FBI: "Ransomware On Pace To Be A 1 Billion Dollar Business In 2016"
CNN Money reports about new estimates from the FBI show that the costs from ransomware have reached an all-time high. Cyber-criminals collected 209 million dollars in the first three months of 2016 by extorting businesses and institutions to unlock computer servers.
At that rate, ransomware is on pace to be a 1 billion dollar a year crime this year.
The FBI told CNN that the number "is quite high" because a few people "reported large losses." The agency also said that the losses could even be bigger once other related costs from these extortion schemes are factored in. Plus: Some victims may choose to pay and not report the crime.
Phishing Attacks Hit the C-Suite With High Value Scams
OK, here is great ammo to get more IT security budget. Why? This infographic makes it real to the C-suite that they themselves have a big phishing target on their back.
You all know that spear-phishing is very effective. Cloudmark calls it “the secret weapon behind the worst cyber attacks”, and created an infographic of 10 recent major breaches (below), from Target to OPM, that started with a successful spear-phish.
We are absolutely, positively, and fundamentally losing the endpoint security battle. Should we keep fighting on in the same manner? Isn't that the definition of insanity? Time to pivot methinks.
Since January 2016, we have seen a massive rise in CEO fraud, which you could call a spear phish derivative. The FBI calls it "BEC" (Business Email Compromise), and like spear phishing it uses social engineering and spoofed CEO emails to manipulate senior executives, HR and Accounting into damaging actions.
A good example is the recent spate of W-2 scams where tax information of all employees gets emailed to the bad guys. Cloudmark's Tom Landesman has compiled a list of 55 companies that were taken in by these W-2 attacks, and comments, "It's likely that even more have been compromised, but have not come forward." Obviously it is tailing off now as the tax season ends, but will be back in full force next year.
Just recently it surfaced that a Mattel finance officer sent over 3 million dollars to the Bank of Wenzhou, in China. The bad guys are not just targeting America, in January the BBC warned that the "fraude au president" is widespread across France.
The FBI has instructed people to verify transactions by "picking up the phone".
Despite all that, CEO frauds are even more successful than spear phishing. Kevin Townsend at SecurityWeek suggested two major reasons: "firstly, very few companies deliver security awareness training (such as simulated phishing attacks) against their own C-suite; and secondly, many senior executives still don't believe that security is their personal concern."
"More than 90 percent of corporate executives said they cannot read a cybersecurity report and are not prepared to handle a major attack, according to a new survey.
More distressing is that 40 percent of executives said they don't feel responsible for the repercussions of hackings, said Dave Damato, chief security officer at Tanium, which commissioned the survey with the NASDAQ.
California Tries To Outlaw Russian Ransomware. Good Luck With That.
A proposed California legislation imposing specific penalties for ransomware took a step forward yesterday when the state senate's Public Safety Committee passed the bill at a hearing that featured testimony from Hollywood Presbyterian Medical Center (HPMC) — a notable victim of the ongoing ransomware epidemic.
The legislation, Senate Bill 1137, would amend California's penal code making it a crime to knowingly introduce ransomware into a computer or network, with penalties punishable by as much as four years and a 10,000 dollar fine. The law would not preclude prosecuting attorneys from pursuing additional charges under older statutes.
My take? A publicity stunt for a CA Senator more than anything else. We have no jurisdiction in Eastern Europe where these cyber mafias are rolling in hundreds of millions of scammed dollars with air-cover from their local governments.
Did you know that in the Ukraine it is not illegal to hack outside of the country?
Now and then Vladimir Putin arrests a token black hat -- who must have misbehaved and started hacking inside Russia -- to show the world they are serious about cybercrime, but generally speaking these bad guys can commit their crimes undisturbed by their local law enforcement.
"The hardest thing in the world to understand is income tax."- Albert Einstein
"Life can only be understood backwards; but it must be lived forwards." - Søren Kierkegaard
"The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man."- George Bernard Shaw
Thanks for reading CyberheistNews
Been Hit With Ransomware? This Site Identifies The Strain
Here is an online tool to identify types of ransomware based on uploaded samples. If decryption tools are available, users are directed to them. Note that this site itself does not help you to decrypt any ransomed data. You also cannot upload files like you can to VirusTotal. The strain is identified by the ransom note that you get when infected. It's a start. "Knowing is half the battle". https://id-ransomware.malwarehunterteam.com/index.php
Survey: Spear Phishers Target Gullible Brits More Than Anyone Else
The Register reported that there’s been a sharp increase in crypto ransomware attacks, with the UK ranked as the nation third most targeted with ransomware.
The UK is also ranked as the most targeted nation for spear phishing attacks and the second most hit-upon country with social media scams, according to other findings from Symantec's latest annual Internet Security Threat Report (ISTR).
Why? The UK is the beta site for Eastern European cyber mafias that use them to debug their campaigns which then get unleashed on America.
The report makes grim reading for anyone concerned about privacy or corporate security. An estimated half a billion records were lost as a result of data breaches last year. And the number of zero-day vulnerabilities discovered last year more than doubled to a record-breaking 54, a 125% increase from the previous year, underlining the critical role unpatched vulnerabilities can play in targeted attacks.
Advanced professional attack groups are the first to leverage zero-day vulnerabilities, using them for their own advantage or selling them to lower-level criminals on the open market where they are quickly commoditized, according to Symantec.
Meanwhile, fake technical support scams tripled last year, with the UK the second most targeted nation globally, suffering 7m attacks in 2015. The type of fraud is evolving beyond purely targeting PCs with scammers sending fake warning messages to devices like smartphones, driving users to attacker-run call centers in order to dupe them into buying useless services.
Finally, 430 million new malware variants were discovered in 2015. Virus creators routinely vary their wares in a bid to outfox security defenses. This process is done automatically and is one the main reasons that security vendors have moved away from traditional signature detection, which these days, only has a support role in security software suites.
At half a billion, the number of malware variants has almost become irrelevant.
CTB-Locker Ransomware Uses Blockchain To Store & Deliver Decryption Keys
A mysterious update in the behavior of the CTB-Locker ransomware strain alerted security researchers to pull some strings and see what was going on.
The CTB-Locker ransomware family, which is mainly known for infecting and locking individual workstation, recently switched to targeting websites via a PHP version, first observed last February.
The change that caught the eye of Sucuri experts is a March update to its "Complimentary decrypt" page where users could unlock one complimentary file per infection.
Innovative And More Reliable
It didn't take long for researchers to observe that the ransomware was using blockchain to deliver decryption keys for their victims using a special field in the Bitcoin transaction operation called OP_RETURN.
For each infected websites, the cyber criminals were automatically creating a Bitcoin address, which they would monitor. If 0.0001 Bitcoin -- the minimum transaction fee-- was sent they would know it was for a complimentary decrypt operation.
From another account, they would then initiate a fake transaction to the infected website's unique Bitcoin address. While this transaction never went through, it would be enough to get recorded in the blockchain as a failed operation, along with its OP_RETURN metadata.
5 Steps to Take On Ransomware Using A Defense-In-Layers Approach
Sam Musa at GovTech had a good summary on what to do against ransomware.
His point 5 got our full approval!
"It is now virtually impossible to spot expertly crafted malware and ransomware in particular, which is increasingly and exactingly honed to an individual recipient. Therefore, it’s also necessary for agencies to maintain awareness of innovative new types of malware.
A strong IT security program cannot be executed successfully without training users on security threats, policies and techniques to protect their assets. Agencies must understand that users are one of the essential lines of defense against cyberthreats, so there is a need for continuous awareness training.
The training must focus on providing knowledge to protect information systems and sensitive data from both internal and external threats. Training contents may include social engineering techniques and how to avoid them, identity theft, cyber sexual harassment, peer-to-peer sharing programs and steps on how to avoid posting sensitive information online.
Agencies should offer awareness education throughout the year through formal training, monthly tips and wall posts to remind users that security is everyone’s responsibility. Security emails and announcements should be informative, rather than simply repetitious."