.jpg)
"ALERT: New Ransomware Spear Phish Uses One-Click Dropbox Attack
The cyber-mafia is stepping up the pressure. As you know, there are several competing gangs that are furiously innovating in an attempt to grab as much money as possible. Call it a criminal virtual land-grab.
A new ransomware attack was spotted that uses a highly-targeted spear phishing attack using Dropbox as a delivery mechanism. It only takes one click to infect a workstation and a victim has just 24 hours to pay the ransom in Bitcoin, which is very aggressive.
It's called the "Pacman" ransomware, suggesting pictures of something eating up all files. The ransomware strain is highly malicious. Besides containing a ransomware payload, the code includes a keylogger and has "kill process" capabilities that shut down Windows operating system functions like taskmgr, cmd, regedit and more which makes it very hard to remove this malware.
Europe is often used as a beta-testing ground for attacks on the U.S., so you can just wait for this to happen here. The problem is that this spear phishing attack is focused on a small vertical, but fully automated. In this case it's chiropractors in Denmark. But remember that with the tens of millions of data-breach records out there, it's very easy to do this. Next time if can be your employees getting one of these in their inbox, specifically targeted for your company.
Please read more at this new blog post, it has screenshots, technical background and some "What To Do About It" recommendations:
https://blog.knowbe4.com/alert-new-ransomware-spearphish-uses-one-click-dropbox-attack
How To Stop Surging Social Engineering Attacks
Michael Heller at TechTarget wrote a good (longish) article where he concluded: "As more personal and corporate information is shared on the Web, social engineering techniques and attacks are becoming increasingly sophisticated, forcing enterprises to adopt new awareness training methods to protect employees."
I'm giving you a short summary and you can read the whole thing at the link below. When looking at enterprise security, social engineering (SE) is often convincing a company employee to click a malicious link or open a malware-infected file, and the transmission method of these attacks is most often through email. SE is a major component of IT's longstanding battle with phishing schemes. It's also an element in the resurgence of macro viruses, which are caused by SE messages that convince employees to override security settings designed to prevent macros from running.
According to Cody Pierce, director of vulnerability for Arlington, VA-based security research firm Endgame: "Without the social engineering aspect, it's harder to get past the point where you need user interaction for the exploit," Pierce said. "For macro viruses and such, there will be warnings, so you need social engineering to get users past that point."
A Social Engineering Renaissance
Pierce and other experts said that these types of attacks are getting more difficult to stop because of the wealth of information made publicly available on the Web via social media. That information can be used to craft much more convincing and targeted attacks, which had led to something of a renaissance for SE.
"Twitter will tell you what app is used to post, which leads to what platform is used. LinkedIn connects to work contacts, and Facebook has everyone," said Pierce. "Phishing will continue to stay popular as long as we're all connecting over the Internet and easy to talk to or build a relationship with, because someone will take advantage of that situation."
Security Awareness Training Needs To Catch Up
As SE techniques get more sophisticated and attacks appear more like authentic messages, experts say that training methods need to evolve as well. The trick to educating employees has always been to make people suspicious of these requests, but that is getting more difficult because it often isn't enough to simply have users keep an eye out for improper use of language or odd typos.
Experts all agreed that traditional training sessions that happen infrequently is not enough. Training needs to be done in levels, beginning with teaching employees to look out for misspellings and improper use of language. The next level includes making some employees aware when they are at more of a risk to be targeted, including those with access to financial information and other sensitive data. Lastly, employees should be made aware of sharing habits on social networks, and to be especially careful of potentially fraudulent friend requests, which could ultimately negate any controls put in place to limit access to information.
A number of experts also advocated the use of more real-time training, which would include simulated internal phishing campaigns, sending text messages or social messages to employees trying to catch those who lapse.
We could not agree more. Find out how affordable this is for your organization today.
https://info.knowbe4.com/kmsat_get_a_quote_now
Link to article:
https://searchsecurity.techtarget.com/news/4500243233/Social-engineering-techniques-are-becoming-harder-to-stop-experts-say
NEW: This Week's Five Most Popular HackBusters Posts
There is an enormous amount of noise in the security space, so how do you know what people really talk about and think is the most important topic? Well, we created the Hackbusters site for that. Hackbusters grabs feeds from hundreds of security sites, blogs and other sources. We track which topics are most liked, shared, retweeted and favored, and we built an algorithm that bubbles up the real hot topics. We tweet when a #1 hot security topic bubbles up. Follow @Hackbusters on Twitter and you will get tweets with the actual breaking hot security news:
https://twitter.com/hackbusters
Here are this week's five most popular hackbusters posts:
- Canada Revenue Agency Warns Of Text Message Phishing Scam:
https://www.hackbusters.com/news/stories/293173-canada-revenue-agency-warns-of-text-message-phishing-scam-ctv-news
- A $60 Gadget That Makes Car Hacking Far Easier:
https://www.hackbusters.com/news/stories/293069-a-60-gadget-that-makes-car-hacking-far-easier
- Stealing Data From Computers Using Heat:
https://www.hackbusters.com/news/stories/291777-stealing-data-from-computers-using-heat
- NSA Doesn’t Need to Spy on Your Calls to Learn Your Secrets:
https://www.hackbusters.com/news/stories/293459-nsa-doesn-t-need-to-spy-on-your-calls-to-learn-your-secrets
- GitHub hit by Massive DDoS Attack From China:
https://www.hackbusters.com/news/stories/295001-github-hit-by-massive-ddos-attack-from-china
Warm Regards,
Stu Sjouwerman
Quotes of the Week:
" Your task is not to seek for love, but merely to seek and find all the barriers within yourself that you have built against it. " Rumi, (1207 - 1273)
" To thine own self be true, and it must follow, as the night the day, thou canst not then be false to any man. " - William Shakespeare (1564 - 1616)
35 percent of Kansas City Employees Turn Out Phish-prone
Would-be hackers duped 35% of Kansas City employees into opening the door to municipal computer systems sometime in the last six months, a city audit report said. Each employee had given up log-in credentials after responding to an email that had been sent to collect just such critical information. They’d fallen for what is commonly called a phishing attack and turned out to be Phish-prone.
Luckily, the attack was a fake, a test conducted by city auditors. “We phished ourselves to see how we’d do,” city auditor Douglas Jones said Thursday.
Jones said he wanted to know not only how employees would treat the phishing email but also how the city’s information technology teams would handle the breach, to which they had not been privy.
Official results and recommendations from Kansas City’s test came out this week in a report to Mayor Sly James and the City Council. Work is underway on written policies to direct the IT department’s response to phishing attacks like this test, the audit report said. And all employees are in for mandatory training.
Here’s how it played out at City Hall, though Jones isn’t saying when the test took place. The test began as 3,115 fake phishing emails started landing in employees’ in boxes. Within the hour, 66 employees had clicked on the email’s link to a fake website set up for the test. In hour two, 226 more clicked through followed by 195 in hour three.
Kansas City’s IT staff spotted the phish early in the fourth hour and began alerting employees. The effort helped reduce the potential for damage, as clicks to the fake website fell to 62 in that hour, and then fell by half in each of the next three hours.
Employees who had given up their log-in information were instructed to change their passwords if they’d clicked on the phishing email’s link. Tracking their actions found that two thirds had done so during the first 24 hours, but that 30 percent had not changed their passwords within 48 hours after the attack. Full article here. (Note that I have corrected the math which was completely off in the original article)
http://blog.knowbe4.com/35-percent-of-kansas-city-employees-turn-out-phish-prone
Find out for free what percentage of your employees is Phish-prone with the no-charge Email Exposure Check:
https://www.knowbe4.com/email-exposure-check/
Ransomware on TV: Hackers Held Computer Files For Ransom
MERCER ISLAND, Wash. - Insurance broker Jenny Kim-Woerman knows pressure. Her office is always busy, but the stress reached a new level when a Cyber-style hostage situation took over on March 4. It started at Office Manager Stefanie Bielekova's computer.
Their data was being held for ransom. On the computer, a countdown clock showed 12 days to pay $600 in Bitcoins, a type of digital currency. "It was a very intense time for us because it was our policy renewal so there was a lot of work, detailed work. I'm talking about spreadsheets upon spreadsheets upon spreadsheets," said Kim-Woerman.
They did not want to redo about three months worth of work, and decided to take a chance. "Hopefully, there was going to be honor among thieves," said Kim-Woerman. It worked. The data was decrypted. In this hack attack, where Firewalls failed, the pressure to pay up won out. Here is the clip:
https://www.king5.com/story/news/local/2015/03/27/hackers-ransonware-mercer-island/70530128/
RANT: Renewing Office 365 Online Hell
OK, this is a bit off-topic but I think you'll get a good chuckle out of it.
Buying a new Dell machine 12 months ago I decided to get a subscription to Office 365. For about a year everything ran fine, but then I started to get warning messages in the apps that I needed to renew my subscription. I'm a happy camper and have used Word for a long time so I click the BUY button.
However, I do not get seamlessly dropped on an ecommerce site where I can renew (ideally with one-click). No, I get an error message thrown into my text editor. Repeatedly. The renewal process is seriously borked. Read the rest at the KnowBe4 Blog:
https://blog.knowbe4.com/rant-renewing-office-365-online-dhell
Tax Fraud Advice Straight From The Scammers
Some of the most frank and useful information about how to fight fraud comes directly from the mouths of the crooks themselves. Online cybercrime forums play a critical role here, allowing thieves to compare notes about how to evade new security roadblocks and steer clear of fraud tripwires.
Few topics so reliably generate discussion on crime forums around this time of year as tax return fraud, as we'll see in the conversations highlighted in this post at Krebs:
https://krebsonsecurity.com/2015/03/tax-fraud-advice-straight-from-the-scammers/
What Are Our Customer Saying?
"The service and platform you provide are invaluable to our business and we couldn’t be happier! I’ve seen a consistent decline from 17.1% Phish-prone Percentage of my initial test (last November) down to a 0% in my February campaign. I’m always glad to see the implementation of new features, and I am about to take advantage of a 9 category random test to my users. Nothing but great things to say about KnowBe4 and the service you provide!" Best Regards, - B.W | System Administrator
"I am very happy and have talked to other CIOs across the state about what we are doing with your service. Right now we have about 30 days before all the users must complete all training modules. Once everyone has completed there will be some very targeted spear phishing attacks sent to specific departments that are prime targets from outside attackers. We will see what our failure rate is and then target those users for more training. Will let you know how things go in a month." - A.T. Director Information Technology
