A new strain of Ransomware called Bad Rabbit is spreading around the world. Bad Rabbit spreads via Social Engineering so here’s what to warn your users to look for.
Users receive a pop up in their browsers telling them that an update to Adobe’s Flash Player is available. There are two buttons to click; Install and Remind Later. Both do the same thing – install the malware payload on the system. Bad Rabbit then uses a list of known weak passwords and tries to access all found servers and workstations using common accounts such as Administrator, Guest, root, etc. If it gets a match, the ransomware proceeds to encrypt the files on the computer and then replaces the Master Boot Record – effectively bricking the computer. So recovery forces you to purchase two decryption keys. Price is .05 Bitcoin or about $275.
There are two takeaways. First, train and remind your users to use complex passwords and change them often. Second, have your users undergo Social Engineering security training.
Contact us if you’d like more information or assistance in keeping your network and data secure.
This is an old scam but has been updated to be more dangerous so remind your users to be on the lookout. The old version ‘just’ installed a keylogger but this new version installs ransomware on your system.
You receive an email message from ‘Voicemail Service’ with subject like ‘New voice message from <some number>. There’s a bit of standardized-looking text in the body of the message which tells you that ‘you might want to check it when you get a chance.’
There’s a compressed attachment which if you click on it will play an audio file with embedded code that will encrypt files to [original file name].crypted.
Send a reminder to all your users: Do not click on links in “voice mail” emails from someone you do not know, and certainly do not open any attachments!
And if you have an IT department, in addition to good firewall and endpoint security management, make sure they are stripping compressed attachments from all incoming email messages from whatever email vendor you use.
All businesses have unique operational processes they rely upon to handle distinct needs. Even common tasks like shipping are handled differently from company to company. But in general, the larger a business is, the more complex its processes.
Business Process Compromise is a new type of cyber attack that recently has come into focus. It specifically targets unique systems and processes and manipulates them for the attacker’s benefit. And rather than a brash warning such as is received with ransomware, BPC attacks are typically silent and have a goal of stealthily appropriating goods and/or funds over extended periods of time.
Many BPC attacks go unnoticed because employees largely ignore the workings of these processes treating them as almost automatic.
Defending against BPC requires a multi-pronged approach.
File Integrity Monitoring should be considered for critical systems
Regularly check system operations and compare normal activity from abnormal and possibly malicious actions.
Regularly audit long-established processes looking for vulnerabilities as well as proper results from test data
Ensure that your organization has implemented cybersecurity measures to protect against identified malware exploits
A new scam has appeared where users receive an email claiming they have unpaid traffic tickets which, if not paid or disputed by clicking a link within 48 hours, will cause the individual’s drivers license to be revoked.
Clicking the links provided does one of two things. Either malware gets installed onto the user’s comptuter to track web pages visited, or more serious, the user is taken to a fake RMV website where they are prompted to reveal personal information including names, Social Security numbers, date of birth, and credit card info.
Remind your users to stop and think before responding to unusual email messages. Or even better, consider training your users to recognize and avoid phishing attacks like this. Our partner, KnowBe4, offers a free phishing test you can safely send to your users to learn how prepared they are for these sorts of attacks. Contact us to learn more.
A survey just published by The Business Journals has some sobering statistics. Only 28 percent of owners of small and mid sized businesses responded that they are very concerned about ‘the safety and security of their firm’s technology, email and documents.’
What makes that particularly concerning is that it runs directly counter to the potential impact for small companies should they suffer a data breach. The Insights report said 60 percent of U.S. businesses with between 1 and 499 employees that suffer a data breach shut down within six months.
As a business owner or manager, if IT security isn’t one of your highest priorities, change your thinking and get some help. Proper IT security usually isn’t hugely expensive but it does require an understanding of the issues, threats and environment, and then implementing a comprehensive plan.
If you’re not sure where to start MicroData is offering a free, no-obligation IT assessment of your business. You’ll get detailed, specific information about the security of your IT environment along with recommendations for corrective actions. And of course we can handle all aspect of implementing and managing IT security for your business. Click here to learn more.
Cyber criminals want access to sensitive data. But rather than a brute-force attack to get it, they’ve figured out its much easier to simply go after users that already have access to the data. One scheme that’s popping up everywhere in the last few weeks is the CEO W2 Request Scam.
This appears as a phishing attack directed at someone in HR or Finance that has already access to this information. The individual receives an email with a spoofed sender address of the CEO (faked address) asking if they would ‘kindly forward PDF copies of all W2s’. It might even be followed up with a text message or another email and sometimes an additional request to have money wired somewhere.
W2s are selling for between $4 and $20 out on the Dark Web. The information on the W2s is used to file bogus tax returns, open financial accounts, apply for loans and credit cards, etc. And once this information is out, there’s no getting it back. It’s a major, long-term headache for anyone affected. And small and large companies are being hit, so no one is immune.
So tell your users to be careful and remember to not send personal or financial information via email and if they are ever unsure, stop and pick up the phone and verify any requests for information that are unusual or uncharacteristic.
Sun Tzu, the famous 5th century BC Chinese general and philosopher has been credited with the statement ‘know yourself, know your enemy and you shall win a hundred battles without loss.’ This applies to cyber-criminals, too. A critical part of your organization’s defense is understanding the extent and nature of the threat. Here’s an example of what I mean.
We recently installed a server for a client which communicates directly to and from the Internet. While it’s a given that adequate security needs to be in place, many business people don’t realize the extent to which the bad guys will go to gain access to a system like this. Cybercriminals deploy automated systems to silently scan for computers, routers, and other IT-related devices which are connected to the Internet and once found, automatically and continuously attempt to exploit configuration mistakes, default or ‘easy’ passwords, and unpatched vulnerabilities.
After only 1 day, here’s a summary of the individual attempts to hack this single system:
Russian Federation (18)
Note that because of the software we installed, after an attack was attempted 3 times that address was blocked from further access. So the above total of 168 individual attempts in 24 hours – if not stopped by the software we had installed – would have likely been continuous attempts every few seconds by each attacker. This would likely have put the daily total at close to 300,000 – 400,000 attempts.
The takeaway? Don’t underestimate the enemy. They have resources to find your systems, exploit vulnerabilities, and make your life miserable.
Invest in good quality security, keep systems and hardware up to date, and monitor everything.
My wife and I were out on the back roads this past weekend and saw a man with what was clearly his 6 year old daughter stopped beside the road. When we saw him holding up his iPad for the little girl we turned to each other and said ‘Pokemon Go!’
It was cute, but like every popular trend cybercriminals have found a way to use it to try and extort money from you. In this scam, you receive an email with a Pokemon Go game icon as an attachment. If you click on the attachment it installs two pieces of malware that encrypt your files and then demands (in an arabic text file it leaves on your desktop) that you respond to an email address to receive instructions for paying a ransom to decrypt your files.
We haven’t seen any confirmation as to whether or not it will encrypt network files across a LAN or VPN connection but you should assume it will. Yet another good reason not to mix personal computing with work resources!
So spread the word that if anyone receives an email messages that’s Pokemon Go related, they should just delete it.
Starting in 2011, a Chinese citizen named Su Bin who lived in Canada orchestrated an elaborate hacking operation that stole over 50TB of classified data about the F35, B2, and other highly classified U.S. weapon systems. How did he do it?
It wasn’t elaborate technical penetration of firewalls or middle-of-the-night Mission Impossible-style burglary. It was simple email phishing.
With email phishing, a message is sent to employees appearing to be from a colleague or friend. The message contains a link and when the recipient clicks on the link, they are taken to a bogus website which then infected their computers with malware to harvest passwords and data.
While your company may not have top-secret information, you are almost 100% certain to be targeted in this same way by ransomware – software that encrypts your data – both local and Cloud – and you won’t get it back unless you pay a ransom to the cybercriminals.
The takeaway? Of course you need to implement all the best-practice technical safeguards and monitoring for your network, but equally important is that you need to train your employees to recognize phishing email messages so they don’t act on them.
If you’d like to learn more, click here to download our free Executive Report; Ransomware Prevention Checklist for your Business.
Cybercriminals are increasingly targeting Mac users and the latest is a backdoor malware app which has been identified as ‘Eleanor’ by Bitdefender. This malware installs a backdoor that gives the bad guys almost complete access to the infected machine including all data and control of the built-in webcam.
Mac’s running OS X 10.6 or later can be affected – that’s would be circa 2007 or later.
This malware installs itself disguised as a fake file converter called ‘Easy Doc Converter’ and available on MacUpdate although not at the Mac App Store according to Apple.
Apple says they’ll be releasing an update to Xprotect to block the app but they haven’t detailed how they will patch the underlying vulnerability that permits Eleanor to do its mischief (execution of a script registered to system startup that allows an anonymous attack of the system). But in the meantime if you’ve already installed this app, the free Malwarebytes scanner has already been updated to remove it.
With phishing email messages, the key for cybercriminals tricking you into divulging passwords and account information is to make a plausible-looking message that gets you to click on a link. Then you’re taken to a bogus website where you are asked to ‘log in’ and boom, they have full access to your account.
The latest is a fake eBay message supposedly from a user demanding to know why you haven’t sent them info about something they allegedly purchased from you. They threaten to contact the police and PayPal if you don’t respond.
Remind your users to stop and think. Note that the message isn’t personally addressed to you. A threat in a message is another giveaway as is poor grammar. Tell your users just to delete the message without clicking on anything.
From our friends at KnowBe4 comes an alert about a really nasty piece of malware which goes after Android phone users and targeted smartphone banking apps.
It works by inserting a fake login screen over the actual login screen in the app. When you log in you’ve actually just given the cyber criminals full access to your account and they promptly transfer all funds to an overseas account.
Android devices get infected by either installing an app outside of the Google Play Store (called a sideload), or by downloading a ‘Required Flash Update’ needed to view video – usually at an adult site.
So for your smartphone – iPhone or Android – follow these tips:
Don’t click on text messages you don’t recognize or expect
Keep your device updated – both the OS and apps you use
Don’t surf adult and inappropriate sites. Risk of infection is very high
Think that professional IT services are expensive? How about the cost of your current provider making a mistake? Last month a California state court judge finalized the highest ever per-plaintiff cash settlement in a data breach case. St. Joseph Health System, based in Irvine, is set to pay upwards of $28 million to settle a 31,074-member class action. The dispute arose out of a 2012 incident that exposed over 31,000 patient records to the Internet. The cause was not malware in this case but rather simple mis-configuration of the hospital’s intranet.
The takeaway? Security for your network and data needs to be one of your highest priorities. Even a small business can have thousands of customer records with sensitive information that must be secured.
If you’re not sure about your organization’s IT security, I urge you to take advantage of a special, limited-time promotion we’re offering where we’ll review your IT systems and provide you with a detailed 57-Point IT Systems Security and Performance Assessment – all for FREE. Click here to learn more.
Alert your users that there is another email phishing attack making the rounds of corporate America. Users receive an email with the subject of “EMAIL ACCOUNT QUOTE EXCEEDED…” with a couple or email addresses listed including their own. The body of the message contains a simple bar graph that seems to indicate that the mailbox is running out of space. The message then urges the user to “Sign back in a continue your usage.”
Clicking on the link redirects you to a malicious webpage that will try to exploit your browser (if not updated) and install malware on your computer and will further try to get you to reveal credentials. Just delete the message without clicking on anything.
Remind your users to stop and think before acting. Everyone stay safe out there!