@tim_g We do ! Now 15,000 customers.
Posts made by stus
RE: [Heads-up] New Ransomware Strain Encrypts Cloud Email Real-time VIDEO
[Heads-up] New Ransomware Strain Encrypts Cloud Email Real-time VIDEO
OK, here is something new and really scary.
KnowBe4's Chief Hacking Officer Kevin Mitnick called me with some chilling news. A white hat hacker friend of his developed a working "ransomcloud" strain, which encrypts cloud email accounts like Office 365 in real-time. My first thought was :"Holy $#!+".
I asked him: "Can you show it to me?", and Kevin sent this to me a few hours ago. Lucky for us, this ransomware strain is not in the wild just yet, but it's on the horizon, so this is your heads-up! If a white hat can do this, so can a black hat.
This new strain uses a smart social engineering tactic to trick the user to give the bad guys access to their cloud email account, with the ruse of a "new Microsoft anti-spam service".
Once your employee clicks "accept" to use this service, it's game over: all email and attachments are encrypted real-time! See it for realz here in 5 minutes and shiver:
YouTube Ransomcloud Demo
What Kevin recommends at the end of this video: "Stop, Look and Think before you click on any link in an email that could potentially give the bad guys access to your data." is now more true than ever.
What Percentage Of Your Users Would Click On That Link?
Organizations are moving millions of users to O365. However, this video proves that being in the cloud does not automatically mean you are secure. The Phish-prone percentage of your users is your number one vulnerability, as they remain to be the weakest link in your IT security, cloud or not.
Here is a way to get your users' phish-prone percentage baseline at no cost
KnowBe4's free Phishing Security Test allows you to choose which environment you want to test:
If you choose the O365 option, your user will be send this Phishing Security Test (PST) email after you upload the email addresses and whitelist our domain:
As you just saw, cyber-attacks are rapidly getting more sophisticated. We help you step your employees throuigh new-school security awareness training to better manage the urgent IT security problems of social engineering, spear-phishing and ransomware attacks. Take the first step now. No need to talk to anyone.
Find out what percentage of your employees are Phish-prone with our free Phishing Security Test (PST). If you don't do it yourself, the bad guys will.
The Top 5 Reasons Why You Need To Deploy New-school Security Awareness Training In 2018
2017 was a dumpster fire of privacy and security screw-ups.
To start 2018 with a simple, effective, IT security strategy is an excellent New Years resolution and helps your CEO to keep their job. Better yet, thousands of your peers will tell you this was the best and most fun IT security budget they ever spent... hands-down.
This list is the high-power ammo you need to get budget and roll out new-school security awareness training, ideally right now.
Here are the Top 5 reasons...
Social Engineering is the No. 1 go-to strategy for the bad guys. Unfortunately their time is money too. Why spend 2 months of research uncovering a 0-day when you (literally) can create an effective spear-phishing attack in 2 hours? They are going after the human—the weakest link in IT security—and your last line of defense.
Ransomware is only going to get worse in 2018. Email is still their favorite attack vector, and their sophistication is increasing by the month. The downtime caused by ransomware can be massive.
Compliance requirements for awareness training are being sharpened up. Thinking that today you can get away with a yearly one-time, old-school awareness training session is whistling past the graveyard. A good example is May 25, 2018 when enforcement actions for GDPR begin. We have compliance training for GDPR ready for you in 24 languages.
Legally you are required to act "reasonably" and take "necessary" measures to cope with a threat. If you don't, you violate either compliance laws, regulations, or recent case law. Your organization must take into account today's social engineering risks and "scale security measures to reflect the threat". Don't trust me, read this, confirm with your lawyer, and next insist on getting budget. Today, data breaches cause practically instant class action lawsuits. And don't even talk about all employees filing a class action against your own company because your W-2 forms were exfiltrated with CEO fraud.
Board members' No. 1 focus today is cyber security. Some very pointed questions will be asked If they read in the Wall Street Journal that your customer database was hacked and the breach data is being sold on the dark web. Once it becomes clear that your organization did not deploy a simple, effective strategy that could have prevented this, a few (highly placed) heads will roll. Target's CEO and CISO are just an example. Help your CEO to keep their job.
So now that it's clear you just have to do this ASAP, why choose KnowBe4?
OK, let's list the 5 reasons why KnowBe4 is the complete no-brainer option—after casually mentioning we are the fastest growing vendor in this field and have 15,000+ customers, more than all our competitors combined:
KnowBe4 was recognized by Gartner as a Leader in the Magic Quadrant
Goldman Sachs recently invested $30M of Series B funding in KnowBe4 because they believe in our mission
The KnowBe4 platform was built from the ground up for IT pros that have 16 other fires to put out
The KnowBe4 ModStore has the world's largest choice in fresh awareness training content
Pricing is surprisingly affordable, and gives you a 127% ROI with a one-month payback
BONUS: It's actually a lot of fun to phish your users and get the conversation started!
I strongly suggest you get a quote for new-school security awareness training for your organization and find out how affordable this is. You simply have got to start training and phishing your users ASAP because your filters have an average 10.5% failure rate. Get a quote now and you will be pleasantly surprised.
Get A Quote
Founder and CEO
86% of security pros worry about a phishing future where criminals are using Artificial Intelligence
A new survey by Webroot shows that 86% of security professionals worry that AI and ML (machine learning) technology could be used against them. And they are right, because it will and probably is already happening right now with fake celebrity sex videos.
The survey shows the US is an early adopter of AI for cyber security, with 87 percent of US professionals reporting their organizations are currently using AI as part of their security strategy.
Three quarters of cyber security professionals in the US believe that, within the next three years, their company will not be able to safeguard digital assets without AI. Overall, 99 percent believe AI could improve their organization's cyber security.
Respondents identified key uses for AI including time-critical threat detection tasks, such as identifying threats that would have otherwise been missed and reducing false positive rates.
"There is no doubt about AI being the future of security as the sheer volume of threats is becoming very difficult to track by humans alone," says Hal Lonas, chief technology officer at Webroot. More detail at Webroot's Quarterly Threat Trends report.
AI is a game changer for better or for worse
This is the first time in history that AI has come up to the level predicted in Sci-Fi for decades. And some of the smartest people in the world are working on ways to tap AI’s immense power to do just that.
And some bad guys are using it to create fake celebrity sex videos. Yes, you read that right.
This is going to be the next wave of phishing emails that use social engineering to manipulate your users into opening an infected attachment.
With help from a face swap algorithm of his own creation using widely-available parts like TensorFlow and Keras, Reddit user “Deepfakes” tapped easily accessible materials and open-source code that anyone with a working knowledge of machine learning could use to create serviceable fakes.
"Deepfakes" has produced videos or GIFs of Gal Gadot (now deleted ), Maisie Williams, Taylor Swift, Aubrey Plaza, Emma Watson, and Scarlett Johansson, each with varying levels of success. None are going to fool the discerning watcher, but all are close enough to hint at a terrifying future.
After training the algorithm — mostly with YouTube clips and results from Google Images — the AI goes to work arranging the pieces on the fly to create a convincing video with the preferred likeness. That could be a celebrity, a co-worker, or an ex. AI researcher Alex Champandard told Motherboard that any decent consumer-grade graphics card could produce these effects in hours. (THIS LINK IS NFSF!)
So, picture this. (Or rather, don't picture this!)
Your user gets a spear-phishing email based on their social media "likes and shares", inviting them to see a celebrity sex video with.. you guessed it, their favorite movie star! Take it one step further and your user will be able to order fake celeb sex videos with any two (or more) celebrities of their liking and get it delivered within 24 hours for 20 bucks.
And a good chunk of these video downloads will come with additional malware like Trojans and Keyloggers that give the bad guys full pwnage. Yikes.
All the more reason to educate your users within an inch of their lives with new-school security awareness training that sends them frequent simulated tests using phishing emails, the phone, and txt to their smartphone.
We help you train your employees to better manage the urgent IT security problems of social engineering, spear-phishing and ransomware attacks. Take the first step now. Find out what percentage of your employees are Phish-prone with our new, improved free Phishing Security Test
Get Your Free PST Now
Founder and CEO
Uber Total Loss: 57 Million Records Stolen But Data Breach Was Hidden For A Year
Oh boy. Uber is known for pushing the limits of the law and has dozens of lawsuits pending against it, but this one went too far and now comes the reckoning.
Bloomberg was first to report that hackers stole the personal data of 57 million customers and drivers from Uber, a massive breach that the company concealed for more than a year. Finally, this week, they fired their chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers to "delete the data". Yeah, sure!
Victim Of A Simple Credentials Phishing Attack?
Here’s how the press describes the hack: Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company.
From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company. If you read between the lines, that could very well be a simple credentials spear phishing scheme, done with some crafty social engineering, or perhaps careless developers leaving internal login passwords lying around online:
Failure To Disclose
Joe Sullivan, the outgoing security chief, spearheaded the response to the hack last year, a spokesman told Bloomberg. Sullivan, a onetime federal prosecutor who joined Uber in 2015 from Facebook Inc., has been at the center of much of the decision-making that has come back to bite Uber this year.
Bloomberg reported last month that the board commissioned an investigation into the activities of Sullivan’s security team. This project, conducted by an outside law firm, discovered the hack and the failure to disclose, Uber said.
SNAFUS are bad, but cover-ups can kill you
No doubt regulators will also be asking tough questions about why they were not informed about the breach until this week, and class-action lawsuits... heeeere we come!
Uber says it has "not seen evidence of fraud or misuse tied to the incident." Let's hope that they are right, but it is highly unlikely that these records were deleted. It's practically sure they are sold on the dark web or will be. There are many ways that data could be abused by criminals without Uber ever becoming aware.
All organizations would be wise to remember this: SNAFUS are bad, but cover-ups can kill you. You can ask forgiveness for being hacked and handle your disclosure correctly, but many people will find it harder to forgive if you deliberately covered up the truth.
Expect Uber-themed phishing attacks
Now that this is all over the press, the bad guys are going to send Uber-themed phishing attacks in a variety of flavors. First will be emails with warnings like "Your Uber Account Has Been Compromised" sending people to compromised websites where indeed their credentials will be stolen! You can imagine online criminals are going to have a field day with this, since it's all over the press and people are going to get worried.
I suggest you send the following to your friends, family and employees, feel free to copy/paste/edit:
Uber has suffered a data breach a year ago, and the address and email information of 57 million people were stolen. Uber paid off the hackers who then supposedly deleted the data, but that cannot be confirmed.
Watch out for phishing emails related to this Uber data theft, for instance that your "Uber account was compromised" and that you need to change your password, or anything else related to Uber that could be suspicious.
Never click on a link in an email, always go to the website yourself through your browser's address bar or a bookmark you have set eaarlier. Remember, Think Before You Click!
Founder and CEO, KnowBE4, Inc.
New Ransomware Strain Evades Machine Learning Security Software
Here is the latest tactic in the cat-and-mouse game between cybercrime and security software vendors. The bad guys have come up with new a ransomware phishing attack, tricking users to open what appears to be a document scanned from an internal Konica Minolta C224e. This model is one of the most popular business scanner/printer in the world. The emails are written to make the user think that the communication is from a vendor.
Basically, Locky is back with a vengeance and a whole new bag of evil tricks.
The campaign launched Sept. 18 features a sophisticated new wrinkle, enabling it to slip past many of the machine learning algorithm-based software sold by some of the industry’s most popular vendors, said security firm Comodo.
“The method of phishing is by an attachment of an email; the attachment is disguised as a printer output, and it contains a script inside an archive file,” said Fatih Orhan, vice president of Comodo Threat Research Labs. “These are not enough to make a phishing detection.”
This is the third recent Locky attack
The third in an increasingly sophisticated series of ransomware attacks launched this summer is also a “Locky” malware variant dubbed IKARUS by Comodo, some other other security vendors are calling it Diablo6.
As in previous attacks, the hackers are using a botnet of zombie computers which makes it hard to block in spam filters.
“Employees today scan original documents at the company scanner/printer and email them to themselves and others as a standard practice, so this malware-laden email looks quite innocent but is anything but harmless,” the report continues.
The most innovative hook of this new feature involves the way the hackers manage to evade anti-malware software.
Here is how it evades machine learning
“Machine learning algorithms need to extract the attachment, open the archive, extract the script and understand it has a malicious intent,” said Orhan, the Comodo research head. “But usually, these scripts contain just a download component and do not have malicious intent on their own.”
“That’s why even machine learning is not sufficient in making these kind of detections,” he continued. “Complex solutions are needed to run the script dynamically, download actual payload, and perform malware analysis to conclude that it is phishing.”
In other words, it looks like that again the bad guys are ahead of your antivirus, whether that is traditional or machine-learning flavor.
What do you do when all filters have failed?
Your users still are and will remain your last line of defense, when all filters have failed. You need to create a human firewall. New-school security awareness training is the way to go. Join 13,000 KnowBe4 customers and keep the bad guys out of your network.
I strongly suggest you get a quote for new-school security awareness training for your organization and find out how affordable this is. You simply have got to start training and phishing your users ASAP. If you don't, the bad guys will.
Get a quote now and you will be pleasantly surprised.
Warm regards, Stu
RE: These 4 Maps Will Make You Understand Russia's Aggressive Cyber Attacks
Interesting Scott! I crossed CheckPoint Charlie into Eastern Germany at the Berlin Wall.
These 4 Maps Will Make You Understand Russia's Aggressive Cyber Attacks
There are many kinds of maps, they can show roads or general geography, but sometimes they shed light on other dimensions like economic, political and/or military perspectives.
First of all, you need to realize that Planet Earth is an "anarchy of nations". There is no planetary overlord—which we probably should be glad about—and the United Nations are corrupt and ineffective. Countries are locked in a constant struggle for power.
These maps explain why Russia is so incredibly aggressive on the Internet, and essentially is using the net as an integral part of their asymmetric cold warfare.
Strategically speaking, Russia is in a difficult spot since the 1991 collapse of the communist Soviet Union. Putin has repeatedly said this is his biggest regret, and he wants to resurrect the old Soviet power (where his job was stealing Western intellectual property for the KGB).
Here is a map that shows the furthest reach of the old Soviet regime during the cold war:
Have a look at the straight line drawn from Leningrad to Rostov-on-Don, and keep that line in mind. (Note that Leningrad became St. Petersburg in 1991 after the collapse).
No Natural Barriers
Now, there are no natural barriers that stop invaders from Western Europe to roll straight into Russia, like the Germans did in the Second World War. Here is a map that illustrates this:
Since the 1991 collapse, Russia has no buffers in place to protect against an invasion, and NATO has made significant inroads in Eastern Europe. The other problem is that Russia is almost landlocked and has no easy access to the sea.
Basically Europe controls Russia's access to the sea, and during the Cold War, air bases in Norway, Scotland, and Iceland, coupled with carrier battle groups, worked to deny Russia access to the sea. This demonstrates the vulnerability Russia faces due to its lack of access to oceans and waterways.
Cannot Project Significant Force
Russia cannot project significant force because its naval force is bottled up and because you cannot support major forces from the air alone. Russia's primary issue is the western frontier and Ukraine. Putin thinks that the Euro-American interest in creating a pro-Western regime there has a purpose beyond Ukraine. Putin's Ukraine viewpoint is that they lost a critical buffer zone, and guess what, from his perspective he is right.
Russian Economy In Serious Trouble
Russia's economy is very much like an intersection in the boondocks with a gas station, a gun shop, and a flag on top. Their economy is in serious trouble given the plummeting price of oil in the past years and no expectation of getting better. Their weapons exports only partially compensate for this.
Russia occupies the weaker strategic position, having lost their western buffers against an invader, an economy in trouble, and are struggling to maintain the physical integrity of their "Mother Russia".
Here is the picture of how things look now, and compare the straight line from St. Petersburg to Rostov-on-Don again with the first map:
It is not hard to see why they are grabbing hold of any strategic advantage they can get their hands on, and the internet allows them to overcome traditional military limitations. Russian cyber attacks by the FSB, GRU and organized cyber crime (protected by the Kremlin) are not going away any time soon.
The Gerasimov Doctrine
The WSJ observed: "Russia’s military laid out what is now seen as a blueprint for cyberwarfare with a 2013 article in a professional journal by Gen. Valery Gerasimov, the chief of Russia’s General Staff. Cyberspace, wrote Gen. Gerasimov, 'opens wide asymmetrical possibilities for reducing the fighting potential of the enemy.'"
In his 2013 article, Gerasimov talked about the Russian military’s desire to hone its hacking skills as an extension of conventional warfare and political conflict. In reality, they were already deeply engaged in this and expanding their reach. In Washington’s defense and national security circles, Russia’s attacks in cyberspace have become known as the “Gerasimov doctrine”.
In addition to the above, Russian President Vladimir Putin said a few days ago: "The leader in Artificial Intelligence will rule the world." He predicted that future wars will be fought by drones, and "when one party's drones are destroyed by drones of another, it will have no other choice but to surrender." Terminator, here we come. Link to Associated Press.
The vast majority of Russia's attacks start with social engineering and spear phishing attacks. KnowBe4's integrated training and phishing platform allows you to send fully simulated phishing emails so you can see which users answer the emails and/or click on links in them or open infected attachments.
See it for yourself and get a live, one-on-one demo.
Request A Demo
SyncCrypt Uses Graphic File to Cloak Ransomware in ZIP Phishing Payload
Emisoft Security researcher xXToffeeXx discovered another new phishing threat adept at bypassing Antivirus using a variation of the game played by PowerPoint PPSX attachment phishing email scam we posted about last week.
“SyncCrypt” distinguishes itself by using a JPG file and a Trojan horse trick of hiding a ZIP file inside a JPG file with automated download of the graphic from one of the several sites controlled by the bad guys.
The method uses Windows Scripting Language (WSF) which is an old friend of ransomware authors. But this is a clever way to offload and activate the malware on the user's computer while displaying a graphic designed to confuse or buy a minute of time.
As Larry at Bleepingcomputer observed: "SyncCrpt uses the WSF scripting language to download images with embedded ZIP files making it invisible to many leading antivirus vendors on VirusTotal."
The attachments then encrypt all the files with a .kk extension.
The bad news is that there’s no way yet to de-encrypt SyncCrypt encrypted files yet.
The phishing emails look like Court Orders which are named (not very sophisticated) as CourtOrder_XXXXX.wsf (where X equals a number). Bleepingcomputer reports that the (WSF) Windows scripting files will execute JScript code when released from the JPG encapsulated Zip file.
The scripting process calls one of three websites to manage the upload of the JPG.
The screenshot demonstrates the WSF script calling one of the three sites to download the JPG trojan loaded with a Zip file.
Once the image is rendered the graphic displays “Olafur Arnalds' album titled “They Have Escaped the Weight of Darkness" which Arnalds released in 2010. Does this have significance to the location and origin of the ransomware author? We don’t know.
Meanwhile, hiding in the embedded a zip file is sync.exe, readme.html, and readme.png files. These files are the core components of the SyncCrypt ransomware.
According to bleepingcomputers.com, the sync.exe file is able to fool about 28 of 63 VirusTotal’s indicators and able to sneak by many of the leading AV vendors.
Here is the attack sequence:
- User gets phished
- Sync.exe is extracted from the attachment
- WSF file is executed
- Schedules a task one minute later to execute encryption process using AES encryption with a public encryption key saved in %Desktop%\READM
- Encrypted files contain a .kk extension
- A splash screen reads you the ransom note and gives you 48 hours to act by sending the exact amount of Bitcoin (which when discovered was about $USD 429) to an address and refers to payment details in a file called amount.txt located in the desktop folder Readme.
- Victim sends “key” file to one of three email accounts. Instructions are emphasized you must follow all directions exactly or your files will stay encrypted.
- Currently no way to decrypt files for free
Way more technical detail:
KnowBe4's integrated training and phishing platform allows you to send fully simulated phishing emails with attached zip files so you can see which users answer the emails and/or click on links in them or open infected attachments.
See it for yourself and get a live, one-on-one demo.
Request A Demo
Warm regards, Stu
RE: This password bombshell will make you scratch your head...
@dashrender We want to make sure our brand new password management training module reflects the requirements of the market. The survey tells us what you really need and want. Stu