CyberheistNews Vol 4, # 22 Ransomware Holds iPhones and iPads Hostage



CyberheistNews Vol 4, # 22
KnowBe4
Stu Sjouwerman's New Security Newsletter Don't miss the Fave Links! Case Studies Resources About Us Contact Us
Facebook LinkedIn Blog Twitter YouTube YouTube
 

CyberheistNews Vol 4, 22

Editor's Corner

KnowBe4

New Ransomware Holds iPhones and iPads Hostage

Before we get into the Apple incident, CryptoLocker infections still seem to be rising. Popular forums get new postings all the time about what to do when you are infected, and as a search term on Google it rose 65% over last week. Current estimates are that CryptoLocker infected more than 234,000 computers worldwide, including more than 100,000 in the United States, the Justice Department said yesterday.

And here's the next thing. After ransomware hit Windows PCs and Android phones, some other miscreant has found a way to pull a similar scam for Apple devices.

A large number of people, for the moment still mostly located in Australia and the UK, are reporting they have come under an unexplained attack that holds their iPhones and iPads hostage and demands they pay a $100 ransom.

The attacker who used the name Oleg Pliss exploited the "Find My iPhone" feature to launch the attack. It is not clear yet how the attacker got hold of the iCloud accounts used to lock the devices. There are currently four theories being discussed on various support forums.

  • First is that in a classic phishing attack, people were lured to an Apple
    phishing site (of which there are 2,261) and entered their credentials.

  • Second is the option of a data breach at Apple, (for which they are overdue)
    but Apple denies that its iCloud service has been breached.

  • Third is the possibility of DNS poisoning where people entered the correct
    Apple domain name but were subverted to a fake site, and entered their credentials there.

  • The most scary one is that the hackers are possibly in possession of user
    names and passwords from another databreach like eBay or Target, and attacked
    users that use the same credentials for their iCloud account.

 



Seen the fact that the attack was somewhat geographically contained, this limits the options to possibly the DNS poisoning theory but the jury is still out on that.

One user from Melbourne, said: "I was using my iPad a short while ago when suddenly it locked itself. I went to check my phone and there was a message on the screen (it's still there) saying that my device(s) had been hacked by Oleg Pliss and they demanded $100 USD/EUR (sent by paypal to lock404(at)hotmail-dot-com) to return them to me."

David Emm, from security firm Kaspersky Lab, said: "It seems likely that cybercriminals gained access to Apple ID credentials. By using the credentials to access an Apple iCloud account, the attackers can enable the 'Find My iPhone' service - this is not only able to locate a lost or stolen device, but also to set a passcode preventing third parties from accessing the personal data stored on the smartphone.

"This is clearly a form of ransomware, previously only seen on PC and, recently, on Android devices - although in those cases malware was used to trigger this behavior. This campaign is further proof that cybercriminals are adopting criminal business models developed for the PC, applying them to new areas and fine-tuning their methods."

Welcome to the new world of cybercrime. Deploying defense-in-depth and having your own fine-tuned Security Awareness Training program as part of that will help to keep the bad guys out of your network. For instance, your users need to be trained so that they do not use their company user name and password anywhere else. Fairly obvious, but we see this all the time in the free Email Exposure Check we can do for you:
http://www.knowbe4.com/email-exposure-check/

Quote from a customer: "BTW, we invested in KnowBe4.com training. It is the best $1,000 we’ve ever spent. It’s training on how to avoid many of the simple pitfalls in dealing with email, web sites and documents." - R.F.

Cartoon: "That ransomware payment is coming out of your allowance:"
http://blog.knowbe4.com/bid/387705/That-ransomware-payment-is-coming-out-of-your-allowance

NetworkWorld Covers No-Charge eBay Phishing Attack

NetworkWorld blogger Mark "Gearhead" Gibbs wrote to his 150,000 readers about the special offer that KnowBe4 has made available for IT admins to inoculate their users against the wave of eBay phishing attacks. Mark asked us if we'd extend the offer a few days and of course we agreed. "Due to popular demand" you can still run this simulated eBay attack for free until 12 midnight tonight. It takes all of 10 minutes, so time enough. Here is the article!
http://www.networkworld.com/community/blog/knowbe4-offering-free-phishing-attack-simulation

PayPal Phishing Websites Spike In 2014

Phishers have set their sights on PayPal more than ever, as per "The Internet Threats Trend Report April 2014," created by Internet security solutions provider CYREN and network security appliances provider Cyberoam. I wonder if that has anything to do with the recent eBay breach.

They analyzed security trends for Q1 2014 and compared the data to Q1 2013. The results were a 73 percent increase in the number of phishing websites related to PayPal which go after personal data, including Social Security numbers.

The report shows that around 18,600 PayPal-related phishing websites were identified in a two-week span, 8 times more than number two, which were 2,261 Apple phishing websites. Full report at: (PDF)
http://www.cyberoam.com/downloads/ThreatReports/CyberoamCYRENInternetThreats2014April.pdf

 

Quotes of the Week

"Happiness resides not in possessions, and not in gold, happiness dwells in the soul." - Democritus - Philosopher (460 - 370 BC)

"Patriotism is supporting your country all the time, and your government... when it deserves it." - Mark Twain

Thanks for reading CyberheistNews! Please forward to your friends. But if you want to unsubscribe,
you can do that right here

Thanks for reading CyberheistNews! Warm Regards, Stu Sjouwerman | Email me: feedback@knowbe4.com
Facebook LinkedIn Blog Twitter YouTube YouTube
KnowBe4

Which Security Awareness Training Has The Best Results?

A new whitepaper from Osterman Research shows which of the 5 types of awareness training has the best results.

Well over 200 organizations were asked questions related to their awareness training, malware infiltration, and if their problems with phishing were worse, the same or getting better. Research showed that an organization's Security Awareness Confidence Score varies significantly depending on the awareness training type they use.

Download this whitepaper and find out which awareness training approach correlates with improvement of the phishing problem:
http://info.knowbe4.com/whitepaper-osterman-14-06-03

KnowBe4

Malware Creation Breaks All Records! 160,000 New Samples Every Day

Net-Security.Org reported: Malware creation has broken all records during Q1 2014, with a figure of more than 15 million new samples, and more than 160,000 new samples appearing every day, according to Panda Security.

Trojans are still the most abundant type of new malware, accounting for 71.85% of new samples created during Q1. Similarly, infections by Trojans were once again the most common type of infection over this period, representing 79.90% of all cases.

In the area of mobile devices, there have been increasing attacks on Android environments. Many of these involve subscribing users to premium-rate SMS services without their knowledge, both through Google Play as well as ads on Facebook, using WhatsApp as bait.

Along these lines, social networks are still a favorite stalking ground for cyber-criminals, The Syrian Electronic Army group, for example, compromised accounts on Twitter and Facebook, and tried to gain control of the facebook-dot-com domain in an attack that was foiled in time by MarkMonitor.

During the first three months of the year we have witnessed some of the biggest data thefts since the creation of the Internet, and as expected, CryptoLocker, the malicious file-encrypting ransomware which demands a ransom to unblock files, has continued to claim victims.

"Over these months, levels of cyber-crime have continued to rise. In fact, we have witnessed some of the biggest data thefts since the creation of the Internet, with millions of users affected”, explains Luis Corrons.

So far in 2014, Trojans are still the malware most commonly used by cyber-criminals to infect users. According to data from PandaLabs, four out of five infections around the world were caused by Trojans, that’s 79.90% of the total. Viruses are in second place, accounting for 6.71% of infections, followed by worms, with a ratio of 6.06%.

Trojans also top the ranking of newly created malware, accounting for 71.85% of the total, followed by worms, at 12.25%, and viruses at 10.45%. The global infection rate during the first three months of 2014 was 32.77%. China is once again the country with most infections, with a rate of 52.36%, followed by Turkey (43.59%) and Peru (42.14%). Although Spain is not in the top ten of this ranking, it is still above the global average with 33.57%.

European countries ranked high among the least infected countries, with the best figures coming from Sweden (21.03%), Norway (21.14%), Germany (24.18%) and Japan, which with a ratio of 24.21%, was the only non-European country in the top ten of this list.

The Graphics that go with this story are at the KnowBe4 Blog:
http://blog.knowbe4.com/bid/387734/Malware-creation-breaks-all-records-160-000-new-samples-every-day

These numbers illustrate it's time for an additional layer of security on top of your antivirus solution. The days of the antivirus-based blacklist are truly over. Peter Lander commented on the Information Security Community Forum: "Think like old western movies. If he is not wearing a white hat, shoot him. The future lies with whitelisting technologies. We must identify what is permitted ... and ban, block, or kill everything else."

Want to give the new whitelisting product Malwareshield a spin? Get the Beta build version 14.0.0.4959 May 27, 2014 here:
http://www.knowbe4.com/project-malwareshield/

KnowBe4

Life's a Breach: What Do We Do Now?

Taylor Amerding at CSO Mag has a very useful article to get you started on what to do after you have been breached:

"There is no shame in being breached by a cyber attack – security experts are unanimous about that. Prevention, while a worthy part of a risk management strategy, will never be 100% successful, given the sophistication and overwhelming volume of attacks.

But there is room for improvement – vast improvement – in the detection of breaches. A large majority of enterprises fail to detect breaches on their own – they find out about them from somebody else, as a couple of recent reports show.

The security firm Mandiant, now part of FireEye, reported recently that while the average time it took to detect breaches declined slightly from 2012 to 2013, from 243 to 229 days (more than seven months), the number of firms that detected their own breaches actually dropped, from 37% to 33%.

The results in a report from security firm Trustwave were more encouraging, at least for the time between intrusion and detection – it found the median was 87 days. But the ability of firms to detect malware in their systems on their own was only 29%, which Karl Sigler, Trustwave’s manager of threat intelligence called, “just a horrible statistic in general.”

All of which raises a couple of obvious questions: Why are organizations so bad at detecting breaches? And what can and should they be doing to improve? More:
http://www.csoonline.com/article/2157453/data-protection/needed-detection-correction.html?

KnowBe4

Redmond: Do Not Install XP Patches For Embedded XP

KnowBe4

Redmond is warning everyone to not use a workaround that claims to solve the Windows XP security updates problem. The hack is making a small registry change that will let XP receive security updates, and tricks Windows Update into thinking that the XP version is an embedded point-of-sale OS that Redmond supports through 2019.

The normal XP and embedded XP are are similar but not identical. The updates would only partially protect XP simply could break things, the Microsoft experts claim. If you want put XP into a complete security lockdown against any possible malware executable running, you should look into whitelisting, and run the MalwareShield Beta:
http://www.knowbe4.com/project-malwareshield/

Cyberheist 'FAVE' LINKS:

* This Week's Links We Like. Tips, Hints And Fun Stuff.

Five wingsuit flyers flew over Manhattan at a top speed of 118 mph, using new wingsuit technology and covering a distance of two miles in less than two minutes. And don't miss the amazing landing over the Hudson River. Watch this full screen and HD! WOO HOO:
http://www.flixxy.com/wingsuit-flying-over-manhattan.htm?utm_source=4

A Dutch TV-show challenged magician Hans Klok and the "Divas of Magic" to do as many illusions as possible in 5 minutes. Wow:
http://www.flixxy.com/worlds-fastest-magician.htm?utm_source=4

The Myasishchev VM-T Atlant was developed in the mid-80's to transport the Soviet space shuttle - the Buran - and its rocket boosters on its back:
http://www.flixxy.com/russian-aircraft-with-a-huge-rocket-fuel-tank-on-its-back.htm

Parenting Cartoon: That ransomware payment is coming out of your allowance:
http://blog.knowbe4.com/bid/387705/That-ransomware-payment-is-coming-out-of-your-allowance

Funny video of a dog dubbed with voiceover is a viral hit on YouTube with over 156 million views so far:
http://www.flixxy.com/the-talking-dog.htm?utm_source=4

Magician Darcy Oake does the ultimate disappearing act. But where does he go? Watch it twice and you'll see how he does it:
http://www.flixxy.com/magician-darcy-oakes-disappearing-act-on-britains-got-talent.htm?utm_source=4

A film taken from a streetcar traveling down Market Street in San Francisco in 1906, a few days before the earthquake/fire destroyed the area totally:
http://www.flixxy.com/san-francisco-1905-historical-footage.htm?utm_source=4

When we are writing software, there are things we -say- and things we -mean- LOL:
https://twitter.com/xmjEE/status/473057399591665664/photo/1

It's Smart vs Mustang, and guess which one does a wheely?:
http://www.roadandtrack.com/car-videos/smart-car-wheel-stand?

 
KnowBe4
Facebook LinkedIn Blog Twitter YouTube YouTube



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews