Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

A Slick Phish with a Hidden Surprise

By Eric Howes,  KnowBe4 Principal Lab Researcher.

Yesterday one of our customers was hit with a highly targeted phishing attack -- one of the slicker attacks we've seen in a while. Once we started digging into it, though, what we found was even more surprising.

The Phish Email

This customer, which happens to be in the banking industry, received several identical phishing emails that appeared to be specially crafted to fool employees into thinking they were being directed by the bank's own IT staff to install an official security update from Microsoft.

"My AV blocked RanSim.exe So I'm Safe" No You Are Not

I'm noticing a lot of people saying the ransim.exe file is getting blocked by your AV. You have to actually allow the initial processes to run to do the simulation.

It is the five test scenarios that you want to see blocked. The Ransim.exe, Launcher.exe and RansimSetup.exe files MUST be allowed to run--they are just the framework for the ransomware simulation and if you block those first few files, you're not actually allowing your system to test the various ransomware scenarios.

Python Ransomware Uses A Unique Key For Each File That Is Encrypted

A new ransomware strain written in Python called CryPy was disclosed by Avast malware analyst Jakub Kroustek. It seems that Pyton is getting more popular as a ransomware development language, seen the recent rise of strains like PWOBot,  Zimbra, HolyCrypt, and Fs0ciety Locker.

Security pros observed that while CryPy is a new strain, it's not yet a major threat like Locky, as a unique encryption key for each file is a double-edged sword - it causes performance problems and is more susceptible to disruption if you block the malicious IP address.

Yahoo Hack Triggers 'Material Adverse Change' Clause

The Wall Street Journal reported that Verizon's lawyers are looking at using the "material adverse clause' to renegotiate the terms of the $4.8 billion deal they struck on July. 

Verizon’s general counsel, Craig Silliman, said “we have a reasonable basis to believe right now that the impact is material.”

Would you say that losing your whole customer database is an adverse change? I would! Especially after you promise in your merger agreement that no security breach had taken place—and that no breaches will have occurred by the deal’s closing.  Yeah, right.

More than 60% of US office workers are unaware of the ransomware threat

Nearly half of ransomware attacks are aimed at office workers, but almost two-thirds of those polled are unaware of the threat

More than 60% of US office workers are unaware of ransomware and the threat it poses to business, according to a survey of more than 1,000 employees commissioned by security firm Avecto.  

Ransomware infections are typically triggered by people clicking on malicious links in legitimate-looking emails or opening attachments that have a malicious payload.

[ALERT] Scam Of The Week: Brad Pitt Found Dead (Suicide)

The divorce between Brad Pitt and Angelina Jolie has been used by the bad guys for a "celebrity death hoax" which unfortunately is high-grade click bait.

It's the most recent one to hit social media and your employee's inbox, and will not be the last. Snopes, a debunking site that usually gets it right, confirmed that this bogus news has been around since the 21st of September.

AI-powered ransomware is coming, and it's going to be terrifying

Business Insider started an article with the following: "Imagine you've got a meeting with a client, and shortly before you leave, they send you over a confirmation and a map with directions to where you're planning to meet. It all looks normal — but the entire message was actually written by a piece of smart malware mimicking the client's email mannerisms, with a virus attached to the map.

October Is The Time To Kill Old-School Security Awareness Training

CSO had an excellent article that states the case that you need to get rid of old-school awareness training which you do for compliance reasons only. Their photo illustration was funny as heck - I have it here:

Frederick Scholl said: "October is National Cyber Security Awareness Month. I am hoping you will join me in a national program to kill cybersecurity awareness training programs. I don’t know who came up with the concept of “security awareness training”, but it has reached the end of its utility and should be replaced with something else.

Subscribe To Our Blog

Phish Your Users

Posts By Topic

View All

Get the latest about social engineering

Subscribe to CyberheistNews