CyberheistNews Vol 6 #20 [ALERT] New Evil Android Phishing Trojans Empty Your Bank Account

Infragard warned that the FBI has identified two Android malware families, SlemBunk and Marcher, actively phishing for specified US financial institutions’ customer credentials. The malware monitors the infected phone for the launch of a targeted mobile banking application to inject a phishing overlay over the legitimate application’s user interface.

The malware then displays an indistinguishable fake login interface to steal the victim’s banking credentials. According to cyber threat industry reports, both malware families have targeted foreign financial institutions since 2014, gradually broadening the list to include Western banks, and offered the malware for lease or purchase, respectively, in underground forums.

At least as of December 2015, the malware expanded its configuration to include the Android package names of US financial institutions. SlemBunk apps masquerade as common, popular applications and stay incognito after running for the first time. They have the ability to phish for and harvest authentication credentials when specified banking and other similar apps are launched.

Users will only get infected if the malware is sideloaded or downloaded from a malicious website. Newer versions of SlemBunk have been observed being distributed via porn websites. Users who visit these sites are incessantly prompted to download an Adobe Flash update to view the porn, and doing so downloads the malware.

Read What To Do About It at the Knowbe4 blog, with a copy/paste message to email to your users:
https://blog.knowbe4.com/new-evil-android-phishing-trojans-empty-your-bank-account

A new twist on the Petya ransomware and how it now uses a backup ransomware attack. Remember, Petya is a new type of ransomware that doesn’t encrypt specific files but makes the entire hard drive inaccessible by overwriting the master boot record.

A new version of the Petya installer was released with a really "interesting" feature.

Up until now, the Petya installer required administrative privileges to launch. That meant that if someone said no at the UAC prompt, it didn’t install, and thus no payload released.

The criminal developers behind Petya did something clever though. They now have an installer that offers Petya plus a backup "conventional" file-encrypting ransomware called Mischa. When the installer runs, it will try to install Petya and if it does not get admin privs, it defaults back to the Mischa ransomware that installs with standard user privs, making this the first double-barrel ransomware attack.

The Attack Vector: Phishing

The installer for Petya/Mischa is distributed via emails pretending to be job applications. These emails contain a link to a cloud storage service that contains an image of the supposed applicant and a downloadable executable that starts with PDF. Get more details about this strain at the KnowBe4 Blog:
https://blog.knowbe4.com/new-petya-comes-loaded-with-double-barrel-ransomware-attack

That's what Larry Abrams from Bleepingcomputer started out with yesterday, and he was right! We have had six new ransomware strains, one new RaaS (Ransomware-as-a-Service) and one major update of an existing strain. Get all the detail at this blog post which has links to screen shots, descriptions, decryptors and more:
https://blog.knowbe4.com/this-has-been-a-crazy-week-in-ransomware

It's an interesting question, because the specific circumstances were explained in an article about this particular incident. There were 186 answers to this poll, and here are the results of question 1, which asked if the employee should be fired.

YES - 20%
NO - 16%
Depends on the circumstances 60%
Other 4%

The second and last question asked for the rationale behind their answer. I read them all, and the vast majority agreed that it should be driven by a fairly standard approach you could call "increasingly severe consequences", where someone first gets trained, made part of an ongoing awareness program, and given a first, second and/or third warning before they get terminated.

Here are three opinions of system admins, quoted at the KnowBe4 blog:
https://blog.knowbe4.com/poll-results-should-someone-who-falls-for-a-w-2-phishing-attack-be-fired

CyberheistNews is the world's largest e-zine for IT professionals about social engineering and security awareness training, it is published by KnowBe4 Inc, arrives in your inbox once a week and looks at IT security from the human side. KnowBe4 has partnered with Kevin Mitnick to create new school Security Awareness Training combined with regular simulated phishing attacks.

In CyberheistNews we aim to help you keep your network safe with important news, hints, and tips so that you are aware of the latest social engineering scams and can do something about it.

KnowBe4 lives 100% in the cloud, we use SalesForce as our CRM and via their Data.com service we licensed your address. Consider this your sample issue. You can unsubscribe at any time (a few lines below), and you will stop receiving any and all further email.

"Whether you think you can or you think you can’t, you’re right."- Henry Ford

"When you have confidence, you can have a lot of fun. And when you have fun, you can do amazing things."- Joe Namath

Thanks for reading CyberheistNews

An interesting Q1-16 threat report from the folks at Proofpoint. Every day, they analyze more than 1 billion email messages, hundreds of millions of social media posts, and more than 150 million malware samples. Banking Trojans and ransomware dominated the malware landscape while CEO Fraud gained speed.

Their numbers make a clear case to allocate budget for new-school security awareness training.

In their Quarterly Threat Summary they revealed that ransomware vaulted into the top ranks of the most preferred malware by cybercriminals. Nearly one-quarter of document attachment-based email attacks in the first quarter featured the new Locky ransomware.

“The massive email message volumes associated with Dridex banking Trojan malware gave way to our discovery of the new Locky ransomware,” the report revealed. Here is a graph that shows the exploding number of malicious attachments, more detail and key takeaways:
https://blog.knowbe4.com/ransomware-and-ceo-fraud-dominate-2016

Top 2016 Cybersecurity Reports Out From AT&T, Cisco, Dell, Google, IBM, McAfee, Symantec And Verizon. The biggest players in cyber have published their annual security reports for 2016. Each one brings its unique view on cybercrime, and cyber defense strategies. Some very interesting numbers that you should know, nicely summarized and great ammo to get more IT security budget:
http://www.forbes.com/sites/stevemorgan/2016/05/09/top-2016-cybersecurity-reports-out-from-att-cisco-dell-google-ibm-mcafee-symantec-and-verizon/

I am quoted a few times in this WIRED article, and it's a good read. From my view, it boils down to having best-practice IT operational procedures in place, like weapons-grade backups/restore, patching religiously -- both the OS and third party apps -- and step all users through new-school security awareness training which includes frequent simulated phishing attacks instead of the yearly CYA training where all users are herded in the break room, kept awake with coffee and donuts and exposed to death-by-PowerPoint.
https://www.wired.com/2016/05/4-ways-protect-ransomware-youre-target/

As a new story about hospital ransomware or a stolen laptop containing PHI seemingly emerges every day, it comes as no surprise that healthcare data breaches have steadily increased in frequency and severity since 2010. Read about a new study by Ponemon Institute which reveals that the health care data breaches are going to cost about 6.2 billion dollars to the industry

It's The Employees, Stupid

Despite the prevalence of cybersecurity incidents, the study showed that the majority of healthcare organizations and business associates were most concerned with negligent or careless employees causing healthcare data breaches.

When asked what the greatest threat was to healthcare data security, the majority of healthcare organizations stated employee inaction or error (69 percent). Rounding out the top three concerns were cybercriminals at 45 percent and the use of insecure mobile devices at 36 percent.

Employee error was also the top concern for business associates (53 percent), followed by use of cloud services (46 percent) and cyberattacks (36 percent).

More at Health IT Security:
http://healthitsecurity.com/news/rise-in-healthcare-data-breaches-cost-industry-6.2-billion

Find Out The Phish Prone Percentage Of Your Employees

Again, one thing is clear, effective security awareness training is a must these days. You can start with a baseline test, to find out what the phish-prone percentage of your employees is. Often higher than expected, but great ammo to get budget. There is no cost for this Phishing Security Test.
https://www.knowbe4.com/phishing-security-test-offer

• Canada's women ice skating team put on an incredible performance at the World Synchronized Skating Championship that earned them the gold medal. WOW:
  http://www.flixxy.com/amazing-gold-medal-ice-skating-performance.htm?utm_source=4

• The Force was with a group of dancing stormtroopers, who impressed the audience and judges of Britain's Got Talent 2016. Funny:
  http://www.flixxy.com/the-dancing-stormtroopers-britains-got-talent-2016.htm?utm_source=4

• Ninja kitten figures out a brilliant move, so he and his twin brother can escape from the house:
  http://www.flixxy.com/ninja-kitten-escape.htm?utm_source=4

• World class sleight of hand magician Michael Vincent shows a beautiful, elegant and stunning coin magic routine:
  http://www.flixxy.com/stunning-world-class-coin-magic-michael-vincent.htm?utm_source=4

• The Future of Elevators Is Multiple Cars Per Shaft:
  https://www.youtube.com/watch?v=KUa8M0H9J5o&feature=youtu.be

• What happens when you skip a pound of sodium over water. Whoa!
  https://www.youtube.com/watch?v=5UsRiPOFLjk
  
  
• This Orangutan enjoys a cool washcloth, check out how he wrings it!
  https://youtu.be/3bvGwB9azxs