ALERT:  Brad Pitt Suicide Scam

CyberCriminals are opportunistic, and the sensationalized divorce between Brad Pitt and Angelina Jolie has been used by CyberCriminals for a “celebrity death hoax”, which is unfortunately very lucrative for them.

There are several variants, some claiming it was a hanging, others that he died in a shooting range suicide, or a substance overdose.  The scam is currently on Facebook, but you can expect emails with links for “more details” and/or attachments that claim it is a video of his last moments.

Here is one version that making the rounds:

“Brad Pitt, 52, a multi-awarded American actor & husband of Angelina Jolie, 41, shot himself in the head at a shooting range on Sunday.  He was under significant stress because the couple ‘were going through a divorce and he had a history of depression’, sources have said.”

Do not click on any links, or open any attachments, from someone that you do not know, or cannot confirm the source.  Do not click on any ads or posts that claim to have insider information about a celebrity’s last moments, or videos, etc.

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

Old Ransomware Strain Spreading Through Cloud

An obscure 2-year old ransomware strain is rearing its ugly head, with a REALLY ugly twist

Normally, ransomware is spread through email phishing attacks, exploit kits, removable drives (USB sticks, etc.), or external network shares.  However, Virlock is a weird version of ransomware that not only encrypts files, but converts them into a file infector (similar to a virus).  It not only infects the usual documents and image-related files, but infects binary files as well.

If that wasn’t enough, Virlock also effectively weaponizes every data file it encrypts, converting each one into a propagation vehicle for the malware itself.  This means that the encrypted data files don’t just sit there, but they are used to spread the malware joy to other users through file sharing schemes.  It can even be spread via cloud storage and collaboration apps.  

How does this work?  Like this:

User A and User B are collaborating through the cloud storage app Box, using a folder called “Important”.  Both users have some of the files within the folder synced to their own machine.

User A falls for a social engineering attack, and get infected with Virlock ransomware on their own machine, encrypting all their files.  It also, at the same time, turns the files into new Virlock infector files, including the files which are synced on Box.  So, Virlock also spreads to the cloud folder and infects the files stored there which, in turn, get synced to User B’s machine.  

Now, User B clicks on any of the files in the shared folder on their box, the infected Virlock file is executed, and the rest of the files on the machine of User B become infected.  The infected files on User B’s machine now become Virlock infectors just like a virus.  

The bonus:  The scenario isn’t just limited to User A and User B, but will extend to all the users of an enterprise who are collaborating with each other.  Clever AND efficient.  

Like other ransomware strains, Virlock asks the victim for a Bitcoin payment in order to release their machine.  However, Virlock claims to be an “anti-piracy warning” from the FBI.  The message received by the victim states that pirated software has been found on their computer and threatens them with prison and/or a $250,000 file if they don’t pay a $250 “first-time offender” fine.  The message may look similar to the one below:

Unfortunately this social engineering method is tried-and-true, and has proven to be a money-maker for the CyberCriminals in past years in an effort to spook victims into paying their “fines” quickly.

The REALLY bad part of this ransomware?  It has a high possibility of reinfection.  Usually organizations pay Bitcoin ransoms trusting that they’re going to get their files back & not be reinfected with the same ransomware.  However, the strength of this ransomware strain is also its weak point.  Miss one infected file on some share that most admins forgot about…and sorry, you’re reinfected.

 

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

Phishing for Apples

 

Phishing attacks using fake Apple Store messages, fake landing pages, and sometimes fake login pages are a popular attack vector.  

 

They still make it through filters, as witnessed by the hundreds of reports every day.  These CyberCriminals are pros located in Eastern Europe, and test out their phishing emails in the UK.  Once all the bugs are ironed out, they set free the ‘polished’ attack on the US and Canada.

This one is particularly evil…and well-done.  

It may look similar to the email below:

Victims are receiving a fake Apple Store “refund request”, to trick users into trying to prevent getting charged for something they did not buy.  The CyberCriminals ask you to fill out a page with your full address and credit card information so you “will not get charged”.  If you or a friend or family member would fall for this trick, it’s highly likely that your credit card would get fraudulently charged up very quickly.

If you receive a “refund request” from any company, contact the company directly from the phone number or email contained on the website.  Do NOT click on any attachments, links, or use any email addresses and/or phone numbers provided in emails.  Although the contacted phone number and/or email may look/sound legit…these CyberCriminals are good!

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

Yahoo Hack Extends Further Than Just Passwords

Yahoo recently went public regarding “information associated with at least 500 million user accounts was stolen from its network in 2014 by what it believed was a “state-sponsored actor.”  The data stolen may have included names, email addresses, telephone numbers, dates of birth, and hashed passwords (the vast majority with the relatively strong bcrypt algorithm) but may not have included unprotected passwords, payment card data or bank account information, the company reported at the time.  Later on, Yahoo disclosed that more credentials were stolen and that more data (credit cards) was exfiltrated than was known at the time of the discovery.  

Yahoo is working with law enforcement on the matter, and has launched an investigation into a possible breach in early August after a Russian hacker named “Peace” offered to sell a data dump of over 200 million Yahoo accounts on the darknet for a mere $1,800 which included usernames, easy-to-crack password hashes, dates of birth, and backup email addresses.  

Why Should You Worry?

Well, if you change your password regularly (every month or so), and use difficult to guess passwords (ie. NOT “123456” or “password”, or even the ever-popular “abc123”), then you should be good initially (unless, of course, they have your credit card info, in which case you should cancel your cards immediately).  However, the hackers aren’t quite done with you…

1. Phishing attacks will likely be the number one strategy, with Yahoo user accounts being used for social engineering attacks.  These are usually highly successful, and lucrative, for hackers.
2. However, since many people use the same username & passwords across multiple sites, the other attack you have to watch for is “credential-stuffing”.  This is a brute-force attack where attackers inject stolen usernames and passwords into a website until they find a match using the stolen Yahoo username and passwords.
3. Yahoo has put a security announcement on their website, and has started to send users notices that they need to change their password.  CyberCriminals were grateful, I’m sure, as they are going to spoof this and rake in the money.  The emails being sent out look similar to below:

Subject:  Your Yahoo account

The security of your Yahoo account, [Name], is important to us.  Out of an abundance of caution, we are asking you to change your password.  We are committed to protecting the security of our user’s information, and we take measures like this when appropriate in light of reported security issues or suspicious activity on an account.

We encourage you to take the following steps:

1.  Sign into your account and change your password:

https://login.yahoo.com/account/change-password

2.  Visit our Help Page for information on safeguarding your account:

https://help.yahoo.com/kb/account/safeguard-yahoo-account-sln2080..html

Or

Start using Yahoo Account Key and never get locked out from forgetting or losing your password.  Yahoo Account Key is a convenient way to control access to your account, and it’s more secure than a traditional password because once you activate Account Key – even if someone gets access to your account info – they can’t sign in.

https://login.yahoo.com/account/security/mc-yak-optin

Yahoo

How To Protect Yourself:

1. Do NOT click on any links contained within an email, even if the email looks legit.  Type in the address yourself into your browser bar.
2. Do NOT phone any phone numbers contained within an email.  Look up the phone number yourself, directly on the company website.  
3. Do NOT use the same usernames and passwords on multiple accounts.  Using the same password on multiple accounts is an invitation to get hacked.  If you did use your Yahoo passwords on other sites, go to those sites, and change those passwords there too.  Also change the security questions and make the answers non-obvious.
4. Use a free password manager that can generate hard-t0-hack passwords, keep, and remember them for you.
5. Watch out for phishing emails that relate to Yahoo in any way, especially if they ask you to click on links, or if they are asking for information.
6. Now would be a good time to sign up for Yahoo Account Key – a simple authentication tool that eliminates the need to use a password altogether.  

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT: Tech Support Scam Email

Many online service providers like Microsoft, Google, Facebook, Twitter, and PayPal have adopted a policy to warn users via email when there is a possible security-related event like “unusual sign-in activity”.

Unfortunately, CyberCriminals have copied these emails, and using it as a new attack vector for a tech support scam.

These new “phishing” emails point victims to a 1-800 number where either a scammer picks up, or the victim gets sent to voice mail hell for a while, and their number is queued for a fraudulent follow-up call like the one below.

Here is a real example of such a call:  http://cdn2.hubspot.net/hubfs/241394/phone_phish.mp3

If you decide to call any company, go to their website and call the number listed there.  Never use a phone number from any email you may have received.

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

Another Apple Hack

 

As I.T. professionals, we hear it all the time – Macs don’t get viruses, Apples can’t get hacked, Macs don’t need antivirus, etc. etc. etc.

 

In the past couple of weeks, hackers have identified ways to severely compromise your Apple devices.  

1. First with iPhones:  By clicking on a link in a text, hackers could take your device over in the background, accessing your data and cameras, potentially spying on you and everything you do on your device.
2. More recently, the same exploit has come out for Mac devices.  So your laptop or computer could be taken over as well.

Apple has released updates for the exploits (aka hacks), so if you get an update notification, install it!  If you aren’t sure if you’re up-to-date, check as soon as possible.

To update your software on your computer, go to the App store-> Updates-> install Security Update 2016-001 10.11.16.

If you have yet to update the software on your iPhone or iPad, you can do so by going to Settings -> General -> Software Update, and upgrade to iOS 9.3.5.

For the full article, read here:  http://www.telegraph.co.uk/technology/2016/09/02/apple-issues-urgent-security-update-after-hack-turns-mac-compute/

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:  Voice Mail CyberScam

CyberCriminals have found a new way to trick people into infecting their PC with ransomware.  

This time, it looks like a Microsoft email that tells you about a voice mail that was left for you, and asks you to click to play the voice mail.

The email looks similar to the one below:

The email has a .zip attachment that supposedly has the voice mail message in a .wav file.  However, if you unzip the file, the ransomware will encrypt all the files on your computer, and possibly all files on the network if you have access.  The only way to get your files back….is to pay approximately $500 US.

Do not click on links in “voice mail” emails from someone you do not know, and do not open any attachments!

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:  FTC Scam Rings True

 

There is a new CyberScam out this week, that has lazy CyberCriminals raking in cash!

 

I say lazy, because the CyberCriminals are taken an actual past scam that the U.S. Federal Trade Commission has resolved & is now refunding money on.  CyberCriminals take these real FTC cases, and create a phishing scam out of them.

CyberCriminals are sending out phishing emails from an official-sounding organization that promises you a refund for a specific amount.  

Be very careful!

Never click on any links, or open any attachments you did not ask for.  DELETE the email immediately.  

If you really are expecting an FTC refund, go to the FTC.gov website yourself, using your own shortcut, or by typing the address in your browser.

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

Ransomware Releases

The ransomware market is rapidly expanding, and new and upgraded strains are released quickly.  The FBI recently projected that the losses caused by ransomware infections could reach a billion dollars…in 2016 alone.  

 

Here is a list of the most recent releases and/or upgrades:

CryptXXX

In late July, thousands of legitimate WordPress business sites were hijacked to deliver ransomware to anyone that visits their website.  The hijacked websites were redirecting visitors to a compromised site, where the payload was the very latest CryptXXX.  If you are running WordPress as your website and/or blog, make sure you upgrade to the latest version.  You should also minimize the number of plugins you use, to make the attack surface as small as possible.  

Cerber

The leading Cybermafias are furiously innovating to stay ahead of the copycats.  Cerber has updated several times, like adding a DDoS, and the use of double-zipped Windows Script Files (WSFs) to evade detection.  In July, the release of Cerber’s latest version put Office 365 users in the crosshairs.  Victims were phished, and once they opened the attachment, Cerber encrypted their files.  

Stampado

A new ransomware type to surface in mid-July had some similarities to Cryptolocker and Jigsaw in terms of how it works.  Stampado was marketed to CyberCriminals at a fraction of the cost of the usual ransomware ($39), and even included training videos to make sure that the CyberCriminals did it right.  Stampado ecrypts files, then deletes chunks of the hostaged files after a lapsed time period, if ransom has not been paid.  Stampado typically gives a 96-hour deadline before all files are deleted.

CrypMIC

While CrypMIC is a copycat of CryptXXX (trying to rake in Bitcoin with a ransom note.  Even it’s payment user interface is similar.).  One twist is that CrypMIC does not append any extension names to files that have already  been encrypted, which makes it hard to spot (which makes it hard to tell which files have been affected).

cuteRansomware

Uses Google Docs and other cloud apps to transmit encryption keys and gather user information to evade detection

Alfa Ranscam

This looks like a distant relative of Cerber.  The malware scans its infected system’s local drives and encrypts over 142 file types, appending a “.bin” extention name to the locked file.

CTB Faker

This is a copycat to CTB Locker.  This is spread through fake profiles on adult sites.  The fake profiles trick users with the promise of access to a password-protected striptease video.  The victims click on the link provided, which leads to a download of the ransomware.

Ranscam

Discovered in July, this ransomware threatens to delete files unless a 0.2 bitcoin ransom is paid.  Insult is added to injury when the files are deleted, whether ransom is paid or not.

Hitler Ransomware

Also new in July, this ransomware doesn’t encrypt files, it just deletes them.

PokemonGo Ransomware

This ransomware emerged shortly after the app was released.  This ransomware installs a backdoor account, and allows the spreads to other drives.  This strain has added bonuses, such as adding an admin account, and the ability to spread to all removable drives.  

As you can see by the lengthy list above, ransomware is spreading fast & furious, with new versions and strains popping up all over the place.  

The common factor?  All of these ransomware strains rely on social engineering to capture their victims.  

Now, more than ever, CyberSecurity is extremely important for businesses.  You cannot simply relax & hope that either your business is too small for attack (ransomware spread by social engineering doesn’t care how big, or small, your business is!), or that you filters are going to catch it (they never do).  Create your own “human firewall” by informing your employees about the risks, what to watch for, and what to do about it.   

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks