CyberheistNews Vol 10 #41 [Heads Up] Paying Ransomware Criminals Might Land You a Steep Federal Fine




CyberheistNews Vol 10 #41
[Heads Up] Paying Ransomware Criminals Might Land You a Steep Federal Fine

The US Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned multiple ransomware criminals over the last few years, most notably the Russian cybercrime syndicate aptly named Evil Corp. However, not only Eastern European hackers were sanctioned, various North Korean and Iranian actors are also on the list.

Oct 1st, 2020 OFAC made it clear to U.S. companies that paying millions of dollars of ransoms to those groups will invite hefty fines from the federal government.

To pay or not to pay

That puts any organization that becomes a ransomware victim between a rock and a hard place. If they don't pay the ransom, the downtime will be extremely costly, or the hackers may leak their sensitive customer data. If they do, even through a third-party mediator, they could find themselves in deep trouble stateside because it's impossible on short notice to verify who the cyber criminal really is that is holding your data hostage.

Fines of up to 20 million

In its advisory (PDF), OFAC said “companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations.”

Those that run afoul of OFAC sanctions without a special dispensation or “license” from Treasury can face several legal repercussions, including fines of up to 20 million dollars.

CONTINUED with links at the KnowBe4 blog:
https://blog.knowbe4.com/heads-up-paying-ransomware-criminals-might-land-you-a-steep-federal-fine
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Join us TOMORROW, Wednesday, October 7 @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.

Get a look at new features and see how easy it is to train and phish your users:
  • NEW! AI Recommended training suggestions based on your users’ phishing security test results.
  • NEW! Brandable Content feature gives you the option to add branded custom content to select training modules.
  • Train your users with access to the world's largest library of 1000+ pieces of awareness training content.
  • Send fully automated simulated phishing attacks, including thousands of customizable templates with unlimited usage.
  • Assessments allows you to find out where your users are in both security knowledge and security culture to help establish baseline security metrics you can improve over time.
  • Advanced Reporting on 60+ key awareness training indicators.
  • Active Directory Integration to easily upload user data, eliminating the need to manually manage user changes.
Find out how 35,000+ organizations have mobilized their end-users as their human firewall.

Date/Time: TOMORROW, Wednesday, October 7 @ 2:00 PM (ET)

Save My Spot!
https://event.on24.com/wcc/r/2705368/AF5A9CC4FDD7D1C9DEDDB7FC2033E0AE?partnerref=CHN2
[Heads Up] Scam of the Week: Watch Out for Trump COVID Disinformation

The bad guys are going to have a ball with this one. President Trump announced that he and first lady Melania are COVID Positive. This event will be used in a variety of ways through social media posts, phishing attacks, and disinformation campaigns just to name a few.

What To Do About It

Train all employees to especially watch out for any messaging related to this event and think before they click. We strongly recommend you inoculate all your employees and we developed a new template to help you do this immediately.

Generally, whatever COVID ruse is being used, your users will wind up with either infected workstations at the house or in the office, giving out personal information or unleashing ransomware on your network. Give them a heads-up that especially now they need to stay on their toes with security top of mind.

I would send your employees, friends and family something like the following. Feel free to copy/paste/edit.
"Last week President Trump announced that he and the first lady were COVID positive and that they are quarantining themselves in the residence of the White House. A day later it was announced he was going to the Walter Reed hospital for treatment. You can expect that bad guys are going to use this event in social media posts, phishing attacks and disinformation campaigns to shock and trick you into clicking on links or opening attachments. Don't fall for it. Remember to always Think Before You Click!
For KnowBe4 Customers, there are now well over 60 different Coronavirus-themed simulated phishing templates you can use to inoculate your users against this type of attack.

Please forward this blog post to your friends:
https://blog.knowbe4.com/heads-up-scam-of-the-week-watch-out-for-trump-covid-disinformation
See How You Can Get Audits Done in Half the Time at Half the Cost

You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments and third-party vendor risk is a continuous problem.

KCM GRC is a SaaS-based platform that includes Compliance, Risk, Policy and Vendor Risk Management modules. KCM was developed to save you the maximum amount of time getting GRC done.

Join us TOMORROW, Wednesday, October 7 @ 1:00 PM (ET), for a 30-minute live product demonstration of KnowBe4's KCM GRC platform. Plus, get a look at new compliance management features we’ve added to make managing your compliance projects even easier!
  • NEW! Control guidance feature provides in-platform suggestions to help you create controls to meet your specific scopes and requirements.
  • NEW! Assign additional users as approving managers to review task evidence before a task is closed with tiered-level approvals.
  • Vet, manage and monitor your third-party vendors' security risk requirements.
  • Simplify risk management with an intuitive interface and simple workflow based on the well-recognized NIST 800-30.
  • Quick implementation with pre-built requirements templates for the most widely used regulations.
  • Dashboards with automated reminders to quickly see what tasks have been completed, not met, and past due.
Date/Time: TOMORROW, Wednesday, October 7 @ 1:00 PM (ET)

Save My Spot!
https://event.on24.com/wcc/r/2705330/FF0FAC84361B9393B609D525915A4F2C?partnerref=CHN2
"Malicious Actors Crash U.S. Election: Spoofed Emails Attempts to Gather U.S. Voter Registration Data.”

Unless you recently beamed down from Mars, you are undoubtedly aware that election season is upon us in the United States. Indeed, the upcoming U.S. Presidential Election is currently competing for eyeballs with the ongoing COVID-19 public health crisis in news stories as well as social media. To say these are turbulent times would be an understatement.

Malicious actors are certainly aware of it, judging from an email that was reported to us yesterday by a customer using the Phish Alert Button (PAB). The social engineering tactic being used here is a classic one in which email recipients are told of a problem with one of their accounts (usually a bank account) and are then offered a link to fix or redress the problem.

Although the email itself claims to have been sent by the U.S. Election Assistance Commission, the link in the email sends users to a web page that spoofs ServiceArizona -- part of the state government of Arizona -- complete with images pulled directly from the state's official site.

CONTINUED:
https://blog.knowbe4.com/malicious-actors-crash-u.s.-election-spoofed-emails-attempt-to-gather-u.s.-voter-registration-data
The Pesky Password Problem: Policies That Help You Gain The Upper Hand on the Bad Guys

What really makes a “strong” password? And why are your end-users tortured with them in the first place? How do hackers crack your passwords with ease? And what can/should you do about your authentication methods?

For decades, end-users have borne the brunt of the password tyranny, a result of the IT industries’ inability to engineer secure systems. Password complexity, length, and rotation requirements are the bane of your end-user experience and literally the cause of thousands of data breaches. But it doesn't have to be that way!

Join Roger Grimes, KnowBe4's Data-Driven Defense Evangelist, to find out what your password policy should be and learn about the common mistakes organizations make when creating password policy.

In this webinar you'll learn:
  • Why passwords are so easy to hack and how the bad guys do it
  • How to craft a secure, risk-focus password security policy
  • The truth about password managers and multi-factor authentication and how they impact your risk
  • How to empower your end users to become your best last line of defense
  • And earn CPE credit for attending!
Date/Time: Thursday, October 15 @ 2:00 PM (ET)

Save My Spot!
https://event.on24.com/wcc/r/2716915/479985593DACF76BEC5D766BB55DA01C?partnerref=CHN1

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

PS: September Fresh Content Updates from KnowBe4: And Get Your 2020 Resource Kit for National Cybersecurity Awareness Month Here:
https://blog.knowbe4.com/september-fresh-content-updates-from-knowbe4-get-your-2020-resource-kit-for-national-cybersecurity-awareness-month



Quotes of the Week
"To win you've got to stay in the game."
- Claude M. Bristol, Writer (1891 - 1951)



"I think the next best thing to solving a problem is finding some humor in it."
- Frank Howard Clark, Screenwriter (1888 – 1962)



Thanks for reading CyberheistNews

Security News
Phishing Attacks Continue to Grow in Sophistication

Both criminal and nation-state threat actors have “rapidly increased in sophistication” over the past twelve months, according to Microsoft’s Digital Defense report. Microsoft found that attackers are putting more effort into social engineering tactics, and they’re incorporating more familiar techniques like credential stuffing to maximize their effectiveness.

“Email phishing in the enterprise context continues to grow and has become a dominant vector,” the report states. “Given the increase in available information regarding these schemes and technical advancements in detection, the criminals behind these attacks are now spending significant time, money, and effort to develop scams that are sufficiently sophisticated to victimize even savvy professionals.

Attack techniques in phishing and business email compromise (BEC) are evolving quickly. Previously, cybercriminals focused their efforts on malware attacks, but they’ve shifted their focus to ransomware, as well as phishing attacks with the goal of harvesting user credentials.”

Microsoft warns that attackers are automating their attacks in order to avoid detection, which results in millions of new malicious URLs being distributed each month.

“In 2019 we blocked over 13 billion malicious and suspicious mails, out of which more than 1 billion were URL-based phishing threats (URLs set up for the explicit purpose of launching a phishing credential attack),” the report says.

“These URLs were set up and weaponized just in time for the attacks and had no previous malicious reputation. We’re seeing approximately 2 million such URL payloads being created each month for credential harvesting, orchestrated through thousands of phishing campaigns.”

Microsoft notes that the number of COVID-19 themed phishing attacks has fallen in recent months, after spiking in March. This isn’t surprising: the attackers exploited the chaos and confusion at the start of the pandemic, then adapted their lures when things (sort of) began to settle down.

“Over the past several months, we have seen cybercriminals play their well established tactics and malware against our human curiosity and need for information,” Microsoft says. “Attackers are opportunistic and will switch lure themes daily to align with news cycles, as seen in their use of the COVID-19 pandemic.”

While attackers are constantly evolving their tactics to evade new defenses, Microsoft notes that most of these attacks are still fundamentally similar.

“Despite sophistication and diversity of the attacks, the methodology is often the same, whether the actors use large-scale attacks for financial gain or targeted attacks to support geopolitical interests,” the report says. “A phishing email can be a massive campaign targeting millions of users or a single, targeted email that represents a socially engineered marvel many months in the making.”

Likewise, Microsoft points out that organizations and individuals can thwart most cyberattacks by implementing basic security hygiene.

“Given the leap in attack sophistication in the past year, it is more important than ever that we take steps to establish new rules of the road for cyberspace: that all organizations, whether government agencies or businesses, invest in people and technology to help stop attacks; and that people focus on the basics, including regular application of security updates, comprehensive backup policies and, especially, enabling multi-factor authentication (MFA),” Microsoft says.

“Our data shows that enabling MFA would alone have prevented the vast majority of successful attacks.” New-school security awareness training enables your employees to make smarter security decisions.

Microsoft has the story:
https://blogs.microsoft.com/on-the-issues/2020/09/29/microsoft-digital-defense-report-cyber-threats/
What KnowBe4 Customers Say

"Good morning Stu, I wanted to make sure you were aware of what an outstanding asset you have in Michelle Silva, your Regional Account Manager in Clearwater Florida. I've been reading your blogs and emails for some time now and was finally able to get my company to make what I believe is a necessary investment in our security.

We are a small nonprofit hospice that has to manage our expenditures very carefully. Fortunately, Michelle is a master at her craft and presented us with an outstanding demo of your product features that answered all of our questions and more. She then worked out pricing for us that was so attractive, we couldn't afford not to buy.

I've been in IT for more than 50 years, with much of that specializing in security. I still do security consulting for a select group of financial clients and I'll be speaking to them about your products, as my team gains experience with your tools. It's great to see someone in this industry who has a true feel for the importance of security and how to implement it.

And it's encouraging to see that you have people like Michelle Silva helping companies understand how to put your to offerings work for them."
P.D., Director of Information Technology
The 10 Interesting News Items This Week
    1. Deepfake Putin is here to warn Americans about their self-inflicted doom:
      https://www-technologyreview-com.cdn.ampproject.org/c/s/www.technologyreview.com/2020/09/29/1009098/ai-deepfake-putin-kim-jong-un-us-election/amp/

    2. Ransomware Attacks Morph Into a Deadly Concern - Wall Street Journal:
      https://www.wsj.com/articles/mounting-ransomware-attacks-morph-into-a-deadly-concern-11601483945?

    3. Experts Warn of $15m Global BEC Campaign:
      https://www.infosecurity-magazine.com/news/experts-warn-of-15-million-global/

    4. Phishing Is All About Baiting the Hook:
      https://cybersecurityventures.com/phishing-is-all-about-baiting-the-hook/

    5. Microsoft report shows increasing sophistication of cyber threats:
      https://blogs.microsoft.com/on-the-issues/2020/09/29/microsoft-digital-defense-report-cyber-threats/

    6. Russia responsible for over half of all state-sponsored hacking, Microsoft says:
      https://www.independent.co.uk/life-style/gadgets-and-tech/russia-hacking-state-pandemic-microsoft-north-korea-b746780.html

    7. Healthcare giant UHS hit by ransomware attack:
      https://techcrunch.com/2020/09/28/universal-health-services-ransomware/

    8. Gamers Hit With Over 14 Million Credential Stuffing Attacks Daily:
      https://atlasvpn.com/blog/gamers-hit-with-over-14-million-credential-stuffing-attacks-daily

    9. Windows XP and Server 2003 compiled from leaked source code:
      https://www.bleepingcomputer.com/news/microsoft/windows-xp-and-server-2003-compiled-from-leaked-source-code/

    10. American Bankers Assoc Anti-Phishing Campaign complete with You Tube series:
      https://www.aba.com/advocacy/community-programs/banksneveraskthat
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2020 KnowBe4, Inc. All rights reserved.



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews