The New Scary Thing Warning for 2017
Ransomworms
Article by Ryan Francis at CSO
"As if holding your data hostage and seeking cash payment weren’t harsh enough, security experts foresee the next stage of ransomware to be even worse.’ Ransomware is already big business for hackers, but ransomworms guarantee repeat business.' - Nir Polak, Co-Founder & CEO of Exabeam'".
Scott Millis, CTO at mobile security company Cyber adAPT, expects ransomware to spin out of control in the year ahead. That is an astounding statement when you consider that there were more than 4,000 ransomware attacks daily in 2016, according to Symantec’s Security Response group.
Corey Nachreiner, CTO at WatchGuard Technologies, predicts that 2017 will see the first ever ransomworm, causing ransomware to spread even faster. “In short, bad guys realize ransomware makes money, and you can expect them to double down in 2017,” he says.
“Now, imagine ransomware attached to a network worm. After infecting one victim, it would tirelessly copy itself to every computer on your local network it could reach,” he says. “Whether or not you want to imagine such a scenario, I guarantee that cyber criminals are already thinking about it.”
Alex Vaystikh, cybersecurity veteran and co-founder/CTO of advanced threat detection software provider SecBI, thinks along those same lines. He says ransomware will become smarter and merge with information-stealing malware, which will first steal information and then selectively encrypt, either on-demand or when other goals have been achieved or found to be unachievable.
Although ransomware is an extremely fast way to get paid as a fraudster/hacker, if you are also able to first steal some information before you encrypt the device, you can essentially hack it twice.
“But what we might see in the coming year is ransomware targeting places where there is less chance of backup files being available. For example, I think we’ll see that SMBs (Small and Medium Businesses) who move their files to the cloud generally do not have backups and do not know how to recover. Specifically encrypting cloud-based data like this would have a significant impact on cloud providers and cloud infrastructures,” he says.
Russian Hacking Claim By DHS Official Was Wrong: Evidence Did Not Show Vermont
(December 31, 2016 & January 2-3, 2017)
SANS Institute
A story in the Washington Post last Friday, entitled, "Russian hackers penetrated U.S. electricity grid through a utility in Vermont, U.S. officials say," was incorrect. Based on the Vermont reports, the government initiated a large-scale effort to find code that was supposedly placed on the Vermont utility site, in companies across 16 industry sectors. The Post issued a revision this morning reporting that an investigation into suspicious activity on a laptop owned by Vermont utility Burlington Electric indicates that there is no connection to any Russian attempt to infiltrate the utility's network. A Burlington Electric employee triggered an alert while checking email last week; the alert indicated that the computer had connected to a suspicious IP address. A toolkit called Neutrino found on the computer is not connected to malicious Russian activity.
Your biggest risk is with
your least trained staff member.
Ransomware with a Twist
A new strain of ransomware known as "Popcorn Time" offers victims two ways to regain access to their encrypted files: either pay the ransom demand of one bitcoin or share a malicious link that spreads the malware with two other people; if those people become infected and pay the ransom within seven days, the initial victim will receive a decryption key.
Quest Diagnostics Breach
New Jersey-based medical laboratory Quest Diagnostics has acknowledged that "an unauthorized third party" used a flaw in a mobile app to access patient data, including names, birth dates, and lab results. The vulnerability in MyQuest by Care360 has been addressed; Quest Diagnostics is investigating the breach.
Peachtree Orthopedics Data Breach
Peachtree Orthopedics (Atlanta, GA) has experienced a huge data breach that affects over 500,000 patients. It seems that Peachtree was a victim of a hacker who stole the information and went a step further by issuing a press release:
"It all began many months ago when we acquired 543k patient records which contain both PII and PHI – well before the date of breach notice and alleged date of breach. 543,879 records for anyone counting. Oh, the things one could do with so much data! Some of you have been so kind as to suggest what to do with it all (Hello, ICIT!)."
Lions and Tigers and Bears, Oh My!!
If all this Ransomware, Ransomworm, Data Breach stuff makes you wonder if you are the in the Land of OZ, don’t feel like the lone wolf. It is enough to make you reach for the aspirin.
The only way to prevent getting infected by this stuff is to disconnect the Internet. Yep, disconnect it.
However, most of us cannot do that. We bank, we order things, we keep up with our friends, we watch the news, we look up the answers to things, and so on. It is just not possible to do that in today’s times.
So, what do you do?
The two biggest things I can suggest are:
- Train you staff
- Layer your defenses
Staff Training
Most of this malicious stuff enters a network in one of two ways: a phishing email to one of your staff that says “Click Here” or a staff member visiting a compromised web site and downloading some malicious software.
People don’t need to hack into your network to compromise it when the “loose screw behind the keyboard” (your employees) will do their dirty work for them. The Democratic Party guy, John Podesta, had his emails exposed because he clicked on a phishing email to reset his password (which by the way was “password”).
You have to continually train your people to be alert to these kinds of things. We have an annual anti-phishing program that will periodically email your users “safe” phishing emails from us to test their ability to detect a phishing email. We then require them to take some online training and report back to you the results of our testing.
The other thing to do is layer your defenses. Crooks are generally lazy. Most times they are going to take the easiest target. If you set up layers of defenses between the Internet and your end users, then most of the malicious things can be intercepted before they make it to the desktop.
We sell a UTM (Unified Threat Management) firewall to hook to the cable modem. This is not some cheap piece o’ junk firewall/router that you get from Best Buy.
- It has a “gateway” anti-virus that inspects traffic as it comes in
- It has a gateway anti-spam component to protect against inbound spam
- It has an Intrusion Prevention Software that guards against hackers
- It has a Content Filter to prevent your users from going willy-nilly all over the Internet and bringing back something bad
- It has GEO-IP blocking that allows us to keep entire countries from attempting to connect to your firewall
- It has a new feature that intercepts suspicious data files and sends them to the Vendor, who opens the files in a “sandbox” before delivering them to your network
For even more layering:
- We run a different anti-virus/anti-malware software on all the servers and all the PCs than is on the UTM
- We run a special anti-virus/anti-malware on email servers
- We update this antivirus endpoint software hourly
- We virus scan all of the machines nightly
- We insure that all of your Windows patches and security fixes are applied to all machines
- We update programs other than Windows once a week (Adobe, Java, etc.)
- We scan all servers and PCs daily for any newly installed programs to insure that those programs are safe for your network
And, we spend time every month looking for newer and better ways to add even more layers of defenses to protect our clients.
If you need some help wading through all this information, pick up the phone and call us at 757-333-3299 x232. We’ll set up a time to come out and chat with you about your network security.
Funnies
I changed my password to "incorrect". So whenever I forget what it is the computer will say "Your password is incorrect".
I think my neighbor is stalking me as she's been googling my name on her computer. I saw it through my telescope last night.
Entered what I ate today into my new fitness app and it just sent an ambulance to my house.
Wifi went down during family dinner tonight. One kid started talking and I didn't know who he was.
My internet is so slow, it's just faster to drive to the Google headquarters and ask them stuff in person.
So apparently RSVP'ing back to a wedding invite 'maybe next time' isn't the correct response.
We just received a fax at work. We didn't even know we had a fax machine. The entire department just stared at it. I poked it with a stick.
If Bill Gates had a penny for every time I had to reboot my computer ...oh wait, he does.
and, finally…
HOW DO I TURN OFF CAPS LOCK? I ACCIDENTALLY TURNED IT ON YESTERDAY AND I DON'T KNOW HOW TO TURN IT BACK OFF. ALL MY FRIENDS ARE MAD BECAUSE THEY THINK I AM SHOUTING AT THEM OVER INTERNET. PLEASE HELP!!!
