CyberheistNews Vol 5 #2 Jan 13, 2015 Your Blog Scam Of The Week: Court Notice Email

Scam Of The Week: Court Notice Email

There is a current malware email campaign claiming to be from law firm 'Baker & McKenzie' that states you are scheduled to appear in court and should click a link to view a copy of the court notice. I suggest you send the following warning to all your users. Feel free to edit.

"Internet scammers are sending emails claiming to come from a real law firm called 'Baker & McKenzie'. The email states you are scheduled to appear in court and should click a link to view a copy of the court notice. The email is not from Baker & McKenzie and has no connection to the firm. It is an attempt by cyber criminals to trick you into trying to prevent a negative consequence. If you click on the link, you download and install malware.

In the recent past there have been a series of these "court appearance" malware attacks that claim to be from law firms or government entities. If you get one of these scams, do not click any links or open any attachments, delete these emails. Remember: If in doubt, throw it out!"

If you are a KnowBe4 customer, this would be the time to send out the new template we created for this called "Notice To Appear In Court" in the Government category.

CryptoWall 2.1 First Multi-platform Ransomware?

There is a new version of CryptoWall out in the wild that I have dubbed "Version 2.1" because it has some powerful new features. Researchers at Cisco's Talos group published an analysis that goes into great detail.

The most important thing is that the ransomware is now able to run both 64 bit code directly from its 32 bit install procedure. This means it can now infect computers that run newer 64-bit Intel and AMD64 Windows systems.

Next, and here is where it becomes interesting, well-known security researcher Pierluigi Paganini from the Security Affairs blog mentioned that CryptoWall 2.1 is able to infect both Windows 64-bit operating systems and also the newer versions of Mac OS X. This was not mentioned in the Talos group report and I would like to see that confirmed somehow. But if this turns out to be true, we have the first true multi-platform ransomware out there, both for Windows and Apple. Yikes.

This new variant of CryptoWall also has a feature that checks if it runs in a Virtual Machine environment and makes sure if it runs in any kind of emulated environment. If it detects this is the case, it does not execute in that environment to make malware analysis either impossible or much harder. This new version also still uses the TOR network so that network traffic is anonymized and hard to trace back to the command and control server. You can read the Cisco Talos group analysis at their blog.
http://blogs.cisco.com/security/talos/cryptowall-2

I know I'm starting to sound like a broken record, but stepping your end-users through effective security awareness training truly is a must these days. Find out how affordable this is for your organization.
https://info.knowbe4.com/kmsat_get_a_quote_now

Ransomware on CBS Morning News

CBS This Morning News ran an item January 9, 2015 about ransomware. They featured Shawn Henry, former FBI executive assistant director and president of cyber security firm CrowdStrike Services. It's very helpful that ransomware makes it on morning TV News, and it is a great way to illustrate your need for more IT security budget.

The short blurb they had on their site started with: "Cyber thieves use "ransomware" to demand money if you want to retrieve your data. In 2013 alone, ransomware cost victims more than half a million dollars. Shawn Henry joins "CBS This Morning" to discuss how to protect yourself against these cyberattacks."

The data in there was mostly correct, except for the total damages they said was just around 500,000 in 2013. We all know that it was around 27 million dollar, made by the first vicious ransomware version CryptoLocker.

Here is the video, not a bad idea to send this to management, all your end-users, colleagues, and friends and family as well:
https://www.youtube.com/watch?v=Ge8N92SKklI

KnowBe4 Q4 Expands 397 % Year Over Year

Hi All, I have some very good news I want to share.

Our fourth quarter 2014 was 397% over the fourth quarter 2013, which in turn was 260% from the fourth quarter 2012. We now have well over 1,000 enterprise accounts that successfully use Kevin Mitnick Security Awareness Training, and many of the other training modules like Mobile Security, Handling Sensitive Information, and PCI compliance.

KnowBe4's Crypto-Ransom Guarantee has been a tremendous success this year. We promise that if an organization steps all their employees through our training and sends at least one simulated phishing attack to all staff once a month, and still gets hit with ransomware, KnowBe4 pays the ransom.

We have doubled our employees over 2014, and tripled our office space. If things keep going this way, we might have to look at taking back our old Sunbelt Software office space! Click on the link to see the blog post on how the building looked in 2010 when GFI software acquired Sunbelt Software, and how the quarterly stats look:

https://blog.knowbe4.com/knowbe4-expands-397-percent-year-over-year

Warm Regards,
Stu Sjouwerman

Quotes Of The Week

Quotes of the Week:

"The risk of a wrong decision is preferable to the terror of indecision." Maimonides, (1135 - 1204)

"He who asks is a fool for five minutes, but he who does not ask remains a fool forever." - Chinese Proverb

Security News

Are Your Email Addresses On A Russian Phishing Site?

We are finding many U.S. commercial email addresses at a Russian phishing website. It is really a 'staging' area for emails to be posted by the criminal underground. Sadly, Google indexes this site and it makes for easy searching. Unfortunately there is nothing you can do to get emails taken down from this site, but you should be aware of what is out there.

The (free) KnowBe4 Email Exposure Check (EEC) helps to give you a better understanding of your security posture in regards to exposed email addresses on the Internet. Call it your 'email attack surface'. The emails on this Russian site are more commonly spear-phished. You can use the EEC report to flag these email addresses so that you can better tune your spam traps and to monitor for email based attacks. And obviously you specifically need to give effective security awareness training to the employees with those exposed email addresses.

Snowden: "U.S. Policy Creates Black Market For Digital Weapons"

Public Media station NOVA Next has a new exclusive interview with Edward Snowden, and yes he is still in Russia. It's a must-see and must-read.

"Edward Snowden says in a new interview with NOVA Next that the U.S. government wrongly promotes cyber offense strategies at the expense of weakening the system and leaving it open to cyber attacks from the black market.

"We’re creating a class of Internet security researchers who research vulnerabilities, but then instead of disclosing them to the device manufacturers to get them fixed and to make us more secure, they sell them to secret agencies,” Snowden says. “They sell them on the black market to criminal groups to be able to exploit these to attack targets. And that leaves us much less secure, not just on an individual level, but on a broad social level; on a broad economic level. And beyond that, it creates a new black market for computer weapons, basically digital weapons." Read it all here at PBS.org:
https://www.pbs.org/wgbh/nova/next/military/snowden-transcript/

The Hottest Tech Skills For 2015: Security Forensics And Java

Bill Snyder wrote: "It's a new year, with new opportunities. If you're looking for a new job or simply want a better deal where you're currently working, 'tech professionals really have strong negotiating power,' says Shravan Goli, the president of Dice, a large tech-focused job board. 'Every number we've looked at points toward a bullish tech market.'"

Cyber security was the fastest growing job category on Dice.com over the last 12 months, growing by 91 percent, with nearly 2,900 openings on the board in early January.

A list of the 10 IT certifications expected to be the hottest in 2015 developed by labor consultancy Foote Partners, which tracks premium pay across 2,700 employers, includes five security-related certifications: GIAC Certified Forensics Analyst, CyberSecurity Forensic Analyst, CWNP Certified Wireless Security Professional, EC-Council Certified Ethical Hacker, and EC-Council Computer Hacking Forensic Investigator.

Although the value of certifications has ebbed and flowed over the years, companies hiring cyber security staffers are looking for "people with provable chops," says David Foote, co-founder of Foote Partners.
https://www.infoworld.com/article/2866424/it-jobs/hottest-tech-skills-security-forensics-java.html

Microsoft Patch Tuesday Alerts Nixed

Redmond will no longer provide advance notification about its monthly security bulletins to the general public. Instead, the information will be available only to paying Premier support customers and to organizations that participate in the company's security programs. The service, which began more than a decade ago, provided information about bulletins on the Thursday prior to the patches' Tuesday release. Microsoft has said that the main reason for the change is that most customers no longer use the information available in advance. More:
https://blogs.technet.com/b/msrc/archive/2015/01/07/evolving-advance-notification-service-ans-in-2015.aspx

SANS announces January OUCH! Topic: Mobile Apps

"We are excited to announce the January issue of OUCH! This month, led by Guest Editor Chris Crowley, we cover how to securely use mobile apps. Since many of you have new mobile devices after the holidays, we figured this was a perfect time to remind everyone how to leverage them in a safe and secure manner. As always, we encourage you to download and share OUCH! with others." English Version (PDF)
https://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201501_en.pdf