All Posts By

Richard

Email Fraud Threat Report: Year in Review 2017

In its Email Fraud Threat Report: Year in Review 2017, Proofpoint (our parent company) highlights the rise of business email compromise (BEC) attacks during the course of 2017. The report draws from analysis of more than 160 billion emails sent to more than 2,400 organizations across 150 countries. Following are some of the key findings related to these specialized phishing attack patterns.

Continue Reading

The Internet of Things White Paper

Created by the State, Local, Tribal, and Territorial Government Coordinating Council, this white paper describes issues related to the “Internet of Things” (IoT). The Internet of Things (“IoT”) can be defined as the interconnection, via the internet, of computing devices embedded in everyday objects, enabling them to send and receive data.

Table of Contents:
  • Security and Privacy Implications For IoT Devices
  • Weaponization Of IoT Devices
  • Securing the Internet of Things
  • Laws, Standards and Guidelines
  • Resources
Continue Reading

What Is Social Engineering?

In this first segment of a two-part video blog, Wombat brings end users up to speed on the concept of social engineering. Viewers will understand what this threat is and the ways they might encounter social engineers in their work and personal lives, including phishing attacks, smishing text messages, social media fraud, vishing calls, and imposter scenarios.

Continue Reading

Massive 46M Dollar Cyberheist

Brian Krebs just reported on a massive 46M dollar Cyberheist. Tech firm Ubiquiti Networks Inc. disclosed this week that cyber thieves recently stole 46.7 million dollars using an increasingly common scam in which crooks spoof emails from executives at the victim firm in a bid to initiate unauthorized international wire transfers.

Continue Reading

How New Phishing Malware Rombertik Kills Your Hard Drives

InfoSec researchers at Cisco’s TALOS group discovered a strain of malware that spreads through phishing. Attackers use social engineering tactics to entice users to download, unzip, and open the attachments that ultimately result in the machine’s compromise. The strain is dubbed Rombertik, monitors everything that happens inside an infected machine’s browser and exfiltrates it to a server controlled by the attacker, similar to Dyre. However, when it detects that it is being analyzed, it takes extreme evasive action; it wipes the Master Boot Record (MBR) or home directories, trapping the machine in an infinite boot loop. The MBR is the first sector of a computer’s hard drive that the machine reads before loading the operating system. However, deleting or destroying the MBR involves re-installing the operating system, which almost always means data is lost. In what is likely a bit of sick humor from the criminals, in case it cannot get access to the MBR, Rombertik works just like ransomware and starts encrypting all files in the user’s home folder. The malware chooses a random 256-byte encryption key for each file, but none of the keys are saved anywhere, so you end up with what is effectively random, shredded bits instead of your files. After the MBR is overwritten, or the home folder has been encrypted, the computer is restarted. Only files with the extensions .EXE, .DLL, .VXD and .DRV will survive. The upshot: Rombertik begins to behave like a wiper malware sample, trashing the user’s computer if it detects it’s being analyzed. While the Cisco TALOS team has observed anti-analysis and anti-debugging techniques in malware samples in the past, Rombertik is unique in that it actively attempts to destroy the computer’s data if it detects certain attributes associated with malware analysis. What To Do About It: Ultimately, you need to practice defense-in-depth which protects your entire attack surface, but here are two tips that will mitigate attacks like this with the best bang for your IT security budget:
  • Have multiple layers (and different AV engines) of malware scanning in place; the firewall, your mail server/email gateway, and the desktop. That means a different vendor, using a different AV engine for your firewall, your mail server/email gateway and your endpoint AV. Then filter out almost all email attachment types except a few essential ones. Check out which AV engines your vendors use, because there is a lot of OEM-ing going on in the AV space, which might result in you using the same engine, but with a different label. Not good.
  • Step your users through effective security awareness training and follow up with regular simulated phishing attacks which will keep them on their toes with security top of mind.
  • Have good backup routines that are constantly tested to ensure if your data is lost that it can be easily recovered.
Contact us at SecureNation to discuss Defense In Depth, Employee Security Training, or Disaster Recovery options.

Share this on:
Share

SCAM: Nepal Earthquake

More than 7,000 people dead and counting. And you can also count on cyber-criminals exploiting the disaster. What else is new. Disgusting. Scammers are now using the Nepal disaster to trick people in clicking on links, both on Facebook, Twitter and phishing emails trying to solicit charitable giving for the earthquake victims. It is typical of past disaster fraud scams in which the scammers play on the heartstrings of people that want to help the victims.  Here are some examples:
  • Facebook pages dedicated to victim relief contain links to scam websites.
  • Tweets are going out with links to charitable websites soliciting donations, but in reality included spam links or links that lead to a malware infection.
  • Phishing emails dropping in a user’s inbox asking for donations to the Nepal Earthquake Fund.
Previous disasters have been exploited like this, but the bad guys are going at it again will all guns blazing. Be wary of anything that is about the Nepal Earthquake in the following weeks. Please warn your employees, friends and family against this scam of the week. If you want to make a donation, go to the website of the charity of your choice and make a donation. Type the address in your browser, do not click on any links in emails or text you might get. THINK BEFORE YOU CLICK. Here is the FBI alert about this scam. It might be a good idea to send this link to all employees, an FBI alert usually has a bit more impact. http://www.fbi.gov/sandiego/press-releases/2015/fbi-warns-public-of-disaster-scams
Share this on:
Share

Fall-outs from infamous data breaches

Closed-out-of-businessIn a blog on IT Governance dated February 17, 2015, Julia Dutton (Link here) wrote about the expenses and other ramifications that companies caught with a data breach have endured and could encounter in the future. We are talking lawsuits, remediation (both for the company and its customers), more investigations, and possible firings of top executives. Any organization that does not take its IT security seriously could be find themselves paying out millions of dollars to potential victims of any data breach from their files. Lawsuits are now proceeding Target from the banks that had to pay out to replace the compromised credit cards. If you think you are safe, that is the first clue that you need more security. No one is safe anymore, about the best we can do is to do our best to protect our assets and our customers from data breaches. Like Jeff Mueller, FBI Director once said, “There are only two types of companies: those that have been jacked and those that will”.
Share this on:
Share

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure
areas of the website. The website cannot function properly without these cookies.

_cfduid,crstoken,JSESSIONID,SESS#,PHPSESSIONID
_cfduid
csrtoken, SESS#
JSESSIONID