CyberheistNews Vol 7 #20
[URGENT ALERT] Fight Back Against This Ransomware WMD NOW 
Ransomware Attack Uses NSA 0-Day Exploits to Go on Worldwide Rampage
Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, called the attack "the biggest ransomware outbreak in history." This is a cyber pandemic caused by a ransomware weapon of mass destruction.
In the Jan 3, 2017 issue of CyberheistNews, we predicted that 2017 would be the year where we'd see a "ransomworm" like this. Unfortunately, it's here.
The First Thing to Do: Email Your Users
I suggest you send the following to your employees, friends, and family. You're welcome to copy, paste, and/or edit:
"You may have seen the news this weekend. Criminal hackers have released a new strain of ransomware that spreads itself automatically across all workstations in a network, causing a global epidemic. If you or a co-worker are not paying attention and accidentally open one of these phishing email attachments, you might infect not only your own workstation, but immediately everyone else's computer too.
Be very careful when you get an email with an attachment you did not ask for. If there is a .zip file in the attachment, do not click on it but delete the whole email. Remember: "When in doubt, throw it out!"
Optional if you use the complimentary KnowBe4 Phish Alert Button: "When you see a suspicious email, click on the Phish Alert Button, which forwards this email to the IT team and safely deletes it at the same time."
Hundreds of Thousands Machines Infected Worldwide
FedEx Corp, Renault, Nissan, Russian banks, gas stations in China, and Spanish telecommunications firm Telefonica which reported 85% of their systems being down as a result of a cyberattack earlier today, and ironically the Russian Interior ministry had 1,000 machines encrypted. Even the German Railways were infected.
Dozens of hospitals in the UK were shut down. Cybersecurity experts have long used the phrase "where bits and bytes meet flesh and blood," which signifies a cyberattack in which someone is physically harmed. This monster has infected hundreds of thousands of systems in more than 150 countries. Monday morning when people get back to work, these numbers will only go up.
SUMMARY:
Yet unknown cyber criminals have taken an NSA 0-day threat and weaponized a ransomware strain so that it replicates like a worm and takes over the whole network using the SMBV1 protocol. There is a 2-month old Microsoft patch that urgently needs to be applied if you have not done that already.
I suggest you immediately look into this and patch your systems before your users fall for this phishing attack. Here is a blog post with:
• All the updated details
• Infection maps
• How to detect it on your network
• Video with a live network infection
• Links to patches
• Technical deep-dive background
• Workarounds if you cannot patch
• Prevention Steps
• And more...
This blog post is being updated close to real-time: https://blog.knowbe4.com/ransomware-attack-uses-nsa-0-day-exploits-to-go-on-worldwide-rampage
On the same page is an option to download a complimentary tool to check if your endpoint security software protects you against ransomware infections, the tool is called 'RanSim' - or you can get it here right away: https://info.knowbe4.com/ransomware-simulator-tool-1chn
This is a bad one. Let's stay safe out there.
Warm regards,
Stu Sjouwerman,
Founder and CEO
KnowBe4, Inc.
Ransomware Attack Uses NSA 0-Day Exploits to Go on Worldwide Rampage
Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, called the attack "the biggest ransomware outbreak in history." This is a cyber pandemic caused by a ransomware weapon of mass destruction.
In the Jan 3, 2017 issue of CyberheistNews, we predicted that 2017 would be the year where we'd see a "ransomworm" like this. Unfortunately, it's here.
The First Thing to Do: Email Your Users
I suggest you send the following to your employees, friends, and family. You're welcome to copy, paste, and/or edit:
"You may have seen the news this weekend. Criminal hackers have released a new strain of ransomware that spreads itself automatically across all workstations in a network, causing a global epidemic. If you or a co-worker are not paying attention and accidentally open one of these phishing email attachments, you might infect not only your own workstation, but immediately everyone else's computer too.
Be very careful when you get an email with an attachment you did not ask for. If there is a .zip file in the attachment, do not click on it but delete the whole email. Remember: "When in doubt, throw it out!"
Optional if you use the complimentary KnowBe4 Phish Alert Button: "When you see a suspicious email, click on the Phish Alert Button, which forwards this email to the IT team and safely deletes it at the same time."
Hundreds of Thousands Machines Infected Worldwide
FedEx Corp, Renault, Nissan, Russian banks, gas stations in China, and Spanish telecommunications firm Telefonica which reported 85% of their systems being down as a result of a cyberattack earlier today, and ironically the Russian Interior ministry had 1,000 machines encrypted. Even the German Railways were infected.
Dozens of hospitals in the UK were shut down. Cybersecurity experts have long used the phrase "where bits and bytes meet flesh and blood," which signifies a cyberattack in which someone is physically harmed. This monster has infected hundreds of thousands of systems in more than 150 countries. Monday morning when people get back to work, these numbers will only go up.
SUMMARY:
Yet unknown cyber criminals have taken an NSA 0-day threat and weaponized a ransomware strain so that it replicates like a worm and takes over the whole network using the SMBV1 protocol. There is a 2-month old Microsoft patch that urgently needs to be applied if you have not done that already.
I suggest you immediately look into this and patch your systems before your users fall for this phishing attack. Here is a blog post with:
• All the updated details
• Infection maps
• How to detect it on your network
• Video with a live network infection
• Links to patches
• Technical deep-dive background
• Workarounds if you cannot patch
• Prevention Steps
• And more...
This blog post is being updated close to real-time: https://blog.knowbe4.com/ransomware-attack-uses-nsa-0-day-exploits-to-go-on-worldwide-rampage
On the same page is an option to download a complimentary tool to check if your endpoint security software protects you against ransomware infections, the tool is called 'RanSim' - or you can get it here right away: https://info.knowbe4.com/ransomware-simulator-tool-1chn
This is a bad one. Let's stay safe out there.
Warm regards,
Stu Sjouwerman,
Founder and CEO
KnowBe4, Inc.
Do You Live Below the Cybersecurity Poverty Line?
SAN FRANCISCO — After attending a meeting with the Health and Human Services Department and security experts, Kaiser Permanente Chief Technology Risk Officer George DeCesare came away with a startling realization.
“Seventy-five percent of the healthcare industry is below the cybersecurity poverty line,” DeCesare said at the HIMSS and Healthcare IT News Privacy & Security Forum on Thursday.
But here’s the rub: Unlike the federal poverty line based on household income, there is no clear definition of what the cybersecurity poverty line is. But DeCesare explained that it’s a matter of either investing enough to protect your patient data or not investing adequately.
It’s going to become more important than ever to remain above that poverty line in 2017, 2018 and the years ahead. Full article at Healthcare IT news, and this is NOT only for healthcare!
http://www.healthcareitnews.com/news/75-health-orgs-live-below-cybersecurity-poverty-line
SAN FRANCISCO — After attending a meeting with the Health and Human Services Department and security experts, Kaiser Permanente Chief Technology Risk Officer George DeCesare came away with a startling realization.
“Seventy-five percent of the healthcare industry is below the cybersecurity poverty line,” DeCesare said at the HIMSS and Healthcare IT News Privacy & Security Forum on Thursday.
But here’s the rub: Unlike the federal poverty line based on household income, there is no clear definition of what the cybersecurity poverty line is. But DeCesare explained that it’s a matter of either investing enough to protect your patient data or not investing adequately.
It’s going to become more important than ever to remain above that poverty line in 2017, 2018 and the years ahead. Full article at Healthcare IT news, and this is NOT only for healthcare!
http://www.healthcareitnews.com/news/75-health-orgs-live-below-cybersecurity-poverty-line
Live Webinar: Best Practices and Future Direction of Security Awareness Training
While reported numbers fluctuate from industry study to industry study, they all agree on one thing: cybercriminals are successfully and consistently exploiting human nature to accomplish their goals.
Prudent security leaders know that security awareness and training is key to strengthening their ‘human firewall’ – but they often don’t know where to start.
Join security awareness expert Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4 and former Gartner Research Analyst for this live webinar “Best Practices and Future Direction of Security Awareness Training”. We will discuss emerging industry trends and provide actionable information you need to train your last line of defense, your employees.
Perry will cover these topics:
Register Now! https://register.gotowebinar.com/register/4096453053252124163
While reported numbers fluctuate from industry study to industry study, they all agree on one thing: cybercriminals are successfully and consistently exploiting human nature to accomplish their goals.
Prudent security leaders know that security awareness and training is key to strengthening their ‘human firewall’ – but they often don’t know where to start.
Join security awareness expert Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4 and former Gartner Research Analyst for this live webinar “Best Practices and Future Direction of Security Awareness Training”. We will discuss emerging industry trends and provide actionable information you need to train your last line of defense, your employees.
Perry will cover these topics:
- Practical security awareness and behavior management tips
- Outline how and where tools are helpful
- Discuss emerging industry trends
- How to create a ‘human firewall’
Register Now! https://register.gotowebinar.com/register/4096453053252124163
President Trump Has Just Signed an Executive Order Regarding Cyber Security
This new executive order mandates that every federal agency within 90 days must submit a report describing, (among other things), their plan for implementing the NIST Cybersecurity Framework. The NIST CSF seems to be the new general cybersecurity standard going forward.
The next thing to be aware of is the New York State - Department of Financial Services - 23 NYCCR 500 Cybersecurity Requirements. Here are two links that cover this:
1. Is a list of key dates when this is enforceable:
http://www.dfs.ny.gov/about/cybersecurity.htm
2. Some background on the framework:
https://corpgov.law.harvard.edu/2017/01/10/nydfs-reversal-of-its-proposed-cybersecurity-regulation-for-financial-services-companies/
Of course a large part of NYCCR is in line with the NIST CSF framework, but specific to financial industries regulated by the NYDFS. But unlike the NIST CSF this is actually being required along with an enforceable deadline.
Luckily, we can help with this, whether you are following the NIST CSF, NYDFS, or any other framework. We recently added the Template for the NIST CSF framework to KnowBe4 Compliance Manager, and other compliance templates were also added:
• Cloud Security Alliance - Cloud Controls Matrix 3
• FDA 21 CFR Part 11 Requirements for Electronic Records
But How Do You Keep Track of These Hundreds of Controls?
Here is a great way to get through audits in half the time and at half the cost. The KnowBe4 Compliance Manager (KCM) simplifies the complexity of getting compliant and eases your burden of staying compliant year round:
https://www.knowbe4.com/demo_kcm
This new executive order mandates that every federal agency within 90 days must submit a report describing, (among other things), their plan for implementing the NIST Cybersecurity Framework. The NIST CSF seems to be the new general cybersecurity standard going forward.
The next thing to be aware of is the New York State - Department of Financial Services - 23 NYCCR 500 Cybersecurity Requirements. Here are two links that cover this:
1. Is a list of key dates when this is enforceable:
http://www.dfs.ny.gov/about/cybersecurity.htm
2. Some background on the framework:
https://corpgov.law.harvard.edu/2017/01/10/nydfs-reversal-of-its-proposed-cybersecurity-regulation-for-financial-services-companies/
Of course a large part of NYCCR is in line with the NIST CSF framework, but specific to financial industries regulated by the NYDFS. But unlike the NIST CSF this is actually being required along with an enforceable deadline.
Luckily, we can help with this, whether you are following the NIST CSF, NYDFS, or any other framework. We recently added the Template for the NIST CSF framework to KnowBe4 Compliance Manager, and other compliance templates were also added:
• Cloud Security Alliance - Cloud Controls Matrix 3
• FDA 21 CFR Part 11 Requirements for Electronic Records
But How Do You Keep Track of These Hundreds of Controls?
Here is a great way to get through audits in half the time and at half the cost. The KnowBe4 Compliance Manager (KCM) simplifies the complexity of getting compliant and eases your burden of staying compliant year round:
- Quick Implementation with Compliance Templates - Pre-built requirements templates for the most widely used regulations like NIST.
- Enable Users to Get the Job Done - You can assign responsibility for controls to the users who are responsible for maintaining them.
- Dashboards with Automated Reminders - Quickly see what tasks have been completed, not met, and past due. With automated email reminders, your users can stay ahead of any gaps in compliance.
https://www.knowbe4.com/demo_kcm
Warm Regards,
Stu Sjouwerman
Quotes of the Week
"To be yourself in a world that is constantly trying to make you something else is the greatest accomplishment." - Ralph Waldo Emerson
"I pay no attention whatever to anybody's praise or blame. I simply follow my own feelings."
- Wolfgang Amadeus Mozart
Thanks for reading CyberheistNews
"I pay no attention whatever to anybody's praise or blame. I simply follow my own feelings."
- Wolfgang Amadeus Mozart
Thanks for reading CyberheistNews
Security News
What’s a Good Password? NIST Says One That Hasn’t Been Stolen
The Security Ledger said: "What’s a good password? According to new guidelines from NIST: it’s one that hasn’t already been stolen by hackers.
Draft guidance from NIST on the creation of digital identities (NIST SP800-63b) released this week said that companies should vet any new passwords against lists of common passwords and those that have already been leaked as a result of data breaches. Exempting such passwords from the options available to users will improve account security more than arbitrary rules designed to create random-looking passwords, NIST said."
KnowBe4’s complimentary Weak Password Test (WPT) checks your Active Directory for several different types of weak password related threats.
WPT gives you a quick look at the effectiveness of your password policies and any fails so that you can take action. WPT tests against 10 types of weak password related threats for example; Weak, Duplicate, Empty, Never Expires, plus 6 more.
Here's how Weak Password Test works:
A recent IT pro who used WPT said: "Hi Nicole, it worked perfectly. There are definitely going to be some changes coming, especially in our production plant. Thanks to the results, there’s going to be a clean-up of Active Directory, both computer and user accounts.
I can’t thank you and KnowBe4 enough for the continued work, to help businesses secure their data and help mitigate the flood of attacks that have occurred in the very recent past."
Download Now:
https://info.knowbe4.com/weak-password-test-chn
Full article:
https://securityledger.com/2017/05/whats-a-good-password-nist-says-one-that-hasnt-been-stolen/
The Security Ledger said: "What’s a good password? According to new guidelines from NIST: it’s one that hasn’t already been stolen by hackers.
Draft guidance from NIST on the creation of digital identities (NIST SP800-63b) released this week said that companies should vet any new passwords against lists of common passwords and those that have already been leaked as a result of data breaches. Exempting such passwords from the options available to users will improve account security more than arbitrary rules designed to create random-looking passwords, NIST said."
KnowBe4’s complimentary Weak Password Test (WPT) checks your Active Directory for several different types of weak password related threats.
WPT gives you a quick look at the effectiveness of your password policies and any fails so that you can take action. WPT tests against 10 types of weak password related threats for example; Weak, Duplicate, Empty, Never Expires, plus 6 more.
Here's how Weak Password Test works:
- Reports on the accounts that are affected
- Tests against 10 types of weak password related threats
- Does not show/report on the actual passwords of accounts
- Just download the install and run it
- Results in a few minutes
A recent IT pro who used WPT said: "Hi Nicole, it worked perfectly. There are definitely going to be some changes coming, especially in our production plant. Thanks to the results, there’s going to be a clean-up of Active Directory, both computer and user accounts.
I can’t thank you and KnowBe4 enough for the continued work, to help businesses secure their data and help mitigate the flood of attacks that have occurred in the very recent past."
Download Now:
https://info.knowbe4.com/weak-password-test-chn
Full article:
https://securityledger.com/2017/05/whats-a-good-password-nist-says-one-that-hasnt-been-stolen/
5 Things You Need to Know About the Small Business Cybersecurity Act
The U.S. Senate is poised to consider passage of the MAIN STREET Cybersecurity Act of 2017 to require the National Institute of Standards and Technology (NIST) to support better cybersecurity among small businesses, JD Supra reports.
Citing the National Cyber Security Alliance, the Act says that 60 percent of small businesses are put out of business within six months of a cyberattack, making their protection vital to the U.S. economy. The Committee on Commerce, Science, and Transportation approved the Act last month, and it would need to pass through both houses of Congress and be signed by the President to become law. Here are five things you need to know:
http://www.thewhir.com/web-hosting-news/5-things-you-need-to-know-about-the-small-business-cybersecurity-act
The U.S. Senate is poised to consider passage of the MAIN STREET Cybersecurity Act of 2017 to require the National Institute of Standards and Technology (NIST) to support better cybersecurity among small businesses, JD Supra reports.
Citing the National Cyber Security Alliance, the Act says that 60 percent of small businesses are put out of business within six months of a cyberattack, making their protection vital to the U.S. economy. The Committee on Commerce, Science, and Transportation approved the Act last month, and it would need to pass through both houses of Congress and be signed by the President to become law. Here are five things you need to know:
http://www.thewhir.com/web-hosting-news/5-things-you-need-to-know-about-the-small-business-cybersecurity-act
Other Interesting News Items This Week
Against a Rising Tide, Most Mid-Market Orgs Aren't Ready for Ransomware:
https://www.infosecurity-magazine.com/news/most-midmarket-orgs-ransomware/
Cifas: 66% of Fraud is Now Online:
https://www.infosecurity-magazine.com/news/cifas-66-of-fraud-is-now-cyber/
SLocker Android Ransomware Resurfaces in Undetectable Form:
https://www.infosecurity-magazine.com/news/slocker-android-ransomware/
Against a Rising Tide, Most Mid-Market Orgs Aren't Ready for Ransomware:
https://www.infosecurity-magazine.com/news/most-midmarket-orgs-ransomware/
Cifas: 66% of Fraud is Now Online:
https://www.infosecurity-magazine.com/news/cifas-66-of-fraud-is-now-cyber/
SLocker Android Ransomware Resurfaces in Undetectable Form:
https://www.infosecurity-magazine.com/news/slocker-android-ransomware/
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff
- Jumping from drones is your newest extreme sport. See the world's first drone jump:
https://youtu.be/EOPZhRJtz9w
- Shot For Shot: Blade Runner vs Blade Runner 2049 at YouTube:
https://www.youtube.com/watch?v=jrNijjU-2IE&app=desktop
- Watch these awesome and hair-raising jet fly-bys - some just a few meters above the ground:
http://www.flixxy.com/awesome-low-pass-jet-flybys.htm?utm_source=4
- Top Gear's Richard Hammond puts the Marauder against its closest rival, the Hummer H3. The results are explosive LOL:
http://www.flixxy.com/maurauder-vs-hummer.htm?utm_source=4
- How China Is Changing Your Internet. 5 Fascinating Minutes!
https://www.youtube.com/watch?v=VAesMQ6VtK8&feature=youtu.be
- Cirque du Soleil - Worlds Away: Watch this beautiful performance from the water-themed stage production 'O':
http://www.flixxy.com/cirque-du-soleil-worlds-away.htm?utm_source=4
- Tsetseglen Odgerel from Mongolia with a beautiful performance of amazing flexibility and graceful movement. But this *must* hurt:
http://www.flixxy.com/impressive-mongolian-contortionist.htm?utm_source=4
- Chinese firefighters show their amazing jump rope skills. Now even you might decide to give jump rope training a try...:
http://www.flixxy.com/how-is-this-even-possible.htm?utm_source=4
- Philadelphia is a 400 dollar RaaS product being marketed on Jabber. Check out the video they made to advertise it:
https://www.youtube.com/watch?v=5WJ2KHoo5Fo
- Ransomware has been around for decades, but it only seriously gained traction since early last year. Check out Google Trends:
https://trends.google.com/trends/explore?date=all&q=ransomware
- Comedy juggler, magician and entertainer Wally Eastwood plays Beethoven with 3 tennis balls:
http://www.flixxy.com/piano-juggler-wally-eastwood.htm?utm_source=4 - This is One Cool Clock:
http://lametric.com/business
