CyberheistNews Vol 10 #18 [Heads Up] An Ugly New COVID-19 Malware Strain Is Bricking Your Endpoints




CyberheistNews Vol 10 #18
[Heads Up] An Ugly New COVID-19 Malware Strain Is Bricking Your Endpoints

Forget cybercriminals out to steal just your money or credentials. Security researchers just found evil new malware strains intent on rewriting your users' workstation master boot records (MBR) and/or wiping the file system.

Your organization doesn’t need another thing to worry about with the coronavirus pandemic going on. However, here it is! Security researcher Vitali Kremez discovered a new malware strain using COVID-19 as its theme, and in some cases pretends – yes, pretends to be ransomware. It rewrites the endpoint’s MBR and upon bootup posts a message that the machine has been infected with ransomware.

Now, the workstation is not totally lost, with some good bootup tools you can rebuild the machine, put the MBR back as it should, so that it can boot normally again. But... what if this machine is at the house of a WFH user?

And, what if other malware was dropped at the same time? The only way to be sure is "nuke from orbit" and a bare metal restore which is a major PITA remotely if possible at all. In either case it causes downtime and loss of productivity.

The MalwareHunterTeam has spotted another in-the-wild strain in Italy that also tries to delete the files on an endpoint. It is beyond me why someone would go through such trouble to create destructive malware when there’s no monetization scheme unless it was created for cyberwar purposes like when 30,000 machines at ARAMCO in Saudi were bricked by Iran a few years back.

While these two specific malware strains are not as destructive as some of the other worm-based attacks that kill your whole network, it’s still crucial to train users to not click on attachments from unknown, unexpected senders.

New-school security awareness training helps you minimize your organization's human attack surface, reducing the risk that phishing attacks and scams using social engineering trick your users into assisting bad guys to destroy their workstation or your network.
[Live Demo] Prepare Your Organization to Work From Home More Securely with Ridiculously Easy Security Awareness Training and Phishing

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense especially when working from home.

Join us Wednesday, May 6 @ 2:00 pm (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to Security Awareness Training and Simulated Phishing.

See how easy it is to train and phish your users:
  • Train your users with access to the world's largest library of 1000+ pieces of awareness training content including 300 training resources on work from home scenarios.
  • Send fully automated simulated phishing attacks, including thousands of customizable templates with unlimited usage.
  • NEW! Brandable Content feature gives you the option to add branded custom content to select training modules.
  • Assessments allow you to find out where your users are in both security knowledge and security culture to help establish baseline security metrics you can improve over time.
  • Advanced Reporting on 60+ key awareness training indicators.
  • Active Directory Integration to easily upload user data, eliminating the need to manually manage user changes.
Find out how 32,000+ organizations have mobilized their end-users as their human firewall.

Date/Time: Wednesday, May 6 @ 2:00 pm (ET)

Save My Spot!
https://event.on24.com/wcc/r/2311125/C5B5E9642E95E8DD0E20DBFFCC269664?partnerref=CHN1
FBI Warns: "Your WFH Users Sharing Personal Information Helps Scam Artists"

The FBI's Charlotte office released an alert describing how scammers can use personal information on social media to break into online accounts. As people are confined to their homes, many have been drawn to social media where they’re encouraged to share information about themselves, like their pets’ names, the types of cars they’ve owned, and their mothers’ maiden names.

Many of these games are innocent, but they’re also goldmines for criminals seeking answers to account security questions. Even if you haven’t used personal information for security questions, sharing excessive information about yourself can allow attackers to craft targeted social engineering attacks against you.

“The FBI Charlotte office is warning social media users to pay close attention to the information they share online,” the alert states. “A number of trending social media topics seem like fun games, but can reveal answers to very common password retrieval security questions. The FBI encourages you to be vigilant and carefully consider the possible negative impact of sharing too much personal information online.”

People like to share things about themselves online for the same reasons they like to talk about themselves in real life. On the Internet, however, this information is potentially available to anyone in the world. Even if your profile information is only visible to people you’ve added as friends, there are many ways it could still end up on the open internet.

In addition, the FBI advises users to implement multi-factor authentication on all of their accounts that offer it. “Multi-factor authentication is required by some providers, but is optional for others,” the agency said. “If given the choice, take advantage of multi-factor authentication whenever possible, but especially when accessing your most sensitive personal data—to include your primary email account, and your financial and health records.”

Blog:
https://blog.knowbe4.com/how-sharing-personal-information-helps-scam-artists
See How You Can Get Audits Done in Half the Time at Half the Cost

You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments and third-party vendor risk is a continuous problem.

We listened! KCM now has Compliance, Risk, Policy and Vendor Risk management modules, transforming KCM into a full SaaS GRC platform!

Join us Wednesday, May 6 @ 1:00 PM (ET), for a 30-minute live product demonstration of KnowBe4's KCM GRC platform. See how you can simplify the challenges of managing your compliance requirements within your organization and across third-party vendors and ease your burden when it's time for risk assessments and audits.
  • NEW! Demonstrate overall progress and health of your compliance and risk management initiatives with custom reports.
  • Vet, manage and monitor your third-party vendors' security risk requirements.
  • Simplify risk management with an intuitive interface and simple workflow based on the well-recognized NIST 800-30.
  • Quick implementation with pre-built requirements templates for the most widely used regulations.
  • Secure evidence repository and DocuLinks giving you two ways of maintaining audit evidence and documentation.
  • Dashboards with automated reminders to quickly see what tasks have been completed, not met, and past due.
Date/Time: Wednesday, May 6 @ 1:00 PM (ET)

Save My Spot!
https://event.on24.com/wcc/r/2311124/7C7652FF075E3F0F560287F15FF560F5?partnerref=CHN1
Third-Party Risk Management Questionnaire for Extended Emergencies

Here’s a questionnaire you can send to suppliers during extended (WFH) periods.

Military strategists will tell you that the outcome of many famous battles could have been predicted ahead of time by the robustness of the supply lines. That’s why a major part of every military service is logistics and planning.

Besides weapons, ammo, and replacement troops, the side that usually wins also had the best food, water, medical supplies, communications, clothing, and shelter. “You can’t win battles wearing wet shoes” the saying goes.

The current COVID-19 pandemic response has all companies and organizations re-examining how to keep the business running, people working, and customers happy during this extended work from home period. Your organization can’t excel at what it needs to do without the products and services it depends on.

This has led many people to a new way of incorporating third-party risk as a part of their normal business continuity plans (BCPs). Most organizations worry about third-party risk primarily as a computer security risk problem and only measure that risk during onboarding or perhaps annually thereafter.

It’s mostly a confidentiality and integrity issue. That makes perfect sense. You don’t want to interact with a new vendor that increases your own risk unnecessarily. So, most organizations do third-party risk management as a way to ensure that their vendors are using good computer security practices.

Often times, availability is the most neglected part of the computer security triad (i.e., CIA – Confidentiality, Integrity, and Availability) and it is primarily focused on as a local issue – Can my organization do what it needs to do during a disaster event?

An organization cannot do that without ensuring its suppliers and other vendors also have their availability angles covered just as strongly as their other computer security concerns. The recent COVID-19 pandemic has acutely tested all of us and our supply lines.

One way to measure third-party availability risk is to send the organizations you are dependent on a quick Extended Emergency Third-Party Risk Questionnaire. You can make your own or search them out on the Internet. Here’s one that the risk management team at KnowBe4 came up with.

Download: "Sample Extended Emergency Third-Party Risk Questionnaire:
https://blog.knowbe4.com/third-party-risk-management-questionnaire-for-extended-emergencies
[LAST CHANCE] Can You Be Spoofed? Find out for a Chance to Win a 500 Dollar Amazon Gift Card

Are you aware that one of the first things hackers try is to see if they can spoof the email address of someone in your own domain?

Now they can launch a "CEO fraud" spear phishing attack on your organization, and that type of attack is very hard to defend against unless your users are highly ‘security awareness’ trained.

KnowBe4 can help you find out if this is the case with our free Domain Spoof Test. Plus, if you’re in the US or Canada, you'll be entered for a chance to win a 500 Dollar Amazon Gift Card!*

Hurry, offer ends April 30th. Find out now if your email server is configured correctly, many are not!

Try To Spoof Me!
https://info.knowbe4.com/dst-sweepstakes-mar-apr-2020

*Terms and Conditions apply.

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman
Founder and CEO
KnowBe4, Inc


PS: We have DOUBLE the Fave Links as usual, for people (with kids) in lockdown.
Quotes of the Week
"Optimism is the fuel of heroes, the enemy of despair and the architect of the future." - Max More, Philosopher and Futurist (1964 - )

"If you would be a real seeker after truth, it is necessary that at least once in your life you doubt, as far as possible, all things." - René Descartes, Philosopher (1596 - 1650)



Thanks for reading CyberheistNews

Security News
COVID-19 Emails Go From Zero to Half a Million a Day in Just Three Months

According to new data from security researchers at Forcepoint, the interest in coronavirus-themed emails and websites by cybercriminals is cause for concern.

As with any globally newsworthy story, the bad guys find ways to piggyback on the public’s interest. And while it doesn’t look like the timing of these malicious campaigns is perfectly aligned with genuine interest and concern, the data shows the era of COVID-19 scams is far from over.

According to the data:
  • Legitimate web traffic related to interest in the Coronavirus peaked on March 15th
  • Traffic to coronavirus-related malicious URLs peaked on March 29th
  • A recent spike in domains with covid or corona in the name has occurred as late as April 12th – this, after domains peaked on March 22nd
Email data shows a similar trend:
  • Emails linking to legitimate sites with covid or corona in the domain name peaked on March 29th
  • Emails categorized as spam with link to with covid or corona domains peaked at the end of March
  • Emails categorized as malicious with link to with covid or corona domains peaked on March 22nd (same as web traffic) and then emerged once again around April 12th
It should be noted that this analysis only involves those emails with embedded links. Emails containing malicious attachments and those relying solely on social engineering are not represented here.

According to Forcepoint, email security solutions are a solid defense against “emails containing an embedded URL.” But organizations wish to provide protection against all email-borne threats should consider security awareness training as a means to elevate the user’s understanding of what suspicious and/or malicious email content looks like in an effort to avoid becoming a victim.

The spikes in domains and web traffic in April may indicate we’re just seeing the tip of the coronavirus scam iceberg. As long as user keep falling for these scams, the longer the bad guys will keep it up.
Netflix Scams Target People Sheltering in Place

With people sheltering in place during the pandemic emergency, they’re both teleworking and finding their entertainment online. Google searches for Netflix jumped 142% since the advice to stay home became serious.

The criminals as usual take note of trends in the wider world that can work to their advantage, and, according to the Express, that’s happening now. A Netflix-themed phishing campaign is in progress against those who are keeping their social distance at home.

The most prominent campaigns use fake sites that appear to be Netflix sign-up pages, but that in fact were established simply to steal from those who think they’re registering for the service. The cyber security firm BrandShield told the Express that 639 fraudulent domains that use the word “Netlix” have been registered.

236 of those were established during March alone. 41% of these bogus domains have a mail server, and that indicates that they’ve probably been sending phishing emails to prospective victims.

Yoav Keren, BrandShield’s CEO, told the Express, "As the world goes into lockdown, cybercriminals are capitalizing on people spending more and more time online. Consumers of streaming websites are increasingly at risk of successful phishing attacks. We have seen an explosion in domain names featuring ‘Netflix’ as criminals are looking to catch consumers out and extract financial or personal records.”

Continued:
https://blog.knowbe4.com/netflix-scams-target-people-sheltering-in-place
What KnowBe4 Customers Say

"Thank you for personally reaching out. I have been very pleased with all aspects of the platform.

Right when we signed up with KnowBe4 my IT manager (only IT person) left the company leaving me (CFO, limited IT knowledge) to complete the implementation including getting all the filters set up appropriately to allow the phishing emails to come through. Your team worked with me step by step to make it happen.

Then we got into the using the platform and I am thrilled with it. I wish I had more time to set up campaigns, there is so much information to get out to my users. The COVID-19 response/information from KnowBe4 was perfect, the right depth, the right time, the right information. I rolled out a campaign specific to COVID-19 for my users.

We have rolled out trainings for how to work at home securely. I could not be more pleased with the platform and look forward to using it more. I have even found PhishER to be beneficial in cutting off spam and potentially dangerous emails.

KnowBe4 is an amazing platform and I have been very pleased with it and will continue to look for more ways to involve KnowBe4 in our security!"

- E.J., CFO

The 10 Interesting News Items This Week
    1. VIDEO - The past, present, and future of Phishing and Social Engineering. 3:43:
      https://www.youtube.com/watch?v=_imLSdEKXk0&feature=youtu.be

    2. 267 million Facebook profiles sold for 600 bucks on the dark web:
      https://www.bleepingcomputer.com/news/security/267-million-facebook-profiles-sold-for-600-on-the-dark-web/

    3. Work-from-Home Exposes Already-Infected Machines in 50K US Organizations:
      https://www.darkreading.com/endpoint/work-from-home-exposes-already-infected-machines-in-50k-us-organizations-/d/d-id/1337606

    4. Waiting for a Rainy Day to Do Security Training? It's Pouring:
      https://www.sdxcentral.com/articles/news/waiting-for-a-rainy-day-to-do-security-training-its-pouring/2020/04/

    5. Google: US government targeted with 'free fast food' coronavirus phishing:
      https://www.zdnet.com/article/google-us-government-targeted-with-free-fast-food-coronavirus-phishing/

    6. FBI enlists internet domain registries in fight against coronavirus scams:
      https://www.justice.gov/opa/pr/department-justice-announces-disruption-hundreds-online-covid-19-related-scams

    7. Antivirus tools themselves are an attack surface, and can be exploited like any other code. Here's how:
      https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software/

    8. Unproven Coronavirus Therapy Proves Cash Cow for Shadow Pharmacies:
      https://krebsonsecurity.com/2020/04/unproven-coronavirus-therapy-proves-cash-cow-for-shadow-pharmacies/

    9. Spike in Company Compromises Correlates With Lockdowns:
      https://www.securityweek.com/spike-company-compromises-correlates-lockdowns

    10. Great budget ammo video: "Why you MUST phish and train your users during the pandemic" 2:20:
      https://vimeo.com/410727166
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2020 KnowBe4, Inc. All rights reserved.



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews