CyberheistNews Vol 7 #6 [IRS ALERT] Scam of the Week Blends CEO Fraud and W-2 Phishing

CyberheistNews Vol 7 #06 
[IRS ALERT] Scam of the Week Blends CEO Fraud and W-2 Phishing

I have talked about CEO fraud here many times — e-mail attacks spoofing the boss and social engineering a high-risk employee into wiring funds to a bank account controlled by the bad guys.

And I also warned you against W-2 phishing, where scammers impersonate the boss and ask for a PDF with all employee tax forms. Per a new “urgent alert” issued by the U.S. Internal Revenue Service, internet criminals have now combined both schemes and at the same time are targeting a much wider range of organizations than ever before.

Read more, and grab the ready-to-send copy/paste blurb for your users at the KnowBe4 Blog:
Careless Licking Gets a Nasty Ransomware Phishing Infection: 1,000+ Machines Down

More than 1,000 government computer systems shut down. A county in Ohio, US, has had to shut down its entire IT infrastructure due to a ransomware infection. County Auditor Mike Smith found a bright side on an otherwise gloomy day: "Apparently, our clock still works."

Licking county has turned off all phones and computers on its government network in order to stop the spread of malware that had been locking down infected PCs and demanding payments.

Licking County Commissioner Tim Bubb would not disclose the amount of the ransom demand, nor if it would be paid. He said they are taking the advice of cyber-security experts and law enforcement.

According to local news station WBNS, the move was made Tuesday evening when officials found that more than one thousand county PCs had already been infected with the ransomware.

All county offices remain open for people walking in and doing business the old fashioned way using pen and paper forms, and the 911 call center and dispatch continues to operate in "manual mode." The county treasurer's office is unable to process checks, but is still accepting payments for property taxes.

Sean Grady, director of the Licking County Emergency Management Agency and Regional 911 Center, did not expect an immediate resolution of the problem. "It's slower than we'd like," Grady said. "It takes us back 25 years in how we dispatch. We ask more detailed questions."

The news station reports that the outage is expected to continue through the week as county staff work to scrub the malware from the infected machines. The FBI has also been called in to assist.

A Newark Advocate article said: "The cyber crimes vary in how they scam individuals and governments, but typically involve an email – a practice known as ‘phishing’ – that contains either a link or an attachment that, when opened, infects computers or entices the recipient to share account information and passwords. Some attachments launch viruses that essentially take data hostage until a ransom is paid."

"We don't believe we were specifically targeted," Tim Bubb said. "Clearly, it's designed to make money for somebody. It was just our unlucky day. It was something created to cause havoc."

Phishing with spoofed email addresses is the number one ransomware attack vector. Stepping careless employees through new-school security awareness training which includes frequent simulated phishing attacks can prevent incidents like this.
Spora Ransomware Spreads Via Fake 'Chrome Font Pack'

Palo Alto Networks threat intelligence analyst Brad Duncan reported that Spora, a powerful new ransomware strain that is able to encrypt files without communicating to a command-and-control server, is using a social engineering attack vector using fake “Chrome Font Pack” pop-ups.

Most ransomware spreads either through spam and email attachments or malvertising. Spora uses Exploit Kits that use unpatched vulnerabilities in both browsers and operating systems.

Spora's evil geniuses have compromised multiple websites and turn the websites’ pages into unreadable text and tell visitors that the “HoeflerText” font is missing and that they can fix this by downloading the "Chrome Font Pack."

People then download and install the malicious code by double-clicking the "update.exe" file which kicks off the malicious code. The bad guys even provide help by showing where the victims can find the install file. More technical detail at Palo Alto:
KnowBe4 Announces Hot New Feature: Social Engineering Indicators

We have added a brand new, patent-pending technology that you want to see!

New Social Engineering Indicators (SEI) turns every simulated phishing email into a tool you can use to dynamically train employees by instantly showing them the hidden red flags they missed within that email.

Join us on Wednesday, February 8, 2017, at 2:00 p.m. (EST) for a 30-minute live product demonstration of KnowBe4's game-changing Security Awareness Training Platform to see the latest features and how easy it is to train and phish your users:
    • NEW For the first time, see our new "SEI" feature.
    • NEW Access to the world's largest library of security awareness training content through our innovative Module Store.
    • Send Simulated Phishing tests to your users during specified business hours with "Reply-to Tracking" that shows you which users fall for spoofed emails and what they answer to the bad guys.
    • Active Directory Integration allows you to easily upload and synch user management, set-it-and-forget-it.

    • Reporting to watch your Phish-prone percentage drop, with great ROI.
Find out how 8,000+ organizations have mobilized their end-users as their last line of defense.

Register Now:
Fake Netflix App is Actually Ransomware

Something else you can warn your users about:

Kaspersky warned on their blog: "People are downloading a new app, looking to get free access to Netflix accounts. What they’re actually getting is a malware strain called Netix that encrypts users’ data and demands $100 in bitcoins to unlock their files.

The program, called “Netflix Login Generator” is downloaded by users looking to gain access to Netflix without paying. The app purportedly has leaked Netflix accounts, which users can use to access the streaming service for free. In reality, all it does is provide fake account credentials that don’t work.

Once installed, the app shows you what looks like a login-password pair generator, but that’s just a distraction; it’s actually busy encrypting your data. Once it’s finished with that, up pops a ransom note. So remember than when something sounds very enticing and perhaps too good to be true, it usually is.

Do not let social engineering tricks manipulate you into downloading and executing applications that you really should not trust.
Going to RSA in San Francisco This Year? Here's Your Exhibit Hall Pass

Drop by KnowBe4’s Booth 3127, North Hall at the Kevin Mitnick New Book Signing! Meet the ‘World’s Most Famous Hacker’, get a signed copy of his new book: Tuesday, February 14, 3-6pm at KnowBe4’s Booth.

Get your light-up "Axe To Grind With Ransomware!" swag, and see a demo of the innovative KnowBe4 Security Awareness Training Platform to train and phish your users. Be entered to win a 500-dollar cash prize.

Don’t have a pass yet? We’ve got you covered. Use code XE7KNWBE4 to register for your complimentary Exhibit Hall Only Pass. We'll see you at Booth 3127:

Warm Regards,
Stu Sjouwerman

Quotes of the Week
"To change things, don't try to fight the existing reality. Build a new model that makes the old model obsolete." - Buckminster Fuller

"What we do for ourselves dies with us. What we do for others and the world remains and is immortal."
- Albert Pine

Thanks for reading CyberheistNews
Security News
Cisco: "Spam Makes Major Comeback. Users Are Your Last Line Of Defense".

Whoa Nellie. Just when you thought that spam was on its way out, Cisco’s 2017 Annual Cybersecurity Report shows the opposite. Spam is making a surprising comeback as a threat to your network, and has become an important carrier of attacks like spear phishing, ransomware and bots.

This is Cisco's 10th annual report, they use their own routers to measure the spam volume and it shows that now 65% of all corporate email is spam. The new numbers show a tsunami in 2016. In 2010, Cisco recorded around 5K spam messages being sent per second. Over the next 5 years that number was roughly 1.5K, spiking to about 2K for a short while in 2014, but in 2016 it moves up to more than 3K per second.

Phishing as an attack vector is skyrocketing and Cisco's Franc Antes, an architect for Cisco’s security business group says. “I should start to double-check my security technologies that are supposed to be intercepting and monitoring for that particular attack vector”.

Antes continues: "The problem is that 8% of that spam is malicious, but with the total volume roughly tripling over the course of 2016, that 8% represents a significant increase in total attempts. That’s something that might fly under the radar of CISOs unless they look for it or CIOs point it out".

When end users fall for these attempts and click on a malicious link or attachment, “It almost always works on the workstation because the end user is executing the binary,” Antes says. Clicking on attachments or links can turn those endpoints into bots nearly instantaneously, he says, or could lead to ransomware infections.

Combine the above with the fact that that antivirus is not cutting it anymore, you have powerful ammo for IT security budget to transform your employees into an effective "last line of defense": a human firewall.

What Security Pros Say

Cisco also surveyed more than 3,000 security pros in organizations ranging from small businesses to large enterprise.

The results raise some eyebrows, as 44% of all security alerts are not being investigated, and 54% of legitimate alerts don’t get remediated. It boils down to security technology catching the incidents but response teams are bombarded with a deluge of alerts they need to sift through.

Respondents blamed insufficient budgets and lack of trained personnel as part of the problem. They also pointed to interoperability problems among security platforms and compliance requirements that dictate where spending is directed. We all know that often compliance is the enemy of actual IT security.

People who answered the survey related to their own --or other people's-- data breaches, said their effect on operations included downtime, damage to the reputation of the company brand and loss of customers.

However, the silver lining was that 38% said that breaches helped promote improved security. Main points mentioned were separating the security team from the IT team and, and increasing end-user security awareness training. More, and links to articles and graphs. This is great budget ammo:
AI Isn't for the Good Guys Alone Anymore

Criminals are beginning to use artificial intelligence and machine learning to get around cyberdefenses.

Maria Korolov at InfoWorld said: "Last summer at the Black Hat cybersecurity conference, the DARPA Cyber Grand Challenge pitted automated systems against one another, trying to find weaknesses in the others’ code and exploit them.

“This is a great example of how easily machines can find and exploit new vulnerabilities, something we’ll likely see increase and become more sophisticated over time,” said David Gibson, vice president of strategy and market development at Varonis Systems.

His company hasn’t seen any examples of hackers leveraging artificial intelligence technology or machine learning, but nobody adopts new technologies faster than the sin and hacking industries. So it’s safe to assume that hackers are already using AI for their evil purposes,” he said.

Smarter Email Scams

According to the McAfee Labs 2017 Threats Predictions report, cyber-criminals are already using machine learning to target victims for Business Email Compromise scams, which have been escalating since early 2015.

“What artificial intelligence does is it lets them automate the tailoring of content to the victim,” said Steve Grobman, Intel Security CTO at Intel, which produced the report. “Another key area where bad actors are able to use AI is in classification problems. AI is very good at classifying things into categories.”

For example, the hackers can automate the process of finding the most likely victims.

The technology can also be used to help attackers stay hidden inside corporate networks, and to find vulnerable assets. Identifying specific cases where AI or machine learning is used can be tricky, however.

“The criminals aren’t too open about explaining exactly what their methodology is,” he said. And he isn’t aware of hard evidence, such as computers running machine learning models that were confiscated by law authorities.

“But we’ve seen indicators that this sort of work is happening,” he said. “There are clear indications that bad actors are starting to move in this direction.” More:

KnowBe4 Harnesses AI for Your Benefit

Meet AIDA – your smart sidekick that trains your employees to make smarter security decisions.

AIDA stands for Artificial Intelligence Driven Agent and uses AI to dynamically create integrated campaigns that send emails, text and voicemail to an employee, simulating a multi-vector social engineering attack. It attempts to have the employee either click on a phishing link, tap on a link in a text message, or respond to a voice mail – any of which could compromise your network. In short, AIDA uses Artificial Intelligence to inoculate your employees against social engineering.

Participate in the AIDA Beta, and get on the cutting edge of creating a last line of defense: your human firewall:
SANS' OUCH Covers Security on the Road

They said: "We are excited to announce the February issue of OUCH! This month, led by Guest Editor Mark Williams, we focus on Staying Secure on the Road. We know and understand most of you use the Internet while traveling, whether for personal or work related reasons. We want to be sure you can accomplish everything you need when on the road safely and securely. Share OUCH! with your family, friends, and coworkers."
See for Yourself: 300+ New Ways to Make Sure Your Users Think Before They Click

You can now see the KnowBe4 ModStore for yourself. Complete the form and you get a complimentary KnowBe4 account with immediate access so you can browse and view all of the security awareness content.

With the ModStore Preview you can access:
  • 20 e-learning modules
  • 28 interactive learning modules
  • 15 compliance modules
  • 100+ videos
  • 33 trivia games
  • 125+ pieces of artwork like newsletters and security documents
Here’s the ModStore Preview page. Check out the world's largest library of security awareness content, with filters for topics, languages and more:
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff
    • Business email compromise, also known as "whaling" or "CEO fraud", is one the biggest threats facing businesses today. Barclays warns customers of the risks of business email compromise with an interesting video:
    • Tesla Fan-created ad. Amazing when you realize that Tesla does not do any TV advertising themselves:

    • There are really only three leaders in the awareness training category that allow you to phish your own users: Phishme, Wombat, and KnowBe4. The rest are wannabes. If you are serious about creating a human firewall as your last line of defense, these are the three companies you want demos and quotes from and then compare. Phishme just created a new video that's actually pretty good:

FOLLOW US ON: Twitter | LinkedIn | Google | YouTube
Copyright © 2014-2017 KnowBe4, Inc. All rights reserved.

Subscribe To Our Blog

Get the latest about social engineering

Subscribe to CyberheistNews