Erich’s “What in the (cyber security) world is going on?” 12-09-16 edition

Ok, I’m moving these updates to Fridays. Mondays are just, well, Mondays. If you are new to my posts, basically it’s a recap of some key infosec happenings in the past week. Having said that, let’s move ahead:

Infect 2 Others and Get Your Ransomed Files Back Free!

I posted about this earlier today, but the summary is that the jackholes that created the Popcorn Time ransomware strain are offering to decrypt your files free if you just get 2 more people infected and they pay the ransom. It looks like there will be an option to have the software start deleting files if 4
incorrect decryption keys are tried as well. This appears to be a proof of concept at this point, but these often end up in the wild once they get a buyer. I hope they die a slow festering death in the pits of an Alabama outhouse. This video sums up my feelings for these folks: Hanging’s too good for him…

 

Legal raids in five countries seize botnet servers, sinkhole 800,000+ domains… and then they release the leader who disappears. 

So, after taking down the largest malware/phishing ring in recent history, a judge in the city of Poltava, Ukraine released the leader because the prosecutor forget to mention that during the arrest, the leader shot at the cops, including popping a round through the front door. Without that little detail, and the associated “attempted murder of a police officer” charge, he got to walk. In a shocking turn of events, Kapkanov disappeared just as quickly as the Poltava’s prosecutor’s career.


3.2M home routers seized via malicious firmware update

A hacker by the name of BestBuy claims to have used a Mirai botnet to infect 3.2 million home routers on the TalkTalk and Post Office networks. I haven’t heard of any independently confirmed reports of routers actually being infected, but they may not be easy to identify. In the words of security researcher Darren Martyn, “What they just pulled is shenanigans of the highest quality”

 

US Navy Admits To Data Breach, 130,000 Exposed

Yeah, the US Navy exposed info for 130,000 current and previous sailors.  Wonderful. If I’m one of them, I’ll just put it in the stack of other notifications from the government. Maybe I’ll put it right next to my OPM notification.

 

 

Ransomware suspect Pornopoker nabbed in Russia

Let’s hope they don’t screw up and release him as well, although he doesn’t seem to be near the same level as Kapkanov above. He was nabbed while returning from Thailand.

 

Infect 2 Others and Get Your Ransomed Files Back Free!

What a great deal from the writers of “Popcorn Time”. If you just infect 2 other people and they pay the ransom, you can get your files back free.  Indicators also show that there may also be a provision where if you enter an incorrect decryption key more than 4 times, it starts killing your files.  I would love to get ahold of some of these folks and plug their toenails out with with rusty pliers. This video clip pretty much sums up how I feel about these vermin…

New Approach to the Same-Ol Phishing Emails

This is an interesting way to try to get folks to open malicious documents. I really like the macro warning screen angle they use on this. It’s designed to get you to click the button to enable the macro when it’s opened. They also make the email look like you are being brought in to an existing conversation. Pretty slick.

Check it all out at: https://blog.knowbe4.com/phishing-from-the-middle-social-engineering-refined

 

 

 

 

The People Factor: Dealing With Non-Tech Users in a Tech-Heavy World

Me as a Child
Me as a Child

As a tech person, I am pretty comfortable with tech things. My mind works in such a way that I can understand most gadgets and technology with a minimum of effort. I can almost literally picture the mechanics (or electronics) behind the functioning of stuff. It comes very naturally to me. What i have discovered in my years of living in tech is, not everyone sees things the same way as me. I know it’s a fundamental thing, very simple in retrospect, but it has been, and continues to be, a blind spot for me. I have to work to remember this when dealing with non-techies, or I can easily get frustrated.

If you look around, you can see the world being enveloped in tech. VR is going mainstream, we carry around pocket computers that also happen to make phone calls, our cars are rolling, digitally controlled entertainment systems. Some of us embrace and dare I say, enjoy, it. But what about those that do not?

These poor folks are having a heck of a time. Their families, especially the younger ones, are communicating at the speed of light, often times through push communications such as twitter, instagram, etc. Then there is email… so many emails! Gone are the days of licking a stamp and spending $ to communicate with people, now it’s free and every marketer on the planet is sending emails about by the 1000’s without spending a penny on postage. These poor non-tech folks are getting inundated by emails. To compound the problem, the scammers are out there in force as well, filling up the folks email account with scams, malicious links and attachments. These folks are also some of your users.

These folks are fatigued by tech, and now it’s hitting them hard in the workplace as well. Emails require almost immediate response, IM is becoming a productivity tool and the business world is

tire-tracks
 Rubber, Road, Disaster

running at 100 miles an hour. Those same scammers are hard at work here too, only in this case, there is a feeling that they can’t ignore emails like they might in a personal email account. What if it really is an order or a customer service issue? This is the point where potentially disastrous decisions are made. Where the rubber meets the road, if you will.

So what do we do about it? Well, we need to show some empathy to start. While they may not have tech skills, hopefully they have

some other skills that keep them employed. Don’t look down your nose at luddites, it’s just a person with a different set of priorities. We also need to understand that it is our job as security professionals to reduce this risk and own the responsibility. If these folks are falling for phishing, we need to fix it, and we are responsible for teaching them good practices.

Once we own the problem, we can begin to address it. Here are 5 things you can do to be successful:

  1. Be patient. Non-tech folks don’t always have the basic tech skills and experience that we take for granted.
  2. Be positive. These folks are probably a little intimidated by what you are trying to teach them. Encourage them when they do well, but be kind if they mess up.
  3. Give them training and tools. Good awareness training and something as simple as a printed copy of a reminder like this can pay big dividends.
  4. Make them feel like part of a team. Stress that you are all in this together and part of something bigger than the individual
  5. Smile. Remember to smile, especially when teaching them new things. This will put them at ease and build confidence.

If you do these 5 things, it will go a long way to helping non-tech users embrace their role defending the organization against modern threats like Phishing. Good Luck!

looks-like-some-z52hnr

 

Had a great webinar yesterday

I had a great webinar on SecureWorld yesterday alongside Shawn Tuma (Partner, Cybersecurity Attorney, Scheef & Stone, L.L.P.) and Aliki Liadis-Hall (Director of Compliance, North American Bancard) with Craig Spiezle (Executive Director & President, Online Trust Alliance) moderating. We talked about some of the 2016 breaches and how things have changed.

It’s available on-demand now at:

https://www.secureworldexpo.com/resources/2016-breaches-lessons-learned

Check it out!

Tis the Season: Overtime is Authorized!

blocked

That seems to be the current trend for the scammers and bad guys as is evidenced by the above screenshot from one of my Gmail accounts. Between the hustle of the season and the too-good-to-be-true deals, the bad guys are hitting the emails pretty hard. Perhaps it’s for a noble cause such as buying a new hearing aid for dear ol mom, but more than likely, it’s just that they want to take your money for their own personal gain. Either way, it pays to keep your eyes peeled more than ever during this time of year.

 

This means doing some basic things such as looking for the padlock in your browser on sites you are going to make a purchase from. No lock, no buy! See these examples and look for the lock!

secure1    screenshot_2016-11-28-12-55-11

Also, if you receive emails about package delays and/or delivery status with an attachment, DO NOT OPEN THE ATTACHMENT. Instead, if you are really concerned, log in to the account you placed the order from and see if there is an updated order status there. In 99% of cases, if there is a delay, they will include a tracking number in the email (not the attachment). Copy that tracking number (don’t click the link!) and paste it in to Google. It will usually point you in the right direction. If not, go to the website for the shipping company (not from a link in the email) and track it there.

track

Stay safe and have a great holiday season!

Erich’s “What in the (cyber) world is going on?” 11-28-16 edition

i-regret-nothing-nothing_7853

I hope everyone had a great Thanksgiving weekend, US peeps or not. I’ve been a bit busy working on my Raspberry Pi powered music-synced Christmas light project and have made some headway in that department. It’s going to be fun seeing if I can muster the time to get that up and running. That being said, let’s move on to events of the last week or so:

San Francisco’s SFMTA (San Francisco Municipal Transportation Agency) Popped with Mamba Ransomware

Sucks to be them. Word is over 2112 machines were impacted by the MBR encrypting ransomware. Customers got free rides since the ticketing system was offline and they couldn’t just shut down the system. On a another note, the uber-cool Javvad Malik was quoted in the article as well.

 

father-frost-566x1024

 

Santa (well, the Russian version) got hacked

It looks like a bunch of kiddo’s that just wanted new toys, or food, or heat, or whatever in Russia have had their info (name, address, phone#, etc.) posted online thanks to 55 compromised websites. Oops. Just a friendly reminder to be careful what info you put out there. I’m not sure why the sites would need all this info as Santa already knows where everyone is (perhaps the Russian version is behind the times?) and what they want. The dude is kind of creepy and looks like he belongs in a windowless van with “Free Candy” written on the side of you ask me, but I’m just one guy.

 

 

 

Homeland Security Chief Cites Phishing as Top Hacking Threat

Looks like my message got through to Jeh Johnson as he stated that phishing is the top hacking threat. Not groundbreaking I know, but it’s nice to see the leadership acknowledging it. I’m sure he heard it from me and I’m available for interviews if you need me.  😉

 

Madison Square Garden Was Breached… For a Flippin Year.

So, yeah, “Cards used to purchase merchandise and food and beverage items at Madison Square Garden, the Theater at Madison Square Garden, Radio City Music Hall, Beacon Theater and Chicago Theater between Nov. 9, 2015, and Oct. 24, 2016, may have been affected“. C’mon man!  SMH

 

UPCOMING STUFF:

So, I figured I’d put this out there as a shameless plug for my, myself and I. These are the things I’m up to in the next week or 2:

As always, if you have an event and need a speaker that can talk about ransomware, phishing and other similar fraud, let me know.

 

Have a great week

It’s that time of year – Beware of scammers more than ever

nigerian-scam-t-shirt

As we roll in to Black Friday here in the US, the scammers are not taking any time off. In the hype of “too good to be true” deals, scammers operate more easily. After all, “70% off an iPhone” doesn’t raise an eyebrow this time of year. In addition, emails about a delayed shipment or something similar, will be hitting pretty hard.

Make sure that you hover over links in emails with your mouse (<- good info there!), to make sure you know where the link is actually taking you. When in doubt, go to the page directly and do NOT open attached emails.

Stay Safe everyone!

Erich’s “What in the (cyber) world is going on?” 11-21-16 edition

So, yeah… I’ve been away for a bit. Been a pretty crazy last few weeks with a lot of traveling and some illness tossed in for good measure. Hanging out in “germ tubes” (some people call them airplanes) may have caught up with me, but things have not stood still, so let’s get started…

 

There was this election thingy.

Some folks are too happy, some are too sad, I for one am thrilled that the TV commercials are done. I spent about a week peeking in to Facebook and leaving quickly to avoid the drama. It’s dropped off a bit (for me it seems) but there is still a lot of emotion going on. What does that mean? Phishing emails.

Any time there is an emotional or controversial event, expect that the bad guys are going to try to capitalize on it, and be careful what you click on. In addition, the light has been brought on a number of fake news stories and other clickbait. Do your part to remain calm when you read something and make sure clicks are taking you where you want to go.

 

Black Friday

I’m already seeing a number of reports of Black Friday themed phishing emails going around. Be careful, if it looks too good to be true, it still might be even with BF going on. Hover the links and look at the reply addresses.

 

Crysis decryption keys posted

And in some good news, it looks like these folks have taken their ball and gone home. If you were hit by Crysis ransomware, check out BleepingComputer for a possible key. There is more on this in the KnowBe4 blog post today.

 

Madison County Indiana had a crappy week

The folks in Madison County Indiana has a pretty lousy time when they got hit by ransomware and were down for about a week. It only impacted little things like, you know, the jail and stuff. here are a couple of my favorite quotes from the stories I saw:

Herald Bulletin

Lisa Cannon, director of the county’s IT department, said the county will make sure the system is secure before new data is placed in the system. “We’re in the process of adding a backup system,” she said.

Infosecurity Magazine

“…both first responders and civic officials are logging all calls for service by hand. Anderson Police, the Madison County Jail and the county court systems are locked out.”

“On the sheriff’s office side, we cannot book people into jail using the computers. We are using pencil and paper like the old days.”

I’m thinking they should train their users as well.

 

New strain uses Social Media profile of victim

The folks at ProofPoint found a new variant of a browser locker called Ransoc that uses social media information to add credibility to a totally BS extortion attempt. According to multiple FBI Special Agents I have done presentations with, they will never notify you that you should pay a fine like this. They prefer the old knock on the door and show a badge method. Besides that little detail, I do like the ol’ “All money will be refunded to you if you are not caught again within 180 days.” touch. Nice try.

ransoc-5

 

That’s about all I have for today. Take care and be safe