[metaslider id=2951] … Read More
Archives for September 2016
New type of malware encrypts computer hard drives — not just files
Dive Brief:
- A new type of ransomware is encrypting computer hard drives rather than individual files, according to a Threat Post report.
- Called Mamba, the new malware has been found on machines in Brazil, the United States and India. Once Mamba infects a machine, it encrypts the hard drive and victims receive a ransom note.
- The ransomware is likely being spread via phishing emails, according to researchers at Morphus Labs in Brazil.
Dive Insight:
Ransomware continues to be a major challenge for businesses, as employees routinely fall for phishing scams and companies regularly pay ransoms rather than deal with trying to recover their critical data, further encouraging cybercriminals. While regular backups can help protect companies, Mamba can make that more complicated.
“Traditional backup methods rely on the operating system already being in place to centrally manage restoring files from a centralized backup server,” said Travis Smith, senior security research engineer at Tripwire. “By taking out the entire operating system, the ransomware is increasing the overall cost of restoring data through backups.” Rather than restoring from backups, more businesses will likely pay the ransom as the easiest and sometimes cheapest option.
Earlier this month, the chair of the Federal Trade Commission urged businesses to do more to protect consumers from ransomware.FTC Chair Edith Ramirez put companies on notice that the agency expects them to play a role in protecting their customers from ransomware.
Education Now Suffers The Most Ransomware Attacks
Dark Reading – Kelly Jackson Higgins
New data shows ransomware rates worldwide doubling and tripling in past 12 months.
When you think ransomware victim, most likely your first thought is a hospital. But a new survey of ransomware’s spread among different industry sectors shows that education is actually the biggest target right now.
BitSight, which rates the security posture of organizations based on external data showing malicious activity surrounding them, in a new report today found that education is hit most by ransomware attacks, followed by government, healthcare, energy/utilities, retail, and finance.
The firm’s analysts studied ransomware activity at some 20,000 organizations and found that one in 10 education organizations had been hit with malware on their networks, followed by 6% of government entities; 3.5% of healthcare organizations; 3.4% of energy/utilities; 3.2% of retailers; and 1.5% of financial organizations. According to BitSight, the rate of ransomware attacks has doubled or tripled among various industries in the past 12 months.
BitSight’s ransomware data is based on traffic by the malware; for instance, as it communicates to its command-and-control servers. It shows infected victim machines in those organizations, but doesn’t necessarily mean the victims were unable to retrieve their data from backups, for example.
A recent Osterman Research survey found that both phishing and ransomware attacks had jumped several hundred percent per quarter in the past 12 months. That survey, commissioned by DomainTools, also named ransomware in the top three concerns for IT and security pros.
Law enforcement has been relatively vocal about noticeable spikes in ransomware of late: the FBI issued a public service announcement late last week urging ransomware victims to report attacks to the agency. This, after an FBI official told attendees of a Federal Trade Commission (FTC) event to immediately contact the FBI or IC3.gov if they suffer a ransomware infection, and not to pay any ransom fees.
“People have to remember that ransomware does not affect just one person or one business,” Will Bales, supervisory agent for the FBI’s Cyber Division, said. “It will more than likely move on and affect somebody else. And for those who pay the ransom, it only encourages them to extort the next person.”
One ransomware variant infected 100,000 computers in just one day, the FBI noted in its announcement. “Cyber security companies reported that in the first several months of 2016, global ransomware infections were at an all-time high,” the alert said. The FBI also noted that it needs to get a better handle on the actual number of victims, hence the call for reporting to them.
Stephen Boyer, co-founder and CTO of BitSight, says he and his team were surprised that education tops healthcare in ransomware attacks. “Protections in higher ed are lower” he says, given universities’ open culture and complex user environment, for example.
To date, healthcare organizations—namely hospitals—have been the most high-profile ransomware victims, from Hollywood Presbyterian Medical Center in Los Angeles, Calif., to Washington, DC-area MedStar. Hollywood Presbyterian ultimately ponied up with $17,000 to the attackers to release its systems. MedStar had to temporarily shut down its computers, email system, and large record database to inhibit its spread to other locations in the region, and reportedly did not pay the attackers any ransom.
More unnerving is that BitSight’s new data represents just a snapshot of the attacks, Boyer says. “We know we’re not seeing all of the ransomware” here, Boyer says. “But we’re seeing hundreds of companies in just about every sector.”
BitSight also found that two particular ransomware variants were the most prevalent: Nymaim and Locky. More than 11% of education organizations were hit by Nymaim, and 4%, with Locky, which came on the ransomware scene about eight months ago. Nymaim hit about 4% of the government entities, and 3%, Locky.
“Another important fact to note is that Nymaim, although typically associated with ransomware, is actually a Trojan that can be used to install a variety of malware,” the report said.
The big takeaway from the BitSight data on ransomware: “No sector is immune,” Boyer says.
Phishing Attacks on the Rise, Human Error to Blame
By Robert Urrico – Credit Union Times
Many of the cybersecurity threats prevalent today such as oversharing on social media, unsafe use of Wi-Fi, and company confidential data exposure contributes to the ever-growing problem of phishing.
Pittsburgh-based cybersecurity firm Wombat Security Technologies’ Beyond the Phish Report, analyzed nearly 20 million questions and answers from their survey for this report. The report delved into how well end users are able to identify and manage security threats within an enterprise.
News and headlines, as well as numerous studies, have proven that phishing attacks are on the rise, and Wombat said its survey of security professionals showed the same. The threat of phishing attacks is real. In the last year, the list of organizational phishing victims increased by 13% to 85%, and 60% of enterprises said the phishing attack rate increased overall.
“Clearly, phishing is a focus area across the industry, but the efforts can’t stop there,” Joe Ferrara, president and CEO of Wombat said. “To reduce cyberrisk in organizations, security education programs must teach and assess end users across many topic areas, like oversharing on social media and proper data handling. Many of these risky behaviors exacerbate the phishing problem.”
Social Media plays a big part in our lives but end users struggled here the most, missing 31% of the questions we asked them around what they should and should not do to keep themselves and their organizations safe.
“What’s more, in our survey of security professionals, we found that only about half are assessing users around this topic. Most companies allow social media access on work devices while admitting they are not very confident that their employees know what to do to keep their organization safe,” the report revealed.
The report also disclosed that not only is there room for improvement in protecting organizations against phishing attacks but in simply recognizing the existing dangers. Other key findings include:
- End users missed 30% of questions about protecting and disposing of data securely, second only to safe social media use.
- Professional services and healthcare employees performed the lowest on the nearly 1 million questions asked about safe passwords.
- Healthcare industry had the highest assessment percentage of end users’ ability to protect confidential information with 31% of questions on the topic missed by those in that industry. The financial section weighed in at 22%.
Wombat suggested with the rise in the remote workforce and end users who value the ability to work outside of the office, organizations need to educate their employees on how to stay safe while they are outside the office. Improper use of free Wi-Fi, inattention to physical security, lax data protections, and the lack of security guidelines during travel led to 26% of questions missed by end users on this important topic.
Only Half of Firms Say IT Security Rules Are Being Followed
At a time when ransomware and other attack methods that exploit insider negligence are becoming rampant, only 39% of end users think they take all appropriate actions to protect corporate data accessed and used in the course of their jobs, according to a new survey by the Ponemon Institute.
The survey of 1,371 end users and 1,656 IT and IT security professionals across the U.S. and Europe was conducted in April and May 2016 by Ponemon Institute, with sponsorship from security software provider Varonis Systems. It showed that 52% of IT respondents think policies against the misuse or unauthorized access to company data are being enforced and followed. But only 35% of end users say their organizations strictly enforce those policies.
Among the other key findings were that 61% of respondents who work in IT or security roles view the protection of critical company information as a very high or high priority. In contrast, only 38% of respondents who are considered end users think it is a very high or high priority.
Asked about their organization’s attitude on productivity vs. security, 38% of IT practitioners and 48% of end users say their organizations would accept more risk to the security of their corporate data in order to maintain productivity.
“At a time when one would expect general improvement in end-user hygiene due to increased awareness of cyber attacks and security breaches, this survey instead found an alarming decline in both practices and attitudes,” said Larry Ponemon, chairman and founder of Ponemon Institute.
Ransomware, Malware Threats Rise in Second Quarter
A report from Quick Heal outlines the top malware afflicting Windows and Android device users, and offers a brief description of each of the malware families.
The second quarter of 2016 saw a small decline in the detection count malware in both Google Android and Windows-based devices. However, this decrease should not be mistaken as a sign of weakness in cyber-criminals, according to a report from Quick Heal Technologies.The company’s research labs recorded a steady increase in the detection of potentially unwanted programs (PUPs), but noted a more concerning matter was the 200 percent increase in the detection of mobile ransomware in this quarter alone. In fact, this level of detection is almost close to half of all the detections in 2015.Additionally, newer variants of Windows malware have joined the pack of the top 10 malware of the second quarter and security vulnerabilities have swelled to scary proportions.The report outlines the top malware afflicting Windows and Android users, with a brief low-down on each of the malware families, and lays out the difference between the malware detection stats of this quarter and that of the previous.
The report also includes some observations about certain malware that caught the company’s attention due to their unique behavior.
Compared with the previous quarter (Q1 2016), this quarter has seen a decline of 16 percent in the detection count of malware on Windows computers.The top malware was Trojan.Starter.YY4, a Trojan that works by connecting to a remote server and installing other malware on the computer it infects—in essence being used as an entry point by other malware.This malware is linked to various banking Trojans and worms designed to spread over networks, which allow hackers to steal confidential data such as credit card details and personal information from the infected system.As observed by Quick Heal in the first quarter, Mindsparki, BrowseFox and Clientconnect were the top PUP families with the highest detection rate.In Q2, however, the company found new families, including Askcom, InstallCore and Greentree.Greentree, which generally have been marked as low-risk threats. But Quick Heal researchers noted some of them can be difficult to remove once they have infected a computer.”Users need to exercise caution while clicking on the ‘Accept’ button while installing any software, particularly the free ones,” the report warned. “We strongly recommended users to read the Privacy Policy and End User License Agreement so that they understand what all applications are going to get installed besides the primary software.”The report also noted carefully planned and targeted attacks on government organizations and other private sectors are increasing, as are cases of ransomware incidents.