CyberheistNews Vol 7 #31
How Not to Fall for Phishing as an IT Pro
OK, here is a new spear phishing scheme that attacks your development team. Cyber criminals with IPs resolving to Russia hijacked an extension for Google Chrome and abused their illegal access to push out spam to unsuspecting users.
The security incident happened to Copyfish, a type of Optical Character Recognition software which allows users to extract text from images, video, and/or PDF documents. Only the program’s Chrome extension suffered as a result of the attack, the Firefox component was not affected.
Copyfish’s developer, a company known known as a9t9 software, revealed it traced the trouble back to a phishing attack that occurred on 28 July:
“A team member received an email from Google’ saying that we need to update our Chrome extension (Copyfish) otherwise it would be removed from the store. “Click here to read more details” the email said. The click opened the ‘Google’ password dialog, and the unlucky team member entered the password for our developer account. This looked all legit to the team member, so we did not notice the phishing attack as such at this point. Phishing for Chrome extensions was simply not on our radar screen." [emphasis added]
The upshot?
Enable 2-factor authentication on all your critical accounts. Oh, and get some security awareness training for *everyone* in the organization, especially the people that think they do not need it...
PS: by the way, there is a new spearphishing technique, relying entirely on social engineering: a targeted mail that contains no links or exploits, but mentions an interesting report title. Googling the title leads to the exploit site. Devious, huh?
OK, here is a new spear phishing scheme that attacks your development team. Cyber criminals with IPs resolving to Russia hijacked an extension for Google Chrome and abused their illegal access to push out spam to unsuspecting users.
The security incident happened to Copyfish, a type of Optical Character Recognition software which allows users to extract text from images, video, and/or PDF documents. Only the program’s Chrome extension suffered as a result of the attack, the Firefox component was not affected.
Copyfish’s developer, a company known known as a9t9 software, revealed it traced the trouble back to a phishing attack that occurred on 28 July:
“A team member received an email from Google’ saying that we need to update our Chrome extension (Copyfish) otherwise it would be removed from the store. “Click here to read more details” the email said. The click opened the ‘Google’ password dialog, and the unlucky team member entered the password for our developer account. This looked all legit to the team member, so we did not notice the phishing attack as such at this point. Phishing for Chrome extensions was simply not on our radar screen." [emphasis added]
The upshot?
Enable 2-factor authentication on all your critical accounts. Oh, and get some security awareness training for *everyone* in the organization, especially the people that think they do not need it...
PS: by the way, there is a new spearphishing technique, relying entirely on social engineering: a targeted mail that contains no links or exploits, but mentions an interesting report title. Googling the title leads to the exploit site. Devious, huh?
Cerber Ransomware Can Now Steal Bitcoin Wallet Data and Browser Passwords
The Russian 800-pound gorilla Dridex Banking Trojan gang who are also behind the Cerber ransomware have just upped their game. Cerber is part of the small set of professional ransomware families that gets updated at a furious pace in an attempt to gain (criminal) market share.
Cerber now comes with new capabilities that allow the Dridex gang to steal data from three Bitcoin wallet apps — the Bitcoin Core wallet, the Electrum wallet app and the Multibit wallet app.
This new Cerber flavor is also able to steal saved passwords from popular web browsers, including Internet Explorer, Google Chrome, and Mozilla Firefox.
Trend Micro security researchers said that while stolen browser passwords may help the cyber criminals hijack victims' accounts, the stolen data from Bitcoin wallets is only the first step: "Theft of these files does not assure that the stored Bitcoins can be stolen. The thief would still need to get the password that protects the wallet in question," Trend Micro researchers said in a blog.
Cerber's criminal coders have been working hard to avoid detection. Last year, just a day after a Cerber decryption tool was issued out by Check Point security experts, they updated Cerber which made the decryptor useless.
Trend Micro also said that just in May this year, Cerber underwent six different upgrades. "Cerber ransomware has acquired the reputation of being one of the most rapidly evolving ransomware families to date. This new feature shows that attackers are trying out new ways to monetize ransomware."
Some details of Cerber haven’t changed, though. It still arrives via phishing emails with an attached file.
Solutions and Best Practices
Trend Micro noted: "Cerber’s entry vector onto systems didn’t change, so known best practices against it would still work. Educating users against opening attachments in emails from external or unverified sources would lower the risks; system administrators should also consider email policies that strip out such attachments."
We could not agree more.
The Russian 800-pound gorilla Dridex Banking Trojan gang who are also behind the Cerber ransomware have just upped their game. Cerber is part of the small set of professional ransomware families that gets updated at a furious pace in an attempt to gain (criminal) market share.
Cerber now comes with new capabilities that allow the Dridex gang to steal data from three Bitcoin wallet apps — the Bitcoin Core wallet, the Electrum wallet app and the Multibit wallet app.
This new Cerber flavor is also able to steal saved passwords from popular web browsers, including Internet Explorer, Google Chrome, and Mozilla Firefox.
Trend Micro security researchers said that while stolen browser passwords may help the cyber criminals hijack victims' accounts, the stolen data from Bitcoin wallets is only the first step: "Theft of these files does not assure that the stored Bitcoins can be stolen. The thief would still need to get the password that protects the wallet in question," Trend Micro researchers said in a blog.
Cerber's criminal coders have been working hard to avoid detection. Last year, just a day after a Cerber decryption tool was issued out by Check Point security experts, they updated Cerber which made the decryptor useless.
Trend Micro also said that just in May this year, Cerber underwent six different upgrades. "Cerber ransomware has acquired the reputation of being one of the most rapidly evolving ransomware families to date. This new feature shows that attackers are trying out new ways to monetize ransomware."
Some details of Cerber haven’t changed, though. It still arrives via phishing emails with an attached file.
Solutions and Best Practices
Trend Micro noted: "Cerber’s entry vector onto systems didn’t change, so known best practices against it would still work. Educating users against opening attachments in emails from external or unverified sources would lower the risks; system administrators should also consider email policies that strip out such attachments."
We could not agree more.
Employees Pose Bigger Threat to Cybersecurity Than Hackers
This article by Tim Crosby in ReadITQuick is great ammo if you need more IT security budget.
"In a Harvey Nash/KPMG survey, 4,500 CIOs and technology leaders from around the world indicate that the insider threat is the fastest growing security risk of all. Employees and contractors, who are often provided with access to a company’s network infrastructure without proper risk management training, pose a significant risk to businesses.
While some employees act maliciously against their organization, many cybersecurity breaches are due to negligence or inadvertent error. In fact, 60% of businesses admit their employees have no knowledge of security risks."
He introduces the concept of "stale employee training" which I like a lot.
"With a rapidly changing cyber criminal landscape, static assessments, stale employee training and protocols will not keep up with the dynamics of cybersecurity today. Training and system evaluation must be ongoing and respond to the ever-changing environment." Full article:
https://www.readitquik.com/articles/personal-security/employees-pose-bigger-threat-to-cybersecurity-than-hackers/
This article by Tim Crosby in ReadITQuick is great ammo if you need more IT security budget.
"In a Harvey Nash/KPMG survey, 4,500 CIOs and technology leaders from around the world indicate that the insider threat is the fastest growing security risk of all. Employees and contractors, who are often provided with access to a company’s network infrastructure without proper risk management training, pose a significant risk to businesses.
While some employees act maliciously against their organization, many cybersecurity breaches are due to negligence or inadvertent error. In fact, 60% of businesses admit their employees have no knowledge of security risks."
He introduces the concept of "stale employee training" which I like a lot.
"With a rapidly changing cyber criminal landscape, static assessments, stale employee training and protocols will not keep up with the dynamics of cybersecurity today. Training and system evaluation must be ongoing and respond to the ever-changing environment." Full article:
https://www.readitquik.com/articles/personal-security/employees-pose-bigger-threat-to-cybersecurity-than-hackers/
Don't Miss the August Live Demo: Simulated Phishing and Awareness Training
Today, your employees are frequently exposed to sophisticated phishing and ransomware attacks. Old-school security awareness training doesn’t hack it anymore. More than ever, your users are the weak link in your network security.
Join us on Wednesday, August 9, 2017, at 2:00 p.m. (EDT) for a 30-minute live product demonstration of KnowBe4’s Security Awareness Training and Simulated Phishing Platform to see the latest features and how easy it is to train and phish your users:
Register Now: https://register.gotowebinar.com/register/5545902949806655747
Today, your employees are frequently exposed to sophisticated phishing and ransomware attacks. Old-school security awareness training doesn’t hack it anymore. More than ever, your users are the weak link in your network security.
Join us on Wednesday, August 9, 2017, at 2:00 p.m. (EDT) for a 30-minute live product demonstration of KnowBe4’s Security Awareness Training and Simulated Phishing Platform to see the latest features and how easy it is to train and phish your users:
- NEW, Customized Automated Security Awareness Program creates a fully mature training program in just a few minutes!
- Social Engineering Indicators patent-pending technology, turns every simulated phishing email into a tool IT can use to instantly train employees.
- Access to the world's largest library of awareness training content through our innovative Module Store.
- Send Simulated Phishing tests to your users during specified business hours with "Reply-to Tracking" that shows you which users fall for spoofed emails and what they answer to the bad guys.
- Reporting to watch your Phish-prone percentage drop, with great ROI.
Register Now: https://register.gotowebinar.com/register/5545902949806655747
Warm Regards,
Stu Sjouwerman
Quotes of the Week
"Truth, like gold, is to be obtained not by its growth, but by washing away from it all that is not gold."
- Leo Tolstoy - Writer and Philosopher (1828 - 1910)
"Three things cannot be long hidden: the sun, the moon, and the truth." - Buddha
Thanks for reading CyberheistNews
- Leo Tolstoy - Writer and Philosopher (1828 - 1910)
"Three things cannot be long hidden: the sun, the moon, and the truth." - Buddha
Thanks for reading CyberheistNews
Security News
Interview With Perry Carpenter and the Security Guy at Black Hat
It's a 9 minute interview with KnowBe4's Chief Evangelist and Strategy Officer Perry Carpenter who provides a great overview of what security awareness training offers, and touches on several key benefits and topics including compliance, behavioral conditioning, creating a transformative culture and security hygiene.
It's a great wrap up at the end (7:50), when he answers what keeps you up at night: the final thought is focused on technology vs. human side, and the need for multiple layers:
https://livestream.com/SecurityGuyTV/blackhatusa2017/videos/160309432
It's a 9 minute interview with KnowBe4's Chief Evangelist and Strategy Officer Perry Carpenter who provides a great overview of what security awareness training offers, and touches on several key benefits and topics including compliance, behavioral conditioning, creating a transformative culture and security hygiene.
It's a great wrap up at the end (7:50), when he answers what keeps you up at night: the final thought is focused on technology vs. human side, and the need for multiple layers:
https://livestream.com/SecurityGuyTV/blackhatusa2017/videos/160309432
Are Regular Audits Taking up Too Much of Your Time?
Here is a new way to get audits done in half the time and half the cost!
Our customers have been telling us about their compliance headaches. Here are their major challenges, any of this ring true for you?
Over the last 4 years, KnowBe4 has developed KCM, a cloud-based service which consolidates your audit management and regulatory compliance tasks into simple automated workflows that prevent overlap and eliminate gaps.
See how you can get audits done in half the time at half the cost: Check out the new KCM page and request a demo:
https://www.knowbe4.com/products/compliance-manager-software
(Don't like to click on redirected links? Copy & Paste this link in your browser)
Here is a new way to get audits done in half the time and half the cost!
Our customers have been telling us about their compliance headaches. Here are their major challenges, any of this ring true for you?
- Are you dealing with the problem of managing (multiple) compliance requirements, but careless end-users cause all kinds of problems?
- Need to satisfy auditors that all controls are in place, but you have a lack of time and management support?
- Have to produce all the evidence regularly, but the duplication of effort and keeping track of everything in a spreadsheet or word processor is a pain?
- Are regular audits for PCI, HIPAA, SOX or any other regulation taking up too much of your time?
Over the last 4 years, KnowBe4 has developed KCM, a cloud-based service which consolidates your audit management and regulatory compliance tasks into simple automated workflows that prevent overlap and eliminate gaps.
See how you can get audits done in half the time at half the cost: Check out the new KCM page and request a demo:
https://www.knowbe4.com/products/compliance-manager-software
(Don't like to click on redirected links? Copy & Paste this link in your browser)
Senators Advance Bill to Train Small Business Counselors in Cybersecurity
The Hill wrote: "A Senate committee with oversight of the Small Business Administration has advanced legislation that would mandate cybersecurity training for counselors helping businesses prepare for cyber threats.
The Senate Small Business and Entrepreneurship Committee approved the legislation following a business meeting on Wednesday, committee leaders said in a statement. The legislation, introduced by Sen. Jim Risch (R-Idaho), would require that employees at small-business development centers that receive grants from the Small Business Administration be trained in how to defend against cybersecurity threats and attacks.
The bill passed the committee easily in a unanimous vote, along with five additional pieces of legislation. Full article:
http://thehill.com/policy/cybersecurity/345144-senators-advance-bill-to-train-small-business-counselors-in
The Hill wrote: "A Senate committee with oversight of the Small Business Administration has advanced legislation that would mandate cybersecurity training for counselors helping businesses prepare for cyber threats.
The Senate Small Business and Entrepreneurship Committee approved the legislation following a business meeting on Wednesday, committee leaders said in a statement. The legislation, introduced by Sen. Jim Risch (R-Idaho), would require that employees at small-business development centers that receive grants from the Small Business Administration be trained in how to defend against cybersecurity threats and attacks.
The bill passed the committee easily in a unanimous vote, along with five additional pieces of legislation. Full article:
http://thehill.com/policy/cybersecurity/345144-senators-advance-bill-to-train-small-business-counselors-in
Try the Weak Password Test Tool to Win a Nintendo Switch!
Are your user’s passwords...P@ssw0rd? Verizon's recent Data Breach Report showed that 81% of hacking-related breaches used either stolen and/or weak passwords. Employees are the weakest link in your network security.
KnowBe4's Weak Password Test checks your Active Directory for 10 different types of weak password related threats and reports any fails so that you can take action. Plus, you’ll be entered to win a Nintendo Switch!
Also, EVERYONE in the US/Canada will receive a real Kevin Mitnick collectible stainless-steel lock-pick business card!
To enter, just go here and fill out the form, it's quick, easy and often a shocking discovery:
https://info.knowbe4.com/wpt-sweepstakes-082017
Are your user’s passwords...P@ssw0rd? Verizon's recent Data Breach Report showed that 81% of hacking-related breaches used either stolen and/or weak passwords. Employees are the weakest link in your network security.
KnowBe4's Weak Password Test checks your Active Directory for 10 different types of weak password related threats and reports any fails so that you can take action. Plus, you’ll be entered to win a Nintendo Switch!
Also, EVERYONE in the US/Canada will receive a real Kevin Mitnick collectible stainless-steel lock-pick business card!
To enter, just go here and fill out the form, it's quick, easy and often a shocking discovery:
https://info.knowbe4.com/wpt-sweepstakes-082017
How Modern Email Phishing Attacks Have Organizations on the Hook
Israeli anti-phishing vendor IronScales came out with an interesting new report about phishing trends.
They looked at more than 8,500 attacks that bypassed spam filters, from more than a hundred of their customers covering over half a million mailboxes, to better understand phishing, attack patterns, and phishing techniques & tools.
Here are some key findings:
We agree. You can get their full report here:
https://ironscales.com/trendreport2017/
Israeli anti-phishing vendor IronScales came out with an interesting new report about phishing trends.
They looked at more than 8,500 attacks that bypassed spam filters, from more than a hundred of their customers covering over half a million mailboxes, to better understand phishing, attack patterns, and phishing techniques & tools.
Here are some key findings:
- About 77% of the attacks targeted 10 mailboxes or less
- One third of the attacks targeted just one mailbox
- Nearly half of the attacks lasted less than 24 hours
- But 35% spanned 12 months or more, in drip-campaign style
- Hyper-personalized targeting has proven effective at social engineering people susceptible to emails written with a personal touch
We agree. You can get their full report here:
https://ironscales.com/trendreport2017/
Interesting News Items This Week
Bateleur, the new malware backdoor targeting restaurant chains, from the makers of Carbanak:
https://www.grahamcluley.com/bateleur-new-malware-backdoor-targeting-restaurant-chains-makers-carbanak/
JS_POWMET malware is 100% fileless, from infection to payload:
https://www.scmagazine.com/js_powmet-malware-is-100-fileless-from-infection-to-payload/article/679357/
Persistent Persian Prince learns from takedowns - now avoids sinkholes:
https://www.scmagazine.com/persistent-persian-prince-learns-from-takedowns--now-avoids-sinkholes/article/679615/
Fake Vodafone Bill Spreads Trojan Malware:
http://www.informationsecuritybuzz.com/news/fake-vodafone-bill-spreads-trojan-malware/
Taking down the energy grid is not as easy as it may sound:
http://money.cnn.com/2017/07/28/technology/future/crashoverride-black-hat-blackouts-energy-grid/
Bateleur, the new malware backdoor targeting restaurant chains, from the makers of Carbanak:
https://www.grahamcluley.com/bateleur-new-malware-backdoor-targeting-restaurant-chains-makers-carbanak/
JS_POWMET malware is 100% fileless, from infection to payload:
https://www.scmagazine.com/js_powmet-malware-is-100-fileless-from-infection-to-payload/article/679357/
Persistent Persian Prince learns from takedowns - now avoids sinkholes:
https://www.scmagazine.com/persistent-persian-prince-learns-from-takedowns--now-avoids-sinkholes/article/679615/
Fake Vodafone Bill Spreads Trojan Malware:
http://www.informationsecuritybuzz.com/news/fake-vodafone-bill-spreads-trojan-malware/
Taking down the energy grid is not as easy as it may sound:
http://money.cnn.com/2017/07/28/technology/future/crashoverride-black-hat-blackouts-energy-grid/
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff
- With time to spare in the air, a Boeing test team got creative, flying a route that outlined a 787-8 in the skies over 22 states:
http://www.boeing.com/features/2017/08/787-outlines-the-sky-08-17.page
- This is Eagle Prime, America's entrant into the Giant Robot Duel, in its first-ever live-fire combat trial:
https://www.youtube.com/watch?v=ePINYZK4p5Y&feature=youtu.be
- We took a new group picture of the 300+ crew of KnowBe4, almost everyone made it in! Check it out:
https://www.knowbe4.com/hubfs/300_Woo_Hoo.jpg
- Life on earth. Amazing pictures and GIFS of animals, places, people and nature, some of them super funny:
https://twitter.com/planetepics
- If you watch the news, you might think that the world is becoming less safe. You'll be pleasantly surprised when you look at the actual facts:
http://www.flixxy.com/you-are-being-brainwashed.htm?utm_source=4
- How did he do it? How did it disappear? Richard Wiseman reveals his optical illusion magic tricks:
http://www.flixxy.com/optical-illusion-magic-tricks.htm?utm_source=4
- See this magical tilt-shift, time-lapse, 4K view of Niagara Falls by Joerg Daiber:
http://www.flixxy.com/nano-niagara-falls.htm?utm_source=4
- From the archives: F-18 display pilot Mike Bryan demonstrates the impressive maneuverability of the Boeing 787 Dreamliner at the Farnborough International Airshow 2012:
http://www.flixxy.com/what-a-boeing-787-dreamliner-can-do-in-the-hands-of-an-f-18-fighter-pilot.htm?utm_source=4
- Amazing truck drivers. Near misses, miraculous saves, and sheer skilled driving:
https://www.youtube.com/watch?v=93ijA26mCHI - This handheld printer can create labels and print them on practically anything:
https://mobile.twitter.com/businessinsider/status/893189731520872448/video/1