Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

Sophisticated "Spora" Ransomware Demands Future Protection Money

Emsisoft researchers dissected a new ransomware strain that demands users not only pay to recover their encrypted files, but also for immunity from future attacks.

The threat is called Spora, and it's the work of highly professional bad guys if you look at the well-implemented encryption procedures, no need of a C&C server, the user-friendly payment site, the choice of different “packages” that victims can choose, and the RaaS capability. If you get hit with this strain, you can opt to recover just your encrypted files, but also "gain immunity" from future attacks. 

CyberheistNews Vol 7 #2 Heads-Up! Massive New Locky Ransomware Attack Is Coming

CyberheistNews | KnowBe4

300+ New Ways to Stop Your Users from Clicking on Everything!

You now really have 300+ new ways to make sure your users Think Before They Click!

I Don't Need No Friggen Backup Plan For Ransomware

Did I get your attention?

The picture here raised my eyebrows, because of its patent nonsense. Elizabeth Holmes stated this in an interview about being an entrepreneur.

It's a bit like Alexander the Great, who created an empire that stretched from his home in Macedonia to India, and ostentatiously burned his ships when arriving in Persia in 334BC.

The Who Behind The Why Of Relentless Phishing And Ransomware Attacks

Why are organizations in the West subjected to relentless phishing and ransomware attacks? We need to go back in history for a bit to understand what caused this, and determine how we can best prepare ourselves.

Criminal India Call Center Uses Social Engineering To Scam 15,000 Americans

I got alerted by a Slashdot story about we have been covering here several times. 

An FBI agent based in India says the country has now become a major hub for call-center fraud, blaming "a demographic bulge of computer-savvy, young, English-speaking job seekers; a vast call-center culture; super-efficient technology; and what can only be described as ingenuity."

Heads-Up! Massive New Locky Ransomware Attack Is Coming

Jan Sirmer at the Avast blog wrote: "Based on analysis of past Locky ransomware attacks, experts in the Avast Threat Labs predict that another attack is imminent.

Locky has taken a holiday of sorts. Avast detection of Locky shows that attacks have slowed down considerably during the days before Christmas through New Year and leading up to Eastern Orthodox Christmas, which is celebrated in Russia on January 7.

Scam Of The Week: Locked PDF Phishing Attack

Wednesday Jan 4th, the SANS Internet Storm Center warned about an active phishing campaign that has malicious PDF attachments in a new scam to steal email credentials.

The SANS bulletin said that the email has the subject line “Assessment document” and the body contains a single PDF attachment that claims to be locked. A message reads: “PDF Secure File UNLOCK to Access File Content.”

John Bambenek, handler at SANS Internet Storm Center said: “This is an untargeted phishing campaign. They are not going after the most sophisticated users. They are going after Joe Cubicle that may not think twice about entering credentials to unlock a PDF,”

This is a large spray-and-pray campaign that hopes to get a small foothold into your org via an email account and then compromise, tunnel in or send spear-phishing attacks. Here is how it looks:

Adobe's New VoCo Is PhotoShop For Audio - The Potential For Voice Phishing Is Horrendous

Our friends at sent me some interesting news in their January newsletter: "Adobe recently announced Project VoCo at the November Adobe Max conference.

It’s purported to have the ability to take recordings of someone’s voice, then create audio that sounds like it is from that person.  In a nutshell, it’s Photoshop for audio." 

And they continued with: "According to Adobe, the software needs about twenty minutes of someone’s voice, and then it can recreate that voice exactly

CyberheistNews Vol 07 #01 The New Scary Thing Warning for 2017: Ransomworms

CyberheistNews | KnowBe4

Subscribe To Our Blog

Phish Your Users

Get the latest about social engineering

Subscribe to CyberheistNews