Information Security News Alert November 2016
The Horrors of Malware How to Identify a SOCIAL ENGINEERING Attack
Types of Malware & My Mom Got Hacked!
The Care.com Scam
Criminals targeting good people
QUESTIONS? PLEASE CONTACT: Dawn Thistle 508-767-7095 dthistle@assumption.edu
Bob Lavner 508-767-7006 blavner@assumption.edu
DISCLAIMER: The advice within was collected and created by the Security Awareness Company and is intended to be used as general safe practices. You should always follow College policy.
MALWARE MYTH:
M
My Mac can’t get infected.
alware is any malicious software, script
or
code
a computer,
installed
on
(in software or
firmware) that alters its function in some
Wrong! While the Windows
manner without permission. It might be
operating system has been a
malicious or it might not be. Malware comes
bigger target over the years
in all shapes and sizes and can go undetected for long periods of time. Symptoms include
simply due to the number
a slow running computer or web browser,
of users, Apple computers
freezing or crashing, difficulty connecting to
are just as vulnerable. In
networks, modified or deleted files, programs reconfiguring
themselves,
or
fact, sometimes they are
generally
abnormal behavior.
The end game of malware is to provide bad
How do you get infected by malware?
guys access to your system in order to steal
Simple: click on links emailed, skyped, texted
your personal data, credentials, or make your
or otherwise sent to you from strangers,
computer part of their hostile BotNet. And, like
friends, or colleagues who might unknowingly
with all things computer security, infections
send you an infected file. Or, you can
can be prevented by maintaining good cyber
download attachments ‘allegedly’ sent to you
hygiene: keep software and firmware up-
from your credit card company or bank (even
to-date, use strong passwords, backup data
though your bank will never send a random
regularly, implement anti-virus and anti-
attachment). That’s phishing, and is still the
malware software, think before you click, and
number one attack method by cybercriminals
always follow policy.
specifically targeted due to the number of ignorant users. THE TRUTH IS THIS: ALL DEVICES, REGARDLESS OF MANUFACTURER OR SOFTWARE, CAN BE INFECTED.
because it’s still the most successful.
TROJANS masquerade as legitimate software, only to later unleash their venom on your data and give cyber criminals access to your computer.
ADWARE, or advertising-supported software, is often more annoying than hostile, but it can have harmful effects on your machine such as poor performance. Most adware is bundled in free software that forces popup advertisements to generate revenue for the author.
ROOTKITS are one of the most difficult forms of malware to detect due to their ability to alter virus detection software and hide their presence. Once installed, the attacker can remotely access a computer, execute files and steal information without the user knowing.
VIRUSES, a term often used as a blanket description for computer infections, are a sophisticated form of malware capable of replicating themselves and spreading to other computers.
BOTS infect your device. It can then become an integral part of a criminal network called a botnet. Botnets are a collection of infected computers and mobile devices administrated by the bad guys at a command & control server.
SPYWARE collects personal information or reconfigures things on your computer without getting your permission. It’s one of the most common types of malware which, as the name suggests, literally spies on the end user.
This tale from journalist Alisa Simone explains how her mom got hit with ransomware. The long and short of it is this: a woman in Massachusetts receives a ransomware message that she has seven days to pay the $500 fee. After seven days, the price doubles and eventually all of her files will be destroyed.
Case S
tudy:
My Mo Got Ham c
ked
How she got infected with ransomware wasn’t disclosed. But it’s fair to assume she was phished or clicked a bogus advertisement on a compromised website. She agreed to pay the fee, but due to the ever-changing Bitcoin rates, she came up about $25 short and missed the seven-day deadline, causing the price to double. Interestingly enough, the woman pleaded with the criminals explaining how a snow storm prevented her from getting to a Bitcoin ATM and that she had every intention of paying the initial $500 fee. The criminals responded by sending the decryption key.
The Ransomware Business Model
This story really illuminates three things:
At its core, when you look past the hacks and malicious intentions, ransomware is a business developed around customer service. If we think about it in terms of e-commerce, we First, ransomware can happen to anyone. Cybercriminals aren’t just targeting major enterprises or large businesses. get a better idea of why it has been so successful. Attackers aren’t biased. It begins with the creators of the malware. Once the Trojan has been developed, its creators will often sell it to other cybercriminals Second, ransomware, as Simone noted, is really e-commerce more than anything. and take a small percentage of the profits. The cybercriminals that target victims(or in e-commerce terms, customers) have an obligation Getting infected by ransomware is as easy as a careless Click, Accept, or Install. Ransomware is merely a specific to provide customer service, which includes technical support. Failure kind of malware, and requires a user to actively participate to do so puts their integrity at risk and may prevent them from working in infecting his own computer or our networks. with other ransomware developers. Keep in mind that not a lot of people know much about Bitcoin, or even how to purchase them or use them in any manner. So when Grandma gets hit with ransomware, it’s important that she receives detailed instructions on how to make the payment. It’s also important for the cyber criminals to make things as easy as possible. This is really Business 101. Ease of use, customer service, and customer satisfaction all play major roles in the success of ransomware. Ease of Use – the customer receives detailed instructions on how to make a payment and get their data back. Like all businesses, especially those that are internet-based, convenience is key. Customer Service – even with detailed instructions, criminals have to be prepared to deal with non-tech savvy customers. After all, that is the ransomware market: people who are easy to phish. Therefore, customer service is of the utmost importance. One strain of ransomware went as far to offer live support via chat. Customer Satisfaction – like every business, satisfaction is an absolute must for repeat business. If a victim pays the ransom (akin to buying goods and services), the seller (our cybercriminal) has an obligation to fulfill their end of the bargain. If word gets out that decryption keys are being withheld even after payment, future victims will be much less likely to make the payment. In the case of Simone, her mom ran into an issue and couldn’t process the payment on time. The criminals could have said tough luck and demanded the increased payment, instead they did what any good business would do and forgave the mishap. The ransomware economy would collapse if customer satisfaction wasn’t met.
How to Identify a
Social Engineering Attack
The most common attack vector for malware is social engineering. Social engineering bypasses technical barriers by utilizing nontechnical methods to take advantage of unsuspecting users. In short, it hacks you, the human, not the computer. That’s the second part of the attack. Recognizing an attack is the difference between common sense and becoming a common victim. Here are red flags to assist you in recognizing potentially hostile social engineering attacks: Greetings & Salutations.
Sense of urgency. Scammers make a living by preying on our click-happy habits. A simple line like, “Your bank account has been compromised. Click here immediately to log in and change your password,” is all it takes to create thousands of new victims.
Phishing emails often use blanket greetings such as, “Dear Sir/ Madam/Valued Customer,” whereas any service or company you legitimately do business with will almost always address you by name.
Unsolicited Attachments. Bad guys attempt to trick people into downloading random attachments by disguising them as “important documents,” such as “Salaries2016. XLS” or “FBI_Report_ ID41512a_Secret. PDF.” Downloading these attachments is a great way to catch ransomware.
IF YOU SUSPECT A SOCIAL ENGINEERING ATTACK, FOLLOW POLICY AND REPORT IT IMMEDIATELY.
Want to know what a social engineer looks like? Check out this pop culture reference!
5 Five MOST 4 Costly Viruses 3 Ever 2 1 of the
Fear Tactics. A recent scam targets users illegally downloading the hit series “Game of Thrones.” The attackers send phishing emails that appear to be directly from your ISP (internet service provider) in the form of a fake violation notice. It states that you have illegally downloaded copyright-protected media and includes a link directing you to pay a fine within 72 hours or face legal action. In this case, the bad guys use both fear and urgency.
Tech Support Calls You Instead of You Calling Them. If you didn’t report a technical issue, don’t play along with unsolicited calls from tech support or IT departments. Most often, these are pretexting attempts by cybercriminals who hope you’ll give them just enough information to cause a data breach.
Discovered in the summer of 2001, Code Red exploited vulnerabilities of Microsoft’s IIS servers. At its peak, just six days after its release, Code Red infected an estimated 359,000 systems before spreading to over a million. The worldwide cost of remediation was over $2.6/€2.3 million. Still widely regarded as one of the most dangerous worms of all time, in 2008 Conficker exposed flaws in the Windows OS that allowed it to rapidly spread and form botnets that included government, business, and home computers. Conficker was built to defend itself from being detected or removed. In the end, it infected an estimated 15 million computers and came with a $9.1/€8.2 million price tag (a number that could grow, since the worm has reappeared twice since 2008). Otherwise known as the “Love Letter,” ILOVEYOU was sent via email with an attachment titled “LOVELETTER-FOR-YOU” that, when downloaded, would write over files on the host system and email itself to every single user in the Windows Address Book. By May 15, 2000, over 15 million internet-connected computers— nearly 10% of global machines—were affected. The cost? Over $15/€13.5 million. SoBig contained a malicious attachment and was delivered via email with a variety of subject lines such as “Approved” or “Thank You!” It was part virus and part Trojan in that it could not only replicate itself, but also disguise itself as legitimate software. It turned an infected machine into a spamming zombie by using the host’s email list. Remediation costs grew to $37.1/€33.3 billion. To this day, Microsoft is offering a $250,000 reward to anyone who can expose SoBig’s author! Launched in 2004, Mydoom holds the record as the fastest-spreading worm ever. Built as an email spammer, Mydoom executed distributed denial of service (DDoS) attacks against the software company SCO Group. The attack shut down their website for two weeks. The worm has reappeared a few times since its original discovery, and is now estimated to be the costliest virus ever with reported damages surpassing $38.7/€34.7 billion.
The Care.com Scam
Criminals Targeting Good People
O
ne of the most successful ways to hack the human is by preying on their emotional tendencies, especially when it involves sympathy. Such is the case with Care.com, which provides global caring solutions for a variety of family needs. From babysitters and senior care to companionship for the mentally ill, their mission is to find and manage quality care for those in need. Naturally, scammers see this as an easy playing field. Let’s take a look at a recent real life example. Here’s an email sent to someone who signed up as a pet sitter on Care.com. Notice anything phishy? This email is littered with grammatical errors and general spacing and formatting issues. The sender also included two pictures: one of a dog lying in the grass, and the other of a mom with two kids outside of a school building. A quick reverse image search of the family picture revealed that it was, unsurprisingly, from a stock photo website.
Here’s another example sent to the same person by a different scammer. The grammar is a little bit better but it’s almost the exact same template. The scammer builds a story in an attempt to connect on a personal level. He compliments Tina on her profile before asking her for PII (personally identifiable information). Then he gets down to the meat of the scam, requesting her to cash a check, deduct her fee, and send the rest to the “Doghouse seller.” Nice try, buddy. Tina was too smart and security aware to further engage with either scammer and immediately reported them. It’s unfortunate that a website with such good intentions is a major target for criminals, but that’s the world we live in. The moral of the story is to trust no one, verify the source of emails, and never give away PII to strangers or enter it into forms on ‘suspicious’ websites. At work, check policy before logging in to personal accounts, like Care.com, using web mail, or any other non-business activity.
Can you identify all the phishy parts of this scam email? Share with your friends & family to test everyone’s security sense!
HEADLINE NEWS Tesla Responds to Chinese Hack With a Major Security Upgrade
THN
The Hacker News @TheHackersNews • Oct 3 Largest 1 Tbps DDoS Attack launched from 152k hacked Smart Devices bit.ly/2d9GRqF
R
The Register @theregister • Sept 30 Criticize Trump, get your news website smashed offline from Russia bit.ly/2cOlASk
CBS
CBS News @CBSNews • Sept 29 This battleground state is among the most vulnerable to voting hacks, a cybersecurity expert says cbsn.ws/2dM6rGY
CD
CoinDesk @coindesk • Sept 28 Banks adopting blockchain ‘dramatically faster’ than expected: IBM reut.rs/2dF89Ww
Researchers at the Chinese firm Tencent revealed they
could burrow through the Wifi connection of a Tesla S all the way to its driving systems and remotely activate the moving
vehicle’s brakes. Along with this, they exposed a chain of security problems.
The hackers first dug up a vulnerability in the Tesla
S’ browser, which is based on the open source browser framework WebKit. That bug allowed them to start running
malicious code in the browser of any Tesla that visited a carefully crafted website.
Tesla added a measure that requires any new firmware written to components on the CAN Bus—the internal
network of computers that control everything from steering and brakes to windshield wipers—be digitally signed with
a cryptographic key only Tesla possesses. The Tesla security team pushed the fix to all Tesla S and X vehicles within ten days. To read more, visit http://bit.ly/2dzjZEN.
Russian Hackers Target Journalists Investigating MH17 Crash Last year, Trend Micro reported that the Dutch Safety Board, which had been investigating the cause of the crash, was targeted by a Russian cyberspy group. According to threat intelligence firm ThreatConnect, members of the German investigative firm Bellingcat, who covered the crash of flight MH17, had received spear phishing emails between February 2015 and July 2016. The emails, designed to look like they were coming from Google, were similar to the ones described in June by researchers at the security consultancy SecureWorks, who identified thousands of email accounts targeted by alleged Russian government controlled hacking group Fancy Bear, including ones belonging to journalists. The attacks aimed at Bellingcat also involved domains and domain registration data that was previously linked to Fancy Bear activity. To read more, visit http://bit.ly/2dNi10Y.
AAR
#AAR @PrimePetsUK • Sept 23 Wildlife cybercrime will be scrutinized at CITES g.ifaw.org/2dmpMzh
SAC
Security Awareness @SecAwareCo • Sept 19 Firefox Browser vulnerable to Man-in-theMiddle (MitM) Attack bit.ly/2dDn6Yi
M
Motherboard @motherboard • Sept 19 The encryption key that secures the web is being changed for the first time http://bit.ly/2dnVgC2
NSA
NSA/CSS @NSAGov • Sept 8 The first computer “bug” was discovered by then CAPT Grace M. Hopper in 1947 bit.ly/2dF3qsJ