CyberheistNews Vol 6 #6 [ALERT] Ransomware Criminals Infect Thousands With Weird WordPress Hack

CyberHeist News
[ALERT] Ransomware Criminals Infect Thousands With Weird WordPress Hack
Stu Sjouwerman

You are getting this issue on Monday instead of Tuesday because this alert is time-critical.

An unexpectedly large number of WordPress websites have been mysteriously compromised and are delivering the TeslaCrypt ransomware to unwitting end-users. Antivirus is not catching this yet.

In the last few days, malware researchers from Malwarebytes and other security firms have reported that a massive number of legit WordPress sites have somehow been compromised and are silently redirecting visitors to sites with the Nuclear Exploit Kit. It's not yet clear how the WordPress sites are getting infected, but it is highly likely that there is a new vulnerability that is being exploited in either WP or a very popular WP plugin.

"WordPress sites are injected with huge blurbs of rogue code that perform a silent redirection to domains appearing to be hosting ads," Malwarebytes Senior Security Researcher Jérôme Segura wrote in a blog post published Wednesday. "This is a distraction (and fraud) as the ad is stuffed with more code that sends visitors to the Nuclear Exploit Kit."

The compromised WordPress sites were hacked and included encrypted code at the end of all legitimate JavaScript files. The malware tries to infect all accessible .js files. The attack tries to conceal itself and the code redirects end-users through a series of sites before dropping the ransomware payload. Once a WP server is infected, the malware also installs a variety of backdoors on the machine.

5 Things To Do If You Run WordPress:

  1. Patch server operating systems.
  2. Patch WordPress.
  3. Get rid of as many WP plugins as possible and patch the current ones.
  4. Update all your WP instances at the same time to prevent cross-infections.
  5. Lock down all WP instances with a very strong password and the WP 2-factor authentication.

5 Things To Do To Protect Your End-Users:

  1. Keep workstation operating systems and 3rd party apps updated at all times.
  2. Backup your data and keep daily off-site backups. Regularly TEST, TEST, TEST if your restore function actually works. The latter is often overlooked.
  3. Provide end-users with the 64-bit version of Google Chrome if possible.
  4. Run the latest V5.5 of Microsoft's Enhanced Mitigation Experience Toolkit (EMET) on workstations.
  5. Step all users through effective security awareness training.

We also have a blog post that covers this alert with links to the resources mentioned in the lists above:

KnowBe4 used to run on WordPress, but we have moved away because of these types of security issues. I'm inviting you to check out our brand new website (and you are invited for a game).

We hid an Easter Egg and the first 20 people that email me with their snail mail address and the correct URL where the Easter Egg is, get a 20 dollar Starbucks Giftcard. Check out the new site:

While you are there, we now have a dedicated page for organizations that have more than 1,000 employees. We have some new special features for large enterprise:

Last but not least, we have a super popular whitepaper called the "Ransomware Hostage Rescue Manual". Get the most complete ransomware manual packed with actionable info that you need to have to prevent infections, and what to do when you are hit with ransomware. Download your 20-page rescue manual now!(PDF):

Don't Miss The February Live Demo: New School Security Awareness Training

Today, your employees are frequently exposed to sophisticated phishing and ransomware attacks. Old school security awareness training doesn’t hack it anymore. More than ever, your users are the weak link in your network security.

Join us on Wednesday, February 10 at 2:00 p.m. (EST) for a 30-minute live product demonstration of the innovative Kevin Mitnick Security Awareness Training Platform and see how easy it is to train and phish your users:

  • Send Simulated Phishing tests to your users and get your Phish-prone percentage.
  • Roll out Training Campaigns for all users (or groups) with follow-up emails to “nudge” users who are incomplete on the training.
  • Point-of-failure training auto-enrollment.
  • NEW Phish Alert Button for Outlook so employees can report phishing attacks.
  • NEW Advanced Reporting to watch your Phish-prone percentage drop, with great ROI.

Find out how thousands of organizations have mobilized their end-users as their first line of defense. Register Now:

Warm Regards,
Stu Sjouwerman

Quotes Of The Week

"Science cannot solve the ultimate mystery of nature. And that is because, in the last analysis, we ourselves are a part of the mystery that we are trying to solve."
- Max Planck - Physicist (1858 - 1947)

"You don't have a soul. You are a Soul. You have a body."- C.S. Lewis

Thanks for reading CyberheistNews

Security News
Survey: Average Successful Hack Nets Less Than 15,000 Dollars:

Finally, some real numbers about hackers and how much (or little) money they make.

CSO said: "The majority of cyber attackers are motivated by money, but make less than 15,000 dollars per successful attack, according to a survey of hackers in the U.S., U.K. and Germany released yesterday by the Ponemon Institute.

The hackers, who were promised anonymity, netted, on average, less than 29,000 dollars a year. "In the more established countries, that is not a lot of money," said Scott Simkin, senior threat intelligence manager at Palo Alto Networks, which sponsored the study. "They're making a quarter of what a cybersecurity professional makes."

Hollywood may be promising them big payouts, he added, but the easy bucks just aren't there. More:

Hospitals Coming Under Increasing Hack Attacks

Read why Joseph Goedert says that hospitals are coming under increasing hacking attacks on Health Data Management: "Phishing created big news in healthcare last year – the really bad kind.

This approach for gaining nefarious access to network credentials was reported to be the cause of two of the biggest attacks reported in the healthcare industry last year – the hack of 78.8 million identities from Anthem, and an additional 11 million identities hacked in a breach at Premera. Read his full article here.

Seven Security Cultures That Can Help Or Hurt Your Organization

This is a great article by Lance Hayden who asks if you know where your security culture is, because some cultures make the job easier than others.

He wrote: "It's hasn't been that long since my book People-Centric Security hit the shelves, but I'm already hearing "the question" pop up in my conversations. "What's the best security culture?"

There's no one answer. "Good" culture depends on what an organization hopes to achieve. But since most security programs follow a first principle of preventing breaches, I can offer some example cultures that are more or less suited ("good" or "bad" approaches) to meeting that goal.

These lists are not ranked, nor are cultures mutually exclusive. No organization has a single culture, and good ones may coexist with bad ones. What is clear is that some cultures are going to make security program success easier, and some not so much.

Good ones:

  • Culture of Reporting
  • Awareness Culture
  • Evidence-based (Security) Management

Bad ones:

  • FUD-driven
  • Cult(ure) of Technology
  • Checkbox Culture
  • Culture of Arrogance

Read it here:

What KnowBe4 Customers Say...

We asked a law firm if they were happy campers and they answered us back with this. It has some very good best practices about dealing with malicious emails so I am sharing this with you:

"Yes, we have been using it and are running campaigns this week. It is keeping our staff on their toes. We had a representative come by from our Professional Liability Insurance Carrier to discuss Cyber Security. He was amazed and very pleased that we were as up to date as we are. His stories scared the "c..p" out of the staff.

"Since we are a law firm, we are constantly sending and receiving attachments and links. Our staff has been trained to question everything. We currently have a policy that any attachments coming in via e-mail or CD or memory stick must first be opened on a non-network computer. We have various wireless machines around the office for this purpose. We would rather risk a standalone system than a production machine when opening things that might be legitimate.

"Anything that is received with a link or attachment in our office is forwarded to an e-mail account which is available on non-production network stand-alone computers using our wireless system. They can open legitimate e-mails there to reduce the chance of damage by clicking on a real "bad guy". Web browsing on our production network system has come to a halt and is only allowed on the wireless system devices.

"We use a court filing system called Eflex which is maintained by the court. We spoofed an email using the court's Eflex information and logo to request that they change their passwords with an imbedded (Click Here) link, due to a recent cyber attack on their Eflex system. No one clicked on this attack, and most sent it to suspect@ourdomain.

"At first the staff resented the fact that a trusted IT person, "ME", had spoofed them by sending a IT password change request with Knowbe4 links, 25+% clicked on it. We later had a serious meeting to discuss the threats, which the entire staff are now taking a lot more seriously after seeing the training videos. Now they seem to enjoy catching "bad guys".

"They have caught various real attacks using their new skills! We also know of more than one law firm in our area that has been attacked with Ransomware and lost data, time and credibility. With your software, we have used spear phishing attacks using our current cases. The attacks are generated solely from information that is readily available on the web."

We will continue random phishing to keep everyone aware of the threats."
- LM, IT Support

Man Turns Tables On Scammers [FUN]

Seth was weary of the calls from bogus Windows support technicians, and decided to, if not get even, at least give them a taste of their own medicine.

"I was really tired [of the calls], and I really hate computer scammers," said Seth, whose last name Computerworld withheld for privacy reasons. "I got fed up."

Like millions of others, Seth had been on the receiving end of scammers' phone calls, who rang up and told him that they were with "Microsoft support" or "Windows support," then proceeded to claim that they had detected malware on his machine.

He grabbed an old box, installed Vista, poisoned it with malware and waited for the next call. This is a fun story. I also smell a business idea!

Cyberheist 'FAVE' LINKS:
This Week's Links We Like, Tips, Hints And Fun Stuff

Subscribe To Our Blog

Cybersecurity Awareness Month Free Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews