| Security News |
| Been Hit With Ransomware? This Site Identifies The Strain |
|
Here is an online tool to identify types of ransomware based on uploaded samples. If decryption tools are available, users are directed to them. Note that this site itself does not help you to decrypt any ransomed data. You also cannot upload files like you can to VirusTotal. The strain is identified by the ransom note that you get when infected. It's a start. "Knowing is half the battle".
https://id-ransomware.malwarehunterteam.com/index.php
|
| Survey: Spear Phishers Target Gullible Brits More Than Anyone Else |
|
The Register reported that there’s been a sharp increase in crypto ransomware attacks, with the UK ranked as the nation third most targeted with ransomware.
The UK is also ranked as the most targeted nation for spear phishing attacks and the second most hit-upon country with social media scams, according to other findings from Symantec's latest annual Internet Security Threat Report (ISTR).
Why? The UK is the beta site for Eastern European cyber mafias that use them to debug their campaigns which then get unleashed on America.
The report makes grim reading for anyone concerned about privacy or corporate security. An estimated half a billion records were lost as a result of data breaches last year. And the number of zero-day vulnerabilities discovered last year more than doubled to a record-breaking 54, a 125% increase from the previous year, underlining the critical role unpatched vulnerabilities can play in targeted attacks.
Advanced professional attack groups are the first to leverage zero-day vulnerabilities, using them for their own advantage or selling them to lower-level criminals on the open market where they are quickly commoditized, according to Symantec.
Meanwhile, fake technical support scams tripled last year, with the UK the second most targeted nation globally, suffering 7m attacks in 2015. The type of fraud is evolving beyond purely targeting PCs with scammers sending fake warning messages to devices like smartphones, driving users to attacker-run call centers in order to dupe them into buying useless services.
Finally, 430 million new malware variants were discovered in 2015. Virus creators routinely vary their wares in a bid to outfox security defenses. This process is done automatically and is one the main reasons that security vendors have moved away from traditional signature detection, which these days, only has a support role in security software suites.
At half a billion, the number of malware variants has almost become irrelevant.
More details on the study, as well as top tips from Symantec on improving security, and infographics, can be found at The Register's article:
http://www.theregister.co.uk/2016/04/12/symantec_cyber_threat_report/
|
| CTB-Locker Ransomware Uses Blockchain To Store & Deliver Decryption Keys |
|
A mysterious update in the behavior of the CTB-Locker ransomware strain alerted security researchers to pull some strings and see what was going on.
The CTB-Locker ransomware family, which is mainly known for infecting and locking individual workstation, recently switched to targeting websites via a PHP version, first observed last February.
The change that caught the eye of Sucuri experts is a March update to its "Complimentary decrypt" page where users could unlock one complimentary file per infection.
Innovative And More Reliable
It didn't take long for researchers to observe that the ransomware was using blockchain to deliver decryption keys for their victims using a special field in the Bitcoin transaction operation called OP_RETURN.
For each infected websites, the cyber criminals were automatically creating a Bitcoin address, which they would monitor. If 0.0001 Bitcoin -- the minimum transaction fee-- was sent they would know it was for a complimentary decrypt operation.
From another account, they would then initiate a fake transaction to the infected website's unique Bitcoin address. While this transaction never went through, it would be enough to get recorded in the blockchain as a failed operation, along with its OP_RETURN metadata.
Crooks would then use the Blockexplorer.com API to look at the OP_RETURN field which would hold the decryption key for the file submitted via the complimentary decrypt operation. If the infected user paid the entire ransom, this same field would hold the entire master decryption key for all files. More at the SucuriNet blog:
https://blog.sucuri.net/2016/04/website-ransomware-ctb-locker-goes-blockchain.html
|
| 5 Steps to Take On Ransomware Using A Defense-In-Layers Approach |
|
Sam Musa at GovTech had a good summary on what to do against ransomware.
His point 5 got our full approval!
"It is now virtually impossible to spot expertly crafted malware and ransomware in particular, which is increasingly and exactingly honed to an individual recipient. Therefore, it’s also necessary for agencies to maintain awareness of innovative new types of malware.
A strong IT security program cannot be executed successfully without training users on security threats, policies and techniques to protect their assets. Agencies must understand that users are one of the essential lines of defense against cyberthreats, so there is a need for continuous awareness training.
The training must focus on providing knowledge to protect information systems and sensitive data from both internal and external threats. Training contents may include social engineering techniques and how to avoid them, identity theft, cyber sexual harassment, peer-to-peer sharing programs and steps on how to avoid posting sensitive information online.
Agencies should offer awareness education throughout the year through formal training, monthly tips and wall posts to remind users that security is everyone’s responsibility. Security emails and announcements should be informative, rather than simply repetitious."
Here are the other four points, and send your users simulated phishing attacks!
http://www.govtech.com/security/5-Steps-Ransomware-Defense-in-Layers-Approach.html
|
| KnowBe4 Announces Several Cool New Features In The Spring 2016 Release |
|
These features were previously out of reach for IT managers with limited budget, and we're excited you can use them now with our Platinum level subscription.
- EZXploit: fully automated human pentesting.
- USB Drive Test: which users pick up and plug in strange USB drives
- GEO-location: see where the users are that failed a phishing test
Learn more at the KnowBe4 Blog, and request a demo to see them in action:
https://blog.knowbe4.com/exciting-new-features-in-knowbe4-spring-2016-release
|
|
|
|
.jpg)
