CyberheistNews Vol 6 #26 [INFOGRAPHIC] New Survey: Ransomware Infections Double In Two Years

We have just released the first long-time study focusing on IT Pros' experience with ransomware. In June 2016 we surveyed 1,138 companies in a variety of industries and compared the levels of concern about ransomware in 2014 to 2016. It's not a pretty picture.

• Actual Infections practically doubled from 20% to 38%
• 61% feel email attachments pose the largest threat
• Nearly half say they would be forced to pay the ransom if backups failed
• Confidence in filters is only 72%
• 88% feel security awareness training is the most effective protection from ransomware over 83% for backup, almost identical to 2014

Interestingly enough, in the same week, Kaspersky also released data that confirms our numbers. For crypto-ransomware, which has almost become the de facto choice for black hats today, the number of users attacked rose 5.5-times – from 131,111 in 2014-2015 to 718,536 in 2015-2016, the firm claimed. Note that this refers to attacks, not infections.

Read the full post with all the information that came out of this survey and compare with your own organization. This has some excellent ammo that you can use to get more InfoSec budget. Here is the link to the blog:
https://blog.knowbe4.com/new-knowbe4-survey-ransomware-infections-double-in-two-years

Here is something else you can do about this now:

We have a no-charge, one-time Email Exposure Check (EEC) report for you which shows which of your end-users are exposed on the internet and are a high ransomware infection risk. We scan the whole internet for any email address from your domain, even looking inside PDFs, and Office documents.

We'll get you a list of which email address was found where, and sometimes you will discover that some credentials are compromised or available on criminal websites. Get your EEC here:

https://www.knowbe4.com/email-exposure-check/

Let's stay safe out there.

Warm regards,
Stu Sjouwerman
Founder and CEO, KnowBe4, Inc.

A researcher in China has discovered a design flaw in Microsoft Windows that affects all versions of the operating system using NetBIOS spoofing —including Windows 10— and lets an attacker hijack your organization’s network traffic with a simple social engineering attack. It can be exploited silently with a near perfect success rate.

The scenario is very simple, the bad guy just uses social engineering to trick an employee into visiting a malicious web page via IE or Edge or to open a specifically crafted Office document. The website used by the attackers will appear as either a file server or a local print server, but in the background it will hijack your network traffic including things like Windows Updates.

“This vulnerability has a massive security impact – probably the widest impact in the history of Windows,” Yu said in an interview with DarkReading conducted via email. “It not only can be exploited through many different channels, but also exists in all Windows versions released during the past 20 years.”

Technical background, links (also to TechNet article with patches) and more mitigation suggestions at the KnowBe4 blog:
https://blog.knowbe4.com/badtunnel-social-engineering-attack-hijacks-your-network-traffic

There is a new Current Event that is all over the news, the UK is leaving the EU. Bad guys are going to exploit this, so let's head them off at the pass.

As part of your ongoing security awareness program, warn your users with something like the following, you're welcome to cut/paste/edit:

"The people in England have voted to leave the European Union, with the flood of unwanted immigrants as the main reason to exit. This is causing turmoil for the financial system, and indeed has caused the markets to temporarily drop.

Bad guys are trying to exploit this, and will try to trick you with alarming news about your 401K or other investments. Don't fall for it. Any time a major event hits the press, lowlifes will try to make you click on shocking news. Remember: Think Before You Click!"

For KnowBe4 Customers, we have two new simulated phishing attack templates which are fake news updates with claims there was voter fraud and that the turmoil in the financial markets is impacting people's 401K. You can find them in the Current Events system templates:

"Brexit Causes Historic Market Drop in United States, Check your Retirement Fund" "Breaking News: Brexit Voter Fraud Found, Results to be Thrown Out"

We suggest you send this to your users ASAP and inoculate them.

Threatpost reported that the notorious Necurs botnet is back in business, after mysteriously going dark for nearly a month. Researchers report the Necurs has returned to spewing massive volumes of email containing an improved version of the potent Locky ransomware and the Dridex banking Trojan.

According to Proofpoint which has been tracking Necurs, criminals behind the botnet began pushing out multimillion email message campaigns last Monday. This new activity is the first life Proofpoint has seen from the Necurs Botnet since it went dark on May 31.

Necurs is widely believed to be one of the largest botnets (with 6.1 million bots) functioning and responsible for millions in losses tied to ransomware and Dridex banking Trojan infections. Here is how the email messages look:
https://blog.knowbe4.com/russian-cyber-mafia-is-back-from-vacation-with-smarter-locky-ransomware-strain

DarkReading has a great "enhanced" slideshow that shows you a bunch of things you can do to protect against ransomware. It's got a lot of hints and tips and will help you prevent infections. Check it out over here, this is a good one:
http://www.darkreading.com/vulnerabilities---threats/how-to-lock-down-so-ransomware-doesnt-lock-you-out/d/d-id/1326009

"We are all born ignorant, but one must work hard to remain stupid."
- Benjamin Franklin

"No one is useless in this world who lightens the burdens of another."
- Charles Dickens

Thanks for reading CyberheistNews

In-brief: A New York Magazine article imagines a massive, online attack on New York City in 2017. The scary thing: most of what it imagines has already happened in separate incidents. New York Magazine has a (fictional) description of a wholesale attack on New York City that imagines a multi-vector attack on critical infrastructure, including transportation, public safety and health networks. Yikes.

It’s a fascinating thought exercise made all the more interesting because it has in-line links to all of the reports of actual isolated incidents similar – if not identical – to those used in the fictional NY attack.

Among them: Chris Valasek and Charlie Miller’s wireless attack on a Jeep Cherokee, Chris Roberts’ claim to have hacked the avionics systems aboard a domestic flight, and ransomware infections at hospitals across the U.S. Read it and shiver!
http://nymag.com/daily/intelligencer/2016/06/the-hack-that-could-take-down-nyc.html

A cybergang has kicked off what could possibly be one of the most bizarre ransomware campaigns on record. They not only blame the victim for the attack, but they demand a ransom of 48 bitcoins and then refuse to tell their victim how to pay the ransom. Talk about warped minds.

Trend Micro's Threat Response Engineer Jaaziel Carlos detailed the group's efforts to push the MIRCOP crypto-ransomware, writing in a blog that the victim is first presented with a ransom note, complete with scary Guy Fawkes image, that accuses the victim of having stolen 48.48 bitcoins from the attacker and demands repayment in order to unlocked the files.

Carlos said this is among the highest ransoms seen by Trend Micro. More at:
http://www.scmagazine.com/mircop-ransomware-blames-victim-for-attack-demands-28k-ransom/article/505529/

We already know that IT folks have problems getting C-level executives to take security awareness training seriously and to adopt good security practices in their personal computing. But what about board members of public companies?

With great power comes great responsibility -- and also a great big target painted on your back. At least, that's the case lately with corporate boards of directors and cybercriminals launching spearphishing attacks.

"Since the beginning of the year we have serviced about 350 different clients that have had spearphishing attacks," said Michael Bruemmer, vice president for data breach resolution at Experian Information Solutions. "About a third were specifically targeted at board members." More at:
http://www.csoonline.com/article/3085492/security/spearphishing-attacks-target-boards.html

In the same vein, the UK Parliament states that CEO salaries should be linked to their firm's cyber security. That will be the day!
http://businessinsights.bitdefender.com/ceo-salaries-linked-to-firm-cyber-security

Don’t be surprised if you see spam coming from the top websites in the world. Lax security standards are allowing anyone to "spoof" emails from some of the most-visited domains, according to new research.

Email spoofing — a common tactic of spammers — basically involves forging the sender’s address. Messages can appear as if they came from Google, a bank, or a best friend, even though the email never came from the actual source. The spammer simply altered the email’s "from" address.

Authentication systems have stepped in to try and solve the problem. But many of the top website domains are failing to properly use them, opening the door for spoofing, according to Sweden-based Detectify, a security firm.

The company analyzed the top 500 websites ranked by Alexa and found that 276 of the domains are vulnerable as a result, it said in a blog post on Monday. Here is the full article at PC World:
http://www.pcworld.com/article/3086937/security/top-website-domains-are-vulnerable-to-email-spoofing.html

Is your email server configured correctly against CEO Fraud attacks where the bad guys spoof an email address from your own domain? Find out now with KnowBe4's no-charge Domain Spoof Test:
https://www.knowbe4.com/domain-spoof-test/

In-brief: efforts by clinical staff to circumvent password protections are “endemic” in healthcare environments and mostly go unnoticed by hospital IT staff, according to a new report.

Hospitals are pretty hygienic places – except when it comes to passwords, it seems.

That’s the conclusion of a recent study by researchers at Dartmouth College, the University of Pennsylvania and USC, which found that efforts to circumvent password protections are “endemic” in healthcare environments and mostly go unnoticed by hospital IT staff.

The report describes what can only be described as wholesale abandonment of security best practices at hospitals and other clinical environments – with the bad behavior being driven by necessity rather than malice.

“In hospital after hospital and clinic after clinic, we find users write down passwords everywhere,” the report reads. “Sticky notes form sticky stalagmites on medical devices and in medication preparation rooms. We’ve observed entire hospital units share a password to a medical device, where the password is taped onto the device. We found emergency room supply rooms with locked doors where the lock code was written on the door–no one wanted to prevent a clinician from obtaining emergency supplies because they didn’t remember the code." More:
https://securityledger.com/2016/06/study-finds-password-misuse-in-hospitals-a-steaming-hot-mess/?

• Every year at the Triple Tree Aerodrome, radio controlled airplane fanatics gather to watch some of the most skillful pilots demonstrate their spectacular flying skills. Full Screen and HD!:
  http://www.flixxy.com/amazing-footage-from-a-drone-following-an-rc-plane.htm?utm_source=4

• Blink and you'll miss this amazingly fast Formula 1 crew changing four tires - in 1.92 seconds!
  http://www.flixxy.com/world-record-formula-1-pit-stop-in-less-than-2-seconds.htm?utm_source=4

• Watch Liquid Nitrogen White Walkerize a Watermelon:
  http://www.wired.com/2016/06/watch-liquid-nitrogen-white-walkerize-watermelon/

• Buddy the rescue dog anticipates his next ball being shot across the yard with great enthusiasm:
  http://www.flixxy.com/puppy-is-all-excited-about-his-automatic-ball-launcher.htm?utm_source=4

• Mother raccoon and her two babies must scale a wall. Baby raccoon holds onto mommy's tail while mother hangs down to pick up the little one:
  http://www.flixxy.com/amazing-teamwork-by-raccoon-family-to-climb-over-a-wall.htm?utm_source=4

• Victoria and Sos Petroysan Petrosyan show how it is possible for women to get dressed quickly in a magical performance at America's Got Talent 2016:
  http://www.flixxy.com/quick-change-magic-sos-and-victoria-americas-got-talent-2016.htm?utm_source=4

• When you are traveling, it is always good to keep an eye on your luggage:
  http://www.flixxy.com/beware-of-the-booster-bag.htm?utm_source=4

• Here is how a cat solves a problem with a laser printer:
  http://www.flixxy.com/laser-printer-problem.htm?utm_source=4

• You are watching exclusive LIVE footage from Alaska's Brooks River in Katmai National Park. Every year over a hundred Brown Bears descend on a mile long stretch of Brooks River to feast on the largest Sockeye Salmon run in the world:
  http://www.flixxy.com/live-footage-of-bears-catching-salmon-in-alaska.htm?utm_source=4

• Those perfect cars you see in TV ads? Here's the Mad Max machine underneath the CGI. Super cool:
  https://youtu.be/OnBC5bwV5y0

• Boston Dynamics' SpotMini robot helps out around the house. Fascinating:
  https://youtu.be/tf7IEVTDjng

• InfoSec researcher spots an STM skimmer while on vacation in Vienna. Good warning:
  https://youtu.be/ll4f0Wim4pM