DynA-Crypt ransomware, a new cybersecurity playbook, and other security headlines

Scam Of The Week: Valentine’s Day Phishing Attacks

It’s Valentine’s Day and the scammers are out in full force… again. There are many ways these online criminals try to trick you, but the most common are phony florists, online dating scams, phony electronic greeting cards and delivery scams. So, here are the red flags you need to look out for.

  • Do not trust emails or advertising from online florists or other gift retailers until you are sure that they are valid.  Otherwise, you might be turning over your credit card information to a scammer or infect your computer with malicious software.
  • Do not trust an online greeting card, particularly if it does not indicate who sent it to you. Be very wary of a card sent by “a secret admirer.”  Even if you recognize the name, confirm that it was really sent from that person before you click on the link and open the card.
  • Do not trust special deliveries, there is no special charge for alcohol so if someone requires a credit card payment for such a delivery, just politely decline knowing you just dodged a bullet.
  • Do not trust anyone who indicates he or she is in love with you and then wants to communicate with you right away on an email account outside of the dating site, claiming to be working abroad, asking for your address and poor grammar which is often a sign of a foreign romance scammer.  Many romance scams originate in Eastern Europe…

 Remember, Think before you click!

Read full article: https://blog.knowbe4.com/scam-of-the-week-valentines-day-phishing-attacks

Security Headlines

SearchSecurity – SQL Slammer worm makes a comeback 14 years later

Researchers spotted the infamous SQL Slammer worm used recently to attack servers that have not been patched for the past 14 years.

The SQL Slammer worm, first seen in the wild in January 2003, exploits a buffer-overflow vulnerability in Microsoft SQL Server 2000 or MSDE 2000. The worm infects the server via User Datagram Protocol port 1434 and carries out distributed denial-of-service attacks on target IP addresses.

There is no hope for unpatched systems to be patched, given that Microsoft released a patch to protect against the SQL Slammer worm in July 2002 and Microsoft SQL Server 2000 hit its end of life in 2013.

“There are still unpatched SQL Server systems in the wild. So, as long as they are running, there will be more targets for this worm. It can propagate and scan subnets quite fast, so it does not take long to [infect] new targets,”


HealthcareinfoSecurity – Sizing Up Health Data Breaches Reported in 2017 So Far

Some 22 relatively small health data breaches reported in 2017 have been added so far to the official federal tally of breaches affecting 500 or more individuals. The 22 breaches reported so far in 2017 affected a total of 75,270 individuals, according to a Feb. 7 snapshot of the tally.

The largest of those breaches is a hacking incident reported on Jan. 27 by WellCare Health Plans Inc. of Florida, which affected about 25,000 individuals. In a statement, WellCare tells Information Security Media Group that it was alerted on Dec. 27, 2016, that Summit Reinsurance Services, WellCare’s former reinsurance services provider, experienced a ransomware attack to its file server on Aug. 8, 2016.


GIZMODO – A Scary New Kind of Malware Is Invading Banks All Over the World

Few terms in the security world instill more fear than Stuxnet. But seven years after the infamous computer worm that targeted Iran’s nuclear facilities was discovered, an ugly descendant of the software is showing up in banks and other organizations around the globe.

New research from Kaspersky claims that over 140 institutions—including banks, government organizations, and telecom companies—have been infected with invisible malware that hackers are using to suck money out of bank accounts. It’s unclear exactly which accounts, organizations, and companies were targeted, but the issue seems widespread. Kaspersky first discovered this type of attack in two years ago and dubbed it Duqu 2.0, a more advanced form of the Duqu malware that was linked to Stuxnet in 2011.

The so-called fileless malware is unique in its ability to disappear after being installed on a server. Once the attacked computer is rebooted, the malware renames itself, leaving no detectable trace of its existence. It can take several months before sysadmins realize the machine has been infected.


KnowBe4 – DynA-Crypt Ransomware Steals And Deletes Your Data

A new strain of ransomware called DynA-Crypt that was put together using a malware creation kit by people that are not very experienced, but have a lot of destruction in mind.

“DynA-Crypt was discovered by GData malware analyst Karsten Hahn that not only encrypts your data, but also tries to steal a ton of information from a victim’s computer.

“Ransomware and information stealing infections have become all-to-common, but when you combine the two into the complete mess that DynA-Crypt is, you are just left with a mess of a victim’s programs and data.

“The problem is that this ransomware is composed of numerous standalone executables and PowerShell scripts that just do not make sense in some of the actions they perform. It not only encrypts your files while stealing your passwords and contacts, but it also deletes files without backing them up anywhere.”


ArkansasBusiness – Online Ransom Demands Threaten Businesses in Arkansas (Thx to Dale LaMotte for the article)

“It’s a whole industry. It’s a targeted way to make money,” said Ted Clouser, executive vice president of PC Assistance in Little Rock. “There is no one that is safe.It doesn’t matter how large or small you are — and in some cases, small businesses, unfortunately, are more at risk because they can’t or often don’t put the investment in on the front end to take these proactive measures.”

Recent incidents in the state highlight the problem. Both ARcare of Augusta and the Carroll County Sheriff’s Office in Berryville were victims of ransomware attacks in December. The sheriff’s office paid about $2,400 in digital bitcoin currency to recover its data.


Wired – Russians Engineer a Brilliant Slot Machine Cheat—And Casinos Have No Fix

IN EARLY JUNE 2014, accountants at the Lumiere Place Casino in St. Louis noticed that several of their slot machines had—just for a couple of days—gone haywire. The government-approved software that powers such machines gives the house a fixed mathematical edge, so that casinos can be certain of how much they’ll earn over the long haul—say, 7.129 cents for every dollar played. But on June 2 and 3, a number of Lumiere’s machines had spit out far more money than they’d consumed, despite not awarding any major jackpots, an aberration known in industry parlance as a negative hold. Since code isn’t prone to sudden fits of madness, the only plausible explanation was that someone was cheating.

Casino security pulled up the surveillance tapes and eventually spotted the culprit, a black-haired man in his thirties who wore a Polo zip-up and carried a square brown purse. Unlike most slots cheats, he didn’t appear to tinker with any of the machines he targeted, all of which were older models manufactured by Aristocrat Leisure of Australia. Instead he’d simply play, pushing the buttons on a game like Star Drifter or Pelican Pete while furtively holding his iPhone close to the screen.

He’d walk away after a few minutes, then return a bit later to give the game a second chance. That’s when he’d get lucky. The man would parlay a $20 to $60 investment into as much as $1,300 before cashing out and moving on to another machine, where he’d start the cycle anew. Over the course of two days, his winnings tallied just over $21,000. The only odd thing about his behavior during his streaks was the way he’d hover his finger above the Spin button for long stretches before finally jabbing it in haste; typical slots players don’t pause between spins like that.


Security Bulletins from the FBI and DHS

DHS – Tackling cybersecurity incidents with recovery plan, playbook

“Defense! Defense!” may be the rallying cry from cybersecurity teams working to thwart cybersecurity attacks, but perhaps they should be shouting “Recover! Recover!” instead. Attackers are increasingly racking up points against their targets, so the National Institute of Standards and Technology (NIST) has published the Guide for Cybersecurity Event Recovery to help organizations develop a game plan to contain the opponent and get back on the field quickly.

As the number of cybersecurity incidents climbs, and the variety of types of attacks grows, “It’s no longer if you are going to have a cybersecurity event, it is when,”


MarketsandMarkets – Ransomware Protection Market worth 17.36 Billion USD by 2021

According to report “Ransomware Protection Market by Solution (Anti-Ransomware Software, Secure Web Gateways, Application Control, IDS/IPS, Threat Intelligence), Service, Application, Deployment, Organization Size, Vertical, Region – Global Forecast to 2021”, the ransomware protection market size is expected to grow from USD 8.16 Billion in 2016 to USD 17.36 Billion by 2021, at a Compound Annual Growth Rate (CAGR) of 16.3%.


Krebsonsecurity – House Passes Long-Sought Email Privacy Bill

The U.S. House of Representatives on Monday approved a bill that would update the nation’s email surveillance laws so that federal investigators are required to obtain a court-ordered warrant for access to older stored emails. Under the current law, U.S. authorities can legally obtain stored emails older than 180 days using only a subpoena issued by a prosecutor or FBI agent without the approval of a judge.

The House passed by a voice vote The Email Privacy Act (HR 387). The bill amends the Electronic Communications Privacy Act (ECPA), a 1986 statute that was originally designed to protect Americans from Big Brother and from government overreach. Unfortunately, the law is now so outdated that it actually provides legal cover for the very sort of overreach it was designed to prevent.


Vendor Information

Microsoft – Microsoft to continue to invest over $1 billion a year on cyber security

While the number of attempted cyber attacks was 20,000 a week two or three years ago, that figure had now risen to 600,000-700,000, according to Microsoft data.

Long known for its Windows software, Microsoft has shifted focus to the cloud where it is dueling with larger rival Amazon.com (AMZN.O) to control the still fledgling market.

In October 2016 it said quarterly sales from its flagship cloud product Azure, which businesses can use to host their websites, apps or data, rose 116 percent.


Sophos – Sophos Announces Agreement to Acquire Invincea

Sophos made an exciting announcement that brings a significant component to our next-generation endpoint security platform. Sophos has entered into an agreement to acquire Invincea – a leading developer of advanced next-generation malware protection that uses neural network-based machine learning to prevent, detect and remediate sophisticated attacks. This move will accelerate the delivery of our comprehensive endpoint protection strategy.

Based in Fairfax, Virginia (near Washington D.C.), Invincea was born out of a DARPA project and has seen success selling its products into U.S. government, healthcare and financial institutions. Invincea technology has shown very promising results in independent tests with very high detection rates with very low false positive rates. This is unique among the machine learning-based vendors.




Related Posts