CyberheistNews Vol 4 #48 Spike In Hoax News Spreading Malware



CyberheistNews Vol 4 #48 Dec 16, 2014

Scam Of The Week: Spike In Hoax News Spreading Malware

The year 2014 has seen a boom on hoax news stories, as these are particularly  successful social engineering tactics used by hackers to get people to click on  links, and worse, share the news with their friends and become part of the  infection vector. Many of these hoax stories infect the device with some  kind of malware. It's particularly bad at the moment.

As an illustration how hoax news has boomed, since Facebook's shift into  becoming a major news platform, it attracted so much cybercrime interest  that Facebook decided to cut a deal with ESET to automatically scan  Facebook's user's devices for malware.

Facebook software engineer Chetan Gowda stated: "If the device you’re  using to access our services is behaving suspiciously and shows signs  of a possible infection, a message will appear offering you an  anti-malware scan for your device." 

It's obvious that not getting infected in the first place is by far the  best way to deal with this, so I suggest you send this to your friends,  family and employees. Feel free to edit any way you like, mentioning  the KnowBe4 Blog would be nice but is not needed.

"At the moment, there is a spike in hoax news stories that spread  malware and infect your phone and computer. The bad guys use all the  tricks in their black book to get you to click on and share hoax  stories with your friends. This happens on Facebook, popular websites,  they are sent straight to your inbox, and even major news outlets are  sharing them unthinkingly. So, be on the lookout for these five hoaxes:

  1. Stories that urge you to share something before you have even read  them. Step away from that keyboard.
  2. Celebrity deaths are increasingly being used to shock people into  clicking on links and making a zombie out of their PC or lock their  smartphone with ransomware. Recent example: Will Smith.
  3. Very violent video news reports that draw your attention with  "Warning: Graphic Content" and lurid titles like "Giant snake swallows  zookeeper". Don't touch 'em.
  4. Outrageous stories about Facebook itself, like it will start charging  for the service, it sells your personal information, a way to show you  who looked at your page, or other claims that might upset you and  click on a link.
  5. And last, especially in this season of charity, heart-rending reports  about dying girls that beg you for "likes" so they can obtain drugs or  hospital treatment. Think Before You Click!

Cybercrime is moving into mobile malware with astonishing speed so be  especially careful clicking/tapping on suspicious things on your  smartphone. Anything you received but did not ask for, watch out  because your phone may get locked with mobile ransomware. 

To train employees to be on the lookout for social engineering attacks  year-round, use effective security awareness training. Find out how  affordable this is for your organization:
  http://info.knowbe4.com/kmsat_get_a_quote_now

Breaking News - 2 New Ransomware Strains

#1 OphionLocker

The first one is a new strain of ransomware named OphionLocker. It encrypts your  data using strong open source Crypto++ Elliptical Curve Cryptography and then  ransoms the files for about 1 Bitcoin. The infection vector is limited to hacked  websites, utilizing exploit kits that hack into unpatched computers. The ransom  amount varies between countries where the victim is located, with the U.S. having  the highest rates.

A new wrinkle is that when a workstation is infected with OphionLocker, it will  generate a unique hardware ID based on the serial number of the first hard drive,  the motherboard's serial number, and other information. It will then contact the  malware's Control & Command server via TOR site and check if this particular  hardware ID has been encrypted already. When you go to the ransomware site, it  will prompt you to enter your hardware id. Once entered it will display the amount  of ransom you are required to pay and provide a Bitcoin address that you should  send the payment to.

The good news: This ransomware does not (yet) securely delete your files or remove  the shadow volume copies. Therefore it is possible to recover your files using a  file recovery tool or a program like Shadow Explorer. For more information on  how to do this, please see this section in the CryptoLocker guide over at  BleepingComputer.
  http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#shadow

#2 TorrentLocker

The cybercrime gang behind TorrentLocker, a fast-growing strain of ransomware has  earned $40 million between March and December 2014. Researchers from IT security  company ESET have tracked the Bitcoin wallet that received the ransom payments,  and since March a whopping 82,000 Bitcoins have been paid to that wallet.

TorrentLocker was first uncovered in August by iSight Partners and was seen to  be using phishing attacks targeting the UK and Australia, but has since expanded  its reach to target more countries including Italy, Czech Republic, Germany,  and Turkey. It looks this is another eastern European cyber gang that is getting  ready for their assault on the U.S. 

From ESET's main office in Bratislava, malware researcher Robert Lipovsky said  that the TorrentLocker was sophisticated with the cryptography aspect of the  malware "done quite well", using AES with 256-bit keys, and those keys are  stored on a remote sever meaning there is no way of decrypting the victim' s files like CryptoWall. ESET plans to publish an extensive report on the  development of TorrentLocker next week.

The message is patch your systems diligently, be religious about Backup/Restore and step your users through effective security awareness training to make sure  they don't fall for social engineering tricks.

Ransomware on National Public Radio: To Pay Or Not To Pay?

This is an excellent item to send to your management, it will get them some exposure to the recent ransomware explosion and make the threat real to them.

Aarti Shahani, the tech reporter of National Public Radio created a  compelling story about the scourge of ransomware that is taking over  America. The title of the story is: "Ransomware: When Hackers Lock  Your Files, To Pay Or Not To Pay?"

She started out with: "A lot of computer viruses hide inside your system.  Hackers stealing your data go out of their way to operate quietly,  stealthily, under the radar.

"But there's another kind of attack that makes itself known — on purpose.  It sneaks into your network and takes your files, holding them for  ransom. It's called ransomware, and, according to cybersecurity  experts, this kind of attack is getting more sophisticated.

Stick 'Em Up

"Eric Young, who manages the computer network for a small business in  Hermitage, Tenn., got a call from work. It was a Monday morning and,  he says, it was "a very bad way to start the week."

"Somebody in the office opened an email that looked legit. "It has the  exact background of like PayPal," Young recalls, "and it says, somebody  paid you money."

"The employee clicked the link, and out popped a red alert that took  up most of the screen. It was a threat: Pay ransom to an anonymous  hacker, or all the files in the company network will be encrypted —  locked up with a digital key that's so strong, no one can open them  ever again."

I was also interviewed for this story and KnowBe4 is mentioned in both  the article and the radio interview, about how we help organizations  to pay ransom that have been infected and have no or failed backups. 

Again, this is a great story to forward to management, either the website  or the radio interview. It makes the problem of ransomware very real!  Here is the link:
http://www.npr.org/blogs/alltechconsidered/2014/12/08/366849122/ransomware-when-hackers-lock-your-files-to-pay-or-not-to-pay?

Quotes of the Week:

"The secret of genius is to carry the spirit of the child into old age,  which means never losing your enthusiasm." - Aldous Huxley, Novelist

"Too often we underestimate the power of a touch, a smile, a kind word,  a listening ear, an honest compliment, or the smallest act of caring,  all of which have the potential to turn a life around." - Leo Buscaglia, Author

Thanks for reading CyberheistNews! But if you want to unsubscribe, you can do that right here [UNSUBSCRIBE]

Warm Regards, Stu Sjouwerman  |   Email me: feedback@knowbe4.com

What's Really The #1 Hot InfoSec Topic?

There is an enormous amount of noise in the security space, so how do  you know what people really talk about and think is the most important  topic? Well, we created the Hackbusters site for that. Hackbusters grabs  feeds from hundreds of security sites, blogs and other sources. 

We track which topics are most liked, shared, retweeted and favored,  and we built an algorithm that bubbles up the -real- hot topics. We  tweet when a #1 hot security topic bubbles up. Follow this new channel called @Hackbusters on Twitter and you will get tweets with the actual  breaking hot security news:
https://twitter.com/hackbusters 

PS: If you want this data via a browser instead of twitter, you can go here:
http://hackbusters.com/breaking

Ransomware Beats APT In Terms Of Severe Impact

MalwareBytes Research showed that in the year 2014, 82% of companies were  attacked online. Their research also showed that browser vulnerabilities  will be the biggest challenge going forward in 2015. 

But the most salient point that came out of this research was that the  threat from ransomware to the enterprise environment was shown to weigh  heavily on the minds of those whose businesses were infected.

Despite being the least prevalent specific threat in terms of overall  numbers, Infosec pros who did experience ransomware rated it as most  severe in terms of impact, beating even APTs.

In addition, the survey outlines growing concerns around traditional  security suites. An overwhelming majority of respondents, 84%, agreed  that traditional anti-virus has become less effective in the face of  modern threats. This has seemingly forced those in charge of security  budgets to consider a layered approach, with 78% of businesses questioned  planning to deploy multiple endpoint solutions by the end of 2015.

“It’s sobering to see such a large number of companies suffering from  attacks,” said Marcin Kleczynski, CEO of Malwarebytes. “The growing  concerns over browser vulnerabilities are a particularly notable trend,  speaking volumes about their effectiveness as an attack method. Given  the ever-advancing threat landscape, it should be obvious by now that  an endpoint security strategy built around a single traditional  anti-virus solution isn’t enough.” 

It is clear that antivirus can't keep up anymore. It's time for  additional layers at the endpoint. Obviously MalwareBytes is a good  idea, but you should also think about whitelisting technology that  only allows known-good code to run. Full article at DarkReading:
http://www.darkreading.com/endpoint/82--of-companies-attacked-online-in-2014-malwarebytes-research/d/d-id/1318004

Phishing Quiz: Can You Spot A Scam? Don't Be So Sure

CBSNews wrote: "Phishing emails have gotten so convincing that even  the experts can be taken in by a well-crafted fake. That's what executives  at Intel Security discovered when they circulated a version of their  Email Phishing Quiz to 100 attendees at the RSA Internet security  conference earlier this year.

"The quiz displayed 10 real emails collected by analysts at McAfee Labs --  some of which were legitimate correspondences from major companies, and  some of which were phishing emails that look amazingly believable --  and asked, real or ruse?

"Even if you're a security professional, it's hard to just look at these  emails and say whether they're phishing or not. Every single one looks  like a good email," said Gary Davis, vice president of global consumer  marketing (a.k.a. Chief Consumer Security Evangelist) for McAfee, which  is part of Intel Security.

On average, industry insiders were only able to pick out two-thirds of  the fakes. A slim six percent of quiz-takers got all the questions right,  and 17 percent got half or more wrong. Remember, this is their job. Would you fare any better? Take the quiz in the article to find out, I only found out at the end you can hover over the links to see where they go to, so I only got 80% right. You will probably do better!
http://www.cbsnews.com/news/mcafee-intel-security-phishing-quiz-can-you-spot-a-scam-dont-be-so-sure/

eWeek Alerts IT Pros About Self-Replicating Ransomware

Wayne Rash at eWeek picked up on the news and explained to his readers that this is a nasty new hybrid ransomware strain that needs to be  protected against rather sooner than later. He has a few good hints and tips regarding this and it's a recommended story to read and forward to your friends:
http://www.eweek.com/security/new-self-replicating-ransomware-poses-threat-to-corporate-networks.html

More About The Sony Hack, And They Were Not The First

Famous IT columnist Robert X. Cringely at BetaNews wrote: "Sony was  hacked because some president or vice-president or division head or  maybe an honest-to-God movie star didn’t want something stupid like  network security to interfere with their [..] workplace obsession.  Security at Sony Pictures wasn’t breached, it was abandoned, and  this recent hack is the perfectly logical result.

"I used to run IT for Sony Pictures Digital Entertainment", confirmed  a guy named Lionel Felix in a recent blog comment, "and (I) know that  there were a number of simple vectors for this kind of attack there.  They ran IT there like a big small office with lots of very  high-maintenance execs who refused to follow any security protocols.  I’m surprised it took this long for this to happen". More:
http://betanews.com/2014/12/10/executive-ego-and-the-sony-pictures-network-hack/

More astounding is the news that last February, Iranians hacked into  the Sands Casino after the CEO Sheldon Adelson said Iran needed to be  nuked, and the Iranians hackers destroyed thousands of machines.

"What I would do," Adelson said during a panel, rather than negotiating,  "would be to say, ‘Do you see that desert over there? I want to show  you something.’ You pick up your cell phone and you call somewhere  in Nebraska and you say ‘OK let it go.’…Then you say, ‘See? The next  one is in the middle of Tehran."

This statement given by Adelson circulated on all over the Internet  and reached Iran’s Supreme Leader Ayatollah Ali Khameeni, who responded  two weeks later and said that the American government should "slap these  prating people in the mouth and crush their mouths."

The cyber attack occurred 10 months ago but the details of damages  were not publicized until Bloomberg Businessweek exposed it in a  story last Thursday. Hackers crippled thousands of servers and  workstations across the network of the giant Las Vegas Sands Casino by wiping them with highly destructive malware. Ouch. Here is the story:
http://www.businessweek.com/articles/2014-12-11/iranian-hackers-hit-sheldon-adelsons-sands-casino-in-las-vegas

PCI Compliance - What's "Significant Change" And "Periodic" Mean?

No words or phrases in the PCI standard elicit more comments and  questions than “significant change”, “periodic” and “periodically”.

So what do these mean?  Whatever you want to define them to mean as  it is up to each organization to come up with formal definitions.  Those definitions should be based on your organization’s risk assessment.

Very similar to NIST wording of 'organizationally defined frequency' peoples mindset has to change from implementing a checklist of things  to implementing reasonable and expected controls to protect sensitive  information. Here are some suggestions as to appropriate definitions...
http://www.infosecisland.com/blogview/24129-Significant-Change-And-Periodic.html

Report Says Business Lags In Security Awareness Training

Shirley Siluk at CIO Today wrote: "If 2014 could be described as  the 'Year of the Breach,' it's also the year in which companies of  all sizes need to realize that IT security is a "full-on business  imperative." 

That's the key lesson for business leaders offered in Trustwave's  just-released 2014 State of Risk report. Despite the many recent  high-profile data breaches, including Sony Pictures Entertainment,  Home Depot and Target, a large part of organizations aren't as  careful as they could be when it comes to protecting financial and  payment data, intellectual property and network access, according  to the report, released by cybersecurity firm Trustwave. 

Many are also lagging in security awareness training, incident response  procedures and patch management. Trustwave surveyed 476 IT and security  professionals --most of them in the U.S., the U.K. and the United Arab  Emirates -- from July 2013 to November 2014. More:
http://www.cio-today.com/article/index.php?story_id=021000C6SI5F

Experts: The Human Factor Key Challenge To Information Security

The lack of awareness and understanding of risks is one of the biggest  challenges to information security, according to a panel of experts.

Research showed that 93% of data security breaches between April and  June 2014 were due to human error, attendees of the inaugural (ISC)2  EMEA Security Congress in London were told.

"Nearly half of those incidents involved data being emailed to the wrong  recipient,” said Ray Stanton, security adviser and executive VP of  professional services at BT.

No matter how good the IT security team and the technology is, security  will remain weak if information security professionals fail to influence  people in the business to get the basics right, said Stanton.

Information security awareness training should be a mandatory part of  induction training for everyone who joins an organization, said former  UK home secretary David Blunkett. More:
http://www.computerweekly.com/news/2240236390/The-human-factor-a-key-challenge-to-information-security-say-experts

Need a 1:28 min adrenaline shot? Watch this full screen, HD with sound up. Professional skier Cody Townsend descends 2,000 feet through a vertical  chute in Alaska’s Tordrillo mountain range:
http://www.flixxy.com/worlds-narrowest-ski-descent.htm?utm_source=4

A Eurofighter Typhoon being filmed as close as it gets from the open  hatch of a Lockheed C-130 Hercules four-engine turboprop transport plane:
http://www.flixxy.com/close-encounter-with-a-eurofighter-typhoon.htm?utm_source=4

Sos Petrosyan is a lucky guy - his wife Victoria can change into 16 different  'haute couture' dresses in two minutes:
http://www.flixxy.com/high-speed-costume-change-guinness-world-record-winners.htm?utm_source=4

More magic: A magician who got stopped for speeding performs such an  amazing trick that the policeman forgets to write him a speeding ticket:
http://www.flixxy.com/amazing-magic-trick-gets-magician-out-of-a-speeding-ticket.htm?utm_source=4

An amazing Christmas light show at the Storm family home in Austin,  Texas with over 25,000 lights blinking to the tune of 'Let It Go.':
http://www.flixxy.com/frozen-christmas-lights-let-it-go-2014.htm?utm_source=4

The US Embassy Warsaw (Poland) celebrates the holidays with a lip dub of  Mariah Carey’s "All I Want For Christmas Is You." Cute:
  http://www.flixxy.com/us-embassy-warsaw-all-i-want-for-christmas-is-you-lip-dub.htm?utm_source=4

Unsuspecting shoppers got a big surprise while enjoying their lunch. Over 100  singers took part in this awesome Christmas improv. Bravo for an inspired  performance. Händel would be pleased:
http://www.flixxy.com/christmas-improv-hallelujah-chorus.htm?utm_source=4

An ingenious driver from Belovo, Russia, takes care of a flat  tire by simply replacing it with a sled:
http://www.flixxy.com/russian-driver-fixes-flat-tire-with-a-sled.htm?utm_source=4

In a galaxy far, far away, Han Solo (Taran Killam), Princess Leia (Bobby Moynihan)  and Luke Skywalker (James Franco) face a new foe - Old age:
http://www.flixxy.com/snl-star-wars-teaser-trailer-parody.htm?utm_source=4

National Geographic combined 38 triggers and 71 moving pieces such as a Volkswagen  Beetle, globes, tires and bowling pins into a 4-ton scientific contraption. FUN:
http://www.flixxy.com/national-geographics-rube-goldberg-machine.htm?utm_source=4

Here is a fun new way to sell your house.... I guess. :-D
http://youtu.be/D2QOtnLdnLQ

A new planned for 2016, 1,000 mph car tests its rocket engine. Whoa!
http://arstechnica.com/cars/2014/12/1000-mph-car-tests-its-rocket-engine/




Subscribe To Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews