CyberheistNews Vol 6 #45 [ALERT] 14 Million Locky Ransomware Phishing Attacks Sent In One Day



CyberHeist News CyberheistNews Vol #6 #44
[ALERT] 14 Million Locky Ransomware Phishing Attacks Sent In One Day
Stu Sjouwerman

Doug Olenick at SCMagazine had the scoop: "After lying dormant for a few weeks, Locky bounced back with a vengeance on October 24 with 14 million Locky-laden emails being pumped out in about half a day.

AppRiver's Jon French told Olenick in an email that the bulk of the email campaign ran between 7 a.m. and 1 p.m. with a smaller wave starting up at 4 p.m. and running for three hours into the evening. All of the attacks were likely from the same actors."

The typical ransom price to receive a decryption key for Locky is roughly .5 bitcoin, which is around 340 dollars at this time. The emails sent in the attack attempted to social engineer victims with a “complaint letter” email that had a JavaScript file hidden in a .ZIP attachment.

How vulnerable is your network against ransomware attacks? Find out for no fee.

KnowBe4 has been working hard on something brand new. Bad guys are constantly coming out with new versions of ransomware strains to evade detection. Is your network effective in blocking ransomware when employees fall for social engineering attacks?

KnowBe4’s innovative Ransomware Simulator "RanSim" gives you a quick look at the effectiveness of your existing network protection.

Here's how RanSim works:

  • 100% harmless simulation of a real ransomware infection
  • Does not use any of your own files
  • Tests 5 types of infection scenarios
  • Just download the install and run it
  • Results in a few minutes!

This will take you 5 minutes at best, and may give you some insights you never expected. Did I mention there is no cost for RanSim?
https://info.knowbe4.com/ransomware-simulator-tool-1chn

Insurance Underwriter Beazley: "Ransomware Attacks Will Be Four Times Higher In 2016"

Need ammo for more IT security budget? This is an excellent article.

The Wall Street Journal is getting ransomware religion. They said: "For companies concerned about the soaring number of ransomware attacks–in which hackers take control of data or systems and demand payment to release them–the good news is such ransoms are typically small, often in the hundreds of dollars.

The bad news list is longer: These attacks are growing in number and sophistication, encouraged by a high payment rate, while regulators still will scrutinize victim companies for data-management and disclosure practices.

Insurance underwriter Beazley released a report Thursday in which it said ransomware attacks will be four times higher in 2016 than last year."

Blog post with links and graphs, and four steps that Beasley recommends to protect your data against ransomware infections:
https://blog.knowbe4.com/insurance-underwriter-beazley-ransomware-attacks-will-be-four-times-higher-in-2016

Scam Of The Week: Tech Support Claims Your Hard Disk Will Be Deleted

Symantec warns that tech support scams are getting more sophisticated by the month: "These scams remain one of the major and evolving forces in the computer security landscape. Between January 1 and April 30 this year, the Internet Crime Complaint Center (IC3) received 3,668 complaints related to tech support scams, which amounted to adjusted losses of almost US 2.27m dollars."

Recently, Symantec has observed a new feature in the tech support scams it is detecting – the use of code obfuscators. Early tech support scams had their entire malicious code clearly visible. Now code obfuscation, which was mostly seen with exploit kits, has made its way to tech support scams.

So, what is this new scam?

A warning that a victim's hard drive will be wiped of all data... unless, of course, they call the fake customer support number. This scam kicks off when a user visits a compromised website. Immediately, it tries to scare the victim with an unusual tactic, Symantec explains:

"The web page displays a fake 'hard drive delete timer' that warns the user that their hard drive will be deleted within five minutes. A warning audio tone is also played in the background, which again warns the user that their system is infected."

The scam also displays a pop-up alert in the browser that the user's computer has been infected by a virus and that they must call a support number to resolve the issue.

I suggest you send this to your employees, friends and family

"Bad guys are coming up with new ways to scam you out of your money all the time. Their latest trick is a Tech Support scam that puts a big warning screen on your computer, claiming that if you do not call the support number, your whole hard disk will be deleted in 5 minutes.

There are variations of this scam that claim they are your Internet Service Provider, or claim to be Microsoft and you need an urgent update you need to call in for, or they show you a blue screen that claims your computer needs to be repaired. There is always a number to call, and these scammers will try to put hundreds of dollars on your credit card.

Don't fall for it! If you see error messages on the screen, follow policy and contact the person in your organization responsible for IT problems. If you see this on a computer at the house, ignore these messages and do not call the fake tech support number!"


From January 1 2016 through October, Symantec’s IPS blocked more than 157 million tech support scams. Their figures also showed that the countries targeted the most by tech support scams were the US, UK and Canada.

PS: For KnowBe4 Customers, did you know we have a new campaign that takes the most recent Scam Of The Week, and sends this automatically to your users? Set-it-and-forget-it! And there is also another new campaign; we take the Top 10 real phishing attacks of the last week, de-fang them, and send random ones to your users to inoculate them.

Ransomware Reaches The Malware Top 3 For The First Time

Locky and Cryptowall Are Now in the Malware Top 10. According to statistics gathered by Check Point, for the first time ever, ransomware has entered the top 3 of today's most dangerous malware.

While everybody knows how dangerous and devastating a ransomware infection can be, the number of affected victims was regularly low, and never large enough to warrant a spot on the top 10, let alone top 3 most dangerous malware families around.

Things changed this summer and autumn when ransomware infections seem to have gone out of control. The ransomware family that made it into the top 3 is none other than Locky.

Locky's prevalence is no surprise, knowing that it received several updates in the past months and is spread via the massive Necurs botnet, which according to recent statistics gathered by MalwareTech, has over 6 million bots ready to send Locky spam.

Check Point's findings regarding Locky's rise in infections are also corroborated by a recent Proofpoint report released last week, which revealed that Locky accounted for 97 percent of all malicious file attachments spread via spam email.

Here is an article at SoftPedia with the full top 10 based on Check Point's data. Only desktop malware is included. The mobile malware top 3 is made up by HummingBad, Triada, and Ztorg. More:
http://news.softpedia.com/news/ransomware-reaches-the-malware-top-3-for-the-first-time-509552.shtml#ixzz4OTdmxmCt

Don’t Miss The November Live Demo: New-School Security Awareness Training

Today, your employees are frequently exposed to sophisticated phishing and ransomware attacks. Old-school security awareness training doesn’t hack it anymore. More than ever, your users are the weak link in your network security.

Join us on Wednesday, November 9, 2016, at 2:00 p.m. (EDT) for a 30-minute live product demonstration of the innovative Kevin Mitnick Security Awareness Training Platform to see the latest features and how easy it is to train and phish your users:

    • NEW Active Directory Integration allows you to easily upload and manage users.
    • NEW Send Simulated Phishing tests to your users during specified business hours and drive down the Phish-prone percentage of employees.
    • Roll out Training Campaigns for all users (or groups) with follow-up emails to “nudge” users who are incomplete on the training.
    • Advanced Features: EZXploit™ an internal, fully automated "human pentest". USB Drive Test™ to test reactions to unknown USBs.

    • Reporting to watch your Phish-prone percentage drop, with great ROI.

Find out how thousands of organizations have mobilized their end-users as their first line of defense. Register Now:
https://attendee.gotowebinar.com/register/6712523263900180737

Warm Regards,
Stu Sjouwerman

Quotes Of The Week

"You'll do more GOOD if you aim to SERVE more than you aim to PLEASE."
- Chris Edmonds

"Correction does much, but encouragement does more."
- Johann Wolfgang von Goethe

"and KnowBe4 is half the battle"- Andrew Dimino


Thanks for reading CyberheistNews


Security News
82% Of Email Servers Are Misconfigured, Allowing Domain Spoofing

We analyzed more than 10,000 email servers and found that 82% of these servers were misconfigured.

What do we mean by misconfigured?

One of the most common security issues – spoofing – is frequently set up incorrectly, allowing a cybercriminal to impersonate an employee, or worse, a key executive. We've worked with thousands of IT managers to determine whether their servers allow spoofed emails to enter an organization disguised as coming from a company’s own domain. Those that are set up incorrectly allow phishing attacks in, making the organization an easy target.

Here's how cybercriminals exploit the issue:

A typical scenario is a spoofed email that looks like it comes from the IT administrator or “IT” asking an employee to update their email account credentials. The uneducated employee fills out their username and password credentials thinking they are complying with a request, missing the telltale signs of a phishing attack with a spoofed email address. This can lead to any number of nefarious scenarios, including a ransomware attack where all computers on the company network are hijacked.

We use a number of customizable email templates for simulated phishing attacks on users. Out of more than three million simulated phishing attacks sent out in Q3 2016, here are the top ten phishing subject lines that employees are most likely to click on.

The list is at the KnowBe4 Blog, and this post also has a complimentary offer to check your own email server for configuration issues:
https://blog.knowbe4.com/82-of-email-servers-allow-domain-spoofing

How To Build A Strong Security Awareness Program

To become more secure, focus your training and manage your top risks. Lance Spitzner, well-known for running SANS' securing the human program wrote a great article in DARKReading:

"At the Security Awareness Summit this August in San Francisco, a video clip was shown that highlights the need to develop holistic security awareness. The segment showed an employee being interviewed as a subject matter expert in his office cubicle. Unfortunately, all his usernames and passwords were on sticky notes behind him, facing the camera and audience for all to see.

I bring this story up not to pick on this poor chap but to highlight the fact that security awareness is about human behavior, first and foremost. Understand that point and you are well on your way to building a more secure culture and organization."

Read about the top three things he recommends you look at first:

  1. Phishing
  2. Passwords
  3. Accidental

These top three are a good start, but what's important is managing the risk presented by humans in and around your organization, so take the time to understand what matters for your company and create your own top three:
http://www.darkreading.com/operations/how-to-build-a-strong-security-awareness-program/a/d-id/1327314

NetworkWorld New Products Of The Week 10.24.16

Ryan Francis at NetworkWorld selected some interesting new products you should check out. Their roundup of has intriguing tools from companies such as Barracuda, KnowBe4 and Watchguard. Check out the new Ransomware Simulator you can use to see if your current endpoint protects you against 5 ransomware scenarios. See the slideshow here, and keep clicking to at least #13!
http://www.networkworld.com/article/3133966/cloud-computing/new-products-of-the-week-10-24-16.html

Millennials Changing The Face Of Cybersecurity

It's official — there are now more millennials than baby boomers and their influence on information security is starting to have its impact, according to a recent report from LaunchTech that was commissioned by Forcepoint.

According to the report, nearly two-thirds of the 670 participants use personal devices for their private and company work, while 32 percent said they access social media at work. Another 32 percent download third-party apps for productivity while 20 percent said they do not notify the IT department about those apps.

From a security perspective, half of the respondents reported a breach or infection in the past two years, while 20 percent admit to using public Wi-Fi to check banking information or paying bills online.

Nearly half — 45 percent — report that they have received no security training at all. Yikes! Not a good statistic. You gotta train those end-users to not click on links or open infected attachments. More:
http://www.scmagazine.com/millennials-changing-the-face-of-cybersecurity/article/568679/


Cyberheist 'FAVE' LINKS:
This Week's Links We Like, Tips, Hints And Fun Stuff




Subscribe To Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews