 CyberheistNews Vol 6 #46 |
77% Of Ransomware Attacks Bypass Email Filtering
|
.jpg)
Per the results of a recent Barkly survey of sites that were hit by successful ransomware attacks over the past 12 months, 77% of respondents said the attacks bypassed email filtering solutions. The survey also found that 95% of the attacks bypassed the victims’ firewall(s) and 52% bypassed anti-malware solutions.
Following the attacks, most companies improved their security posture and worked on their defense-in-depth: 26% invested in better email filtering, 25% invested in security awareness training services, 20% percent invested in anti-virus solutions, and 17% invested in firewall(s).
Non-cash improvements included 65% of companies responding to the attacks by conducting internal user awareness campaigns, and almost 50% made updates to their existing security policies.
Did you do the math? 90% decided to beef up security awareness training...
An earlier Barkly survey found that while 81 percent of IT pros were confident that backup would provide them with complete recovery from a ransomware attack, less than half of those who were actually attacked were able to recover fully with backup. Ouch.
Ransomware is cybercrime's most profitable criminal business model to date, and the reason is that most organizations don’t have the right security solutions and/or expertise to combat it.
A recent SANS Institute survey of 238 IT security professionals in the financial sector found that ransomware, cited by 55% of respondents, has now eclipsed spear phishing (50%) as the top cyber attack vector.
"Increasing user awareness, information and intelligence sharing, as well as improving overall risk posture, will be key issues that IT security teams must face sooner rather than later," SANS analyst and report author G. Mark Hardy said in a statement:
https://www.sans.org/reading-room/whitepapers/analyst/trenches-2016-survey-security-risk-financial-sector-37337
And to look at actual cash damages, 32% of respondents said they experienced losses of between 100K and 500K because of a ransomware attack.
There is no better way than fully automated new-school security awareness training which allows you to train your users online, and send them frequent randomized simulated phishing attacks to keep them on their toes with security top of mind. Did you know that KnowBe4 has more than 500 known-to-work phishing templates you can use?
Get a quote now and find out how affordable this is for your organization. You will be pleasantly surprised:
https://info.knowbe4.com/kmsat_get_a_quote_now-chn
|
| Scam Of The Week: Fake Apps |
|
The New York Times warned about a new kind of ID theft: App ID theft just in time to deceive holiday shoppers. It's something you need to alert your employees, friends and family about because it can be damaging in several ways.
So-called "retail apps" are cool again, but think before you click! Apple’s App Store is getting crowded with fake impostor apps and Google Play is having the same problem.
The counterfeiters have masqueraded as retail chains like Dollar Tree and Foot Locker, big department stores like Dillard’s and Nordstrom, online product bazaars like Zappos.com and Polyvore, and luxury-goods makers like Jimmy Choo, Christian Dior and Salvatore Ferragamo.
They appear to be legitimate retail store apps — in some cases, they fill a void left by retailers that don’t have apps — but when users install them, the criminals can steal victims’ personal information, or install Trojans that exfiltrate confidential information from smartphones and tablets.
How could this be happening?
Google and Apple's algorithms to keep malware out of the app store are highly automated, and that is where the problem lies. These fake apps don’t have malicious code. They simply aren’t what they say they are, and that takes a human to see. Apple and Google simply cannot keep up.
Consumers initially rejected store-specific apps because there was no real value. Now, like the Starbucks app, these apps have become gift cards with benefits and people love them. So, what changed is “digital stored value” that make apps like debit/credit cards. Other retailers are racing to copy them. Dunkin Donuts was first, then CVS, and now McDonald’s, for example.
The retailers who are most exposed are the ones with no app at all. Dollar Tree and Dillard’s, for example, have no official iPhone apps, which made it easier to lure their customers to the fake apps. Consumers are willingly loading credit cards into these apps, which really opens the door for the scam artists.
So, I suggest you send this to your employees, friends and family. You're welcome to copy/paste/edit:
Watch Out For Fake Apps!
The holidays are here and the scammers are out in full force. Their latest trick is fake apps. Starbucks started the first "retail app", and many stores have followed.
But scammers are now creating fake apps, trick you into downloading them to your smartphone or tablet, and ask you to load your credit card information in these apps. You can guess what happens next.
Here are 5 things to think about
- Be very judicious in deciding what app to download. Better safe than sorry.
- If you *do* decide to download an app, first thing to check is the reviews, apps with few reviews or bad reviews are a big red flag.
- Never click on a link in any email to download a new app. Only go to the website of the retailer to get a link to the legit app on the AppStore or Google Play.
- Give as little information as possible if you decide to use an app.
- Be very, very reluctant to link your credit card to any app!
There is more information about this at the New York Times:
http://www.nytimes.com/2016/11/07/technology/more-iphone-fake-retail-apps-before-holidays.html
|
| Healthcare Sees 20 Data Loss Incidents PER DAY Due To Ransomware |
|
In late October, three of the U.K.’s National Health Service (NHS) hospitals’ computer systems were attacked by malware that forced the hospital to cancel scheduled surgeries and divert trauma patients to other facilities. The hospitals shut down their computer systems in order to fight the virus.
The NHS did not identify the type of malware in the attack, but it was likely a ransomware infection. Organized cybercrime typically targets hospitals, penetrating the whole network and then encrypting as many machines as possible before demanding payment to decrypt the files.
Healthcare Sees 20 Data Loss Incidents PER DAY Due to Ransomware
According to a recent report by Intel Security, the healthcare sector is experiencing over 20 data loss incidents per day related to ransomware attacks. The company said it identified almost $100,000 in payments from hospital ransomware victims to specific bitcoin accounts so far in 2016.
The latest data breach count from the Identity Theft Resource Center (ITRC) reports that there have been 858 data breaches recorded this year through November 8, 2016, and that nearly 30 million records have been exposed since the beginning of the year. The total number of reported breaches increased by 26 since ITRC’s last report on October 19.
The number of breaches in 2015 totaled 781, just two shy of the record 783 breaches that ITRC tracked in 2014. The 809 data breaches reported so far for 2016 are nearly 22% above the number reported (666) for the same period last year. A total of more than 169 million records were exposed in 2015.
Healthcare Staff Lack Basic Cyber Security Awareness
The consequences of a security breach in the healthcare sector can be severe, yet a new survey reveals that healthcare staff are among the most likely to fall victim to social engineering attacks. A study from SecurityScorecard exposes vulnerabilities across 700 healthcare organizations including medical treatment facilities, health insurance agencies and healthcare manufacturing companies.
Whitepaper: Best Practices for Dealing With Phishing and Ransomware
Phishing and ransomware are serious problems that can steal data or disable access to your organization's network. Both ransomware and phishing are increasingly common and are having devastating impacts on organizations of all sizes.
This new Osterman Research whitepaper gives you a variety of best practices that you should follow in order to minimize your potential for becoming a victim of phishing and ransomware.
Among these best practices are implementing security awareness training as your first line of defense. Download the whitepaper now:
https://info.knowbe4.com/whitepaper-osterman-bp-phishing-16
|
Warm Regards,
Stu Sjouwerman |
|
|
|
