 CyberheistNews Vol #6 #44 |
| [ALERT] 14 Million Locky Ransomware Phishing Attacks Sent In One Day |
.jpg)
Doug Olenick at SCMagazine had the scoop: "After lying dormant for a few weeks, Locky bounced back with a vengeance on October 24 with 14 million Locky-laden emails being pumped out in about half a day.
AppRiver's Jon French told Olenick in an email that the bulk of the email campaign ran between 7 a.m. and 1 p.m. with a smaller wave starting up at 4 p.m. and running for three hours into the evening. All of the attacks were likely from the same actors."
The typical ransom price to receive a decryption key for Locky is roughly .5 bitcoin, which is around 340 dollars at this time. The emails sent in the attack attempted to social engineer victims with a “complaint letter” email that had a JavaScript file hidden in a .ZIP attachment.
How vulnerable is your network against ransomware attacks? Find out for no fee.
KnowBe4 has been working hard on something brand new. Bad guys are constantly coming out with new versions of ransomware strains to evade detection. Is your network effective in blocking ransomware when employees fall for social engineering attacks?
KnowBe4’s innovative Ransomware Simulator "RanSim" gives you a quick look at the effectiveness of your existing network protection.
Here's how RanSim works:
- 100% harmless simulation of a real ransomware infection
- Does not use any of your own files
- Tests 5 types of infection scenarios
- Just download the install and run it
- Results in a few minutes!
This will take you 5 minutes at best, and may give you some insights you never expected. Did I mention there is no cost for RanSim?
https://info.knowbe4.com/ransomware-simulator-tool-1chn
|
| Insurance Underwriter Beazley: "Ransomware Attacks Will Be Four Times Higher In 2016" |
|
Need ammo for more IT security budget? This is an excellent article.
The Wall Street Journal is getting ransomware religion. They said: "For companies concerned about the soaring number of ransomware attacks–in which hackers take control of data or systems and demand payment to release them–the good news is such ransoms are typically small, often in the hundreds of dollars.
The bad news list is longer: These attacks are growing in number and sophistication, encouraged by a high payment rate, while regulators still will scrutinize victim companies for data-management and disclosure practices.
Insurance underwriter Beazley released a report Thursday in which it said ransomware attacks will be four times higher in 2016 than last year."
Blog post with links and graphs, and four steps that Beasley recommends to protect your data against ransomware infections:
https://blog.knowbe4.com/insurance-underwriter-beazley-ransomware-attacks-will-be-four-times-higher-in-2016
|
| Scam Of The Week: Tech Support Claims Your Hard Disk Will Be Deleted |
|
Symantec warns that tech support scams are getting more sophisticated by the month: "These scams remain one of the major and evolving forces in the computer security landscape. Between January 1 and April 30 this year, the Internet Crime Complaint Center (IC3) received 3,668 complaints related to tech support scams, which amounted to adjusted losses of almost US 2.27m dollars."
Recently, Symantec has observed a new feature in the tech support scams it is detecting – the use of code obfuscators. Early tech support scams had their entire malicious code clearly visible. Now code obfuscation, which was mostly seen with exploit kits, has made its way to tech support scams.
So, what is this new scam?
A warning that a victim's hard drive will be wiped of all data... unless, of course, they call the fake customer support number. This scam kicks off when a user visits a compromised website. Immediately, it tries to scare the victim with an unusual tactic, Symantec explains:
"The web page displays a fake 'hard drive delete timer' that warns the user that their hard drive will be deleted within five minutes. A warning audio tone is also played in the background, which again warns the user that their system is infected."
The scam also displays a pop-up alert in the browser that the user's computer has been infected by a virus and that they must call a support number to resolve the issue.
I suggest you send this to your employees, friends and family
"Bad guys are coming up with new ways to scam you out of your money all the time. Their latest trick is a Tech Support scam that puts a big warning screen on your computer, claiming that if you do not call the support number, your whole hard disk will be deleted in 5 minutes.
There are variations of this scam that claim they are your Internet Service Provider, or claim to be Microsoft and you need an urgent update you need to call in for, or they show you a blue screen that claims your computer needs to be repaired. There is always a number to call, and these scammers will try to put hundreds of dollars on your credit card.
Don't fall for it! If you see error messages on the screen, follow policy and contact the person in your organization responsible for IT problems. If you see this on a computer at the house, ignore these messages and do not call the fake tech support number!"
From January 1 2016 through October, Symantec’s IPS blocked more than 157 million tech support scams. Their figures also showed that the countries targeted the most by tech support scams were the US, UK and Canada.
PS: For KnowBe4 Customers, did you know we have a new campaign that takes the most recent Scam Of The Week, and sends this automatically to your users? Set-it-and-forget-it! And there is also another new campaign; we take the Top 10 real phishing attacks of the last week, de-fang them, and send random ones to your users to inoculate them.
|
| Ransomware Reaches The Malware Top 3 For The First Time |
|
Locky and Cryptowall Are Now in the Malware Top 10. According to statistics gathered by Check Point, for the first time ever, ransomware has entered the top 3 of today's most dangerous malware.
While everybody knows how dangerous and devastating a ransomware infection can be, the number of affected victims was regularly low, and never large enough to warrant a spot on the top 10, let alone top 3 most dangerous malware families around.
Things changed this summer and autumn when ransomware infections seem to have gone out of control. The ransomware family that made it into the top 3 is none other than Locky.
Locky's prevalence is no surprise, knowing that it received several updates in the past months and is spread via the massive Necurs botnet, which according to recent statistics gathered by MalwareTech, has over 6 million bots ready to send Locky spam.
Check Point's findings regarding Locky's rise in infections are also corroborated by a recent Proofpoint report released last week, which revealed that Locky accounted for 97 percent of all malicious file attachments spread via spam email.
Here is an article at SoftPedia with the full top 10 based on Check Point's data. Only desktop malware is included. The mobile malware top 3 is made up by HummingBad, Triada, and Ztorg. More:
http://news.softpedia.com/news/ransomware-reaches-the-malware-top-3-for-the-first-time-509552.shtml#ixzz4OTdmxmCt
|
| Don’t Miss The November Live Demo: New-School Security Awareness Training |
|
Today, your employees are frequently exposed to sophisticated phishing and ransomware attacks. Old-school security awareness training doesn’t hack it anymore. More than ever, your users are the weak link in your network security.
Join us on Wednesday, November 9, 2016, at 2:00 p.m. (EDT) for a 30-minute live product demonstration of the innovative Kevin Mitnick Security Awareness Training Platform to see the latest features and how easy it is to train and phish your users:
- NEW Active Directory Integration allows you to easily upload and manage users.
- NEW Send Simulated Phishing tests to your users during specified business hours and drive down the Phish-prone percentage of employees.
- Roll out Training Campaigns for all users (or groups) with follow-up emails to “nudge” users who are incomplete on the training.
- Advanced Features: EZXploit™ an internal, fully automated "human pentest". USB Drive Test™ to test reactions to unknown USBs.
- Reporting to watch your Phish-prone percentage drop, with great ROI.
Find out how thousands of organizations have mobilized their end-users as their first line of defense. Register Now:
https://attendee.gotowebinar.com/register/6712523263900180737
|
Warm Regards,
Stu Sjouwerman |
|
|
|
