Just when you think phishing criminals cannot sink any further, you get confronted with a "new low". This phishing scam preys a on parent's fear. The scam email looks like a warning for parents about a child predator that moved into their zip code area, but it’s a really low phishing scam. I suggest you send your users a warning like this. Feel free to edit:
"You receive an email with a subject line like: “Alert: There is a child predator living near you!” This information is based on your “local area zip code.” But you don’t remember signing up for such a service.
"When you open the email, it "warns" you that a predator has moved into your area and it provides a link for more information. As you by now have guessed, clicking the link infects your computer with malware that will try to steal your passwords, credit information, your passwords up to and including your identity.
If you might click on the link, you are redirected through several sites to land on the Kids Live Safe website, which is a service that sells localized reports on sex offenders. But this phishing attack is not from that website, it just sends victims there to try to look credible and distract your attention from the fact your computer is now infected with malware. Do not click on any links, and delete this email."
Please send a link to this blog post to your friends and family right away, as the blog is an example of what the phishing email looks like: http://blog.knowbe4.com/scam-of-the-week-child-predator-phishing-scam
For KnowBe4 customers, we have a new template in Current Events that is called: "Child Predator Found in Your Area" and we recommend sending this to all your employees to inoculate them against attacks like this.
Cyber criminals are getting more sophisticated by the month. It is really a must to step employees through effective security awareness training and send them simulated phishing attacks on a regular basis. If you are not a KnowBe4 customer yet, find out how affordable this is for your organization today. Get A Quote Now: https://info.knowbe4.com/kmsat_get_a_quote_now
RansomWeb: Cyber Criminals Hold Whole Website Hostage
Now this is a whole new wrinkle in criminal ransomware. Malicious hacker crews have started taking over whole websites, injecting some code to file-by-file on-the-fly first encrypt and then decrypt all information in real time, so that after some months the whole website is encrypted and decrypted with a key that the bad guys own. The website owner sees nothing strange happening, all the traffic is https, and apparently it is fast enough to avoid a performance hit.
Then, one day when the website encryption process is (close to) complete, the bad guys pull the plug and ask for a ransom to turn things back on. Moreover, during the period they owned the website they tunneled into the network and deleted or overwrote all backups so that these do not exist. Swiss security firm High-TechBridge investigated the breach in December 2014 and reported on it.
Brian Honan, security consultant, said the modus operandi of the RansomWeb hackers was similar to ransomware attacks against a number of SMBs he had worked with, whereby the criminals broke into the server of the victim, overwrote backups with either the encrypted data or blank data, and at a later date returned to encrypt the server. “At this stage the backups are no longer useful as they contain no workable data to restore the systems, thus leaving the victim companies with the choice of either losing all their data and rebuilding it from scratch, or paying the ransom.”
So, make sure you make regular backups, regularly test your restore function, and at least make off-site backups weekly so that you can restore if you need to! And obviously, your employees often let these bad guys in unwittingly by clicking on a link in a phishing email, so stepping them through effective security awareness training and sending them regular simulated phishing attacks is a must.
Find Out Which New Phishing Features We Added
KnowBe4 uses the Agile software development system and over 2014 we have added a whole slew of features in the phishing part of our service, all based on your feedback. We have summarized all of them here, in a brand new 2015 datasheet.
If you're not a customer yet, check out the feature list. And if you are an existing customer (we have well over 1,000 enterprise accounts) check the list too, because there are likely a few new things you did not know about yet! List of New Phishing Features in a web page: https://www.knowbe4.com/security-awareness-training-features/
"We don't stop playing because we grow old; we grow old because we stop playing." - George Bernard Shaw
"Work and play are words used to describe the same thing under differing conditions." - Mark Twain
Quick Reminder: InfoSec World Conference & Expo 2015
Put this in your calendar: March 23-25, 2015 - InfoSec World 2015, coming to Disney’s Contemporary Resort this March, is now just 2 months away! Don’t miss this 7-track event featuring a lineup of conference sessions, workshops and summits that address the most pressing matters in information security today. And, just for being Cyberheist News subscriber, register with the special discount code OS15/CHN and you'll receive 10% off the conference registration fee.
To register, simply call the Customer Service department who can sign you up over the phone: 508-879-7999 ext. 501, and don't forget to mention your discount code - OS15/CHN! https://infosecworld.misti.com/
Twenty-Eight Percent Of Security Spending Wasted On Shelfware
The average organization spent $115 per user on security-related software last year, but $33 of it, or 28 percent, was underutilized or not used at all, according to a new report from Osterman Research.
"As much as 60 percent of security software remains completely unused in some organizations," the report said. Almost all of this wasted spending was on traditional packaged software, because cloud services are typically billed based on use and need little or no additional configuration or customization.
Short, Sharp Spam Attacks Aiming To Spread Dyre Financial Malware
Nick Johnson at Symantec wrote: "Since early January 2015, Symantec has been seeing multiple instances of [very] short-duration, high-volume spam attacks targeting millions of users at a time. While these attacks last only a few minutes at a time, the vast number of emails sent during each burst was interesting.
"These attacks are related to the growth in link spam that we blogged about in December 2014, which saw attackers change their tactics and move towards sending users malicious links instead of malicious attachments.
Similar to the previous spam campaigns, these recent bursts of malicious emails are also linked to the Cutwail botnet (Trojan.Pandex) and contain malicious URLs that lead to Downloader.Upatre, which in turn leads to the financial Trojan Infostealer.Dyranges (Dyre) being downloaded to the computer.
However in some cases, instead of being sent to a site serving malware, users were sent to a phishing page. Ultimately, however, it seems the attackers’ goal is to steal information from victims’ computers as Infostealer.Dyranges is known to steal financial information and the phishing sites used in the attack campaign are masquerading as login pages for financial institutions.
This is actually a good simple and smart tip from the Feds if you have not done this yet.
Don Miller wrote: "I got a tip from my local FBI agent about a month ago. We made a minor change to a transport rule in Exchange, and now my users are much more savvy about phishing scams.
"I added a transport rule that adds [EXTERNAL] to the subject line of every email that originates from outside our organization. We have seen a few spear phishing emails that try to act like they are coming from somewhere in our organization, but since that change, no one believes them anymore."
This Week's Links We Like. Tips, Hints And Fun Stuff.
We help ransomware victims pay their ransom if all backups have failed. This is the first video I found that explains Bitcoin in a clear way in 3 minutes!