 CyberheistNews Vol 6 #12 |
| Scam Of The Week: TurboTax Phishing Attack |
.jpg)
It's tax season and the bad guys are in full swing. They try to get your Accounting or HR team to send over the W-2s of all employees, but they also target employees in the office and/or at the house. There is a current phishing scam going around you need to warn your employees, friends and family about.
TurboTax is a very popular online tax preparation site, and at the moment the bad guys have massive campaigns going that look like they come from TurboTax. The subject is about "important privacy changes". They want people to click on the link to "opt out" of having their personal information shared, but that's an obvious social engineering trick.
I would send the following to your employees, friends and family.
"At the moment, there is a massive phishing scam that looks like it comes from TurboTax. The email tries to make you click on a link to "opt out" of sharing your personal information with others.
The email is a scam, if you click on the link it will download key logger malware which will steal your identity from your computer or phone.
Remember the following things:
- Always have your Internet Security software updated, but do not rely on it.
- Always keep all of your software up to date with the latest patches, computer and phone.
- Never click on links in emails or text messages unless you are sure it's legit. For instance, if you want to go to TurboTax, visit their website directly by typing their address in your browser.
- Think Before You Click! Always take a second to ask yourself if this might be a scam."
Let's stay safe out there.
|
| NEW SURVEY: Even If You Don't Pay, Ransomware Attacks Are Very Expensive |
|
According to a new survey by Intermedia called "2016 Crypto-Ransomware Report", ransomware attacks are increasingly targeting larger companies, costing them dearly. Employees are usually locked out for days after an attack, and often the cleanup process causes extensive downtime.
Cyber mafias who infect workstations with their latest ransomware strain often don't get the money they demand - but that doesn't mean that the victim doesn't end up paying one way or another.
Paying the ransom itself was not cited as having the biggest business impact of ransomware attacks, falling far behind the cost of data recovery, reduced statistics, lost sales, missed deadlines, and troubled employees. The cost of the ransom was also behind the cost of the downtime and the breach of sensitive information as a top concern of a ransomware attack.
When IT experts were asked what industry had the most to lose in ransomware attacks, 31 percent chose the legal industry, while twice that amount cited the finance and banking sector. Just under half also indicated Information Technology industry and the government.
Is A Ransomware Infection Equivalent To A Data Breach?
Ransomware is rapidly becoming a nightmare for IT pros, however it has not hit the #1 spot yet.
- 24% cited ransomware was the top security headache.
- 54% cited spyware and credit card breaches.
- 65% cited hacking and privacy breaches.
The jury is out on the determination if a crypto-ransom infection constitutes a data breach. Lawyers are fighting about this issue at the moment.
Over 60 percent of IT pros were at least moderately concerned about ransomware attacks on their networks in 2015, and expect to see an increase in ransomware attacks in 2016.
A surprising 43 percent of those surveyed admitted they have at least one user who fell victim to a ransomware attack. Just under 30% of attacks affected between three and 20 employees, while slightly under a quarter effected 20 to 100+ employees, obviously where a network drive got hit. It’s important that IT pros send simulated phishing tests to employees so they know what to look for.
Downtime Caused By Ransomware Attacks
"Ransomware attacks are becoming more frequent due to the increasing processing powers of computers – which allows criminals to encrypt files in only a few hours – and the rise of anonymous payment systems such as the untraceable Bitcoin," said Ryan Barrett, vice president of security and privacy at Intermedia.
And the disruption and burdens caused by ransomware attacks, he added, is more often measured in days than dollars. Almost all employees (96 percent) were locked out of their files for at least one day due to ransomware, while 72 percent were locked out for at least two days and 61 percent for at least three. By five days, only 32 percent of users were still unable to access their data.
In most cases, cyber criminals stuck to their word: 71 percent of IT professionals reported that files were restored after payment. In KnowBe4's experience, this is closer to 95% of successful decryption after payment.
To Pay Or Not To Pay
“When clients choose to pay the ransom, it’s likely because the files are confidential and crucial to the business, and because they don’t have the proper business continuity tools in place,” Barrett said. “Downtime is a huge threat to businesses of all sizes, and when a business continuity plan is not in place, businesses are often desperate to get back up and running as fast as possible. Businesses also must understand that paying the ransom doesn’t guarantee they’ll get their files back.”
Again, KnowBe4's experience is that cyber mafias are very concerned with their reputation and even provide tech support to decrypt the files. We have dealt with dozens of infections and 95% were able to get their files back.
I'm interviewed in an article at DarkReading that summarizes the 2016 ransomware explosion which explains the reason for this growth: big cyber mafias muscling into the ransomware racket:
http://www.darkreading.com/vulnerabilities---threats/ransomware-will-spike-as-more-cybercrime-groups-move-in/d/d-id/1324720
Obviously having weapons-grade backups is crucial these days, but preventing the downtime by having security awareness trained employees is much more cost effective. Send a simulated phishing attack to your own employees and find out the Phish-prone percentage of your users as your first step. Get started here:
https://www.knowbe4.com/phishing-security-test-offer
|
FBI and Microsoft Warn Against Hybrid Targeted
Ransomware Attack |
|
The FBI and Microsoft have issued a new alert, warning of hybrid targeted ransomware attacks that attempt to encrypt an organization’s entire network. This is a new approach where criminal hackers penetrate the network, wipe out all backups, and infect all key machines with ransomware. They use a little-known strain of ransomware called "Samas" which was first discovered in 2014. The majority of infections are detected in North America, and a few instances in Europe.
It is not clear yet if the current attack starts with phishing emails which infect a single workstation with ransomware and a Trojan that allows the hackers into the network, or if the network gets penetrated first and subsequently gets infected. It could very well be that both attack vectors are used, as Microsoft states that first an attack-scan gets launched, looking for vulnerabilities, and then malware gets deployed using the PSEXEC tool. Click here to see the full schematic:
https://blog.knowbe4.com/fbi-and-microsoft-warn-against-hybrid-ransomware-attack
|
| New Phishing Templates Added |
|
Here is a quick update for the thousands of KnowBe4 customers. We have added a dozen new phishing templates in the past few days. All are based on actual bad guy phishing emails seen in the last 2 weeks. At least one is less than 24 hours old. Most are under the new "Attachments with Macros" category, but we also added March Madness templates in Current Events. Find the list at the KnowBe4 blog and inoculate your employees ASAP:
https://blog.knowbe4.com/new-knowbe4-phishing-templates
|
Warm Regards,
Stu Sjouwerman |
|
|
|
