CyberheistNews Vol #5 #51 Hated Cryptowall 4.0 Now Infects Workstations with Powerful Exploit Kit

Earlier than expected - but similar to Cryptowall 3.0 - a few weeks after its release, the hated Cryptowall 4.0 ransomware is now being delivered via the Nuclear Exploit Kit (NEK), according to security researchers at the SANS Internet Storm Center (ISC). Initially, Cryptowall 4.0 was only distributed via malicious spam and phishing emails, but now it has expanded infection of machines via a popular and powerful Exploit Kit.

The current total Cryptowall damage count of 325 million dollars will soon be 400 million. SANS security researcher Brad Duncan wrote in a blog post published Tuesday that a cyber criminal working off domains belonging to Chinese registrar BizCN has been spreading Cryptowall 4.0 ransomware using the NEK.

Duncan said the cyber gang, which he dubbed the "BizCN gate actor", began distributing the ransomware in payloads from the exploit kit as early as November 20. Duncan published a whole technical analysis on the SANS ISC website which shows how Nuclear Exploit Kit infects a vulnerable Windows host. More at SANS:
https://isc.sans.edu/diary/BizCN+gate+actor+sends+CryptoWall+4.0/20409

Preventing ransomware infections gets hard with these exploit kits, unless you provide effective security awareness training to users, minimize the attack surface on your workstations, patch known vulnerabilities almost immediately, and have a rock-solid backup strategy in place when (not if) these measures fail.

Feature article in CSO written by yours truly. Cybercriminals have been preparing for another Black Friday/Cyber Monday. It’s a time for them to make big profits too. Last year’s scams will undoubtedly return and some new tricks will arise. Here are some of the top scams that CSOs should be preparing their company's users to be aware of until the end of the Holiday season. Full article at CSO:
http://www.csoonline.com/article/3003914/social-engineering/tis-the-season-of-malware.html

And while you are at CSO, also check out this article: 10 reasons for CSOs to be thankful, and check out reason #2 which I particularly like:
http://www.csoonline.com/article/3008465/leadership-management/10-reasons-for-csos-to-be-thankful.html

Even after massive data breaches like the OPM at multiple agencies, and overall promises to improve on cybersecurity, government employees continue to be tricked by cyber attackers’ phishing emails. A New York Times report of Nov 24 says over the past month, Iranian hackers successfully used spear phishing emails against State Department officials to gain access to their social media and email accounts.

Staffers only discovered their accounts were compromised when Facebook alerted them to suspicious activity. Looks like none of them used any two-factor authentication. Iran targeted specific government employees who focused on Iran and the Middle East to gain access to their friends network, which presumably consisted of others in the agency, and in turn could be used for social engineering attacks. Story at NY Times:
http://www.nytimes.com/2015/11/25/world/middleeast/iran-hackers-cyberespionage-state-department-social-media.html?_r=1

Don't Miss The December Live Demo: New School Security Awareness Training

Today, your employees are frequently exposed to sophisticated phishing and ransomware attacks. Old school Security Awareness Training doesn’t hack it anymore. More than ever, your users are the weak link in your network security.

Join us on Thursday, December 3 at 2:00 p.m. (EST) for a 30-minute live product demonstration of the innovative Kevin Mitnick Security Awareness Training Platform and see how easy it is to train and phish your users:

• NEW Phish Alert Button for Outlook so employees can report phishing attacks with one click.
• Get a baseline, send a phishing test to your users to get your Phish-prone percentage.
• Easily roll out training campaigns for all users (or groups) with follow-up emails to “nudge” users who are incomplete on the training.
• Send frequent phishing tests to keep your users on their toes with security top of mind.
• Point-of-failure training auto-enrollment.
• Reporting to watch your organization's phish-prone percentage drop, with great ROI.

Find out how more than 2,000 organizations have mobilized their end-users as their first line of defense. Register Now:
https://attendee.gotowebinar.com/register/388892135690154498

"Intellectuals solve problems, geniuses prevent them."
- Albert Einstein - Scientist (1879 - 1955)

"Make a habit of two things: to help; or at least to do no harm."
- Hippocrates - Greek Physician (460 - 370 BC)

Thanks for reading CyberheistNews

1. Li-Fi is 100 times Faster than Wi-Fi Technology, Real-World Tests Prove:
   http://www.hackbusters.com/news/stories/472244-li-fi-is-100-times-faster-than-wi-fi-technology-real-world-tests-prove
   
   
2. Researchers Working on Technology to Bring Dead Back to Life:
   http://www.hackbusters.com/news/stories/473404-researchers-working-on-technology-to-bring-dead-back-to-life
   
   
3. Crazy-Bright 90,000-Lumen Led Flashlight Turns Night Into Day:
   http://www.hackbusters.com/news/stories/471081-crazy-bright-90-000-lumen-led-flashlight-turns-night-into-day-cnet
   
   
4. Raspberry Pi Zero — The 5-dollar Tiny Computer is Here:
   http://www.hackbusters.com/news/stories/472210-raspberry-pi-zero-the-5-tiny-computer-is-here
   
   
5. Russian ATM Hackers Steal 4 Million Dollars in Cash with 'Reverse ATM Hack' Technique:
   http://www.hackbusters.com/news/stories/471632-russian-atm-hackers-steal-4-million-in-cash-with-reverse-atm-hack-technique

Credit rating agency Moody's Corp. warns that cyber defenses as well as breach detection, prevention and response will be higher priorities in its analysis of the creditworthiness of companies across all sectors, including healthcare and financial services.

"Moody's views material cyber threats in a similar vein as other extraordinary event risks, such as a natural disaster, with any subsequent credit impact depending on the duration and severity of the event," according to a new report from Moody's Investors Services. As the threat of cyberattacks continues to rise across all sectors, "the implications could start taking a higher priority in credit analysis," the credit ratings company says. More at InfoRisk:
http://www.inforisktoday.com/moodys-warns-cyber-risks-could-impact-credit-ratings-a-8702

CEO Fraud is alive and well in the UK. Here is how it plays out in a story by WIRED UK: "Start-ups and tech companies across the UK are being conned out of thousands of pounds by a phishing scam. Scammers registering domain names, which are almost identical to those they are impersonating, have been able to trick staff members at several tech firms into making 'urgent' fraudulent payments.

One large web-based company with more than 12m users a month, which has asked to remain anonymous, told WIRED it was tricked into handing over more than 16,000 pounds after someone impersonated its chief executive.

"They sent an email to our payments department saying that I urgently needed a payment making," said the company's boss. During a brief email exchange a sort code and account number were asked for before a payment was made. Full Story:
http://www.wired.co.uk/news/archive/2015-11/25/hacking-start-up-email-london-phishing-attacks-money

• Jeff Bezos's Blue Origin is the first to land a rocket on its tail. This video is particularly cool. Watch it full-screen in HD!:
  http://www.engadget.com/2015/11/24/blue-origin-reusable-rocket-landing/

• Here's how almost anyone can wiretap the Internet. Kevin Mitnick shows how to wiretap a fiber Ethernet connection using an optic coupler:
  https://www.youtube.com/watch?v=FH3sxFl-4is

• A video time-lapse map of 15 years of terror from 2000 to 2015. Note 9/11 in the top left corner at the beginning and then continue watching it unfold:
  https://www.youtube.com/watch?v=cHbYk2l9w-E

• People Are Amazing 2015 (New Version) Full Screen HD, Sound up!
  https://m.youtube.com/watch?feature=em-subs_digest-g-vrecs&v=j7364uwFsvI

• 4WD Mecanum Wheel Learning Arduino Kit, this is really cool tech:
  http://www.youtube.com/watch?v=TXTo16KKm8Q&sns=em

• Adele showed off her sharp sense of humor by disguising herself as a nanny and auditioning for a job as an Adele impersonator:
  http://www.flixxy.com/adele-auditions-as-an-adele-impersonator.htm?utm_source=4

• Synchronized precision walking, performed by students of the Nippon Sports Science University. Seen from a distance, it's not only impressive, but almost constitutes an art form:
  http://www.flixxy.com/precision-walking-in-japan.htm?utm_source=4

• Lightning strike hits very close to a car in Melbourne. Did he anger the gods? LOL:
  https://www.youtube.com/watch?v=OgBHRokBoHA

• Check out this design of a mega yacht with a car in the same style:
  http://gtspirit.com/2015/11/26/futuristic-kraken-yacht-by-gray-design/

• This video appears to be a freighter's anchor being lost as it is dropped. The situation just gets worse and worse as the chain's momentum increases and whatever braking mechanisms exist fail:
  https://www.youtube.com/watch?v=a-XlbUDPt7A&feature=youtu.be&t=53

• The sweet rides of tech's millionaires and billionaires with a few surprises:
  http://www.businessinsider.com/the-sweet-rides-of-techs-millionaires-and-billionaires-2015-11

• Out of the archives... so _where_ the heck are all these girls coming from?
  http://www.flixxy.com/dani-lary-magic-le-taj-mahal.htm?utm_source=4

• Use Artificial Intelligence to choose gifts for the Holidays! IBM's Watson Trend shows you the hottest items!
  https://www.ibmwatsontrend.com/#/