| Security News |
| A Slick Phish With A Hidden Surprise |
|
Yesterday one of our customers was hit with a highly targeted phishing attack -- one of the slicker attacks we've seen in a while. Once we started digging into it, though, what we found was even more surprising.
The Phish Email
This customer, which happens to be in the banking industry, received several identical phishing emails that appeared to be specially crafted to fool employees into thinking they were being directed by the bank's own IT staff to install an official security update from Microsoft.
Notice that the email purports to originate from a member of the bank's IT department, who is forwarding to employees a copy of an email he received from Microsoft. This use of framing is a clever ploy to lend legitimacy to what is, in fact, a fake Microsoft email. In other words, employees are being asked to take the word of a member of the bank's IT staff that the fake Microsoft email is actually legitimate and trustworthy.
Read the whole blog post with screenshots and the reveal who was behind it:
https://blog.knowbe4.com/a-slick-phish-with-an-hidden-surprise
|
| A Worrisome Milestone In The Evolution Of Ransomware |
|
Michael Gillespie tweeted: "Whew! ID #Ransomware can now identify 200 ransomware families. :) Sad such a milestone was hit so quickly..." He added a list from the MalwareHunterTeam site, that gets added to dynamically.
Well, if you look at other malware statistics, this is still not even a drop in the bucket. There are millions of virus strains out there so just give it (a little bit of) time to reach the 1,000 ransomware strain count. Unfortunately this is going to be an exponential graph because more and more it will be fully automated, enterprise strength criminal malware creating more strains in an effort to evade detection.
Competing cybercrime mafias show the increasing commoditization of crypto-locking malware and the need for black hat developers to differentiate their wares in what is now an increasingly crowded marketplace.
Kaspersky Labs estimates that between April 2015 and March 2016, there were more than 715,000 ransomware victims worldwide, or an increase of 5.5 times over the preceding 12-month period.
BankInfoSecurity reported that efforts to block the bad guys are ramping up but are still in their infancy. The new European public-private "No More Ransom" project, launched July 2016, reports this week that at least 2,500 ransomware victims were able to download the portal's no-charge decryptor tools.
That was mainly for minor strains like CoinVault, WildFire and Shade, avoiding paying around one 1 million in ransoms, happy project organizers say. However, that's just 0.35 percent of the total number of ransomware victims seen from April 2015 to March of this year.
No More Ransom launched as a joint venture between the Dutch National Police and Europol, as well as security firms Kaspersky Lab and Intel Security, a.k.a. McAfee.
Since then, law enforcement agencies from these 13 countries have also signed up: Bosnia and Herzegovina, Bulgaria, Colombia, France, Hungary, Ireland, Italy, Latvia, Lithuania, Portugal, Spain, Switzerland and the United Kingdom.
Would be nice to see a similar initiative in North America as well!
But for now, every organization is going to be exposed to this type of cyber harassment that is part of a simmering internet cold war between the US, Russia and China.
|
| Tech Support: Story About How We Got Hit |
|
A reader sent us this real story: "We were hacked and hit about 2 weeks ago. Someone in Accounting used her network workstation to browse for a bank to setup a Health Savings Account. She made a mistake by using the wrong PC as she has a wireless non-network unit at her desk that she was supposed to use for e-mail and internet web browsing.
She also typed the domain name incorrectly, which that took her to a domain squatting "Bear Trap" web site designed to look as a web login page for the real bank she was looking for.
She apparently used her e-mail address as her login name. Once she made a connection a nefarious browser screen appeared telling her that if she touched any key, her computer would be erased. She was also instructed to call a telephone number for repairs.
She followed company policy and immediately disconnected the computer from the network, then I was called. I examined her Chrome browsing history and checked on the sites with a Whois lookup. That site resides in the PRC Central Hacking Agency in Guangdong, China.
These are the same people that hacked the US Govt. OPM records and took the complete data on government and active duty military employees. When I arrived on site I was able to do a system restore on her Win10Pro workstation. No further damage seemed apparent at the time, but the original hack was just a prelude of what was to come out of China.
Since our bookkeeper used her e-mail address, The PRC knew that our domain was ---.net and that they had a financial account to attack. The next day we were notified by our web host service provider that the GPU usage was off the charts. They attacked our website, invaded an older copy of WordPress.
They made various changes to our site that forced us to take the whole site off line. The GPU usage in our web host server rose to over 32,000,000 hits and rising. We are still without a web page as this denial of service attack continues.
I am thankful that at least the damage is confined to our Web site. Our web site is just a Yellow Pages dump of static information. It could have been a more damaging ransomware attack. This damage is ongoing."
-- Name withheld to protect the innocent.
This is the kind of problem that can be avoided by new-school security awareness training.
|
| Preventing And Responding To A Healthcare Ransomware Infection |
|
The healthcare industry is a major target for ransomware infections. Expert Ernie Hayden explains how organizations can take steps to prevent and respond to these attacks.
Healthcare organizations are no stranger to cyberattacks, as private health information has become a valuable commodity for hackers. But the threat of a ransomware infection can go beyond a conventional data breach and cause a hospital's operations, for example, to grind to a complete halt.
The first article in this series described the threat of ransomware attacks and explained what it means for healthcare organizations. This article offers advice to those organizations on how to prevent and respond to ransomware infections. Good write-up at TechTarget (registration required):
http://searchsecurity.techtarget.com/tip/Preventing-and-responding-to-a-healthcare-ransomware-infection#.WAj8V1W-8Es.email
|
| Flipping Security Awareness Training |
|
DARKReading has a great article about how you can turn around awareness training into a great tool to better reduce risk for the organization.
"With threats on the rise from both inside and outside organizations, security has become a high priority for the C-suite and the board. Those at the top recognize they need certain types of security technologies to protect the business.
But the IT teams who actually buy and implement those products (and the rest of the employees who are required to use them) might not be aware of the broader security needs of the business. To better reduce risk for the company, the organization as a whole must look at the full picture to identify what problem needs to be fixed, establish a baseline, execute a solution, and measure success and progress.
Today, everyone is a target, which makes it crucial for every employee, regardless of team or job function, to be responsible for understanding security business objectives and staying current on security best practices. These company-wide security awareness tips will help do that."
Great article to add to a budget request for new-school awareness training:
http://www.darkreading.com/endpoint/flipping-security-awareness-training/a/d-id/1327250
|
|
|
|
.jpg)
