CyberheistNews Vol 7 #05
Ransomware Infection Causes Loss of 8 Years of Police Department Evidence
The Police Department in Cockrell Hill, Texas admitted in a press release that they lost 8 years' worth of evidence after the department's server was infected with ransomware.
The lost evidence includes all body camera video, and sections of in-car video, in-house surveillance video, photographs, and all their Microsoft Office documents. OUCH 1.
Eight years' worth of evidence lost
Some of the lost data goes back to 2009, there are some files from that era that are backed up on DVDs and CDs and remained available.
"It is [...] unknown how many videos or photographs that could have assisted newer cases will not be available, although the number of affected prosecutions should remain relatively small," the press release reads.
In an interview with WFAA, who broke the story, Stephen Barlag, Cockrell Hill's police chief, said that none of the lost data was critical. The department also notified the Dallas County District Attorney's office of the incident.
Backup procedure kicked in after Locky infection
The department says the infection was discovered on December 12, last year, and the crooks asked for a $4,000 ransom fee to unlock the files.
After consulting with the FBI's cyber-crime unit, the department decided to wipe their data server and reinstall everything. Data could not be recovered from backups, as the backup procedure kicked in shortly after the ransomware took root, and backed up copies of the encrypted files. OUCH 2.
Infection Source: Phishing email with spoofed address
The press release says the infection took place after an officer opened a spam message from a spoofed email address imitating a department issued email address. New-school security awareness training would highly likely have prevented this.
The infection did not spread to other computers because the server was taken offline and disconnected from the local network as soon as staff discovered the ransom demand. The department also said there was no evidence of data exfiltration to a remote server.
So now, do *you* have a recent off-site backup?
The Police Department in Cockrell Hill, Texas admitted in a press release that they lost 8 years' worth of evidence after the department's server was infected with ransomware.
The lost evidence includes all body camera video, and sections of in-car video, in-house surveillance video, photographs, and all their Microsoft Office documents. OUCH 1.
Eight years' worth of evidence lost
Some of the lost data goes back to 2009, there are some files from that era that are backed up on DVDs and CDs and remained available.
"It is [...] unknown how many videos or photographs that could have assisted newer cases will not be available, although the number of affected prosecutions should remain relatively small," the press release reads.
In an interview with WFAA, who broke the story, Stephen Barlag, Cockrell Hill's police chief, said that none of the lost data was critical. The department also notified the Dallas County District Attorney's office of the incident.
Backup procedure kicked in after Locky infection
The department says the infection was discovered on December 12, last year, and the crooks asked for a $4,000 ransom fee to unlock the files.
After consulting with the FBI's cyber-crime unit, the department decided to wipe their data server and reinstall everything. Data could not be recovered from backups, as the backup procedure kicked in shortly after the ransomware took root, and backed up copies of the encrypted files. OUCH 2.
Infection Source: Phishing email with spoofed address
The press release says the infection took place after an officer opened a spam message from a spoofed email address imitating a department issued email address. New-school security awareness training would highly likely have prevented this.
The infection did not spread to other computers because the server was taken offline and disconnected from the local network as soon as staff discovered the ransom demand. The department also said there was no evidence of data exfiltration to a remote server.
So now, do *you* have a recent off-site backup?
Why You Should Be Afraid of Spoofed CEO Fraud [INFOGRAPHIC]
We have a new infographic for your users. It explains in simple terms how these attacks go down and what the potential damage is. I recommend you pull down the large format graphic from our site, and use this as soon as you can in your ongoing security awareness campaign.
It takes one minute to read. You have permission to print and distribute it, share it online any way you can, and/or put it in an email to all --or your high risk-- users.
We have a brand new resource page with a ton of complimentary stuff related to CEO Fraud. Scroll down a bit to grab the infographic:
https://www.knowbe4.com/ceo-fraud
CEO Fraud is based on a spoofed "From" address. Can hackers spoof an email address of your own domain? Now you can find out.
Are you aware that one of the first things hackers try is to see if they can spoof the email address of your CEO? If they are able to commit "CEO Fraud", penetrating your network is like taking candy from a baby.
Can Your Domain Be Spoofed?
Would you like to know if hackers can spoof your domain? KnowBe4 can help you find out if this is the case with our Domain Spoof Test. It's one quick, easy email we send to you, and often a shocking discovery. Find out now if your email server is configured correctly, 82% are not! There is no charge:
https://info.knowbe4.com/domain-spoof-test-chn
We have a new infographic for your users. It explains in simple terms how these attacks go down and what the potential damage is. I recommend you pull down the large format graphic from our site, and use this as soon as you can in your ongoing security awareness campaign.
It takes one minute to read. You have permission to print and distribute it, share it online any way you can, and/or put it in an email to all --or your high risk-- users.
We have a brand new resource page with a ton of complimentary stuff related to CEO Fraud. Scroll down a bit to grab the infographic:
https://www.knowbe4.com/ceo-fraud
CEO Fraud is based on a spoofed "From" address. Can hackers spoof an email address of your own domain? Now you can find out.
Are you aware that one of the first things hackers try is to see if they can spoof the email address of your CEO? If they are able to commit "CEO Fraud", penetrating your network is like taking candy from a baby.
Can Your Domain Be Spoofed?
Would you like to know if hackers can spoof your domain? KnowBe4 can help you find out if this is the case with our Domain Spoof Test. It's one quick, easy email we send to you, and often a shocking discovery. Find out now if your email server is configured correctly, 82% are not! There is no charge:
https://info.knowbe4.com/domain-spoof-test-chn
Ransomware Attacks Quadrupled in 2016, Expected to Double Again in 2017
Here is great ammo for security awareness training budget.
The number of ransomware attacks quadrupled in 2016 and are expected to double again in 2017, according to findings in a report from large insurer Beazley. They suggested that organizations appear to be particularly vulnerable to attacks during IT system freezes, at the end of financial quarters and during busy shopping periods.
As a provider of data breach response insurance, Beazley managed 1,943 data breaches on behalf of clients in 2016 compared to 1,247 breaches in 2015.
Related to this, the number of reported U.S. data breaches hit an all-time high in 2016, increasing by 40 percent from what was a record-setting high in 2015, per the Identity Theft Resource Center.
In addition, more than half of data breaches resulted in the exposure of Social Security numbers, thus putting people at increased risk of identity theft, the not-for-profit organization says in its 2016 breach report, sponsored by CyberScout.
Overall, 72 percent of breached records were exposed due to hacking, skimming or spear-phishing attacks, according to the report. The greatest number of organizations that reported they'd been breached were in the business sector, representing 45 percent of all breached organizations; followed by healthcare and the medical industry at 35 percent; education at 9 percent and the financial services sector at 5 percent.
Want to -show- your C-level execs how bad data breaches caused by hacking, skimming and phishing has gone up between 2007 and 2016? Copy the graph off our blog and send it to them:
https://blog.knowbe4.com/ransomware-attacks-quadrupled-in-2016-expected-to-double-again-in-2017
Report: U.S. Leads World in Data Breaches
The United States led the world in data breaches last year by a large margin, according to an analysis released Wednesday. Nearly half, 47.5 percent, of announced data breaches in 2016 that exposed user data — and 68.2 percent of breached records — came from the U.S., per the Risk Based Security’s annual data breach report. More:
http://thehill.com/policy/cybersecurity/316034-united-states-leads-world-in-data-breaches
Here is great ammo for security awareness training budget.
The number of ransomware attacks quadrupled in 2016 and are expected to double again in 2017, according to findings in a report from large insurer Beazley. They suggested that organizations appear to be particularly vulnerable to attacks during IT system freezes, at the end of financial quarters and during busy shopping periods.
As a provider of data breach response insurance, Beazley managed 1,943 data breaches on behalf of clients in 2016 compared to 1,247 breaches in 2015.
Related to this, the number of reported U.S. data breaches hit an all-time high in 2016, increasing by 40 percent from what was a record-setting high in 2015, per the Identity Theft Resource Center.
In addition, more than half of data breaches resulted in the exposure of Social Security numbers, thus putting people at increased risk of identity theft, the not-for-profit organization says in its 2016 breach report, sponsored by CyberScout.
Overall, 72 percent of breached records were exposed due to hacking, skimming or spear-phishing attacks, according to the report. The greatest number of organizations that reported they'd been breached were in the business sector, representing 45 percent of all breached organizations; followed by healthcare and the medical industry at 35 percent; education at 9 percent and the financial services sector at 5 percent.
Want to -show- your C-level execs how bad data breaches caused by hacking, skimming and phishing has gone up between 2007 and 2016? Copy the graph off our blog and send it to them:
https://blog.knowbe4.com/ransomware-attacks-quadrupled-in-2016-expected-to-double-again-in-2017
Report: U.S. Leads World in Data Breaches
The United States led the world in data breaches last year by a large margin, according to an analysis released Wednesday. Nearly half, 47.5 percent, of announced data breaches in 2016 that exposed user data — and 68.2 percent of breached records — came from the U.S., per the Risk Based Security’s annual data breach report. More:
http://thehill.com/policy/cybersecurity/316034-united-states-leads-world-in-data-breaches
Don’t Miss the February Live Demo... What is the New Mystery Feature?
Old-school Security Awareness Training doesn’t hack it anymore. More than ever, your users are the weak link in your network security.
We have added a brand new, patent-pending feature that you want to see!
Join us on Wednesday, February 8, 2017, at 2:00 p.m. (EST) for a 30-minute live product demonstration of KnowBe4's game-changing Security Awareness Training Platform to see the latest features and how easy it is to train and phish your users:
Register Now: https://attendee.gotowebinar.com/register/7440314201597421826
Old-school Security Awareness Training doesn’t hack it anymore. More than ever, your users are the weak link in your network security.
We have added a brand new, patent-pending feature that you want to see!
Join us on Wednesday, February 8, 2017, at 2:00 p.m. (EST) for a 30-minute live product demonstration of KnowBe4's game-changing Security Awareness Training Platform to see the latest features and how easy it is to train and phish your users:
- NEW For the first time, see our new "SEI" (Social Engineering Indicators) feature.
- NEW Access to the world's largest library of security awareness training content through our innovative Module Store.
- Send Simulated Phishing tests to your users during specified business hours with "Reply-to Tracking" that shows you which users fall for spoofed emails and what they answer to the bad guys.
- Active Directory Integration allows you to easily upload and synch user management, set-it-and-forget-it.
- Reporting to watch your Phish-prone percentage drop, with great ROI.
Register Now: https://attendee.gotowebinar.com/register/7440314201597421826
Warm Regards,
Stu Sjouwerman
Quotes of the Week
"Love and compassion are necessities, not luxuries. Without them humanity cannot survive." - Dalai Lama
"Compassion is the key in Islam and Buddhism and Judaism and Christianity. They are profoundly similar."
- Karen Armstrong
Thanks for reading CyberheistNews
"Compassion is the key in Islam and Buddhism and Judaism and Christianity. They are profoundly similar."
- Karen Armstrong
Thanks for reading CyberheistNews
Security News
California Nursing School Instructor Brought Ransomware in Through USB Drive
Ransomware makes a California nursing school feel ill. Instructor brought malware in from home through USB drive.
"About three months ago, an instructor at Gurnick Academy, a California-based nursing school, had his biggest fear come alive. When he tried to access his lectures, the files were encrypted. The teacher was literally locked out of his classroom.
If it wasn’t for a quick acting IT department, the entire school might have been in the same situation. They noticed the incident at the early stage and managed to prevent the encryption from spreading by disconnecting the infected device from the corporate network.
Val Paschenko, IT department manager at the school, said the instructor was met with a ransomware note demanding 1 bitcoin or $740 in exchange for the files to be decrypted. The instructor called support and requested to get his files back, but it was already too late. He lost some recently created files, and he needed to redo some of his work. It took a few hours to reinstall the OS and configure everything; obviously during that time he was not able to work on his PC. Story at:
http://www.csoonline.com/article/3161469/security/ransomware-makes-california-nursing-school-feel-ill.html
Test if your own users would take an unknown USB, plug it in and open the file:
https://info.knowbe4.com/usb-security-test-chn
Ransomware makes a California nursing school feel ill. Instructor brought malware in from home through USB drive.
"About three months ago, an instructor at Gurnick Academy, a California-based nursing school, had his biggest fear come alive. When he tried to access his lectures, the files were encrypted. The teacher was literally locked out of his classroom.
If it wasn’t for a quick acting IT department, the entire school might have been in the same situation. They noticed the incident at the early stage and managed to prevent the encryption from spreading by disconnecting the infected device from the corporate network.
Val Paschenko, IT department manager at the school, said the instructor was met with a ransomware note demanding 1 bitcoin or $740 in exchange for the files to be decrypted. The instructor called support and requested to get his files back, but it was already too late. He lost some recently created files, and he needed to redo some of his work. It took a few hours to reinstall the OS and configure everything; obviously during that time he was not able to work on his PC. Story at:
http://www.csoonline.com/article/3161469/security/ransomware-makes-california-nursing-school-feel-ill.html
Test if your own users would take an unknown USB, plug it in and open the file:
https://info.knowbe4.com/usb-security-test-chn
"The Security Mirage" See the Famous Bruce Schneier
The feeling of security and the reality of security don't always match, says InfoSec expert Bruce Schneier. In his talk, he explains why we spend billions addressing news story risks, like the "security theater" now playing at your local airport, while neglecting more probable risks — and how we can break this pattern. Just as real today as it was recorded in 2010. This is a "Stu's Warmly Recommended" excellent TED Talk for a break!:
https://www.ted.com/talks/bruce_schneier
The feeling of security and the reality of security don't always match, says InfoSec expert Bruce Schneier. In his talk, he explains why we spend billions addressing news story risks, like the "security theater" now playing at your local airport, while neglecting more probable risks — and how we can break this pattern. Just as real today as it was recorded in 2010. This is a "Stu's Warmly Recommended" excellent TED Talk for a break!:
https://www.ted.com/talks/bruce_schneier
Ars Technica: "It Might Be Time to Stop Using Antivirus"
And after you have seen Bruce Schneier's talk about a false sense of security, read this story at Ars Technica and shiver.
"Former Firefox developer Robert O'Callahan, now a free agent and safe from the PR tentacles of his corporate overlord, says that antivirus software is terrible, AV vendors are terrible, and that you should uninstall your antivirus software immediately—unless you use Microsoft's Windows Defender, which is apparently okay.
A couple of months back, Justin Schuh, Google Chrome's security chief, and indeed one of the world's top infosec bods, said that antivirus software is "my single biggest impediment to shipping a secure browser." Further down the thread he explains that meddling AV software delayed Win32 Flash sandboxing "for over a year" and that further sandboxing efforts are still on hold due to AV." Full Story:
https://arstechnica.com/information-technology/2017/01/antivirus-is-bad/
And after you have seen Bruce Schneier's talk about a false sense of security, read this story at Ars Technica and shiver.
"Former Firefox developer Robert O'Callahan, now a free agent and safe from the PR tentacles of his corporate overlord, says that antivirus software is terrible, AV vendors are terrible, and that you should uninstall your antivirus software immediately—unless you use Microsoft's Windows Defender, which is apparently okay.
A couple of months back, Justin Schuh, Google Chrome's security chief, and indeed one of the world's top infosec bods, said that antivirus software is "my single biggest impediment to shipping a secure browser." Further down the thread he explains that meddling AV software delayed Win32 Flash sandboxing "for over a year" and that further sandboxing efforts are still on hold due to AV." Full Story:
https://arstechnica.com/information-technology/2017/01/antivirus-is-bad/
Report: Half of Ransomware's SMB Victims Pay Up
More than 50 percent of small and midsized businesses have fallen victim to ransomware, and, of those, 48 percent paid a ransom, according to a report released today by Ponemon Institute and Carbonite. Read More:
http://www.csoonline.com/article/3160905/backup-recovery/report-half-of-ransomwares-smb-victims-pay-up.html
More than 50 percent of small and midsized businesses have fallen victim to ransomware, and, of those, 48 percent paid a ransom, according to a report released today by Ponemon Institute and Carbonite. Read More:
http://www.csoonline.com/article/3160905/backup-recovery/report-half-of-ransomwares-smb-victims-pay-up.html
What Our Customers Tell Us: "It's a Force Multiplier"
"I am a very happy camper with the product. This is opening a lot of eyes within senior management at the bank and we are using KnowBe4’s model and training methods to help our end users become more self-sufficient.
Honestly, it is a force multiplier for us in IT.
We are a small department of three people covering four bank branches and we also own a title company with two branches. Needless to say, we have a lot of software and systems we need to maintain and be “experts” on.
This platform is giving not just senior management but end users as well a taste of the IT world and all the responsibility that comes with it. They have become active participants in our world. Many of our users have already caught several malware laced e-mails and we are also hoping that this helps get us the budget increase we desperately need in our department.
With the national attention that cyber security is currently getting and the roll out of this product in our environment, people are starting to realize that we aren’t a couple of dudes sitting in the basement eating Cheetos and playing Tetris." - P.E.
Find out how affordable new-school security awareness training is. Get a quote now, and be pleasantly surprised...
https://www.knowbe4.com/
"I am a very happy camper with the product. This is opening a lot of eyes within senior management at the bank and we are using KnowBe4’s model and training methods to help our end users become more self-sufficient.
Honestly, it is a force multiplier for us in IT.
We are a small department of three people covering four bank branches and we also own a title company with two branches. Needless to say, we have a lot of software and systems we need to maintain and be “experts” on.
This platform is giving not just senior management but end users as well a taste of the IT world and all the responsibility that comes with it. They have become active participants in our world. Many of our users have already caught several malware laced e-mails and we are also hoping that this helps get us the budget increase we desperately need in our department.
With the national attention that cyber security is currently getting and the roll out of this product in our environment, people are starting to realize that we aren’t a couple of dudes sitting in the basement eating Cheetos and playing Tetris." - P.E.
Find out how affordable new-school security awareness training is. Get a quote now, and be pleasantly surprised...
https://www.knowbe4.com/
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff
- My personal Fave of all the Best of the Month: April 2016. Awesome feats!
http://www.flixxy.com/people-are-awesome-best-of-april-2016.htm?utm_source=4
- On a visit to the Torres del Paine National Park in Chile, two hikers encountered an event one does not see every day: Wait for the moment when he says "Uh-Oh":
http://www.flixxy.com/two-tourists-filming-an-avalanche-that-stops-right-in-front-of-them.htm?utm_source=4
- While telling a story about his grandmother in a cafe, Criss Angel continues to astound us with his amazing magic:
http://www.flixxy.com/amazing-magic-trick-with-coffee-mug-criss-angel.htm?utm_source=4
- 10 scary things the TSA found on your fellow travelers. Yikes:
http://blog.tsa.gov/2016/12/tsas-top-10-most-unusual-finds-2016.html
- For the kids: Animals Who Are Not Afraid of Anything:
https://www.youtube.com/watch?v=tUqeFNLxcmk
- Cordless tire inflator. Now that is a Handy little gadget!:
https://www.amazon.com/Fineed-Hand-Held-Electric-Inflator-Rechargeable/dp/B019FIERRO/ref=sr_1_9?ie=UTF8&qid=1485376414&sr=8-9&keywords=air+pump+cordless
- Cristina Ramos, a Spanish opera singer, surprised Spain's Got Talent, with a really special performance and receives the 'Golden Buzzer.' :
http://www.flixxy.com/cristina-ramos-spains-got-talent-2016-opera-rock.htm?utm_source=4
- Ollie the African Grey parrot clicking and whistling along to Monty Python’s ‘Always Look on the Bright Side of Life’ on the piano:
http://www.flixxy.com/parrot-whistling-to-always-look-on-the-bright-side-of-life.htm?utm_source=4
- From the archives: Mysterious Whirlpool Eats Everything. Underwater sinkhole?:
http://www.flixxy.com/mysterious-whirlpool-eats-everything.htm?utm_source=4 - Here’s what it’ll be like to ride on Jeff Bezos’ suborbital Blue Origin spaceship:
http://www.geekwire.com/2017/riding-jeff-bezos-blue-origin-new-shepard/