From Knowbe4 blog View Knowbe4 Blog
CyberheistNews Vol 7 #31 | Aug 8th., 2017
How Not to Fall for Phishing as an IT Pro
OK, here is a new spear phishing scheme that attacks your development team. Cyber criminals with IPs resolving to Russia hijacked an extension for Google Chrome and abused their illegal access to push out spam to unsuspecting users.
The security incident happened to Copyfish, a type of Optical Character Recognition software which allows users to extract text from images, video, and/or PDF documents. Only the program’s Chrome extension suffered as a result of the attack, the Firefox component was not affected.
Copyfish’s developer, a company known known as a9t9 software, revealed it traced the trouble back to a phishing attack that occurred on 28 July:
“A team member received an email from Google’ saying that we need to update our Chrome extension (Copyfish) otherwise it would be removed from the store. “Click here to read more details” the email said. The click opened the ‘Google’ password dialog, and the unlucky team member entered the password for our developer account. This looked all legit to the team member, so we did not notice the phishing attack as such at this point. Phishing for Chrome extensions was simply not on our radar screen." [emphasis added]
Enable 2-factor authentication on all your critical accounts. Oh, and get some security awareness training for *everyone* in the organization, especially the people that think they do not need it...
PS: by the way, there is a new spearphishing technique, relying entirely on social engineering: a targeted mail that contains no links or exploits, but mentions an interesting report title. Googling the title leads to the exploit site. Devious, huh?
Cerber Ransomware Can Now Steal Bitcoin Wallet Data and Browser Passwords
The Russian 800-pound gorilla Dridex Banking Trojan gang who are also behind the Cerber ransomware have just upped their game. Cerber is part of the small set of professional ransomware families that gets updated at a furious pace in an attempt to gain (criminal) market share.
Cerber now comes with new capabilities that allow the Dridex gang to steal data from three Bitcoin wallet apps — the Bitcoin Core wallet, the Electrum wallet app and the Multibit wallet app.
This new Cerber flavor is also able to steal saved passwords from popular web browsers, including Internet Explorer, Google Chrome, and Mozilla Firefox.
Trend Micro security researchers said that while stolen browser passwords may help the cyber criminals hijack victims' accounts, the stolen data from Bitcoin wallets is only the first step: "Theft of these files does not assure that the stored Bitcoins can be stolen. The thief would still need to get the password that protects the wallet in question," Trend Micro researchers said in a blog.
Cerber's criminal coders have been working hard to avoid detection. Last year, just a day after a Cerber decryption tool was issued out by Check Point security experts, they updated Cerber which made the decryptor useless.
Trend Micro also said that just in May this year, Cerber underwent six different upgrades. "Cerber ransomware has acquired the reputation of being one of the most rapidly evolving ransomware families to date. This new feature shows that attackers are trying out new ways to monetize ransomware."
Some details of Cerber haven’t changed, though. It still arrives via phishing emails with an attached file.
Solutions and Best Practices
Trend Micro noted: "Cerber’s entry vector onto systems didn’t change, so known best practices against it would still work. Educating users against opening attachments in emails from external or unverified sources would lower the risks; system administrators should also consider email policies that strip out such attachments."
We could not agree more.
Employees Pose Bigger Threat to Cybersecurity Than Hackers
This article by Tim Crosby in ReadITQuick is great ammo if you need more IT security budget.
"In a Harvey Nash/KPMG survey, 4,500 CIOs and technology leaders from around the world indicate that the insider threat is the fastest growing security risk of all. Employees and contractors, who are often provided with access to a company’s network infrastructure without proper risk management training, pose a significant risk to businesses.
While some employees act maliciously against their organization, many cybersecurity breaches are due to negligence or inadvertent error. In fact, 60% of businesses admit their employees have no knowledge of security risks."
He introduces the concept of "stale employee training" which I like a lot.
"With a rapidly changing cyber criminal landscape, static assessments, stale employee training and protocols will not keep up with the dynamics of cybersecurity today. Training and system evaluation must be ongoing and respond to the ever-changing environment." Full article:
Don't Miss the August Live Demo: Simulated Phishing and Awareness Training
Today, your employees are frequently exposed to sophisticated phishing and ransomware attacks. Old-school security awareness training doesn’t hack it anymore. More than ever, your users are the weak link in your network security.