Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

Nearly 1.5 Million New Phishing Sites Created Each Month

The September 2017 Webroot Quarterly Threat Trends Report showed that 1.385 million new, unique phishing sites are created each month, with a high of 2.3 million sites created in May.

This Ransomware Demands Nudes Instead of Bitcoin

Cyber extortion is a very profitable criminal business model. Now, as if it was inevitable, someone has added a new, perverse twist: demanding naked photographs instead of Bitcoin, apparently so that the victim can be blackmailed multiple times.

Researchers at MalwareHunterTeam spotted the software, called nRansomware on Thursday.

"Your computer has been locked," reads the message, which then asks the victim to email the hackers. "After we reply, you must send at least 10 nude pictures of you. After that we will have to verify that the nudes belong to you."

You Need To See This, And It Will Make You Crap Your Pants

You and I know that your users are the weak link, things like ID10T and PEBKAC come to mind. But do you know how bad the problem really is?

Some people like to bury their head in the sand and prefer blissful ignorance, but that gives you data breaches and suddenly interrupted careers.

However, to really manage a problem, you need to see its magnitude and potential for damage. And then you can make the case for additional IT Security budget, because legally, an organization must act reasonably or do what is necessary or appropriate to protect its data.

Barracuda Advanced Technology Group Tracks 20 Million Ransomware Phishing Attack

Barracuda Advanced Technology Group says it’s tracking a ransomware threat that has so far spawned about 20 million phishing emails sent to unsuspecting users around the world in in the last 24 hours and the threat is growing.

While most of the emails seem to be originating in Vietnam, other countries with smaller but notable volumes of phishing emails seem to emanate from India, Columbia, Turkey, and Greece – lower volumes are coming from many other countries around the world. According to the security company,  “roughly 20 million of these attacks occurred in the last 24 hours, and that number is growing rapidly.”

Aaaaand... You're fired (thanks to phishing)

The BBC has a cautionary tale for pretty much everyone who uses email. It’s the story of a finance director who was sacked after falling for a phishing scam disguised as a message from the boss. The name of the company and the players are anonymous in the story, but the BBC describes the sequence of events this way:

Forbes Technology Group: Training Your Employees Ranks #2 In Preventing Ransomware Attacks

Forbes wrote a great article about protecting your organization against ransomware. Despite all the funds spent on state-of-the-art security software, the bad guys are always just one gullible user click away from staging an all-out invasion.

We’re seeing that all-out invasion play itself out almost every day of the week in the headlines.

In an article posted September 18, Forbes asked its Technology Council members to share their preferred methods to protect against becoming a ransomware victim. No surprises here that “Employee Training” was #2 on the list.

Phishing attacks use undocumented MS Office feature to leak system profile data

An undocumented Microsoft Office feature allows attackers to gather sensitive configuration details on targeted systems simply by sending a phishing email and social engineering victims to open a specially crafted Word document—no VBA macros, embedded Flash objects or PE files needed.

The undocumented feature is being used by adversaries, according to Kaspersky Lab researchers, as part of a multistage attack that first involves gathering the system configuration data on targeted systems.

The CCleaner app, designed for good cyber hygiene, was itself infected with a backdoor by hackers

Cisco's TALOS security researchers discovered a devious way to infect millions of machines. They said: "Supply chain attacks are a very effective way to distribute malicious software into target organizations. This is because with supply chain attacks, the attackers are relying on the trust relationship between a manufacturer or supplier and a customer. This trust relationship is then abused to attack organizations and individuals and may be performed for a number of different reasons."

This Week's Five Most Popular HackBusters Posts Sept 16

There is an enormous amount of noise in the security space, so how do you know what people really talk about and think is the most important topic? Well, we created the Hackbusters site for that. 
Hackbusters grabs feeds from hundreds of security sites, blogs and other sources. We track which topics are most liked, shared, retweeted and favored, and we built an algorithm that bubbles up the -real- hot topics. 

Subscribe To Our Blog

Phish Your Users

Get the latest about social engineering

Subscribe to CyberheistNews