CyberheistNews Vol #5 #51 Hated Cryptowall 4.0 Now Infects Workstations with Powerful Exploit Kit



Earlier than expected - but similar to Cryptowall 3.0 - a few weeks after its release, the hated Cryptowall 4.0 ransomware is now being delivered via the Nuclear Exploit Kit (NEK), according to security researchers at the SANS Internet Storm Center (ISC).


CyberHeist News CyberheistNews Vol #5 #51 Dec 1, 2015
Hated Cryptowall 4.0 Now Infects Workstations
with Powerful Exploit Kit
Stu Sjouwerman

Earlier than expected - but similar to Cryptowall 3.0 - a few weeks after its release, the hated Cryptowall 4.0 ransomware is now being delivered via the Nuclear Exploit Kit (NEK), according to security researchers at the SANS Internet Storm Center (ISC). Initially, Cryptowall 4.0 was only distributed via malicious spam and phishing emails, but now it has expanded infection of machines via a popular and powerful Exploit Kit.

The current total Cryptowall damage count of 325 million dollars will soon be 400 million. SANS security researcher Brad Duncan wrote in a blog post published Tuesday that a cyber criminal working off domains belonging to Chinese registrar BizCN has been spreading Cryptowall 4.0 ransomware using the NEK.

Duncan said the cyber gang, which he dubbed the "BizCN gate actor", began distributing the ransomware in payloads from the exploit kit as early as November 20. Duncan published a whole technical analysis on the SANS ISC website which shows how Nuclear Exploit Kit infects a vulnerable Windows host. More at SANS:
https://isc.sans.edu/diary/BizCN+gate+actor+sends+CryptoWall+4.0/20409

Preventing ransomware infections gets hard with these exploit kits, unless you provide effective security awareness training to users, minimize the attack surface on your workstations, patch known vulnerabilities almost immediately, and have a rock-solid backup strategy in place when (not if) these measures fail.

CSO Online: Tis The Season Of Malware

Feature article in CSO written by yours truly. Cybercriminals have been preparing for another Black Friday/Cyber Monday. It’s a time for them to make big profits too. Last year’s scams will undoubtedly return and some new tricks will arise. Here are some of the top scams that CSOs should be preparing their company's users to be aware of until the end of the Holiday season. Full article at CSO:
http://www.csoonline.com/article/3003914/social-engineering/tis-the-season-of-malware.html

And while you are at CSO, also check out this article: 10 reasons for CSOs to be thankful, and check out reason #2 which I particularly like:
http://www.csoonline.com/article/3008465/leadership-management/10-reasons-for-csos-to-be-thankful.html

US Government Workers Still Fall For Basic Phishing Attacks

Even after massive data breaches like the OPM at multiple agencies, and overall promises to improve on cybersecurity, government employees continue to be tricked by cyber attackers’ phishing emails. A New York Times report of Nov 24 says over the past month, Iranian hackers successfully used spear phishing emails against State Department officials to gain access to their social media and email accounts.

Staffers only discovered their accounts were compromised when Facebook alerted them to suspicious activity. Looks like none of them used any two-factor authentication. Iran targeted specific government employees who focused on Iran and the Middle East to gain access to their friends network, which presumably consisted of others in the agency, and in turn could be used for social engineering attacks. Story at NY Times:
http://www.nytimes.com/2015/11/25/world/middleeast/iran-hackers-cyberespionage-state-department-social-media.html?_r=1

Don't Miss The December Live Demo: New School Security Awareness Training

Today, your employees are frequently exposed to sophisticated phishing and ransomware attacks. Old school Security Awareness Training doesn’t hack it anymore. More than ever, your users are the weak link in your network security.

Join us on Thursday, December 3 at 2:00 p.m. (EST) for a 30-minute live product demonstration of the innovative Kevin Mitnick Security Awareness Training Platform and see how easy it is to train and phish your users:

  • NEW Phish Alert Button for Outlook so employees can report phishing attacks with one click.
  • Get a baseline, send a phishing test to your users to get your Phish-prone percentage.
  • Easily roll out training campaigns for all users (or groups) with follow-up emails to “nudge” users who are incomplete on the training.
  • Send frequent phishing tests to keep your users on their toes with security top of mind.
  • Point-of-failure training auto-enrollment.
  • Reporting to watch your organization's phish-prone percentage drop, with great ROI.

Find out how more than 2,000 organizations have mobilized their end-users as their first line of defense. Register Now:
https://attendee.gotowebinar.com/register/388892135690154498

Warm Regards,
Stu Sjouwerman

Quotes Of The Week

"Intellectuals solve problems, geniuses prevent them."
- Albert Einstein - Scientist (1879 - 1955)

"Make a habit of two things: to help; or at least to do no harm."
- Hippocrates - Greek Physician (460 - 370 BC)


Thanks for reading CyberheistNews

Security News
This Week's Five Most Popular HackBusters Posts
    1. Li-Fi is 100 times Faster than Wi-Fi Technology, Real-World Tests Prove:
      http://www.hackbusters.com/news/stories/472244-li-fi-is-100-times-faster-than-wi-fi-technology-real-world-tests-prove

    2. Researchers Working on Technology to Bring Dead Back to Life:
      http://www.hackbusters.com/news/stories/473404-researchers-working-on-technology-to-bring-dead-back-to-life

    3. Crazy-Bright 90,000-Lumen Led Flashlight Turns Night Into Day:
      http://www.hackbusters.com/news/stories/471081-crazy-bright-90-000-lumen-led-flashlight-turns-night-into-day-cnet

    4. Raspberry Pi Zero — The 5-dollar Tiny Computer is Here:
      http://www.hackbusters.com/news/stories/472210-raspberry-pi-zero-the-5-tiny-computer-is-here

    5. Russian ATM Hackers Steal 4 Million Dollars in Cash with 'Reverse ATM Hack' Technique:
      http://www.hackbusters.com/news/stories/471632-russian-atm-hackers-steal-4-million-in-cash-with-reverse-atm-hack-technique
Moody's Warns Cyber Risks Could Impact
Credit Ratings

Credit rating agency Moody's Corp. warns that cyber defenses as well as breach detection, prevention and response will be higher priorities in its analysis of the creditworthiness of companies across all sectors, including healthcare and financial services.

"Moody's views material cyber threats in a similar vein as other extraordinary event risks, such as a natural disaster, with any subsequent credit impact depending on the duration and severity of the event," according to a new report from Moody's Investors Services. As the threat of cyberattacks continues to rise across all sectors, "the implications could start taking a higher priority in credit analysis," the credit ratings company says. More at InfoRisk:
http://www.inforisktoday.com/moodys-warns-cyber-risks-could-impact-credit-ratings-a-8702

UK Tech Start-Ups Hit By Targeted 'Insider'
Phishing Scam

CEO Fraud is alive and well in the UK. Here is how it plays out in a story by WIRED UK: "Start-ups and tech companies across the UK are being conned out of thousands of pounds by a phishing scam. Scammers registering domain names, which are almost identical to those they are impersonating, have been able to trick staff members at several tech firms into making 'urgent' fraudulent payments.

One large web-based company with more than 12m users a month, which has asked to remain anonymous, told WIRED it was tricked into handing over more than 16,000 pounds after someone impersonated its chief executive.

"They sent an email to our payments department saying that I urgently needed a payment making," said the company's boss. During a brief email exchange a sort code and account number were asked for before a payment was made. Full Story:
http://www.wired.co.uk/news/archive/2015-11/25/hacking-start-up-email-london-phishing-attacks-money

Cyberheist 'FAVE' LINKS:
This Week's Links We Like, Tips, Hints And Fun Stuff



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews