blog-slider.jpg

KnowBe4

Security Awareness Training Blog


Keeping You Informed. Keeping You Aware.

Scam Of The Week: RNC Attendees Get Hacked Through Fake Wi-Fi Networks

The PR people at Avast decided to have some fun and created a series of fake Wi-Fi networks at various locations around the Republican National Congress in Cleveland.

Avast’s team set up several networks, using names such as "Trump free Wifi" or "Google Starbucks," which were designed to look as though they were set up for convention attendees. Upon connecting, trusting a random and unprotected network they found in a public setting, the users unwittingly gave Avast access to spy on their devices.

Over the course of a day, Avast found over a thousand attendees that were completely negligent in their device’s security. Over 60 percent of the users who connected had their identity completely exposed, and slightly less than half of them checked their email or used messenger apps.

So, here is what I suggest you send to employees, friends and family. Feel free to cut/paste/edit:
A security company decided it would teach people a lesson and set up several fake Wi-Fi access points around the Republican National Convention site in Cleveland last week.

Over the course of a day, more than 1,000 attendees used these open, unprotected Wi-Fi hotspots to check their mail, used smartphone apps, and even played Pokemon while everything they did was looked at by the security researchers. Imagine if they had been bad guys.

You should always watch what Wi-Fi hotspots you connect to, and use a VPN to help keep your sensitive information out of the hands of hackers.
Would be interesting if they did the same thing at the Democrats' convention and compare the results. Read more about Avast's findings in their press release, they have a bunch of stats on who did what. It's not pretty:
https://press.avast.com/en-gb/amidst-charged-cyber-security-dialogue-republican-national-convention-attendees-show-negligent-behavior

Why take files hostage when you can take victim's private lives instead?

A new malware strain dubbed "Delilah" is being sprung on unsuspecting victims visiting "popular adult and gaming sites."
 
The goal of this malware, which is currently being classified as a "trojan," is to gather data (including webcam video) on victims, their families, and their employers that can later being used for the purposes of extortion and manipulation. More detail at this article at ComputerWorld:
 
It's being described as "the first insider threat trojan," as it allows malicious parties to identify and "recruit" insiders at targeted organizations and companies who can then be used to do the bidding of those malicious parties.

Criminal Ransomware Now Cheaper Than Standard Antivirus

 
For just $39 you, too, can have your very own ransomware with a lifetime license. What does a year's subscription to one of the major antivirus cost? Last I checked, much more than $39.
 
No word yet on what kind of support you can expect at this pricepoint, but at this price who's complaining?
 
“You always wanted a Ransomware but never wanted two pay Hundreds of dollars for it? This list is for you! ?? Stampado is a cheap and easy-to-manage ransomware, developed by me and my team. It’s meant two be really easy-to-use. You’ll not need a host. All you will need is an email account.”
 
Maybe by the end of the year we'll see this stuff getting hawked on late night infomercials 
More at Threatpost 
 

Scam Of The Week: Pokémon Malware, Muggings And Other Mayhem

In case you just came back from vacation, there literally is a new craze going on with an augmented-reality smartphone app called Pokémon Go. It's a geocaching game, meaning it's tied to real-world locations. 

Locky Ransomware Encrypts Files Even When Machine Is Offline

Locky is currently one of the top 3 ransomware threats, following closely behind CryptoWall. It's not surprising that this strain has undergone several updates since the beginning of the year, the most recent being discovered on July 12.

The Russian Cyber Mafia behind Dridex and Locky ransomware have added a fallback mechanism in the latest strain of their malware created for situations where their code can't reach its Command & Control server.

Researchers from antivirus vendor Avira blogged about this version which starts encrypting files even when it cannot request a unique encryption key from the C&C server because the computer is offline or a firewall blocks outgoing communications. 

The fine art of not being stupid - security awareness training

Brian Honan wrote a GREAT post at HelpnetSecurity. This is a cross-post of his excellent article, nothing changed, all the internal links to helpnet security were left in place. 

"There is a phrase I am finding quite relevant lately. It is attributed to the philosopher George Santayana and it goes like this: “Those who cannot remember the past are condemned to repeat it.” The reason it comes to my mind a lot these days is the headlines we are seeing relating to the latest ransomware attacks against companies’, hospitals’ and government departments’ systems.

Previous headlines highlighted how criminals used DDoS attacks to extort money from victim companies, and we regularly see stories on how organizations lost money after falling victim to CEO fraud (i.e. BEC scams).

Lazy Ransomware Bad Guys Just Delete Your Files - Never Mind Decrypting

There is a new strain of "ransomware" that does not  bother with the whole encryption thing at all.  These bad guys seem to think it's just an unnecessary distraction and too much work. Better to just start nuking files and then present victims with a ransom note.  It's called Ranscam and here is how it looks:

Subscribe To Our Blog

Phish Your Users



Posts By Topic

View All


Get the latest about social engineering

Subscribe to CyberheistNews