FAVE Links

    This Week's Links We Like. Tips, Hints And Fun Stuff.
     

    Here is some more about land speed records and how it feels to kick out the parachute when you go 400 miles per hour:

                  https://vimeo.com/113384524

    The world's biggest three economies over the centuries. Fascinating graph. I had no idea that some countries were so strong for so long:
    https://www.economist.com/blogs/freeexchange/2014/10/worlds-richest-economies                                          
                         
                                       
                                                                                                                 
                                                                                                                                                                                                                                                                                            
                        
                       
       
                         
                                       
                          

     Related Pages: Ransomware

    Return To KnowBe4 Security Blog
    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews