CyberheistNews Vol #6 #11

That was the title of an article over at c|net, prompted by the first "official" ransomware strain targeting Macs, which was an adapted version of the Encoder ransomware for Linux. They covered the recent 17K that a Hollywood hospital forked over, and other recent high-visibility ransomware infection victims. The threat of ransomware is finally getting recognized by the mainstream press. Here is a TV clip about the Mac ransomware attack, featuring our friend Dave Kennedy. Check the reactions of the reporter!
http://video.foxbusiness.com/v/4790435800001/some-mac-users-targeted-by-ransomware/

One thing that is driving mainstream recognition of ransomware is the move by the Dridex banking Trojan gang into ransomware with their Locky strain. They have taken over from CryptoWall, which from their perspective is just an upstart. Locky was linked to the notorious Dridex gang by both Palo Alto Networks and Proofpoint. The Russian Dridex criminal group is the most prominent operating banking malware.

The Dridex Locky ransomware strain isn't more sophisticated than other latest generation ransomware, but it is rapidly spreading to victim systems. Forbes claims that the Locky ransomware is infecting approximately 90,000 systems per day and that it typically asks users for 0.5-1 Bitcoin (~420 dollars) to unlock their systems.

Locky is disseminated through phishing emails containing Microsoft Word attachments. Each binary of Locky ransomware is reportedly uniquely hashed; consequently, signature-based detection is basically impossible.

The Dridex gang is the 800-pound gorilla of banking Trojans. Apparently they have seen the profit potential and leveraged their extensive criminal infrastructure to get their Locky strain infecting as many machines as possible. Consequently, financial institutions are likely the next major sector to be actively targeted by ransomware.

The last few days, the Dridex botnet has sent at least 4 million phishing emails with a zip file as the attachment. The zip file contains a JavaScript file which downloads and installs the Locky ransomware.

Five Things To Do About It

1) Block any and all emails with .zip extensions and/or macros at your email gateway level.

2) Disable Adobe Flash Player, Java and Silverlight if possible. These are used as attack vectors.

3) Step all employees through effective security awareness training, so they can recognize the red flags related to ransomware attacks.

4) Print out this free job aid, laminate it, and hand it out to employees so they can pin it on their wall.
https://cdn2.hubspot.net/hubfs/241394/Knowbe4-May2015-PDF/SocialEngineeringRedFlags.pdf

5) Do a Phishing Security Test on your users and find out if they are going to click on something they shouldn't. Get started here:
https://info.knowbe4.com/phishing-security-test-16

It helps to know how to spell when you try to rob a billion from a dirt poor country. A spelling mistake thwarted hackers in stealing a billion dollars from the Bangladesh Bank, and that typo prompted FED NY authorities to check with a routing bank (Deutche Bank) if the transfer was legit.

The hackers initiated a series of money transfer requests after stealing credentials the Bangladesh bank uses to authorize electronic money transfers. They used the stolen creds to send more than 30 money transfer requests to the Federal Reserve Bank of New York, asking them to transfer the funds from the Bangladesh Bank’s account to organizations in the Philippines and Sri Lanka. One of these organizations was called the Shalika Foundation, but the crims misspelled the word “foundation” as “fandation” in the wire transfer, and that was the one that raised the red flags.

However, they had already correctly spelled the recipients in three earlier transfer requests before fat-fingering the name. Those wires allowed them to steal 80 million dollars before the typo in the fourth transfer put a halt to the cyberheist. Bangladesh Bank has said it has recovered some of the money that was stolen, and is working with anti-money laundering authorities in the Philippines to try to recover the rest.

Initially, the central bank was not sure if its system had been breached, but FireEye's Mandiant forensics experts brought in to investigate found hacker footprints that suggested the system had been compromised, the officials said.

The Mandiant team could also tell that the attack originated from outside Bangladesh, adding the bank is looking into how they got into the system and an internal investigation is ongoing.

Let me make an educated guess: since they came from outside the country, an employee fell for a phishing attack. What do *you* think?

"Energy and persistence conquer all things."- Benjamin Franklin (1706 - 1790)

"Ambition is the path to success, persistence is the vehicle you arrive in."
- William Eardley IV

Thanks for reading CyberheistNews

2015 was indeed the Year of the Healthcare Hack as health IT experts predicted last March. At the time, they noted health information was more appealing to hackers than ever before as it could be sold for more on the black market than even credit card numbers.

"Healthcare organizations are under attack," said Daniel W. Berger, President of Redspin in a news release. "For those entrusted to protect patient data, the security challenges are now that much more difficult."

EHR Intelligence reports that of the 154,368,781 patient files that have been compromised, 73 percent of all breached patient files have occurred within the past year and hacking is to blame for this huge leap.

The largest threat — phishing scams. These lure employees into situations where their login credentials could be leaked. Often, this occurs through email or inadvertent downloading of malware.

"Because phishing attacks exploit human vulnerabilities rather than technical, healthcare organizations must step up their security awareness education efforts for all employees," Redspin explained. "They need to be better trained to recognize phishing schemes through social engineering testing and security awareness training. Policies may also need to be tightened."

We could not agree more. Here is the Redspin report:
https://www.redspin.com/resources/download/breach-report-2015-protected-health-information-phi/

Here is a slide show that gives you the highlights in less than 2 minutes, note slide 21 with Kevin Mitnick in the KnowBe4 booth:
http://www.eweek.com/security/slideshows/rsa-conference-provides-comprehensive-look-at-the-state-of-security.html

And here is a humorous blog post from someone who's been at RSA many a time and calls BS when he sees it. RSA Conference 2016 – Once More Unto the Breach:
https://blog.anitian.com/rsac2016-thursday-once-more-unto-the-breach/

Home Depot has agreed to pay as much as 19.5 million dollars to remedy the giant data breach it suffered in 2014, the company confirmed on Tuesday.

Included in that figure is a reported 13 million dollars to reimburse customers for their losses and 6.5 million dollars to provide them with one and a half years of identity protection services. Home Depot was not required to admit any wrongdoing.

In all, Home Depot has reportedly booked 161 million dollars in pre-tax expenses for the breach and it agreed to hire a CISO to make sure this type of thing does not happen in the future. Good luck with that if you do not train your employees to prevent social engineering attacks.

A cautionary tale of how cyber security failures can cost a CEO their job.

What are the real world risks of a cyber security breach to CEOs and their company? We will explore the issues of reputational damage, incident cost, stock price impact, and increased regulatory attention. We will also discuss the fate of four CEOs who have faced cybersecurity breaches in the past three years.

According to Warren Buffet, "It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently." The “2015 Cost of Data Breach Study: Global Analysis” from the Ponemon Institute shows that companies suffer a higher churn rate, increased customer acquisition costs, reputation losses and diminished goodwill due to an information security breach.

Great article by Richard Starnes at CSO Online:
http://www.csoonline.com/article/3040982/security/data-breaches-often-result-in-ceo-firing.html

• A man casually whizzing past building tops of Dublin using a jetpack:
  http://www.flixxy.com/man-with-a-jetpack-casually-flying-over-dublin.htm?utm_source=4

• 30-year veteran pilot Tadeusz Wrona expertly lands a Boeing 767 after a landing gear failure without injuring any of the 231 passengers on board:
  http://www.flixxy.com/boeing-767-landing-without-its-wheels.htm?utm_source=4

• Australian student's zero-emissions cargo motorcycle is pretty cool:
  https://youtu.be/UmAYITLtKsc

• Slackline girl performing amazing acrobatics over a river in the South American jungle:
  http://www.flixxy.com/slackline-girl.htm?utm_source=4

• You are riding your bicycle on a quiet road in South Africa, until suddenly an ostrich appears and starts chasing you:
  http://www.flixxy.com/cyclists-chased-by-an-ostrich-the-funniest-thing-you-ll-see-today.htm?utm_source=4
  
  
• Russia is not only famous for the Bolshoi Ballet - watch this guy perform an amazing dance with a snow plow!:
  http://www.flixxy.com/the-russian-snow-plow-dance.htm?utm_source=4