Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

Scary new malware hides in memory, uses DNS to communicate, and spreads through phishing

Cisco has a separate threat research group called Talos. They just published a report on a scary new form of malware that’s hard to detect.

They called it DNSMessenger, and the malicous code uses Microsoft PowerShell scripts to hide itself in memory and connect directly with a command & control server using the compromised machine's Domain Name Service port. 

It’s distributed through a phishing campaign with a Microsoft Word document attached, trying to look like a known or reputable source.

[Heads-Up] First-Ever Russian Malicious Mac Macro Discovered

Appleinsider reported Feb 9, 2017: "Mac malware discovered in Microsoft Word document with auto-running macro", which was the second example of malware targeting macOS users this week.  

Security researchers have detected the first in-the-wild instance of hackers are making use of malicious macros in Word documents to install malware on Mac computers – an old Windows technique. The hack uses the same social engineering tactic, tricking victims into opening infected Word documents that subsequently run malicious macros.

Bad News: Your Antivirus Detection Rates Have Dramatically Declined In 12 Months

We all had the nagging suspicion that antivirus is not cutting it anymore, but the following numbers confirm your intuition. I have not seen more powerful ammo for IT security budget to transform your employees into an effective "last line of defense": a human firewall.

Scam Of The Week: Pokémon Malware, Muggings And Other Mayhem

In case you just came back from vacation, there literally is a new craze going on with an augmented-reality smartphone app called Pokémon Go. It's a geocaching game, meaning it's tied to real-world locations. 

Ransomware Roundup July 2016: Satana New MBR / FIle Encryption Strain

New Hybrid MBR Ransomware Strain

To start off, there is a new ransomware strain from hell called "Satana" (the reference is clear, just take the last "a" off) which is a blend between classing file encryption malware and the Petya / Misha strain which locks the Master Boot Record (MBR).  This looks like a Petya copycat, for each encrypted file, Satana prepends their email address to each file like this: "email@domain.com_filename.extension".

Satana then encrypts the MBR and replaces it with its own. The first time when a user reboots their workstation, Satana's MBR boot code will load and the only thing the machine will show is Satana's ransom note. Here is how the note looks as a text file:

We just received the ultimate in weird nested malware

Last night a customer sent us a phish via the KnowBe4 Phish Alert Button ( free download here) that must win some kind of award for the longest chain of required user interactions -- all designed to push the easily detectable stuff as far away from the base email body and attachment as possible.
It goes like this:
1. Email body contains social engineering hook that points users to a PDF attachment.
2. PDF attachment contains an embedded URL (allegedly for a secure doc) that consists of a tinyurl URL shortener link.

Tampa is 842% above the national average in malware infections

A new study by Enigma Software revealed the hardest hit cities in the country when it comes to computer viruses. Tampa was ranked #2 for malware infections per person. That's 842% above the national average! Others in the top 5 include Little Rock, St. Louis, Orlando and Denver. Because there are so many different types of infections, it's really hard to pinpoint why any one area would be more susceptible than another. However, this is actually an easy problem to prevent. 

Websense: Malware-as-a-Service Makes Cybercrime Easier

Websense released their annual Threat Report, which is interesting if you want to know what’s really happening in the criminal cyber landscape. Here are a few highlights, with a link to the full report below.

Despite the increase in data breaches, the total volume of malware threats is actually 5.1 percent less compared to 2013. They logged a whopping 3.96 billion security threats in 2014 though.

The Websense numbers again show that the human is the weak link in IT security. Around one in three (30%) of end-users click through a malicious URL in an email even though they have been warned of the danger. "End users are increasingly desensitized from the warnings, don’t feel responsible and still lack enterprise-driven education," according to Websense.

10 Hacking Facts / How They Impact You [Infographic]

Cybersecurity is one of the most pressing concerns for business and consumers, especially when it comes to social media. So much personal identifiable information (PII) exists across the internet that it’s practically inevitable that malicious forces would try to take it. An infographic from Heimdal Security outlines 10 cybersecurity facts and how they impact your online security.

Kaspersky: NSA has pwned all hard drives firmware

Reuters just broke news that's pretty astounding.  I\m copying just a few paragraphs and I recommend you read the release yourself.


Subscribe To Our Blog

Phish Your Users

Get the latest about social engineering

Subscribe to CyberheistNews