CyberheistNews Vol 5 #31 Scam Of The Week: Microsoft Windows 10 Upgrade Installs Ransomware



 
                                                       
CyberheistNews Vol #5 #31 August 4, 2015

Scam Of The Week: Microsoft Windows 10 Upgrade Installs Ransomware

       
Major Operating System upgrades usually cause confusion among end-users and the current Windows 10 upgrade is no exception. The bad guys exploit these confusions in several ways, mostly through massive phishing campaigns and with criminal call-center operations which claim to be Microsoft tech support.

Some campaigns will try to worry the user that their PC has changed somehow, causing access issues. Other phishing emails will try to lure the user with links where they can get their new no-charge version of Windows 10, or have it "attached" in a zipped file, which makes it our Scam Of The Week, because the attachment is the CBT-Locker ransomware.

Unfortunately there are no limits to criminal inventiveness. So, I suggest you send something like the following to your end-users and/or friends and family. Feel free to copy/paste/edit as needed, per your own policies related to OS upgrades:

"Microsoft is in the process of releasing their new Windows 10 Operating System. This is an upgrade that you do not pay for, promises to fix problems with earlier versions, and claims to be more secure. They plan to upgrade a billion personal computers, causing inevitable confusion among PC users.

"Bad guys are trying to exploit this confusion. You might get calls from scammers that claim to be Microsoft tech support and try to charge you for the upgrade using your credit card.

"Be very careful with any email claiming to be from Microsoft about "your Windows 10 Upgrade". Make sure that any links in the email really go to Microsoft. Better yet, do not click on any link or open any attachment, but go to the Microsoft website for more information." Here is the link:
http://www.microsoft.com/en-us/windows/windows-10-upgrade? 

For KnowBe4 customers, we have a new template in the IT section called "Windows 10 Upgrade Error". We think it would be wise to send this template to your users and inoculate them against this type of social engineering as soon as possible.

If you aren't a KnowBe4 customer yet, find out how affordable Kevin Mitnick Security Awareness Training is, and be pleasantly surprised:
http://info.knowbe4.com/kmsat_get_a_quote_now

Regarding Win10 itself, I would hold off upgrading your users wholesale until a LOT of field testing has been done. I am running it on a machine at the house and there are good reasons not to rush into the upgrade, because of some new features like the "Windows Update Delivery Optimization (WUDO) which works like torrents do, and makes your Win10 machine part of a peer-to-peer network delivering Win10 to other users using your bandwidth, and the new "Wi-Fi Sense" which makes Wi-Fi more available and accessible - for better or for worse.

In theory, someone who wanted access to your company network could befriend an employee or two, and drive into your office parking lot to be in range, and then gain access to your wireless network. See Brian Krebs' post about it:
http://krebsonsecurity.com/2015/07/windows-10-shares-your-wi-fi-with-contacts/?

Also, apart from being a "security upgrade", Win10 also grabs all information it can get its hands on, this version is incredibly intrusive by default. Just open Settings and click on Privacy. There, you’ll find 13 different screens — yes, 13 — to go through, and you’ll want to disable anything that seems worrying, you should definitely adjust what types of data each app on that box can access.

I was interviewed by InfoWorld yesterday about how this type of cybercrime has been and will be developing. Read the interview here:
http://www.infoworld.com/article/2955704/cyber-crime/windows-10-upgrade-scams-are-only-warming-up.html

Leaked NSA Slides: Chinese Hackers Wreaking Havoc On USA

I have been talking for years at the KnowBe4 blog about the Chinese hacking into the U.S. for mainly espionage, using highly sophisticated social engineering and spear-phishing attacks. This week, NBC News got their hands on leaked slides from a February 2014 NSA presentation which highlight in specific detail the extent to which China has successfully hacked U.S. organizations, which illustrate my point. It's great ammo to get more IT security budget.

As indicated by the map (see link below), each red dot represents a successful Chinese hack, stealing corporate and military secrets and data about America’s critical infrastructure, particularly the electrical power and telecom and internet backbone. Add them up and there were about 700 successful hacks on U.S. targets over the last five years. And that's only the ones we know about. 

As you would expect, the successful hacks are mostly in California and in the DC and Maryland area. As for the type of data the Chinese hackers were able to exfiltrate, it was information as varied as pharmaceutical products to details surrounding both U.S. military and civilian air traffic control systems.

The report further adds that the map was originally prepared as part of a larger briefing by the NSA Threat Operations Center. During said briefing, officials reportedly indicated that China has a particular interest in keeping tabs on Google and "defense contractors like Lockheed Martin, and in air traffic control systems." Here is the map:
http://blog.knowbe4.com/leaked-nsa-slides-chinese-hackers-wreaking-havoc-on-usa


Phish or Be Phished? The Choice is Yours

Hackers have a backdoor into your network: your employees. Of the 150+ Million phishing emails being sent every single day, over 10% are making it through SPAM filters. Of those, over 8 million are opened, and over 800,000 users are clicking on phishing links. An average of 80,000 users a day are phished and actually provide sensitive information to cyber-criminals or cause ransomware infections because they believe the email or web link to be legitimate. Are your users among the 80,000 daily victims?

Read a great article by our Guest Blogger Brad Mathis, CISSP, Senior InfoSec Consultant. It provides very good ammo to get budget approval for end-user training. Read it over at the KnowBe4 Blog:
http://blog.knowbe4.com/phish-or-be-phished-the-choice-is-yours
Warm Regards,
Stu Sjouwerman

Quotes Of The Week
 
       
"Security is mostly a superstition. It does not exist in nature, nor do the children of men as a whole experience it. Avoiding danger is no safer in the long run than outright exposure. Life is either a daring adventure, or nothing." - Helen Keller, Author (1880 - 1968)

"The adage is true that the security systems have to win every time, the  attacker only has to win once."  - Dustin Dykes.
Thanks for reading CyberheistNews
  
Security News
 

A New Ransomware Hostage Rescue Manual

Get this informative and complete hostage rescue manual on ransomware. The 20-page manual is packed with actionable info you need to prevent infections, and what to do when you are hit with ransomware. You also get a Ransomware Attack Response Checklist and Ransomware Prevention Checklist.    

    You will learn more about:    
    1. What is Ransomware?

    2. Am I Infected?

    3. I’m Infected, Now What?

    4. Protecting Yourself in the Future

    5. Resources
Don’t be taken hostage by ransomware. Download now and forward/share to  your friends, this is good stuff:
http://info.knowbe4.com/ransomware-hostage-rescue-manual-0

Or, read the article in BetaNews first, and then download:
http://betanews.com/2015/07/10/how-to-protect-yourself-against-ransomware/ 

This Week's Five Most Popular HackBusters Posts

Mid Year 2015 - 78% Of 1,860 Data Breaches The Result of Hacking

Risk Based Security has released its 2015 Mid-Year Data Breach QuickView Report highlighting the data breach trends over the first six months of the year.

Report Highlights:
    • The number of reported data breaches tracked by Risk Based Security has exceeded 16,700 exposing nearly 3.9 billion records.

    • There were 1,860 data breaches reported during the first six months of 2015 exposing 228 million records.

    • Five hacking data breaches alone exposed a combined 181.3 million records.

    • A single act of Hacking exposed 78.8 million records.

    • 78.4% of reported data breaches were the result of hacking, which accounted for 95.3% of the exposed records.

    • Breaches involving U.S. entities accounted for 37.6% of the data breaches and 55.3 of the exposed records.

    • 40.4% of the data breaches exposed between one and 100 records.

    • Seventeen (17) data breaches exposed one million or more records.

    • The Anthem Insurance breach of 78.8 million records rests at #15 of all time.
The Data Breach QuickView report is intended to be an executive level summary of the key findings from RBS' analysis of the first half of 2015's data breach incidents. You can view the 2015 Data Breach QuickView report here, which has some very interesting stats:
https://www.riskbasedsecurity.com/reports/2015-MidYearDataBreachQuickView.pdf

Phishing Attacks Up 74% in Q2

Tara Seals over at InfoSec Mag reported on some worrying numbers. 

Because DNS is required for almost all Internet connections, cyber-criminals are constantly creating new domains to unleash a variety of threats, ranging from simple malware to exploit kits, phishing, distributed denial of service (DDoS) attacks and data exfiltration.

"DNS is critical infrastructure for the Internet that can’t be turned off. Through our analysis, it’s apparent that cyber-criminals recognize this and see DNS as a vector for penetrating government, corporate and personal networks," said Rod Rasmussen, CTO at IID.

The Infoblox DNS Threat Index, powered by IID, has a baseline of 100—the average of quarterly results for the years 2013 and 2014. In the first quarter of 2015, the index stood at 122, and has now jumped an additional 11 points to a record high of 133 in the second quarter.

Phishing and the growing demand for exploit kits were the most significant contributors to the index’s record high.

Phishing alone was up 74%

"Phishing has been around for a long time, and the most recent index numbers show attackers are using it enthusiastically," the report noted. "Criminals stick with phishing because it works, and because it’s often easier to trick humans into giving up sensitive information than to overcome increasingly sophisticated cybersecurity systems.

"Teaching internal users to be diligent and aware of the links they are clicking on is one level of protection. But with such important information at risk once exploited, organizations should also deploy technology that leverages current threat data to block traffic to and from these malicious sites.”

Meanwhile exploit kits, collections of malicious software that take advantage of security holes in operating systems and popular applications such as web browsers, accounted for 41% of malicious domain creation in the second quarter of 2015. More at:
http://www.infosecurity-magazine.com/news/dns-threats-led-by-phishing-up-58/

AV Firm BitDefender Hacked; Did Not Encrypt Customer Passwords

I saw it first at The Hacker News. Mohit Kumar, Founder and Editor-in-Chief had the scoop and his analysis hit the nail on the head: "The Data breach in BitDefender is incredibly embarrassing for the security firm, not because the company failed to prevent its customers data from hackers, but because the security company failed to encrypt its customers’ most sensitive data."

You would really expect Infosec people like BitDefender to apply common security principles to their own website and not get caught with their pants down in a SQL injection hack which then exposes unencrypted customer passwords. OUCH.

Thing is, in the AV industry, BitDefender is known as one of the best AV engines out there. They always score very high on the quarterly industry tests at Virus bulletin. As a matter of fact, I have all systems at the house running BitDefender.

The Romanian security company admitted its system was breached and said that the attack on its system didn’t penetrate the server, but a security hole "potentially enabled exposure of a few user accounts and passwords".

"The issue was immediately resolved, and additional security measures have been put in place to prevent its reccurrence," the company’s spokesperson said in a statement. "Our investigation revealed no other server or services were impacted."

Bitdefenders' Marius Buterchi confirmed the hacked accounts, and said the company was "Aware of the issue and have reset the passwords for the customers who’s credentials have been made public." He added "They are actively investigating how these passwords were made public."

Hacker Demands Ransom Money....

The hackers made off with a "limited" number of credentials of BitDefender customers, following rumors that they are threatening to release the leaked data publicly unless the ransom of $15,000 is paid by BitDefender. Over the weekend, the hacker online exposed a list of usernames and passwords for more than 250 BitDefender accounts. Again, the 3 weak links are people, policy and procedure, not technology You can read the story blow by blow at HackerFilm:
http://blog.hackerfilm.com/2015/07/antivirus-maker-bitdefender-hacked.html

Cyberheist 'FAVE' LINKS:
 
Copyright © 2014-2015 KnowBe4 LLC, All rights reserved.

Our mailing address is: 33 North Garden Ave Suite 1200, Clearwater, Florida, 33755



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews