CyberheistNews Vol #5 #47 CryptoWall Damage 325 Million - FBI says: "Just Pay the Ransom"

A brand new report from the Cyber Threat Alliance (CTA) showed the staggering damage caused by a single Eastern European cyber mafia. The CTA is an industry group with big-name members like Intel, Palo Alto Networks, Fortinet and Symantec and was created last year to warn about emerging cyber threats.

We have warned here many times about the pervasiveness of CryptoWall, a new strain of ransomware which has Cryptolocker as its predecessor. CryptoWall poses a danger to both consumers and businesses. If a machine is infected and there is no recent backup, the files are lost forever. This is highly sophisticated code, with bullet proof encryption.

The CTA chose CryptoWall as its first major project, discovered over 4,000 malware samples relating to CryptoWall 3.0 and well over 800 URLs of Command & Control servers. The area most targeted was the USA, likely because it is a target-rich environment. Around half of all CryptoWall victims were American.

Over 406,000 attempted infections were discovered by the CTA researchers — primarily phishing emails which were 67.3% and Exploit Kits (EK) which were 30.7%. The majority of the phishing emails were sent in the January-April 2015 time frame, with the attackers changing their tactics in May when they concentrated more on exploit kits like the Angler EK.

The CTA did a thorough analysis of all the Bitcoin paid, and came to the conclusion that despite a complex scheme, all monies paid ultimately flowed to the same criminal gang.

The report paints a picture of a professionally-run operation with unbreakable encryption which means most businesses infected are forced to make a pragmatic decision to pay the ransom, normally around 500 dollars. The real cost is not the ransom, it is the downtime caused by data not being accessible and IT (overtime) hours to fix things, and sometimes whole departments sitting on their hands.

Even an FBI agent last week was quoted that if you had no backup, it was best to pay the ransom to get your files back.

“The ransomware is that good,” said Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in its Boston office. “To be honest, we often advise people just to pay the ransom.”

Bonavolonta was addressing a gathering of business and technology leaders at the Cyber Security Summit 2015 on Wednesday at Boston’s Back Bay Events Center. He was referring to ransomware programs like Cryptolocker, CryptoWall, and other strains.

SophosLabs threat researcher Anand Ajjan says CryptoWall has the same code as CryptoLocker, and only differs in the name. The evil genius behind both ransomware strains is FBI’s most wanted list of cybercriminals: Russian hacker Evgeniy Bogachev. Bogachev, the authorities believe, was responsible for operating both GameOver Zeus which captures banking credentials and then authorize transfers from their accounts and CryptoLocker which together have infected hundreds of thousands of machines.

You could almost see a ransomware infection as a security audit - or a shot across the bow if you will - that points to a painful deficiency in your defense-in-depth which needs urgent fixing. Relying on antivirus clearly does not cut it anymore.

Since one of the major CryptoWall infection vectors is email, it makes a lot of sense to step your end-users through effective security awareness training which can prevent potentially very expensive ransomware infections caused by phishing emails. Find out how affordable this is for your organization and be pleasantly surprised:
https://info.knowbe4.com/kmsat_get_a_quote_now

Today, your employees are frequently exposed to sophisticated phishing and ransomware attacks. Old school Security Awareness Training doesn’t hack it anymore. More than ever, your users are the weak link in your network security.

Join us on Thursday, November 5, 2015, at 2:00 p.m. (EST) for a 30-minute live product demonstration of the innovative Kevin Mitnick Security Awareness Training Platform and see how easy it is to train and phish your users:

• Get a baseline, send a phishing test to your users to get your Phish-prone percentage.
  
  
• Easily roll out training campaigns for all users (or groups).

• Automated enrollment and follow-up emails to “nudge” users who are incomplete on the training.

• Send frequent phishing tests to keep your users on their toes with security top of mind.

• Point-of-failure training auto-enrollment.
  
  
• Reporting to watch your organization's phish-prone percentage drop, with great ROI.

Find out how more than 2,000 organizations have mobilized their end-users as their first line of defense.

Register Now: https://info.knowbe4.com/webinar-kevin-mitnick-security-awareness-training

"Nine tenths of education is encouragement."- Anatole France, Novelist

"Education is the most powerful weapon which you can use to change the world."
- Nelson Mandela

Thanks for reading CyberheistNews

1. EU Parliament Clears a Path to Give Snowden Asylum:
   http://www.hackbusters.com/news/stories/443894-eu-parliament-clears-a-path-to-give-snowden-asylum
   
   
2. Anonymous Vows To Leak Personal Information of 1,000 KKK Members:
   http://www.hackbusters.com/news/stories/442895-anonymous-vows-to-leak-personal-information-of-1-000-kkk-members
   
   
3. Biggest Complimentary Hosting Company Hacked; 13.5 Million Plaintext Passwords Leaked:
   http://www.hackbusters.com/news/stories/442734-biggest-free-hosting-company-hacked-13-5-million-plaintext-passwords-leaked
   
   
4. Judge rules man had right to shoot down drone over his house:
   http://www.hackbusters.com/news/stories/442703-judge-rules-man-had-right-to-shoot-down-drone-over-his-house
   
   
5. Jeremy Clarkson Fire TV Stick Commercial. Riot:
   http://www.hackbusters.com/news/stories/445575-in-amazon-ad-ex-top-gear-host-jeremy-clarkson-sticks-it-to-the-bbc

Some 93% of office workers engage in some form of risky online habits that could jeopardize their employer or customers, according to a survey by Intermedia.

Millennials are most likely to breach the personal and professional computing divide by installing apps without company approval, saving company files to personal cloud storage or engaging in other unsafe practices.

One in three IT pros has given out their credentials to other employees (compared to 19% across all respondents), while nearly 30 percent said they have accessed systems belonging to previous employers after they left the job (compared to only 13% among all respondents). A third said they would take data from their company if it would benefit them – nearly three times the rate of general business professionals.

And with a margin of error ±2.17% at a 95% confidence interval, the results fly in the face of conventional wisdom: it’s the workers that are most familiar with technology that often cause the biggest risks.

Read more about the new survey by Intermedia here:
https://www.intermedia.net/report/riskiestusers

Now this is something interesting. Dave Chapelle at Securebuzz wrote about a new way to protect your Bitcoins.

"Developers of the Bitcoin hardware wallet have celebrated its active use in 100 countries. TREZOR is designed to eliminate the need for 3rd party services to secure bitcoins, enabling security and simplicity for bitcoin users.

If you’re unfamiliar with Bitcoin, you can catch up with some history and check current Bitcoin value. As a virtual currency Bitcoin is a hacker target. In 2013 when the Bitcoin price rose to a 1,000 dollars, Kaspersky Labs began including Bitcoins in its research on financial cyber threats. That’s when SatoshiLabs began work on a hardware wallet.

'This is the first real end user solution to losing Bitcoins,' said SatoshiLabs CEO Alena Vranova. 'The concept comes from the premise that computers and phones are designed to share data. Hackers are always ahead. Whatever is valuable – your money, your data – has to go offline, where it’s not reachable by hackers.'" More at:
http://www.securebuzz.ca/index.php/78-endpoint/329-a-hardware-wallet-that-secures-your-virtual-money

CSO has a good short slide show with awareness tips. Security experts remind us that awareness is an ongoing effort. Here are some best practices for keeping your organization educated and aware year-round.
http://www.csoonline.com/article/2998313/security-awareness/6-tips-for-your-security-awareness-training.html?

Nearly one in five people who found a random USB stick in a public setting proceeded to use the drive in ways that posed cybersecurity risks to their personal devices and information and potentially, that of their employer, a recent experiment conducted on behalf of CompTIA revealed.

“We can’t expect employees to act securely without providing them with the knowledge and resources to do so,” said Todd Thibodeaux, president and CEO, CompTIA. “Employees are the first line of defense, so it's imperative that organizations make it a priority to train all employees on cybersecurity best practices.”

Yet according to a survey of 1,200 full-time workers across the U.S., 45 percent say they do not receive any form of cybersecurity training at work. Among companies that do administer cybersecurity training, 15 percent still rely on paper-based training manuals. More here:
http://www.net-security.org/secworld.php?id=19033

• A compilation of awesome people demonstrating the most amazing and breathtaking skills and abilities. Take a 4 minute break and I assure you that you will feel better!
  http://www.flixxy.com/people-are-awesome-2015.htm?utm_source=4

• KnowBE4 Halloween 2015. We had a great time this year, but we had to keep it short because it was the last day of the month and things were super busy! Here is the slide show:
  https://blog.knowbe4.com/knowbe4-halloween-2015

• One-Minute Time Machine. Sploid Short Film Festival Official Selection. Not entirely safe for work. Some strong language but a priceless short:
  https://www.youtube.com/watch?v=vBkBS4O3yvY

• Anime Weekend Atlanta 2015 - Cosplay Celebration. Just Wonderful!
  https://www.youtube.com/watch?v=mE5xkm4meyE&feature=em-subs_digest-g-vrecs

• From the weird Japanese department: A Rube Goldberg contraption as a two-minute action adventure recorded in one take:
  http://www.flixxy.com/epic-rube-goldberg-adventure.htm?utm_source=4

• The new Altwork workstation looks awesome. I want one! I'm serious:
  http://www.altwork.com/

• Magician Shocks Penn & Teller. This is a good one:
  https://www.youtube.com/watch?v=lHkhbW7uwxI&feature=em-subs_digest-g-vrecs

• A kid meets some of the biggest stars in sports, who suddenly realize they are 'short a guy' and invite him to play. Good Nike ad:
  http://www.flixxy.com/short-a-guy-nike.htm?utm_source=4

• In 1418, Filippo Brunelleschi was tasked with building the largest dome ever seen at the time. He had no formal architecture training:
  http://www.flixxy.com/how-an-amateur-built-the-worlds-biggest-dome.htm?utm_source=4

• Thinkin' 9 to 5: A Security Awareness Parody of 9 to 5 by Dolly Parton:
  https://www.youtube.com/watch?v=Y5SQeetmSc0

• Bob Partington creates the slowest Rube Goldberg machine ever. Thankfully, the 6 week long process has been reduced to three minutes in this video:
  http://www.flixxy.com/worlds-slowest-rube-goldberg-machine.htm?utm_source=4

• Yamaha shows Motobot, the motorcycle-riding humanoid robot:
  http://www.gizmag.com/yamaha-shows-motorcycle-riding-motobot/40090/

• Special Forces Hostage Escape Card. That and Kevin Mitnick's business card will get you out of any tight spot:
  https://www.youtube.com/watch?v=2GzWuFK9rkw&feature=youtu.be