CyberheistNews Vol 7 #29 CEO Fraud Attacks Were Far More Lucrative Than Ransomware Over the Past 3 Years




CyberheistNews Vol 7 #29
CEO Fraud Attacks Were Far More Lucrative Than Ransomware Over the Past 3 Years

Cisco's midyear report released this week showed that CEO fraud netted cybercrime five times more money than ransomware over the last three years.

The surprising highlight of Cisco's ninety-page report was that cybercrime made 5.3 billion from CEO fraud attacks--called business email compromise (BEC) by the FBI--compared with a "mere" 1 billion for ransomware over a three-year stretch.

Organized Eastern European cybercrime is more and more taking the "time is money" approach, in this case billions, says Steve Martino, Cisco's chief information security officer. "What we are looking at is the continual commercialization of cyberattacks," Martino says, pointing out that is a major theme in the report.

Ransomware takes time to develop and extensively test before any net Bitcoin comes into the wallet, compared to doing a quick bit of research on LinkedIn and crafting a spoofed spear-phishing attack. CEO fraud simply is faster to pull off. Moreover, your run-of-the-mill spray-and-pray ransomware attacks are often lower-dollar numbers.

Schooling Users on CEO Fraud and Ransomware

Cisco's Martino says targeted cybersecurity education for employees can help prevent users from falling for CEO fraud and ransomware attacks. The finance department could especially benefit from security training on phishing campaigns, so when the bogus email comes across the transit of the CEO asking for a funds transfer it can be detected, Martino says.

Regular software patching also is crucial. When spam laden malware hits or ransomware attacks similar to WannaCry surfaces, the impact can be minimized. "People focus on new technology, but forget about patching and maintaining the infrastructure," Martino observed.

And a balanced defensive and offensive posture, with not just firewalls and antivirus but also including measures to hunt down possible attacks through data collection and analysis, he adds.

Spyware Makes a Comeback

Cisco found that in the first half of this year, attackers altered their methods of delivering, hiding, and evading their malicious packages and techniques.

Fileless malware is popping up, which lives in memory and disappears when a device reboots, according to the report. As a result, it makes detection and the ability to investigate it more difficult.

Additionally, attackers are also making use of anonymized and decentralized infrastructures, such as Tor proxy services, to hide command and control activities.

Meanwhile, three families of spyware ran rampant, with Hola, RelevantKnowledge, and DNSChanger/DNS Unlocker affecting more than 20% of the 300 companies in the sample for the report.

Ironically, many organizations underestimate or virtually dismiss spyware. "Spyware is being disguised as adware and adware, unlike spyware, does not create damages for a company," says Franc Artes, Cisco's Security Business Group architect. He adds that attackers are injecting spyware and other forms of malware into adware, since adware is a low priority for security teams.

‘Destruction of Service’ Attack Threat

The report also highlights the dangers of Destruction of Service (DeOS) attacks, epitomized by the likes of WannaCry and NotPetya which were both much more destructive than traditional ransomware. These types of attacks, Cisco says, have the strength to eliminate organizations’ data backups and leave them unable to recover.

Cost of Downtime Not Calculated

The one thing that was not taken into account related to ransomware was the amount of damage caused by downtime, having workstations and servers not up & running. If you calculate that in, ransomware is probably as damaging as CEO fraud, or even more.
New Type of WhatsApp Phishing Attack

Heads-up. There is a new social engineering attack currently being tested in Europe, and that means we will see it in America in the near future.

The bad guys are using malicious WhatsApp ads, which offer a 250 dollar coupon for a well-known retailer, in exchange for a short survey. The invite looks like it comes from a friend on WhatsApp. A similar strain installs a malware on the phone, which looks like a software update, but steals all the contacts, phone numbers and email addresses - and if they can find any, passwords and banking credentials.

There are different ways to monetize all this phishing data, and it looks like the bad guys have got that down too, from selling the stolen credentials to using the malware to go viral to all the contacts on the phone.

The large retailers have reported hundreds of these attacks to Europe's federal Cyber Crime Unit.

Warn your users to not click on dodgy WhatsApp special coupon offers.
43% of C-Suite Execs Name Cybersecurity as No. 1 Operational Challenge

A global survey over 400 C-suite execs by the management consulting firm A.T. Kearney showed that cybersecurity (43 percent) is the top operational challenge they faced.

Also, a whopping 85 percent of C-suite executives agree that cyberattacks will become more frequent and more costly. Here are five survey take-aways. Posted at the KnowBe4 Blog:
https://blog.knowbe4.com/43-of-c-suite-execs-name-cybersecurity-as-no.-1-operational-challenge
Live Webinar: Top 5 Strategies to Prevent Ransomware

It's been a "Ransomware Horror Show”. If you've been in the IT trenches over the past year, you've probably noticed that announcements of new ransomware strains are accelerating and there is no end in sight.

Join us for this 30-minute live webinar “Top 5 Strategies to Prevent Ransomware”, on Tuesday, July 25th at 2:00 pm EDT. Erich Kron, CISSP, Security Awareness Advocate at KnowBe4 will look at scary features of new ransomware strains and give you 5 strategies you can implement now to help you prevent ransomware.

Erich will cover:
  • The new scary Ransomware trends out in the wild
  • How to eliminate or reduce damage from ransomware
  • How to fortify your last line of defense—your end users
Date/Time: Tuesday, July 25, 2017, at 2:00 pm EDT. Register Now:
https://attendee.gotowebinar.com/register/2525090409700004353
Black Hat USA 2017: Know Before You Go

1) DarkReading has a very handy article written by Black Hat Staff, with important event information, including badge pick-up hours, scheduling updates, special programs, and more.

Make sure to follow @BlackHatEvents on Twitter and tweet using the hashtags #BHUSA and #BlackHat to join the conversation and stay up-to-date. Download the official Black Hat USA mobile app to customize your event schedule
http://www.darkreading.com/black-hat/black-hat-usa-2017---know-before-you-go/d/d-id/1329420

2) While you are there, stop by KnowBe4’s Booth #1848 for Kevin Mitnick’s Book Signing. Meet the ‘World’s Most Famous Hacker’ and get a signed copy of his new book: Wednesday, July 26, 5-7pm at KnowBe4’s Booth 1848 while they last.

3) What to expect at Black Hat: Security hype and reality. Look for machine learning, automation, orchestration, integration and threat intelligence to dominate the Black Hat security conference:
http://www.csoonline.com/article/3209972/security/anticipating-black-hat-hype-and-reality.html#tk.twt_cso

Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc.

Quotes of the Week
"One way to get the most out of life is to look upon it as an adventure." - William Feather

"The very basic core of a man's living spirit is his passion for adventure." - Christopher McCandless



Thanks for reading CyberheistNews
Security News
Evil Corp Hires Criminal Hackers for Highly Targeted Ransomware Infections

The Register just wrote about the difference between your run-of-the-mill spray-and-pray ransomware infections, and highly targeted manual deployment attacks like the SamSam or Samas attacks that have hit hospitals recently, locking all machines and demand exorbitant ransoms. The attacks are targeted against banking and infrastructure firms worldwide.

Criminal hackers penetrating the network usually start with a spear phishing attack, and then laterally move through the network to get the lay of the land and then locking all machines at the same time with a shock-and-awe effect. More, and 10 things to do about it at the KnowBe4 Blog:
https://blog.knowbe4.com/evil-corp-hires-criminal-hackers-for-highly-targeted-ransomware-infections
Data Breaches Are up 29 Percent Over Last Year

Data breaches are running 29 percent above last year, according to a report released by the Identity Theft Resource Center and CyberScout. Hacking was the leading cause of data breaches nationwide, more than 790 so far this year.

More than 12 million records have been exposed, although two-thirds of data breach notifications or public notices did not report the number of records compromised. “Only 33 percent of data breaches reported this year have made the number of records exposed publicly available,” said Karen A. Barney, director of research and publications at Identity Theft Resource Center, an increase of 13 percent over 2016 mid-year numbers.

More than half of all beaches this year have occurred in business, followed by health care and medical. Breaches in the medical and health-care industry are most likely to include the number of records involved. More than 80 percent of breaches in 2017 that were reported to Health & Human Services included the number of records.

Read about the new report at the San Diego Union Tribune:
http://www.sandiegouniontribune.com/news/data-watch/sd-me-g-data-breaches-20170619-story.html
Ransomware Attack on KQED TV, Radio Station Wiped out Pre-Recorded Segments

KQED, a TV and radio station in San Francisco, is an example that shows how badly any organization can suffer when ransomware hits their network. KQED has been trying to recover from the damages of a massive ransomware attack for more than a month.

The San Francisco Chronicle reported that the station received a massive ransomware attack on June 15. The attack was so severe that it has been “bombed back to 20 years ago, technology-wise” as per the analysis of one KQED’s senior editor Queena Kim.

During the attack, the station’s computer systems’ hard drives got locked, station’s internal email server went offline and pre-recorded segments were totally wiped out. For over 12 hours the online broadcast of the station remained offline, and official Wi-Fi connection also went offline for many days. More at the KnowBe4 blog:
https://blog.knowbe4.com/ransomware-attack-on-kqed-tv-radio-station-wiped-out-pre-recorded-segments
What It’s Like When Pro Phishers Assail Your Inbox

Lily Hay Newman wrote in WIRED: "ON A TYPICAL morning I have about 30 new emails in my personal inbox, and 40 in my work account. You know how it is.

I archive what I don't want, scan part of a newsletter, click through to a coworker's Google Doc, and click "track my package" more often than I'd like to admit. It's all pretty standard stuff.

These days, though, I face my inboxes with grim determination. Because for about five weeks this spring I was under attack by a team of hackers from the company PhishMe whose goal was to ... phish me.

I had given company CTO Aaron Higbee my personal and professional email addresses, and full permission to trick me into clicking on a malicious link, downloading a nasty attachment, or visiting a bogus site where my personal information could be compromised.

If you think that might instill a certain depth of paranoia, you're absolutely right. Every email from my doctor could be fake. Every shared album of vacation photos, a trap. I knew that they were coming for me. I just didn't know when or how."

Excellent article. Do I wish it would have been KnowBe4 instead? Sure. But the message is just as valid for any of the three leading companies in this space, whether PhishMe, KnowBe4 or Wombat. This is something you *have* to do, because your users are your last line of defense:
https://www.wired.com/story/phishing-attempts-email-inbox/
Putin’s Hackers Now Under Attack—From Microsoft

Techcrunch observed: "The Daily Beast details how, in 2016, Microsoft’s legal team sued Fancy Bear (also known by many other aliases) for reserving domain names that violated Microsoft trademarks.

Apparently, in the course of claiming generic domains for its operations, Fancy Bear often selected domains that riff off of Microsoft products and services, inadvertently opening the door to the lawsuit.

While you can’t exactly drag an amorphous, faceless hacking group into court, the lawsuit served one key purpose: it hijacked some of Fancy Bear’s servers. In the last year, Microsoft has taken over at least 70 different Fancy Bear domains, many of which served as “command-and-control” points so the hackers could communicate with the malware they installed on targeted computers.

When a domain flips over into Microsoft’s hands, the company can use it to observe and map Fancy Bear’s server network, which communicates with the Microsoft domains. The result is that the company can indirectly disrupt and observe aspects of a suspected foreign intelligence operation — a pretty clever trick for a tech company to pull off in its spare time:"
http://www.thedailybeast.com/microsoft-pushes-to-take-over-russian-spies-network
How Weak Are Your User’s Passwords?

Are your user’s passwords…P@ssw0rd? Verizon's recent Data Breach Report showed that 81% of hacking-related breaches used either stolen and/or weak passwords. Employees are the weakest link in your network security, using weak passwords and falling for phishing and social engineering attacks.

KnowBe4’s complimentary Weak Password Test (WPT) checks your Active Directory for several different types of weak password related threats.

WPT gives you a quick look at the effectiveness of your password policies and any fails so that you can take action. This tests against 10 types of weak password related threats for example; Weak, Duplicate, Empty, Never Expires, plus 6 more.

Here's how Weak Password Test works:
  • Reports on the accounts that are affected
  • Tests against 10 types of weak password related threats
  • Does not show/report on the actual passwords of accounts
  • Just download the install and run it
  • Results in a few minutes!
This will take you 5 minutes and may give you some insights you never expected!
https://info.knowbe4.com/weak-password-test-chn
Interesting News Items This Week

Dow Jones Leaks Personal Info of 2.2 Million Customers:
https://www.infosecurity-magazine.com/news/dow-jones-leaks-personal-info/

How do SMEs fight off cyber-attacks?:
http://www.itsecurityguru.org/2017/07/18/smes-fight-off-cyber-attacks/

Here is a really good one … bad news for students however Newcastle University Stung by Sophisticated Phishing Site:
https://www.infosecurity-magazine.com/news/newcastle-uni-stung-by/

Every organization is only one click away from a potential compromise:
https://www.helpnetsecurity.com/2017/07/21/insider-attack-damage/

Where are the fixes to the botched Outlook security patches?:
http://www.computerworld.com/article/3209710/microsoft-windows/where-are-the-fixes-to-the-botched-outlook-security-patches.html
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | Google | YouTube
Copyright © 2014-2017 KnowBe4, Inc. All rights reserved.

Subscribe To Our Blog


Domain Spoof Test Contest




Get the latest about social engineering

Subscribe to CyberheistNews