blog-slider.jpg

KnowBe4

Security Awareness Training Blog


Keeping You Informed. Keeping You Aware.

Microsoft Alert: ZCryptor Ransomware With Worm Feature

Microsoft released an alert about a new ransomware strain called ZCryptor, which works like a worm and spreads via removable and network drives.

The MalwareForMe blog reported this first on May 24. Three days later, Redmond's security team decided to alert people about this threat. Because the ransomware adds the .zcrypt file extension to locked files, some security researchers also call "zCrypt".

“We are alerting Windows users of a new type of ransomware that exhibits worm-like behavior,” Microsoft's Malware Protection Center alert stated. “This ransom leverages removable and network drives to propagate itself and affect more users.” A subsequent analysis by Trend Micro confirmed Microsoft's findings, categorizing the threat as a "worm," with self-propagation features. 

Shields Up! New DMA Locker V4 Unleashes Major Ransomware Assault

DMA Locker is an excellent example of cybercrime's furious speed of innovation. Version 1 showed up in January 2016, and V2 a month later, but the implementation of the encryption algorithm was flaky at best. The antimalware research community easily developed a decryption tool for versions 1 and 2 of DMA Locker.

These earlier versions infected workstations using through weak passwords or stolen remote desktop credentials. The new V4, however, encrypts victim machines via drive-by download attacks that rely on compromised web servers with exploit kits, expanding the criminal "addressable market" significantly. 

Earlier DMA Locker versions did not use a Command & Control (C&C) server so the SA private key was stored locally on the computer and could be recovered by reverse-engineering.

Massive Locky Ransomware Campaign Targets Amazon Users

Comodo Threat Research Labs just posted an alert that a massive campaign of phishing emails have been sent with a spoofed "from" address: auto-shipping@amazon.com.  The subject is “Your Amazon.com order has dispatched (#code)" and there is no body text in the email, just a Microsoft Word attachment. 

In the Word files again is no copy, just macro codes, and people that receive the email are social engineered to "enable the content" of the documents, which kicks off the macros which in turn start an executable that downloads Locky ransomware. The number of infected machines is not yet available, but it looks like a massive campaign.

[ALERT] This New Ransomware Strain Adds DDoS Bot Causing More Damage

Excuse my French, but Holy S#!+, some ransomware developers have created a new evil way to monetize their operations by adding a DDoS component to their malicious payloads. Security researchers from Invincea reported this a few days ago on a new malware sample they found. 

Scam Of The Week: LinkedIn Email Change Your Password

You probably remember the 2012 LinkedIn data breach. It was a big deal because something like 6.5 million user account passwords were posted online, but LinkedIn never confirmed the final number of people that were impacted.

Well, it turns out that really 117 million records were stolen which have both emails and passwords that were easily decrypted. And this new number is all over the news because that database is now sold on the dark net. It is not unusual for such stolen material to turn up for sale long after the initial data breach.

LinkedIn is invalidating the compromised passwords and currently sending out emails to users, urging them to change their passwords in response to this report (though the email LinkedIn is sending is vague about the actual nature of the threat).

"What methodologies does KnowBe4 use in developing our training?"

Someone interested in using our integrated platform for training and phishing asked us: ""What methodologies does KnowBe4 use in developing our training?" 
 
We use the ARCS Model. ARCS is an acronym that stands for: Attention, Relevance, Confidence and Satisfaction.  Learn more about this method at Wikipedia.
 
We concentrate on keeping technical terminology simple and easy to understand. This adds to the C in ARCS as learners are not intimidated by big or hard to understand words. We also present material on a proper gradient that breeds confidence in the learner. 
 
Our training  modules are designed to be relevant to anyone who uses email or goes online. They are fully relevant to the C-level exec as well as the office worker who uses a computer all day. 
 
We use engaging visuals and interactions that gain the learners attention and our course content is highly interesting because it is so very relevant to the world of today, both in the office and at home.
 

What does a "Human Firewall" look like, anyway?

By Eric Howes, KnowBe4's Principal Lab Researcher

So you've subscribed to Security Awareness Training that includes training modules as well as simulated phishing campaigns for your organization. You may have gotten to the point where you're rolling out the training modules to your employees and setting up your very first phishing campaign to establish a baseline Phish Prone Percentage. But you're now wondering: what can your organization expect? Does this stuff really work? Are you going to see any kind of actual payoff from this training?

The answer is: yes, absolutely. There is a very real payoff, and your organization will benefit from the training modules and simulated phish campaigns almost immediately. One of our customers saw a just such a payoff from their training and phishing campaigns this past week when one of their employees got hit with a CEO Fraud phishing email.

We just received the ultimate in weird nested malware

Last night a customer sent us a phish via the KnowBe4 Phish Alert Button ( free download here) that must win some kind of award for the longest chain of required user interactions -- all designed to push the easily detectable stuff as far away from the base email body and attachment as possible.
 
It goes like this:
 
1. Email body contains social engineering hook that points users to a PDF attachment.
 
2. PDF attachment contains an embedded URL (allegedly for a secure doc) that consists of a tinyurl URL shortener link.

How To Stop Your Ex-Girlfriend Sending Nude Photos To A Fake Facebook Profile

In a case of sophisticated social engineering, a fraudster created a fake profile of actor Vincent Gallo. He then proceeded to engage in a 2-month long scam, flirting online and sending the ex-girlfriend nude pictures of "himself", until she sent pics of herself and decided to fly in and meet him.  

Gallo is suing Facebook over the fake profile, allegedly used to friend Gallo’s friends and acquaintances, for online sex chats, and to lure Los Angeles women to meet in person.  

The bogus account had some 3,000 friends, including some of the real Gallo’s real friends and acquaintances. The Hollywood Reporter quoted the court papers:

Subscribe To Our Blog

Phish Your Users



Posts By Topic

View All


Get the latest about social engineering

Subscribe to CyberheistNews