| |
CyberheistNews Vol 4, 19
Editor's Corner
Scam Of The Week: Mobile Ransomware
Here is a heads-up for your users that use mobile devices (and who doesn't). There are two mobile scams sticking up their ugly heads. First is using messages from "trusted" mobile apps to install malware on PCs. Second is the first mobile ransomware for Android. Send this (feel free to edit as much as you like) to your users and give them another heads-up.
"The bad guys use what we call "social engineering" to make people click on links, and their scams often rely on exploiting trust. If they can make you believe a message is from a trusted source, chances are you will click. This trick has been used with email, instant messaging, social networks, and they are even spoofing SMS text messages. But the new frontier is mobile!
"This is a heads-up that email messages from mobile apps like for instance WhatsApp or some other mobile app that you use are not automatically legit. The same rules apply as with normal email, check for Red Flags. If you click on an email message from a mobile app without checking for anything suspicious, you might download malware and infect your PC, so... Think Before You Click!
"Next, there is malware that encrypts all your files and asks for a ransom to release the files. You get an email with an attachment and if you open the attachment, all your files are locked until you pay $500. It's called "ransomware". It's been around for PCs for a while and it's now out there in the wild for Android phones as well.
"The mobile version is not as malicious as the PC version...yet. But it does throw up a nag screen claiming to be from a government site and states you have been looking at illegal content. The way your phone gets this type of infection is manually downloading software that claims to be a video player from another website than Google Play App Store. So the lesson here is only download from Google Play and even then you need to be careful!"
PS, you may not be aware that we have a 15-minute add-on training module called Mobile Device Security that works great as reinforcement of your general security awareness message. More here:
http://info.knowbe4.com/mobile-security-module-14-05-13
Are You Being Targeted By Hot Foreign Spies?
Ready to be hit upon by the likes of Anna Chapman? MI5 in the UK warned that foreign spy agencies are targeting IT workers within big organizations as a means of gaining privileged access to sensitive data.
Wow, the good old honeytrap seems to be alive and taking names. The UK security service's warning about spy-infiltration tactics is a bid to encourage corporations to bolster their defenses against such attacks, the Register reports.
However, the Register still reckons that phishing emails, custom malware and watering-hole attacks are a far more plausible tactic rather than the spy-grooming tactics mentioned by MI5. Darn, I was already thinking I might get lucky...:-D
http://www.theregister.co.uk/2014/05/07/mi5_warning_foreign_spies_targeting_it_workers/
Whitelisting Community Preview: MalwareShield
You have heard me talk about whitelisting the last few years. Well I have some news! You may not know that most of us here at KnowBe4 are ex-antivirus people who came from the Sunbelt Software VIPRE antivirus team. Well, we have been very busy the last few years working on the next wave in malware protection.
We're at a point we need (early version) testers for our new product called MalwareShield. This first version is focused on stand-alone workstations or servers that contain high-value data and/or need to block -any- installation of malware; the PC of your CFO, a file server that holds the company crown jewels and needs to be locked down, or some XP SP3 machines that you cannot get rid of yet but need to be secured since there are no more updates from Redmond.
How It Works
1) Install MalwareShield. Two drivers get loaded. Reboot.
2) MalwareShield scans the hard disk(s) once using super low CPU and creates a local exe whitelist. Depending on the size of the disks, this could take a while, but normal operation can continue.
3) It turns itself on. The machine is now protected.
Under The Hood
1) The first driver starts a scan which creates a hash for any executable it finds and creates a local whitelist. From that point forward, any executable that is not on the local whitelist and tries to run gets checked in the cloud and gets blocked if not known to be good. You have three options:
- No Block Notification
- Display Only
- Prompt for override (recommended)
If you choose the override, a popop bottom right will show which exe was blocked and why, with a check box for you to allow it to run or not. We do have an extensive real-time cloud-based exe whitelist that constantly gets added to when new versions or patches come out.
The second driver is a network filter that looks at URL requests. If a URL is not on our "known-good" real-time cloud whitelist, a block screen will pop up in the browser with two options: "get me outta here" and "ignore".
- For a server it's not a good idea to have a browser enabled in the first
place, but in the unlikely event that malware makes it through, this will
block the malware from "calling home" when it tries to reach the domain
where its command & control server lives.
- For a high-value workstation, having a block screen in place that
reminds the user of the risks involved is yet another layer of your
defense-in-depth.
An enterprise console that will drive multiple machines is in the works and will be released a bit later. For the enterprise, this is offered as an additional layer of security and the product has no known incompatibilities with any existing antivirus product, including the free "Defender" AV in Windows 8.
This is the preliminary consumer website. For consumers, the product is positioned as an "extra security" add-on to the free Microsoft Defender:
http://www.malwareshield.com
Here is the MalwareShield enterprise webpage where you can request the Community Preview (beta) Fill out the survey at the bottom of the page to get the beta
http://www.knowbe4.com/project-malwareshield/
Quotes of the Week
"It's never too late, it's never too bad, and you're never too old or too sick to start from scratch once again." - Bikram Choudhury - Yoga Master (Born 1946)
"You have to learn the rules of the game. And then you have to play better than anyone else." - Albert Einstein - Physicist (1879 - 1955)
Thanks for reading CyberheistNews! Please forward to your friends. But if you want to unsubscribe,
you can do that right here
|
Find Out How Insanely Cheap Mobile Device Security Training Is!
Did you know that we have a 15-minute training module called Mobile Device Security? It works great as reinforcement of your general security awareness message. Fill out the form with the No. of employees at your location and we'll email you a quote back in 24 hours....
The cost per employee is insanely cheap!
http://info.knowbe4.com/mobile-security-module-14-05-13
$4.8 Million Settlement HIPAA for Data Breach
Federal regulators have issued a $4.8 million sanction, the largest HIPAA settlement to date, against two partnering New York healthcare organizations following a breach affecting just 6,800 individuals.
Note that this data breach happened almost 4 years ago, and knowing that IT jobs usually last shorter than that, the culprits are now probably misconfiguring servers somewhere else. Using a compliance workflow automation tool to better manage your critical controls is a really good idea. Check out the KnowBe4 Compliance Manager and prevent fines like this:
http://info.knowbe4.com/knowbe4-compliance-manager_lp_14-04-15
Learn the details behind this heftiest HIPAA penalty yet from Federal Regulators:
http://www.healthcareinfosecurity.com/48-million-settlement-for-breach-a-6822?
SANS Announces the May 2014 issue of OUCH!
"We are excited to announce the May issue of OUCH! This month, led by Guest Editor Jake Williams, we discuss how to identify when you've been hacked and how to respond. Specifically, we cover some common indicators of a compromise and specific steps an individual can take to recover. In addition, we released an out-of-band OUCH! on Heartbleed this month. Most of the translations are complete and now online. As always, we encourage you to download and share OUCH! with others." English Version (PDF)
http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-2014-05_en.pdf
The Cyber Security Market Is Hot! Here’s Why
A dozen years ago the $3.5 billion security market was dominated by five vendors. Last year, VCs bankrolled 230 startups. My, how things have changed! By any credible account, the cyber security market is hot. According to Gartner analysts, in 2014 worldwide information security market growth will accelerate to 8.6% and exceed $73 billion. Cyber-related M&A activity and trading multiples are indicative of customer and investor markets that are demanding much more innovation, faster. Article at DarkReading:
http://www.darkreading.com/risk/the-cyber-security-market-is-hot!-heres-why/a/d-id/1251128?
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
Cameron Donald during a practice lap for the Isle of Man TT in 2013 - the most dangerous motorcycle race in the World. Need to get some adrenalin flowing? Check out THIS video. I would have died 5 times:
http://www.flixxy.com/first-person-view-of-a-race-bike-at-320kmh-200mph.htm?utm_source=4
A little monkey in Japan buys juice from a vending machine and even returns the change to its human friend:
http://www.flixxy.com/monkey-buys-juice-from-vending-machine.htm?utm_source=4
The deepest hole on earth, and what we have learned from it:
http://www.flixxy.com/the-deepest-hole-on-earth.htm?utm_source=4
Little Rock's Museum of Discovery scientist Kevin Delaney performs some cool science experiments with Jimmy Fallon, including shooting 'vortex cannons.':
http://www.flixxy.com/science-experiments-on-the-tonight-show.htm?utm_source=4
Not only can illusionist Darcy make doves appear out of nowhere, he also has an even bigger trick up his sleeve:
http://www.flixxy.com/darcy-oakes-jaw-dropping-dove-illusions-britains-got-talent-2014.htm?utm_source=4
Video showing AT Black Knight Transformer's first flight released. This is one big-ass copter with 6 blades...:
http://youtu.be/kDay5OWDPn4
Top 12 tech hoaxes of all time. Social media pranks and viral videos have nothing on these truly historical technical hoaxes:
http://www.infoworld.com/slideshow/151490/top-12-tech-hoaxes-of-all-time-241896
These very funny charts will show you exactly why correlation doesn't mean causation:
http://www.businessinsider.com/spurious-correlations-by-tyler-vigen-2014-5
A hilarious 5-minute Sci-Fi short film featuring the universe's 'greatest delivery man' trying to make a delivery to a very, very small customer:
http://www.flixxy.com/johnny-express-sci-fi-short-film.htm?utm_source=4
|
|
