Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

Hackers Demand $25K-$30K After Ransomware Attack Takes Down Bingham County Servers

BLACKFOOT — Bingham County officials are scrambling to rebuild parts of their computer infrastructure after a ransomware attack took down county servers on Wednesday. The Bingham County IT team is pulling all-nighters to recover their systems. 

7 Urgent Reasons For Creating A Human Firewall

I was at RSA 2017 in San Francisco last week, and apart from meetings with customers, VCs and the Press, I found a large amount of relevant security news. Out of the firehose of RSA data, I distilled the 7 urgent reasons why you need to create your "human firewall" as soon as you possibly can.  Employees are your last line of defense and need to become an additional security layer when (not if) attacks make it through all your technical filters. 

1. Ransomware heads the list of deadly attacks

SANS' Ed Skoudis said the rise in ransomware was the top threat. “We’ve seen this can bring down a whole network of file servers and we expect many more attacks”. His advice is that companies practice network security “hygiene” and limit permission for network shares to only those jobs that require it. And of course train your users within an inch of their lives. 

Google: "Office Inbox Receives 6.2X More Phishing And 4.3X More Malware Than Your Inbox At Home".

Google Research analyzed over a billion emails passing through Gmail, and the results were presented yesterday at the RSA security conference in San Francisco.  

Extremely interesting stats: corporate email addresses are 6.2 times more likely to receive phishing attacks, 4.3X likely to receive malware compared to personal accounts, but 0.4X less likely to receive spam.

Are There Free Ransomware Decryptors?

The threat of ransomware has never been more real. In fact, 2016 was a record year. Here are some scary statistics from the past year put together by the folks at Barkly:

  • Nearly 50 percent of organizations have been hit with ransomware
  • 56,000 ransomware infections in March 2016, alone
  • $209 million was paid to ransomware criminals just in Q1 2016
  • The average ransom demand is now $679

If you're reading this, we're guessing you've been hit and you're probably wondering what to do next. 

Every strain has its own unique ransom note but the message boils down to the cybercriminals telling you it's your money or your files. It doesn't have to be that way! Security pros are constantly trying to stay a step ahead of threat actors developing the ransomware, but it's a never-ending cycle. That said, there are free decryptors you can try for several different strains. 

[Heads-Up] First-Ever Russian Malicious Mac Macro Discovered

Appleinsider reported Feb 9, 2017: "Mac malware discovered in Microsoft Word document with auto-running macro", which was the second example of malware targeting macOS users this week.  

Security researchers have detected the first in-the-wild instance of hackers are making use of malicious macros in Word documents to install malware on Mac computers – an old Windows technique. The hack uses the same social engineering tactic, tricking victims into opening infected Word documents that subsequently run malicious macros.

Scam Of The Week: Valentine’s Day Phishing Attacks

It is time to remind your users that heartless con artists use social engineering tactics to trick people looking for love. 

The FBI's Internet Crime Complaint Center warns every year that scammers use poetry, flowers, and other gifts to reel in victims, the entire time declaring their "undying love."  

These callous criminals -- who also troll social media sites and chat rooms in search of romantic victims -- usually claim to be Americans traveling or working abroad. In reality, they often live overseas and it's a whole industry with planned criminal campaigns focused on days like this. 

[ALERT] DynA-Crypt Ransomware Steals And Deletes Your Data

Our friend Larry Abrams at Bleepingcomputer alerted the world about a new strain of ransomware called DynA-Crypt that was put together using a malware creation kit by people that are not very experienced, but have a lot of destruction in mind.

CRYSIS Ransomware Is Back And Uses RDP Brute Force To Attack U.S. Healthcare Orgs

Remember the CRYSIS ransomware? The attacks started up again, mostly targeting US healthcare orgs. using brute force attacks via Remote Desktop Protocol (RDP).  

The number of attacks has more than doubled in volume in January 2017 over that same timeframe in 2016. This most recent wave included a wide variety of sectors worldwide, but the U.S. healthcare sector was hit the hardest.

How Hacking Became Russia’s Weapon of Choice

A study by the World Bank stated that Russia boasts more than 1 million software specialists involved in research and development.

Russian illegal cyber warriors are among the most proficient in the world with around 40 large criminal cyber rings operating within the country’s borders.

The Russian government has long been known to source its technology, world-class hacking talent and even some intelligence information from local cyber crime rings.

Subscribe To Our Blog

Phish Your Users

Get the latest about social engineering

Subscribe to CyberheistNews