CyberheistNews Vol 9 #14
AV-Test compares 19 Antivirus Tools: Windows Defender Reaches Maximum Detection Score
The German AV-Test lab compared 19 antivirus products, including the free Windows Defender which comes with the Win10 OS. Defender reached the max detection score, which was better than a slew of commercial products. As we all know, AV home and commercial products use the same engines but enterprise tools come with a management layer.
The upshot of this test: Ultimately, 3 packages score the maximum 18 points: F-Secure, McAfee, and Symantec. Windows Defender gets 17, and does better than 8 other commercial packages.
AV-Test said: "During January and February 2019 we continuously evaluated 19 home user products using settings as provided by the vendor. We always used the most current publicly-available version of all products for the testing. They were allowed to update themselves at any time and query their in-the-cloud services. We focused on realistic test scenarios and challenged the products against real-world threats. Products had to demonstrate their capabilities using all components and protection layers."
Full Story with links and screenshot:
https://blog.knowbe4.com/av-test-compares-19-antivirus-tools-windows-defender-reaches-maximum-detection-score
The German AV-Test lab compared 19 antivirus products, including the free Windows Defender which comes with the Win10 OS. Defender reached the max detection score, which was better than a slew of commercial products. As we all know, AV home and commercial products use the same engines but enterprise tools come with a management layer.
The upshot of this test: Ultimately, 3 packages score the maximum 18 points: F-Secure, McAfee, and Symantec. Windows Defender gets 17, and does better than 8 other commercial packages.
AV-Test said: "During January and February 2019 we continuously evaluated 19 home user products using settings as provided by the vendor. We always used the most current publicly-available version of all products for the testing. They were allowed to update themselves at any time and query their in-the-cloud services. We focused on realistic test scenarios and challenged the products against real-world threats. Products had to demonstrate their capabilities using all components and protection layers."
Full Story with links and screenshot:
https://blog.knowbe4.com/av-test-compares-19-antivirus-tools-windows-defender-reaches-maximum-detection-score
Microsoft Takes Control of 99 Phishing Domains Operated by Iranian State Hackers
The domains had been used as part of spear phishing campaigns aimed at users in the US and across the world. Court documents unsealed today revealed that Microsoft has been waging a secret battle against a group of Iranian government-sponsored hackers.
The OS maker sued and won a restraining order that allowed it to take control of 99 web domains that had been previously owned and operated by a group of Iranian hackers known in cyber-security circles as APT35, Phosphorus, Charming Kitten, and the Ajax Security Team.
APT35 hackers had registered these domains to incorporate the names of well-known brands, such as Microsoft, Yahoo, and others. The domains were then used to collect login credentials for users the group had tricked into accessing their sites. The tactic is decades old but is still extremely successful at tricking users into unwittingly disclosing usernames and passwords, even today.
Microsoft said it received substantial support from the domain registrars, which transferred the domains over to Microsoft as soon as the company obtained a court order.
This isn't the first time Microsoft has used a court order to take over domains that were previously under the control of government-backed cyber-espionage groups. Full story at:
https://www.zdnet.com/article/microsoft-takes-control-of-99-domains-operated-by-iranian-state-hackers/
The domains had been used as part of spear phishing campaigns aimed at users in the US and across the world. Court documents unsealed today revealed that Microsoft has been waging a secret battle against a group of Iranian government-sponsored hackers.
The OS maker sued and won a restraining order that allowed it to take control of 99 web domains that had been previously owned and operated by a group of Iranian hackers known in cyber-security circles as APT35, Phosphorus, Charming Kitten, and the Ajax Security Team.
APT35 hackers had registered these domains to incorporate the names of well-known brands, such as Microsoft, Yahoo, and others. The domains were then used to collect login credentials for users the group had tricked into accessing their sites. The tactic is decades old but is still extremely successful at tricking users into unwittingly disclosing usernames and passwords, even today.
Microsoft said it received substantial support from the domain registrars, which transferred the domains over to Microsoft as soon as the company obtained a court order.
This isn't the first time Microsoft has used a court order to take over domains that were previously under the control of government-backed cyber-espionage groups. Full story at:
https://www.zdnet.com/article/microsoft-takes-control-of-99-domains-operated-by-iranian-state-hackers/
New Tool: Find Out How Many Users Reply to a Spoofed Email... Before the Bad Guys Do
Highly targeted phishing attacks, known as Business Email Compromise or CEO fraud scams have exceeded $12.5 billion in total known losses worldwide. These attacks are used by the bad guys to impersonate your CEO, CFO, or even third-party organizations you work with.
They convince your users, often in Accounting, HR, or even IT into making wire transfers or other sensitive transactions because they “own” the keys to the kingdom. In fact according to a recent Barracuda report, 60% of pretexting email attacks do not involve any link. These attacks are clever because they bypass your traditional approaches to email security.
Find out how many of your users take the bait and reply to a spoofed email.
KnowBe4’s brand new Phishing Reply Test (PRT) is a complimentary IT security tool that makes it easy for you to check to see if key users in your organization will reply to a highly targeted impersonation attack. You’ll get quick insights into how many users will take the bait so you can take action to train your users and better protect your organization from these fraudulent attacks
Here’s How the Phishing Reply Test Works:
https://info.knowbe4.com/phishing-reply-test-chn
Highly targeted phishing attacks, known as Business Email Compromise or CEO fraud scams have exceeded $12.5 billion in total known losses worldwide. These attacks are used by the bad guys to impersonate your CEO, CFO, or even third-party organizations you work with.
They convince your users, often in Accounting, HR, or even IT into making wire transfers or other sensitive transactions because they “own” the keys to the kingdom. In fact according to a recent Barracuda report, 60% of pretexting email attacks do not involve any link. These attacks are clever because they bypass your traditional approaches to email security.
Find out how many of your users take the bait and reply to a spoofed email.
KnowBe4’s brand new Phishing Reply Test (PRT) is a complimentary IT security tool that makes it easy for you to check to see if key users in your organization will reply to a highly targeted impersonation attack. You’ll get quick insights into how many users will take the bait so you can take action to train your users and better protect your organization from these fraudulent attacks
Here’s How the Phishing Reply Test Works:
- Immediately start your test with your choice of three phishing email reply scenarios
- Spoof a sender’s name and email address your users know and trust
- Phishes for user replies and returns the results to you
- Get a PDF emailed to you within 24 hours with the percentage of users that replied
https://info.knowbe4.com/phishing-reply-test-chn
NotPetya Act of War Exclusion Spreads to Second Insurer
A second insurer has refused to pay out over the NotPetya cyberattack based on an act of war exclusion, prompting growing concerns for businesses relying on cybersecurity insurance to shield them from damage.
Insurer Hiscox is believed to be refusing to pay a claim by multinational law firm DLA Piper over damage caused by the NotPetya cyberattack, citing the act of war exclusion due to the suspected involvement of the Russian government.
It follows a similar refusal by Zurich to Mondelez, which saw the insurer also decline to pay damages caused by NotPetya due to the act of war exclusion clause. Mondelez is now suing Zurich for $100m over the decision.
NotPetya, which occurred in 2017, was a cyber weapon disguised as ransomware attack that's really a disk wiper. It is believed to have been designed to target the Ukrainian government and infrastructure companies, but affected businesses across Europe and, to a lesser extent, the US. The cost to businesses is thought to total more than $1.2bn.
In February 2018 the UK government took the unusual step of blaming the attack on the GRU Russian military intelligence agency, suggesting strong confidence in the accusations.
The decision by a second insurer to refuse to pay out NotPetya over the act of war exclusion is of particular concern for businesses because it raises doubts that insurance can provide an effective safety net to cyberattacks – particularly given the increasing role nation states are playing in the cybersecurity arena. Full story and links here:
https://blog.knowbe4.com/notpetya-act-of-war-exclusion-spreads-to-second-insurer
A second insurer has refused to pay out over the NotPetya cyberattack based on an act of war exclusion, prompting growing concerns for businesses relying on cybersecurity insurance to shield them from damage.
Insurer Hiscox is believed to be refusing to pay a claim by multinational law firm DLA Piper over damage caused by the NotPetya cyberattack, citing the act of war exclusion due to the suspected involvement of the Russian government.
It follows a similar refusal by Zurich to Mondelez, which saw the insurer also decline to pay damages caused by NotPetya due to the act of war exclusion clause. Mondelez is now suing Zurich for $100m over the decision.
NotPetya, which occurred in 2017, was a cyber weapon disguised as ransomware attack that's really a disk wiper. It is believed to have been designed to target the Ukrainian government and infrastructure companies, but affected businesses across Europe and, to a lesser extent, the US. The cost to businesses is thought to total more than $1.2bn.
In February 2018 the UK government took the unusual step of blaming the attack on the GRU Russian military intelligence agency, suggesting strong confidence in the accusations.
The decision by a second insurer to refuse to pay out NotPetya over the act of war exclusion is of particular concern for businesses because it raises doubts that insurance can provide an effective safety net to cyberattacks – particularly given the increasing role nation states are playing in the cybersecurity arena. Full story and links here:
https://blog.knowbe4.com/notpetya-act-of-war-exclusion-spreads-to-second-insurer
See Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 10-15% failure rate; you need a strong human firewall as your last line of defense.
Join us on Wednesday, April 10th @ 2:00 p.m. (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing. See the latest product features and how easy it is to train and phish your users.
Date/Time: Wednesday, April 10th @ 2:00 pm (ET)
Save My Spot!
https://event.on24.com/wcc/r/1967068/D50A2313FA094F6C87769BA93DC477C3
Old-school awareness training does not hack it anymore. Your email filters have an average 10-15% failure rate; you need a strong human firewall as your last line of defense.
Join us on Wednesday, April 10th @ 2:00 p.m. (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing. See the latest product features and how easy it is to train and phish your users.
- Train your users with access to the world's largest library of awareness training content and automated training campaigns with scheduled reminder emails.
- Send fully automated simulated phishing attacks, using thousands of customizable templates with unlimited usage.
- Virtual Risk Officer shows you the Risk Score by user, group, and your whole organization.
- Advanced Reporting on 60+ key awareness training indicators.
- Active Directory Integration to easily upload user data, eliminating the need to manually manage user changes.
- Identify and respond to email threats faster. Enhance your incident response efforts with the PhishER add-on!
Date/Time: Wednesday, April 10th @ 2:00 pm (ET)
Save My Spot!
https://event.on24.com/wcc/r/1967068/D50A2313FA094F6C87769BA93DC477C3
[New Comedy Series] KnowBe4's Popcorn Training Releases 8-Episode Security Awareness Videos - 'Standups 4 Security'
We’re excited to announce the release of this new security awareness video series for our customers called ‘Standups 4 Security’ from our team at Popcorn Training. In this new 8-episode comedy video series, you can learn how to protect your users and organization from falling victim to social engineering attacks.
All with a comedic twist, the video series explores real-life scenarios which make understanding difficult concepts seem easy and relevant. With Standups 4 Security, Popcorn Training has created a memorable learning experience, delivering high-quality live-action video episodes starring some of South Africa's favorite award-winning comedians.
The series was inspired by real-life events and takes you through different examples on the schemes cyber criminals use to target your users. Standups 4 Security goes behind the scenes and tells the true story of the 2018 Goliath & Goliath Comedy Club hack. The new series is available in the KnowBe4 ModStore for all customers with a Diamond level subscription. For more info check the blog:
https://blog.knowbe4.com/new-comedy-series-knowbe4-popcorn-training-releases-8-episode-security-awareness-videos-standups-4-security
We’re excited to announce the release of this new security awareness video series for our customers called ‘Standups 4 Security’ from our team at Popcorn Training. In this new 8-episode comedy video series, you can learn how to protect your users and organization from falling victim to social engineering attacks.
All with a comedic twist, the video series explores real-life scenarios which make understanding difficult concepts seem easy and relevant. With Standups 4 Security, Popcorn Training has created a memorable learning experience, delivering high-quality live-action video episodes starring some of South Africa's favorite award-winning comedians.
The series was inspired by real-life events and takes you through different examples on the schemes cyber criminals use to target your users. Standups 4 Security goes behind the scenes and tells the true story of the 2018 Goliath & Goliath Comedy Club hack. The new series is available in the KnowBe4 ModStore for all customers with a Diamond level subscription. For more info check the blog:
https://blog.knowbe4.com/new-comedy-series-knowbe4-popcorn-training-releases-8-episode-security-awareness-videos-standups-4-security
[April Live Demo] See How You Can Get Audits Done in Half the Time at Half the Cost
You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments is a continuous problem.
We listened! KCM now has Risk and Policy Management modules, transforming KCM into a full SaaS GRC platform!
Join us Thursday, April 11th at 2:30 PM (ET) for a 30-minute live product demo of the KCM GRC platform from KnowBe4. See how you can simplify the challenges of managing your compliance requirements and ease your burden when it’s time for risk assessments and audits.
Save My Spot!
https://event.on24.com/wcc/r/1967057/0796C66BE369DF5F2DBD00D2DE33F473?partnerref=CHN
https://www.reddit.com/r/sysadmin/comments/8l1lhd/pci_complianceiso_documentation_management/
You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments is a continuous problem.
We listened! KCM now has Risk and Policy Management modules, transforming KCM into a full SaaS GRC platform!
Join us Thursday, April 11th at 2:30 PM (ET) for a 30-minute live product demo of the KCM GRC platform from KnowBe4. See how you can simplify the challenges of managing your compliance requirements and ease your burden when it’s time for risk assessments and audits.
- Simplify risk management with an intuitive interface and simple workflow based on the well-recognized NIST 800-30.
- Quick implementation with pre-built requirements templates for the most widely used regulations.
- You can assign responsibility for controls to the users who are responsible for maintaining them.
- Secure evidence repository and DocuLinks giving you two ways of maintaining audit evidence and documentation.
- Dashboards with automated reminders to quickly see what tasks have been completed, not met, and past due.
Save My Spot!
https://event.on24.com/wcc/r/1967057/0796C66BE369DF5F2DBD00D2DE33F473?partnerref=CHN
Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc
https://www.reddit.com/r/sysadmin/comments/8l1lhd/pci_complianceiso_documentation_management/
Quotes of the Week
"All men's souls are immortal, but the souls of the righteous are immortal and divine."
- Socrates, Philosopher (469 - 399 BC)
"Follow your bliss and the universe will open doors where there were only walls."
- Joseph Campbell - Author (1904 – 1987)
Thanks for reading CyberheistNews
- Socrates, Philosopher (469 - 399 BC)
"Follow your bliss and the universe will open doors where there were only walls."
- Joseph Campbell - Author (1904 – 1987)
Thanks for reading CyberheistNews
Security News
Inside Cyber Battlefields, the Newest Domain of War
In his Black Hat Asia keynote, Mikko Hypponen explored implications of "the next arms race" and why cyber will present challenges never before seen in warfare.
The nature of war has moved across land, sea, air, and space. We did not sign up for this, but today we find ourselves as IT pros in the trenches of a cyber war, where a new arms race will challenge defenders as adversaries adopt new tools, technologies, and techniques.
Mikko Hypponen, chief research officer at F-Secure, today took the stage at Black Hat Asia to discuss the implications of cyber warfare and how it will present challenges not seen before. The nuclear arms race, which he noted lasted about 60 years, is behind us. Today's conflicts unfold differently; as a result, we have different domains for different types of fighting.
"Technology has changed where wars are fought," Hypponen explained in an interview with Dark Reading. When the Internet was first built, he continued, geographical lines didn't seem to exist. It seemed a kind of borderless utopia where cross-country collaboration may be possible. Now, as we know, times have changed, and wars are now fought online.
Just as the domain of war has changed, so, too, have tools used in battle. We're no longer as worried about nuclear weapons as we were 20 years ago, Hypponen said. Nuclear weapons, only used twice in human history, are built on the power of deterrence. You know who has nuclear weapons and avoid conflict with them because of this power. The number of traditional weapons fighter jets, bombers, and aircraft carriers in each country can be learned via Google.
"We know exactly how many tanks the Russians have. We know exactly how many aircraft carriers the US has," Hypponen explained, pointing to a screenshot of this information found online.
Digital weapons are poor in creating deterrence because nobody knows who has which tools. They are effective, affordable, and deniable – a dangerous combination of traits. "There are very few weapons that have deniability," Hypponen emphasized. "Cyber weapons have that." Full article:
https://www.darkreading.com/vulnerabilities---threats/inside-cyber-battlefields-the-newest-domain-of-war/d/d-id/1334272
In his Black Hat Asia keynote, Mikko Hypponen explored implications of "the next arms race" and why cyber will present challenges never before seen in warfare.
The nature of war has moved across land, sea, air, and space. We did not sign up for this, but today we find ourselves as IT pros in the trenches of a cyber war, where a new arms race will challenge defenders as adversaries adopt new tools, technologies, and techniques.
Mikko Hypponen, chief research officer at F-Secure, today took the stage at Black Hat Asia to discuss the implications of cyber warfare and how it will present challenges not seen before. The nuclear arms race, which he noted lasted about 60 years, is behind us. Today's conflicts unfold differently; as a result, we have different domains for different types of fighting.
"Technology has changed where wars are fought," Hypponen explained in an interview with Dark Reading. When the Internet was first built, he continued, geographical lines didn't seem to exist. It seemed a kind of borderless utopia where cross-country collaboration may be possible. Now, as we know, times have changed, and wars are now fought online.
Just as the domain of war has changed, so, too, have tools used in battle. We're no longer as worried about nuclear weapons as we were 20 years ago, Hypponen said. Nuclear weapons, only used twice in human history, are built on the power of deterrence. You know who has nuclear weapons and avoid conflict with them because of this power. The number of traditional weapons fighter jets, bombers, and aircraft carriers in each country can be learned via Google.
"We know exactly how many tanks the Russians have. We know exactly how many aircraft carriers the US has," Hypponen explained, pointing to a screenshot of this information found online.
Digital weapons are poor in creating deterrence because nobody knows who has which tools. They are effective, affordable, and deniable – a dangerous combination of traits. "There are very few weapons that have deniability," Hypponen emphasized. "Cyber weapons have that." Full article:
https://www.darkreading.com/vulnerabilities---threats/inside-cyber-battlefields-the-newest-domain-of-war/d/d-id/1334272
Which Employees Are the Criminals After?
Lower-level employees are the workers most likely to face highly-targeted attacks, according to the online marketing firm Reboot. Citing information from Proofpoint’s most recent quarterly analysis of highly-targeted cyberattacks, Reboot says that 67% of these attacks are launched against low-ranking employees.
Contributors come in second, experiencing 40% of targeted attacks. Management and upper management both face 27% of these attacks.
6% of targeted attacks are aimed at executives. As Reboot notes, however, “given that upper management accounts for a smaller proportion of businesses, it suggests that those in C-level positions, directors, and department managers may be targeted disproportionately more often.” Attacks against executives are also likely to cause far more damage due to the executives’ level of access within the organization.
The numbers also indicate that the pharmaceutical industry faces the most attacks, averaging 71 spear phishing attacks per company over a three-month period. Construction companies came next, with 61 attacks per organization over the same period, followed by real estate firms with 54 attacks.
Reboot advises organizations to enforce sound security policies, as well as implementing training programs to help their employees spot phishing emails. Attackers can carry out devastating cyberattacks if just one employee falls for one of their tricks. New-school security awareness training can teach employees at every level of your organization how to identify these attacks. PCMag has the story:
https://www.pcmag.com/news/367368/these-employees-are-most-likely-to-be-in-cybercriminals-cro
Lower-level employees are the workers most likely to face highly-targeted attacks, according to the online marketing firm Reboot. Citing information from Proofpoint’s most recent quarterly analysis of highly-targeted cyberattacks, Reboot says that 67% of these attacks are launched against low-ranking employees.
Contributors come in second, experiencing 40% of targeted attacks. Management and upper management both face 27% of these attacks.
6% of targeted attacks are aimed at executives. As Reboot notes, however, “given that upper management accounts for a smaller proportion of businesses, it suggests that those in C-level positions, directors, and department managers may be targeted disproportionately more often.” Attacks against executives are also likely to cause far more damage due to the executives’ level of access within the organization.
The numbers also indicate that the pharmaceutical industry faces the most attacks, averaging 71 spear phishing attacks per company over a three-month period. Construction companies came next, with 61 attacks per organization over the same period, followed by real estate firms with 54 attacks.
Reboot advises organizations to enforce sound security policies, as well as implementing training programs to help their employees spot phishing emails. Attackers can carry out devastating cyberattacks if just one employee falls for one of their tricks. New-school security awareness training can teach employees at every level of your organization how to identify these attacks. PCMag has the story:
https://www.pcmag.com/news/367368/these-employees-are-most-likely-to-be-in-cybercriminals-cro
Phishing Implicated in Contra Costa County Election Hack
A hacker sent a sophisticated spear phishing email to the Elections and Registrars Office in Contra Costa County, California, triggering investigations by the Department of Homeland Security (DHS) and the FBI, ABC7 News reports.
The email was sent to a single election staffer on March 18, and it appeared to come from one of the staffer’s known contacts. When the staffer opened the message, the system’s security software detected that the underlying IP address wasn’t actually from a known source, so it flagged the email as malicious.
The system was locked down as a result, and no information was compromised. Contra Costa County registrar Joe Canciamilla said the email appeared to be authentic and was tailored for their specific department. He believes it was an attempt to hack into the department’s email system, and said it didn’t attempt to access election information.
Canciamilla notified the Secretary of State, which brought in the DHS and the FBI. The attempt matched a pattern of previous attacks at other US government offices. Canciamilla told ABC7 that “clearly there are ongoing attempts to get into sensitive government systems... whether it's just to cause havoc, or it's to undermine confidence, or it's an attempt to gather information.”
In this case, the attack was thwarted by the office’s security protocols, and the department’s employees responded appropriately. Employees need to know how to identify phishing emails on their own, however, since attackers are constantly coming up with new ways to bypass security mechanisms. ABC7 News has the story:
https://abc7news.com/reported-hacking-attempt-at-contra-costa-co-election-division-foiled-/5216916/
A hacker sent a sophisticated spear phishing email to the Elections and Registrars Office in Contra Costa County, California, triggering investigations by the Department of Homeland Security (DHS) and the FBI, ABC7 News reports.
The email was sent to a single election staffer on March 18, and it appeared to come from one of the staffer’s known contacts. When the staffer opened the message, the system’s security software detected that the underlying IP address wasn’t actually from a known source, so it flagged the email as malicious.
The system was locked down as a result, and no information was compromised. Contra Costa County registrar Joe Canciamilla said the email appeared to be authentic and was tailored for their specific department. He believes it was an attempt to hack into the department’s email system, and said it didn’t attempt to access election information.
Canciamilla notified the Secretary of State, which brought in the DHS and the FBI. The attempt matched a pattern of previous attacks at other US government offices. Canciamilla told ABC7 that “clearly there are ongoing attempts to get into sensitive government systems... whether it's just to cause havoc, or it's to undermine confidence, or it's an attempt to gather information.”
In this case, the attack was thwarted by the office’s security protocols, and the department’s employees responded appropriately. Employees need to know how to identify phishing emails on their own, however, since attackers are constantly coming up with new ways to bypass security mechanisms. ABC7 News has the story:
https://abc7news.com/reported-hacking-attempt-at-contra-costa-co-election-division-foiled-/5216916/
The Only Pandemic in These Emails Is Ransomware
A malspam campaign is impersonating the Centers for Disease Control and Prevention (CDC) to spread fears about a new flu pandemic, according to our friend Larry Abrams at BleepingComputer. The emails warn that “near 20 thousand diseased people were killed by the flu already, and more than 220,000 were urgently hospitalized,” and they direct recipients to read the attached Word document for instructions on how to stay safe.
When the document is downloaded and opened, users will only see the words “Urgent notice” written in very large text, along with the option to “Enable editing.” If they click the button to enable editing, a malicious macro will download the GandCrab v5.2 ransomware installer.
The emails are riddled with typos and grammatical errors, suggesting they were written by a non-native English speaker. Even if the email did look legitimate, you should never click on the attachment. If there really were a flu pandemic, you could check for announcements and advice by opening a new tab and going directly to the CDC’s website.
Abrams notes that this isn’t the only GandCrab campaign spotted this month. My Online Security reported on March 15 that it had identified fake delivery notification emails purporting to come from DHL Express. These emails come with Word document attachments which contain the same “Urgent notice” text as the CDC phishing documents.
Additionally, the Chinese government issued an alert stating that a hacker group outside the country began targeting government departments in China with GandCrab phishing campaigns on March 11th.
GandCrab’s developers use a ransomware-as-a-service business model, meaning they rent their malware out to a multitude of different criminal actors. As a result, the ransomware has been observed targeting a wide variety of sectors. The vast majority of these campaigns use phishing emails as their initial infection vector. BleepingComputer has the story:
https://www.bleepingcomputer.com/news/security/fake-cdc-emails-warning-of-flu-pandemic-push-ransomware/
A malspam campaign is impersonating the Centers for Disease Control and Prevention (CDC) to spread fears about a new flu pandemic, according to our friend Larry Abrams at BleepingComputer. The emails warn that “near 20 thousand diseased people were killed by the flu already, and more than 220,000 were urgently hospitalized,” and they direct recipients to read the attached Word document for instructions on how to stay safe.
When the document is downloaded and opened, users will only see the words “Urgent notice” written in very large text, along with the option to “Enable editing.” If they click the button to enable editing, a malicious macro will download the GandCrab v5.2 ransomware installer.
The emails are riddled with typos and grammatical errors, suggesting they were written by a non-native English speaker. Even if the email did look legitimate, you should never click on the attachment. If there really were a flu pandemic, you could check for announcements and advice by opening a new tab and going directly to the CDC’s website.
Abrams notes that this isn’t the only GandCrab campaign spotted this month. My Online Security reported on March 15 that it had identified fake delivery notification emails purporting to come from DHL Express. These emails come with Word document attachments which contain the same “Urgent notice” text as the CDC phishing documents.
Additionally, the Chinese government issued an alert stating that a hacker group outside the country began targeting government departments in China with GandCrab phishing campaigns on March 11th.
GandCrab’s developers use a ransomware-as-a-service business model, meaning they rent their malware out to a multitude of different criminal actors. As a result, the ransomware has been observed targeting a wide variety of sectors. The vast majority of these campaigns use phishing emails as their initial infection vector. BleepingComputer has the story:
https://www.bleepingcomputer.com/news/security/fake-cdc-emails-warning-of-flu-pandemic-push-ransomware/
Learn the Fundamentals of Phishing to Avoid Falling for New Attacks
As employees grow more aware of conventional phishing scams, criminals are changing their tactics to make their attacks harder to spot, according to David Nield at Gizmodo. An increasing amount of phishing emails and spoofed websites are extremely realistic-looking, and more attackers are turning to targeted spear phishing and business email compromise for higher payoffs.
By learning how to recognize the universal hallmarks of social engineering, employees can be more resistant to new and unfamiliar forms of phishing.
Chris Dawson, Threat Intelligence Lead at Proofpoint, told Gizmodo that there are two main categories of email-based phishing. The first uses malicious links or attachments to trick victims into giving up their credentials or downloading malware, while the second relies primarily on social engineering tactics to get victims to do what the attacker wants.
In both cases, users should take the circumstances into account, rather than trusting the email because it looks legitimate.
“Nearly every aspect of an email, even the display or From name, can be manipulated to trick users into believing they know who sent them an email,” said Dawson. “Because of this, all emails that request personal information, credentials, push readers to click a link, or open an attachment must be treated as potentially malicious.”
In addition, he warned that “pressure to act quickly, attempts to cause panic, and requests to transfer money” should immediately put you on high alert.
Nield adds that any links in emails should be avoided whenever possible. If clicking a link is absolutely necessary, users should again consider the circumstances and exercise extreme caution.
“If an email encourages you to click on a link, always go direct to the website in your browser to log in, rather than following the link, if you can,” he writes. “The exception would be when you’re resetting your password or verifying an email address—but only follow these links if you actually have just reset a password or registered on a new site.”
Attackers are constantly changing their strategies to overcome defenders’ attempts to stop them. New-school security awareness training can help your employees keep up with the latest phishing trends, as well as teaching them to recognize the enduring staples of social engineering. Gizmodo has the story:
https://gizmodo.com/how-phishing-scams-are-evolving-and-how-not-to-get-caug-1832618224
As employees grow more aware of conventional phishing scams, criminals are changing their tactics to make their attacks harder to spot, according to David Nield at Gizmodo. An increasing amount of phishing emails and spoofed websites are extremely realistic-looking, and more attackers are turning to targeted spear phishing and business email compromise for higher payoffs.
By learning how to recognize the universal hallmarks of social engineering, employees can be more resistant to new and unfamiliar forms of phishing.
Chris Dawson, Threat Intelligence Lead at Proofpoint, told Gizmodo that there are two main categories of email-based phishing. The first uses malicious links or attachments to trick victims into giving up their credentials or downloading malware, while the second relies primarily on social engineering tactics to get victims to do what the attacker wants.
In both cases, users should take the circumstances into account, rather than trusting the email because it looks legitimate.
“Nearly every aspect of an email, even the display or From name, can be manipulated to trick users into believing they know who sent them an email,” said Dawson. “Because of this, all emails that request personal information, credentials, push readers to click a link, or open an attachment must be treated as potentially malicious.”
In addition, he warned that “pressure to act quickly, attempts to cause panic, and requests to transfer money” should immediately put you on high alert.
Nield adds that any links in emails should be avoided whenever possible. If clicking a link is absolutely necessary, users should again consider the circumstances and exercise extreme caution.
“If an email encourages you to click on a link, always go direct to the website in your browser to log in, rather than following the link, if you can,” he writes. “The exception would be when you’re resetting your password or verifying an email address—but only follow these links if you actually have just reset a password or registered on a new site.”
Attackers are constantly changing their strategies to overcome defenders’ attempts to stop them. New-school security awareness training can help your employees keep up with the latest phishing trends, as well as teaching them to recognize the enduring staples of social engineering. Gizmodo has the story:
https://gizmodo.com/how-phishing-scams-are-evolving-and-how-not-to-get-caug-1832618224
New "Upload Your Own Training Content" Feature Is Now Live in the KnowBe4 Platform.
When you have a variety of computer-based training requirements across your users and departments, it becomes a time-consuming task to manage all this different training content in multiple places. How do you save time and budget, managing all the training you deliver in your organization such as Employee Onboarding, HR and Compliance, Professional Development, and more?
So here are some scenarios that IT pros told us they run into:
To simplify how you roll out and manage different training programs for your users, you can now use your KnowBe4 security awareness training platform for your in-house training content or other licensed corporate training. You now have the option to upload your own SCORM-compliant training content in any language you choose, directly into your KnowBe4 account - at no extra cost!
Think of it as your own custom Training ModStore where you can quickly and easily upload, administer, track, report and deliver any kind of training to your users. Great to add custom content and incorporate that into your security awareness training campaigns. You just got your very own "mini" Learning Management System!
You not only reduce your costs of managing training content in different places, you also make it easier for your Admins and your users. Enjoy one seamless Admin and Learner experience no matter what training content and campaigns you deliver through your KnowBe4 platform.
PRODUCT SPECS
Want to supplement your KnowBe4 security awareness training content with your organization’s custom training or other corporate training content? Now you can! Upload your own SCORM-compliant training content and manage it alongside your KnowBe4 ModStore security awareness training content all in one place.
With self-service access, you can upload training content, add course descriptions, artwork, and add multiple languages with easy-to-use steps to guide you through the process of uploading content.
You can upload a range of course content based on the format types supported by KnowBe4, which include the following:
Training Modules: SCORM 2004 v2, v3, and v4 with file sizes up to 1GB. Coming in April: Video Modules: MP4 with file sizes up to 500MB.
One important note: This feature is available across all subscription levels!
Support Documentation:
https://support.knowbe4.com/hc/en-us/articles/360019644394
Blog Post:
https://blog.knowbe4.com/new-feature-upload-your-own-training-content
When you have a variety of computer-based training requirements across your users and departments, it becomes a time-consuming task to manage all this different training content in multiple places. How do you save time and budget, managing all the training you deliver in your organization such as Employee Onboarding, HR and Compliance, Professional Development, and more?
So here are some scenarios that IT pros told us they run into:
- Have to manage and pay for multiple delivery platforms for different types of computer-based training to your users?
- Have limited budget for training, so a separate Learning Management System (LMS) is not an option?
- Don’t have a way to deliver additional / in-house training content you want to incorporate into your existing security awareness training campaigns?
To simplify how you roll out and manage different training programs for your users, you can now use your KnowBe4 security awareness training platform for your in-house training content or other licensed corporate training. You now have the option to upload your own SCORM-compliant training content in any language you choose, directly into your KnowBe4 account - at no extra cost!
Think of it as your own custom Training ModStore where you can quickly and easily upload, administer, track, report and deliver any kind of training to your users. Great to add custom content and incorporate that into your security awareness training campaigns. You just got your very own "mini" Learning Management System!
You not only reduce your costs of managing training content in different places, you also make it easier for your Admins and your users. Enjoy one seamless Admin and Learner experience no matter what training content and campaigns you deliver through your KnowBe4 platform.
PRODUCT SPECS
Want to supplement your KnowBe4 security awareness training content with your organization’s custom training or other corporate training content? Now you can! Upload your own SCORM-compliant training content and manage it alongside your KnowBe4 ModStore security awareness training content all in one place.
With self-service access, you can upload training content, add course descriptions, artwork, and add multiple languages with easy-to-use steps to guide you through the process of uploading content.
You can upload a range of course content based on the format types supported by KnowBe4, which include the following:
Training Modules: SCORM 2004 v2, v3, and v4 with file sizes up to 1GB. Coming in April: Video Modules: MP4 with file sizes up to 500MB.
One important note: This feature is available across all subscription levels!
Support Documentation:
https://support.knowbe4.com/hc/en-us/articles/360019644394
Blog Post:
https://blog.knowbe4.com/new-feature-upload-your-own-training-content
What KnowBe4 Customer Say
[VIDEO] A KnowBe4 channel partner talks about his experience with our platform and service:
https://www.youtube.com/watch?v=X1cXgNTfdUY
"Stu, Thanks for reaching out. Since you asked, I will answer. The software, training, and service has been nothing less than amazing! It’s incredibly user-friendly and I couldn’t ask for a better platform. Furthermore, SoniaG has been an excellent resource for me as she has been professional and knowledgeable while being friendly and responsive. I will most definitely refer KnowBe4 to anyone that I come across who is in need of this service. Have an excellent weekend!"
D.R., Senior VP.
"Thank you Stu. As I expected your services are better than ever. I can see a lot of improvement since 2015, new tools and new processes. We appreciate all you do. Yes working excellent."
- A.E., IT Manager
[VIDEO] A KnowBe4 channel partner talks about his experience with our platform and service:
https://www.youtube.com/watch?v=X1cXgNTfdUY
"Stu, Thanks for reaching out. Since you asked, I will answer. The software, training, and service has been nothing less than amazing! It’s incredibly user-friendly and I couldn’t ask for a better platform. Furthermore, SoniaG has been an excellent resource for me as she has been professional and knowledgeable while being friendly and responsive. I will most definitely refer KnowBe4 to anyone that I come across who is in need of this service. Have an excellent weekend!"
D.R., Senior VP.
"Thank you Stu. As I expected your services are better than ever. I can see a lot of improvement since 2015, new tools and new processes. We appreciate all you do. Yes working excellent."
- A.E., IT Manager
The 10 Interesting News Items This Week
- 8 Hard Truths About Working in Cybersecurity:
https://www.techrepublic.com/article/8-hard-truths-about-working-in-cybersecurity/ - Proofpoint expert on why your employees might be your biggest cyber-risk:
http://www.intelligentcio.com/me/2019/03/25/proofpoint-expert-on-why-your-employees-might-be-your-biggest-cyber-risk/ - Hackers are causing blackouts. It's time to boost our cyber resilience:
https://www.weforum.org/agenda/2019/03/hackers-are-causing-blackouts-it-s-time-to-boost-our-cyber-resilience/ - 61 percent of CISOs believe employees have leaked data maliciously:
https://betanews.com/2019/03/25/employee-malicious-data-leaks/ - Slack's security worries some CEOs, who say that employees 'never shut up' on the app:
https://www.cnbc.com/2019/03/26/slack-security-concerns-some-ceos.html - Insurers Are Creating a Consumer Ratings Service for Cybersecurity Industry:
https://www.wsj.com/articles/insurers-creating-a-consumer-ratings-service-for-cybersecurity-industry-11553592600? - Here is the brand-new Cybersecurity Ventures Women In Cybersecurity Report, sponsored by KnowBe4:
https://cybersecurityventures.com/women-in-cybersecurity/ - Windows security: Microsoft Defender AV can now stop malware from disabling it:
https://www.zdnet.com/article/windows-security-microsoft-defender-av-can-now-stop-malware-from-disabling-it/ - Speak the Board’s Language to Communicate the Value of Security:
https://securityintelligence.com/speak-the-boards-language-to-communicate-the-value-of-security/ - Employee Attack Likelihood: The Hidden Indicator Nobody Talks About:
https://blog.panorays.com/employee-attack-likelihood-the-hidden-indicator-nobody-talks-about - BONUS: Ransomware Forces Two Chemical Companies to Order ‘Hundreds of New Computers’:
https://blog.knowbe4.com/ransomware-forces-two-chemical-companies-to-order-hundreds-of-new-computers
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff
- Awesome people perform amazing and extraordinary feats in this week's compilation by the 'People Are Awesome' channel:
https://www.flixxy.com/people-are-awesome-best-of-week-10-2019.htm?utm_source=4
- Boston Dynamics’ updated Handle robot will beat you at warehouse Jenga. Dang these are getting scary good:
https://www.theverge.com/2019/3/28/18285923/boston-dynamics-handle-robot-updated-box-stacking
- US Snail Mail Has Phishing Problem and Proposes New Boxes:
https://www.nytimes.com/2019/03/21/nyregion/mailbox-theft-fishing.html
- Active Track Drone Distracted and Fooled by Decoys - Camera spoofing video:
https://www.youtube.com/watch?v=f2l4lMGjDKw#action=share
- 10 Movies All Security Pros Should Watch:
https://www.darkreading.com/analytics/10-movies-all-security-pros-should-watch/d/d-id/1334199?
- Best known to American audiences as Mr. Bean, here is comedian Rowan Atkinson as 'Toby the Devil':
https://www.flixxy.com/toby-the-devil-welcome-to-hell-rowan-atkinson.htm?utm_source=4
- There’s this new 4K Falcon 9 video you probably want to watch. I still think it's magic:
https://www.youtube.com/watch?v=Z4TXCZG_NEY&feature=youtu.be
- The Card Trick That Fooled Winston Churchill 6 times in a row - Revealed:
https://www.youtube.com/watch?v=CmfgxPy_Ehk
- This Israeli team could win $1 million if their spacecraft sticks a lunar landing next month:
https://www.youtube.com/watch?v=_R4zk448oPs&feature=youtu.be
- For the kids: Discover the life-saving superpowers and extraordinary bravery of some of the world’s most remarkable dogs:
https://www.flixxy.com/superpower-dogs.htm?utm_source=4 - I was interviewed by Tom Field of the Information Security Media Group at the RSA 2019 Conference in San Francisco, and we discuss:
- Why humans remain the weak link
- The additional layer of security that's necessary
- What distinguishes KnowBe4's approach
https://www.databreachtoday.com/strengthening-weakest-link-a-12135