 CyberheistNews Vol 6 #34 |
| [ALERT] Cerber Ransomware Plague Earns 2 Mil With Just 0.3% Victims Paying Up |
.jpg)
A new report by Check Point software's researchers showed that Cerber's Ransomware-as-a-Service (RaaS) affiliate program is a success with more than 160 participants at current count, and that the combined direct sales plus affiliates was almost 200K in July, despite a victim payment rate of just 0.3%.
That puts it on track to make 2.3 million dollars this year, said Maya Horowitz, group manager of threat intelligence Check Point.
Aspiring criminal affiliates create their own campaigns using the Cerber platform and keep 60 percent of the profits. They also have access to user-friendly management tools, Cerber's Bitcoin laundering architecture, and obviously the malcode itself. Every day eight fresh Cerber ransomware campaigns are launched, Horowitz said.
"My assumption is that this means that there will be more and more such services, more and more attacks, even more than today," she said. And she is right. Just this week Symantec reported on a new RaaS that competes with Cerber. The new ransomware -- dubbed Shark -- is currently available for no charge in underground forums. Novice hackers that use the tool to extort money from victims pay only a 20% cut to the Shark developers.
Check Point researchers identified the IP addresses that infected machines used for data traffic with their C&C servers. They were also able to easily identify that the bad guys are probably based in or near Russia.
"There are no infections in Russian-speaking countries," she said. "And in the configuration of the ransomware, the authors, as default, chose not to operate on machines or PCs that have Russian as their default language."
This is a tried-and-true strategy of not getting picked up by the FSB, today's equivalent of the KGB. As long as you do not hack inside Russia, the Putin kleptocracy leaves you alone.
Follow The Money
What is interesting is that Check Point was able to extract the exact Bitcoin wallets assigned to every victim so that they could track the percentage of people who actually paid the ransom. The next step was to "follow the money" to one ultimate final central wallet through a network of other wallets that are part of Cerber's Bitcoin obfuscation architecture.
"We followed these hundreds of thousands of different wallets," she said. "I think that this is the first time that security researchers can say for sure what percentage of victims pay the ransom."
The people that pay ransom was surprisingly low, compared to earlier estimates by other researchers, but it still pays off handsomely. A small team of four of five specialized cyber criminals can make 300 to 400 grand each per year, which is at least 10 times more than they could make in any legit enterprise where they live.
You wonder if you are in the right business now and then! :-D
|
| FireEye Warns 'Massive' Locky Ransomware Campaign Hits America |
|
The dangerous Locky ransomware is being hurled at a variety of industries, healthcare being the number one target, according to FireEye researcher Ronghwa Chong. We have talked about Locky since it first emerged and this strain is as nasty as it gets. "Throughout August, FireEye Labs has observed a few massive email campaigns distributing Locky ransomware," Chong stated in a blog post.
"The campaigns have affected various industries, with the healthcare industry being hit the hardest based on our telemetry. The volume of Locky ransomware downloaders is increasing and the tools and techniques being used in campaigns are constantly changing." On the KnowBe4 blog is a graph of the volume by day and the payloads.
Ransomware mafias have shifted to DOCM format attachments, each email has a unique campaign code used to download Locky from a command and control server to victim machines, and Chong warned "These latest campaigns are a reminder that users must be cautious when it comes to opening attachments in emails or they run the risk of becoming infected and possibly disrupting business operations." We would agree :-)
Security firm Proofpoint recently confirmed that 69% of email attacks that used malicious document attachments featured Locky ransomware in Q2, compared to 24% Q1. Last month Locky claimed top spot for email-based malware in Q2, overtaking Dridex.
So why did FireEye take an interest in what is really a run-of-the-mill Locky ransomware campaign -- the kind that has been going on every week since, say, April or May? Here's a good guess looking at the following headline in Fortune Magazine: "What FireEye's Stock Crash Says About Hacking."
http://fortune.com/2016/08/05/fireeye-stock-feye-earnings/
Key quote: Mandia said that widespread and persistent breaches designed to spy on a large number of computers—characteristic of cyberespionage and attacks by nation states—are declining, as hackers increasingly turn to ransomware and “extortion attacks,” often in an attempt to steal money, but then exit the network quickly.
“That complexity isn’t that high in ransomware attacks where it’s obvious how you scope it, and what you do about it is sometimes less complex than the tenacious attacks by state-level actors and folks who want to maintain access,” he said.
Of course, that’s not good for FireEye, whose business model is based on responding to those large-scale breaches and selling security software to protect against and detect such threats.
In other words, the APT threat proved to be overblown. It's mass-distributed malware (esp. ransomware) that most companies and organizations have to worry about.
All These Ransomware Strains Rely On Social Engineering
You simply cannot sit back and hope your filters are going to catch it all, they never do. You have to create an additional layer, call it your "human firewall". Thousands of organizations are doing this with great results. Most of you have to do this anyway to be PCI compliant so why not do it right the first time.
Stepping your users through new-school security awareness training is a must, moreover it's simply fun to phish your users and train them not to fall for social engineering attacks!
Find out how affordable this is for your organization and be pleasantly surprised.
https://info.knowbe4.com/enterprise_get_a_quote_now
|
| A Hacker’s Best Friend Is A Helpful Employee |
|
Remember the CyberheistNews issue two weeks ago where I reported on my trip to BlackHat and DEV CON? I talked about the social engineering contest where people get 25 minutes and attack a company using just the phone.
Well, a USA Today reporter was there who wrote a very useful article that you can send to your executives.
It explains in detail how social engineering over the phone works and indirectly how important security awareness training is! Great ammo to get budget, fun, very readable and interesting:
http://www.usatoday.com/story/tech/news/2016/08/15/hacker-social-engineering-defcon-black-hat/88621412/
By the way, I was interviewed by InformationWeek's DARKReading at Blackhat about ransomware, CEO Fraud, social engineering attacks and awareness training. Hear it straight from the horse's mouth:
https://www.knowbe4.com/bh2016
|
| I Need Your Input For A New Training Module: Safe Travel For Executives |
|
Quite a few customers asked us to create a new training module that helps executives travel more securely, related to their mobile devices.
We did our homework, consulted with Kevin Mitnick and isolated the highest risk factors of traveling with smartphones, tablets and laptops. We have identified 17 items that we'd like to know more about from your roadwarriors.
These are travel-related IT security measures like:
- Before you travel
- While traveling
- During flying
- While passing through customs
This survey is 17 simple multiple choice questions, takes 4 minutes and is fully anonymous. Could you send this to your roadwarriors for them to fill out? That would help us a lot in the creation of this important new module. Here is the link to SurveyMonkey:
https://www.surveymonkey.com/r/safetravelforexecutives
Thank you very much in advance!
Warm regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc
|
Five Tips To Help Execute An Employee
Training Program |
|
Really interesting how much focus security awareness training is getting in the tech/security press over the past few weeks. Here's another article with some interesting data, with a key quote:
"Experts suggest that employees may forget 50 percent of training information within one hour of a presentation, 70 percent within 24 hours and an average of 90 percent within a week. When you consider this, it is clear that training once a year or on an ad-hoc basis is not sufficient to ensure information security policies and procedures are being followed." More at:
https://www.helpnetsecurity.com/2016/08/18/employee-training-program/
Next, Employee Awareness Training: Key Component Of IT Security Initiatives
"The reality is that the human element has always been, and will always be, the most challenging aspect of security. Whether staff members intentionally skirt security measures that they feel inhibit productivity or inadvertently take actions that open the digital door to bad actors, people are the proverbial weak link. And cybercriminals know that it is much easier to defeat a person than it is to defeat technology." Learn more:
https://www.helpnetsecurity.com/2016/08/15/employee-awareness-training/
And last, here is a thorough write-up on how to integrate KnowBe4's program as part of the security culture of your organization:
https://knowbe4.zendesk.com/hc/en-us/articles/225574347
|
Warm Regards,
Stu Sjouwerman |
|
|
|
