• [Scam Of The Week] New Sextortion Attacks Take A Dark Turn And Infect People With GandCrab Ransomware

    alt text

    Our friends at Proofpoint reported that last week employees in the United States have been bombarded by a spam attack that pushed a double-whammy of a sextortion attempt combined with a possible ransomware infection.

    Starting around May 2018, there have been a number of attack waves pushing different versions of sextortion threats.

    There have been sextortion scams where the criminals claimed they were from China, where the hackers claimed they intercepted a user's computer cache data, where the hackers claimed to have hacked all of a victim's online accounts, where crooks claimed they hacked the victim's phone, or where crooks claimed to have recorded the user via his webcam while visiting adult sites.

    These themes vary almost on a weekly basis, as scammers professionally test different themes and tactics to determine the best ROI. And they've been making money hand over fist.

    But this week, sextortion scams took another dangerous turn. Security researchers at Proofpoint blogged they've seen a variation of a sextortion scam campaign that included a download link at the bottom of the blackmail message.

    The scammers claimed to have a video of the user pleasuring himself while visiting adult sites, and they urged the user to access the link and see for himself. But Proofpoint says that instead of a video, users received a ZIP file with a set of malicious files inside.

    Users who downloaded and ran these files would be infected by the AZORult malware, which would immediately download and install the GandCrab ransomware. Even if the user had no intention of paying the sextortion demand, curious users would still end up being held for ransom if they were careless enough to follow the link and ran the files they received.

    You should warn your users to delete these emails, or better yet, click on the (free) Phish Alert Button and report them your organization's IT Incident Response team.

    I suggest you send the following to your employees in high-risk jobs specifically. You're welcome to copy, paste, and/or edit:

    The bad guys are getting more and more dangerous with sextortion scams. They now send you an email that claims they have a video of you watching an inappropriate website, and that you can download that video and see it for yourself. But if you do, your computer gets infected with ransomware! If any of this type of emails make it through the spam filters, please follow our organization's email security policy, and Think Before You Click! [OPTIONAL] Click on the Phish Alert Button to delete it from your inbox and at the same time alert IT about this scam.

    Do your users know what to do when they receive a suspicious email?

    Should they call the help desk, or forward it? Should they forward to IT including all headers? Delete and not report it, forfeiting a possible early warning?

    KnowBe4’s Phish Alert button now also works with Outlook Mobile for iOS and Android. This enables your users to report suspicious emails from not only their computer but from their mobile inbox as well.

    (If you’re running Office 365 and want to give your end-users the ability to report suspicious emails from from their mobile inbox, you can enable the official Outlook Mobile app for iOS or Android directly from the KnowBe4 console. )

    The Phish Alert Button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user's inbox to prevent future exposure. All with just one click!

    Best of all, there is no charge!

    • Reinforces your organization's security culture
    • Incident Response gets early phishing alerts from users, creating a network of “sensors”
    • Email is deleted from the user's inbox to prevent future exposure
    • Easy deployment via MSI file for Outlook, G Suite deployment for Gmail (Chrome)

    This is a great way to better manage the problem of social engineering. Compliments of KnowBe4!

    Here is a link you can cut and paste into your browser to get the Phish Alert Button https://info.knowbe4.com/free-phish-alert

    Warm regards, Stu

    posted in IT Discussion
  • RE: Ajit Pai wants to raise rural broadband speeds from 10Mbps to 25Mbps

    @scottalanmiller said in Ajit Pai wants to raise rural broadband speeds from 10Mbps to 25Mbps:

    In your corner of Houston. Where we go in Houston, they can't get stable Internet and the cost is insane.

    Houston or Friendswood? The burbs have a few factors.

    1. NIMBY groups who tend to oppose ugly retransmit boxes.

    2. Timing is EVERYTHING Burbs have infrastructure that ties to how old they were. Older burbs were built out with older gear. They oddly may have gotten DSLAM's or DSLAM upgrades LONG before the dense, urban area's that are the proper City of Houston (When I moved here, AT&T was Somalian speeds promising 256KB only inside the loop). As a lot of infrastructure gets done on "worst first" basis this explains why beyond raw profit motive (Urban area has denser opportunities and higher median home prices justifying build-out costs for GPON network). It's worth noting the new subdivisions in Katy, new multifamily, new North West build outs are all FTTH. AT&T isn't seriously wasting money or time running copper to new area's.

    3. Comcast generally is offering 100Mbps plus DOCSIS 3.0 offerings. It's worth noting that TimeWarner Cable left us for dead on shitty DOCSIS 2.0 until Comcast traded them Houston for another city, and rebuilt it all from the ground up for DOCSIS 3. Comcast is a terrible company, but they saved us for an even shittier fate.

    5G upgrades are going to cost 250 Billion. LTE+ upgrades are not going to be cheap (What will cover rural areas). We are looking at another 100 Billion in FIber also to backhaul this stuff. This stuff is going to up speeds in core urban area's, and hte LTE+ upgrades should make mobile broadband a realistic alternative for many rural area's.

    As of year-end 2016, 92.3% of all Americans have access to fixed terrestrial broadband at speeds of 25 Mbps/3 Mbps.

    While this isn't crazy fast, it's more than enough to watch Netflix (5Mbps for an HD stream). It's enough for a Video call (not HD outbound). This should be enough to do an online class (primary focus) and get some educational information. This is the federal governments minimum for subsidies.

    I expect when we kill rural telephone mandatory subsidies they will spike it a bit more (and have LTE+ replace it). There's currently no serious business case to rebuild rural and low-density suburbs with FTTH. The money has to come from somewhere so we have two options...

    1. It comes from taxes, largely of people who live in urban area's that it will not benefit.
    2. It comes from cost sharing where the costs are pushed onto the services of people who live in urban areas.

    Given that the US is becoming more urban, I'd say your best chance is to just... Move closer to civilization. I could have lived out in Friendswood. I could have saved a lot of money. But I bought land, that was in Houston proper and only after verifying that it had connectivity that would meet my requirements.

    posted in News
  • RE: Ajit Pai wants to raise rural broadband speeds from 10Mbps to 25Mbps

    @jmoore said in Ajit Pai wants to raise rural broadband speeds from 10Mbps to 25Mbps:

    @StorageNinja I live in Waco.

    Parents live there, I went to school there. You should come down for the Texas Bowl. Baylor should destroy Vandi.

    posted in News
  • RE: Ajit Pai wants to raise rural broadband speeds from 10Mbps to 25Mbps

    @scottalanmiller said in Ajit Pai wants to raise rural broadband speeds from 10Mbps to 25Mbps:

    Or those who live in an area with AT&T, Comcast, Cox, Frontier, or any rural area and get zero of the innovation.
    From Houston to rural NY, none of that stuff has existed and zero innovation or competition comes along. It's a rare, very unique market where those innovations have affected anyone for a long time.

    I have two providers offering me Gigabit service in Houston. As 5G comes online I'll be looking at 3-4 providers with 500Mbps+ Speeds. Waco while not truly rural is is a 5G test site for AT&T.

    Modulva is LTE only in major cities. Rural coverage is HSDPA primarily, and for small villages and rural area's, it's xDSL.

    The Reality is I can stream 3D 4K video on my existing 120 meg down circuit. Really the draw of the newer stuff for me is lower latency, and distributed service meshes embedded in the network slices.

    posted in News
  • RE: Ajit Pai wants to raise rural broadband speeds from 10Mbps to 25Mbps

    @Dashrender said in Ajit Pai wants to raise rural broadband speeds from 10Mbps to 25Mbps:

    Unless another player enters the market and lays their own fiber, you're just not going to get the incumbents to move voluntarily. Another reason the exclusive contracts are so anti-consumer.

    You don't need to run fiber to the home though with 5G. You can run Fiber down a few major streets and shoot from there. Also, telco's are gearing up to radically change their CPE gear. Imagine if every Docsis modem could also do 5G. Imagine if the AT&T Fiber handoff could backhaul 4G to another pop if there's a cut.

    3rd parties (Crown Castle) are running Fiber and towers and making it available to multiple third parties.
    Network Slicing is going to allow virtual overlays to explode. NFV, private transport end to end. Even if you get "net neutrality" this stuff is all before the PoP so it means nothing when this stuff can do paid prioritization of its slice anyways (The same way that MPLS and Point to Points fall today under regulation). Is going to allow mobile virtual network operator (MVNO) growth to explode.

    There's a narrative that we need to nationalize telecom, or that there isn't innovation going on in the last mile and it's largely being pushed by people who are missing out on all the cool stuff going on right now out of sight.

    While networks have been sold as "pipe of xxx size" for years quality of peering, jitter, latency etc have existed as differentiation between carriers people buying it just were not always aware. Internap provided a far better mix than Cogent (who delivered what I always called porn grade bandwidth given the questionable peering). This granularity that network slicing can deliver is critical to a shift to declarative policies for computing and distributed applications, services meshes etc.

    posted in News
  • RE: Ajit Pai wants to raise rural broadband speeds from 10Mbps to 25Mbps

    @JaredBusch said in Ajit Pai wants to raise rural broadband speeds from 10Mbps to 25Mbps:

    @StorageNinja said in Ajit Pai wants to raise rural broadband speeds from 10Mbps to 25Mbps:

    @Obsolesce

    Couple things....

    1. Other countries don’t have the landmass to cover than we do. Show me a largely rural area in Australia and I’ll show you shitty coverage.

    2. The carriers have been deploying traffic shaping to slow Down video for some time.

    Both points are true, but even in urban areas the US lags behind.

    We lag behind if you talk Wireless for T-Mobile or Sprint.

    I got 25Meg down on 4G LTE to my house. (Verizon likely faster and rolling out 5G in a few neighborhoods with other carriers following next year).
    My last house could hit 90Mbps down.
    I get Comcast 100Meg service (Faster available, I just don't feel like paying for it).
    AT&T is offering Gigabit service in my neighborhood (I'm switching to it once my Comcast new customer discount runs out).
    Next year I'll likely be blending 5G and GigE fiber with a VeloCloud box.

    Everyone always points to urban results in Asian megacities (where population density is insane) our countries with last mile monopolies allowed (Which the EU countries approach reminds me of their jump on GSM they got, that eventually led to them falling behind as we let the market win things out and LTE is based on CMDA's time slicing tech).

    Cell phone service only sucks around my city in shitty suburbs where they don't let people put op towers. NIMBY prevention of towers is one of the biggest problems the US has that other countries don't fight.

    posted in News
  • RE: Ajit Pai wants to raise rural broadband speeds from 10Mbps to 25Mbps

    @Obsolesce

    Couple things....

    1. Other countries don’t have the landmass to cover than we do. Show me a largely rural area in Australia and I’ll show you shitty coverage.

    2. The carriers have been deploying traffic shaping to slow Down video for some time.

    posted in News
  • RE: Is the Physical Thin Client Era Dead?

    @Dashrender said in Is the Physical Thin Client Era Dead?:

    Just wasn't expecting to need thin client devices as powerful or more so than desktop machines running XP to be required to get an as good experience

    Zero Clients have less intelligence than a rock (It's an ASIC that gets it's firmware by PXE boot) and I can play Skyrim on them over PCoIP. Printer Redirection will not really work, and god help you with a IO USB device over the WAN but a Thin client doesn't need to be that powerful for graphics beyond 2D resolution support, and number of monitor support.

    All the new Thin Clients protocols are based on H.265. That is decoded in cheap(ish) SOC. Even an old iPhone 5/iPad 4 support H.265. In this case the CPU load is zero for the graphics as it's fully offloaded end to end.

    posted in IT Discussion
  • RE: Is the Physical Thin Client Era Dead?

    @scottalanmiller said in Is the Physical Thin Client Era Dead?:

    Many thin clients don't run Windows and use a completely different RDP library. That is often the cause of issues.

    Many thin clients don't use RDP. While the protocol wars were fun (ICA vs. PCoIP!) I'm seeing everyone consolidate on highly customized stacks that at their core for image processing leverage H.264, and H.265. This is because for mobile and SOC have hardware decoders for this. (Blast Extreme and Citrix's HDX whatever it's called now do this).

    posted in IT Discussion
  • RE: Nine Out of Every 10 Silicon Valley Jobs Pays Less Than In 1997, Report Finds

    @Dashrender said in Nine Out of Every 10 Silicon Valley Jobs Pays Less Than In 1997, Report Finds:

    Right - so the point is these RSU's and other comps aren't really important for someone making $125K... because if you're lucky you might get another 50% - again if lucky.. and now you're making the same as you were 20 years ago - assuming there were no RSUs 20 years ago for these same people.

    It's not really lucky if it's a public company of a major company who has a proven track record.
    Looking at some recent offer data.

    LinkedIn - $250K -400K in RSU's for a Senior Software Engineer for the initial grant.
    Boeing - $300K with refreshers of 40K

    Additional yearly grant refreshers beyond the initial are all over the place but tied to how much a company wants to keep you but assuming it's 25% of your base salary (not uncommon) with some reasonable stock appreciation you could be looking at close to 300% of initial offer in TC by year 4 which gets back to why I said this article was crap. Wages != Total Compensation in Silicon Valley.

    posted in News