CyberheistNews Vol 6 #46 77% Of Ransomware Attacks Bypass Email Filtering

CyberHeist News CyberheistNews Vol 6 #46
77% Of Ransomware Attacks Bypass Email Filtering
Stu Sjouwerman

Per the results of a recent Barkly survey of sites that were hit by successful ransomware attacks over the past 12 months, 77% of respondents said the attacks bypassed email filtering solutions. The survey also found that 95% of the attacks bypassed the victims’ firewall(s) and 52% bypassed anti-malware solutions.

Following the attacks, most companies improved their security posture and worked on their defense-in-depth: 26% invested in better email filtering, 25% invested in security awareness training services, 20% percent invested in anti-virus solutions, and 17% invested in firewall(s).

Non-cash improvements included 65% of companies responding to the attacks by conducting internal user awareness campaigns, and almost 50% made updates to their existing security policies.

Did you do the math? 90% decided to beef up security awareness training...

An earlier Barkly survey found that while 81 percent of IT pros were confident that backup would provide them with complete recovery from a ransomware attack, less than half of those who were actually attacked were able to recover fully with backup. Ouch.

Ransomware is cybercrime's most profitable criminal business model to date, and the reason is that most organizations don’t have the right security solutions and/or expertise to combat it.

A recent SANS Institute survey of 238 IT security professionals in the financial sector found that ransomware, cited by 55% of respondents, has now eclipsed spear phishing (50%) as the top cyber attack vector.

"Increasing user awareness, information and intelligence sharing, as well as improving overall risk posture, will be key issues that IT security teams must face sooner rather than later," SANS analyst and report author G. Mark Hardy said in a statement:

And to look at actual cash damages, 32% of respondents said they experienced losses of between 100K and 500K because of a ransomware attack.

There is no better way than fully automated new-school security awareness training which allows you to train your users online, and send them frequent randomized simulated phishing attacks to keep them on their toes with security top of mind. Did you know that KnowBe4 has more than 500 known-to-work phishing templates you can use?

Get a quote now and find out how affordable this is for your organization. You will be pleasantly surprised:

Scam Of The Week: Fake Apps

The New York Times warned about a new kind of ID theft: App ID theft just in time to deceive holiday shoppers. It's something you need to alert your employees, friends and family about because it can be damaging in several ways.

So-called "retail apps" are cool again, but think before you click! Apple’s App Store is getting crowded with fake impostor apps and Google Play is having the same problem.

The counterfeiters have masqueraded as retail chains like Dollar Tree and Foot Locker, big department stores like Dillard’s and Nordstrom, online product bazaars like and Polyvore, and luxury-goods makers like Jimmy Choo, Christian Dior and Salvatore Ferragamo.

They appear to be legitimate retail store apps — in some cases, they fill a void left by retailers that don’t have apps — but when users install them, the criminals can steal victims’ personal information, or install Trojans that exfiltrate confidential information from smartphones and tablets.

How could this be happening?

Google and Apple's algorithms to keep malware out of the app store are highly automated, and that is where the problem lies. These fake apps don’t have malicious code. They simply aren’t what they say they are, and that takes a human to see. Apple and Google simply cannot keep up.

Consumers initially rejected store-specific apps because there was no real value. Now, like the Starbucks app, these apps have become gift cards with benefits and people love them. So, what changed is “digital stored value” that make apps like debit/credit cards. Other retailers are racing to copy them. Dunkin Donuts was first, then CVS, and now McDonald’s, for example.

The retailers who are most exposed are the ones with no app at all. Dollar Tree and Dillard’s, for example, have no official iPhone apps, which made it easier to lure their customers to the fake apps. Consumers are willingly loading credit cards into these apps, which really opens the door for the scam artists.

So, I suggest you send this to your employees, friends and family. You're welcome to copy/paste/edit:

Watch Out For Fake Apps!

The holidays are here and the scammers are out in full force. Their latest trick is fake apps. Starbucks started the first "retail app", and many stores have followed.

But scammers are now creating fake apps, trick you into downloading them to your smartphone or tablet, and ask you to load your credit card information in these apps. You can guess what happens next.

Here are 5 things to think about

  1. Be very judicious in deciding what app to download. Better safe than sorry.
  2. If you *do* decide to download an app, first thing to check is the reviews, apps with few reviews or bad reviews are a big red flag.
  3. Never click on a link in any email to download a new app. Only go to the website of the retailer to get a link to the legit app on the AppStore or Google Play.
  4. Give as little information as possible if you decide to use an app.
  5. Be very, very reluctant to link your credit card to any app!

There is more information about this at the New York Times:

Healthcare Sees 20 Data Loss Incidents PER DAY Due To Ransomware

In late October, three of the U.K.’s National Health Service (NHS) hospitals’ computer systems were attacked by malware that forced the hospital to cancel scheduled surgeries and divert trauma patients to other facilities. The hospitals shut down their computer systems in order to fight the virus.

The NHS did not identify the type of malware in the attack, but it was likely a ransomware infection. Organized cybercrime typically targets hospitals, penetrating the whole network and then encrypting as many machines as possible before demanding payment to decrypt the files.

Healthcare Sees 20 Data Loss Incidents PER DAY Due to Ransomware

According to a recent report by Intel Security, the healthcare sector is experiencing over 20 data loss incidents per day related to ransomware attacks. The company said it identified almost $100,000 in payments from hospital ransomware victims to specific bitcoin accounts so far in 2016.

The latest data breach count from the Identity Theft Resource Center (ITRC) reports that there have been 858 data breaches recorded this year through November 8, 2016, and that nearly 30 million records have been exposed since the beginning of the year. The total number of reported breaches increased by 26 since ITRC’s last report on October 19.

The number of breaches in 2015 totaled 781, just two shy of the record 783 breaches that ITRC tracked in 2014. The 809 data breaches reported so far for 2016 are nearly 22% above the number reported (666) for the same period last year. A total of more than 169 million records were exposed in 2015.

Healthcare Staff Lack Basic Cyber Security Awareness

The consequences of a security breach in the healthcare sector can be severe, yet a new survey reveals that healthcare staff are among the most likely to fall victim to social engineering attacks. A study from SecurityScorecard exposes vulnerabilities across 700 healthcare organizations including medical treatment facilities, health insurance agencies and healthcare manufacturing companies.

Whitepaper: Best Practices for Dealing With Phishing and Ransomware

Phishing and ransomware are serious problems that can steal data or disable access to your organization's network. Both ransomware and phishing are increasingly common and are having devastating impacts on organizations of all sizes.

This new Osterman Research whitepaper gives you a variety of best practices that you should follow in order to minimize your potential for becoming a victim of phishing and ransomware.

Among these best practices are implementing security awareness training as your first line of defense. Download the whitepaper now:

Warm Regards,
Stu Sjouwerman

Quotes Of The Week

"Any man can make mistakes, but only an idiot persists in his error."- Marcus Tullius Cicero - Orator and Statesman (106 - 43 BC)

"Divide each difficulty into as many parts as is feasible and necessary to resolve it."- René Descartes - Philosopher (1596 - 1650)

"AI is the new electricity. Just as 100 years ago electricity transformed industry after industry, AI will now do the same."- Andrew Ng

Thanks for reading CyberheistNews

Security News
New Locky Ransomware Phishing Attack: "Credit Card Suspended" And "Suspicious Money Movements".

Phishme was the first to report on a new Locky ransomware phishing attack where the emails claim to be "credit card suspended" and "suspicious money movement" warnings.

Attached to the email is a ZIP file containing a malicious JavaScript file (.JS), that if the employee opens it, downloads the most recent version of the Locky ransomware from a remote server from one of five different URLs.

Next, the ransomware is executed without any further user interaction. Some anti-virus products detect the malicious JavaScript as Trojan.JS.Downloader.GXW, but that changes on a regular basis.

The Locky cybercriminals are well-organized and highly automated. They change the names and contact details used in these phishing emails so you cannot rely on them being the same. At the moment they seem to come from the Office of Personnel Management, which was hacked and 22 million records of U.S. Government workers were stolen.

Have your defense-in-depth fully in place, have weapons-grade backups, and patch all Operating Systems and Third Party software religiously. More info and screenshots at the KnowBe4 blog:

Exclusive – Cyber Security In The Trump Administration: An Interview With Lt. Gen Michael Flynn

Paul at the Security Ledger wrote: "In-brief - In this special Security Ledger podcast, I interview Lt. Gen. Michael Flynn (Ret), a top advisor to President Elect Donald Trump about his thoughts on cyber defense and improving the security of government and commercial systems.

In the days since Republican candidate Donald Trump scored a surprise electoral college victory over Hillary Clinton to become the President Elect of the United States, much attention has been given to where the notoriously shifty Trump might come down on the issue of cyber security.

Candidate Trump devoted at least one address to the topic and just days before the election reiterated an earlier pledge to do a top-down review of government systems with a “cyber review” team.

If we want to know what kinds of policies and priorities President Trump might have in regard to cyber security, a good place to start is with his advisors. And one of his closest advisors has been Retired General Michael Flynn, a retired United States Army lieutenant general who served as the director of the Defense Intelligence Agency and as a chair of the Military Intelligence Board between 2012 and 2014. Prior to that, he served as Assistant Director of National Intelligence. Here it is:

Microsoft: "Windows 10 Version 1607 Is The Most Secure Windows Ever"

Paul Thurrott said: "In tandem with the release of a new security white paper, Microsoft is claiming that Windows 10 version 1607 is the most secure version of Windows yet.

“Every day cybercriminals test new ways to attack and gain control of your PC,” a Microsoft representative told me. “In the last 12 months alone, the number of ransomware variants in the wild have more than doubled. Because Microsoft understands how destructive ransomware can be, the company has developed and incorporated multiple solutions into its technologies to help protect your PC. The Windows 10 Anniversary Update comes with enhanced security features that make this OS the most secure and more ransomware-resilient than ever.”

Microsoft has published a new white paper called Ransomware Protection in the Windows 10 Anniversary Update that details how the latest Windows 10 version helps to protect all of its customers, from consumers to businesses. But in a separate blog post, it also makes its case for why Windows 10 version 1607—that is, Windows 10 with the Anniversary Update installed—is the most secure Windows version yet.

Improvements in this release include:

  • Browser hardening.
  • Windows Defender improvements.
  • Windows Defender Advanced Threat Protection.

More, and link to the Redmond whitepaper at Thurrott's site:

Redmond can say what they want about ransomware protection in the OS itself, but that does not bear out in reality. Running the new KnowBe4 Ransomware Simulator (RanSim) shows that all 5 testing scenarios are successful on Win 10 v1607. You can download the no-charge RanSim here and see this for yourself:

Cyberheist 'FAVE' LINKS:
This Week's Links We Like, Tips, Hints And Fun Stuff

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews