Ransomware is everywhere! Again, the focus throughout this month’s Cyber Watch post has a lot to do with ransomware. There are stories about ransomware attacks, statistics and future predictions related to ransomware, consequences for paying ransoms, details on families of ransomware, and even some tools to help organizations mitigate the risks of ransomware. There are also some interesting stories related to the risks of smart car technology, insider threats, zoom encryption, and others. How are your organizations preparing a defense against potential ransomware attacks? As you will learn in this post, ransomware can be both damaging and costly for an organization to deal with. We hope you find value in this month’s post and encourage you to read both the post and the full details of the articles by using the embedded links. Also, please share this information with others. Knowledge is power and the more we can share the better we can prepare. As always, we welcome your feedback and look forward to your comments.
FBI Investigating Global Business Email Compromise – “The FBI is investigating a global business email compromise (BEC) campaign that has netted cybercriminals at least $15 million in illicit proceeds.” Click the following link to read more. ZDNet
Electro-mobility (e-mobility) Technology Poses Opportunity for Hackers – Electro-mobility (e-mobility) technology involves the use of vehicles and the internet of things (IoT) creating great technological benefits. It also creates significant vulnerability when we consider the potential for hacker attacks, especially when a vehicle is in motion. Click the following link to read more about these threats, measures you can take to safeguard against them, and various mitigation methods. SECURITYINFOWATCH.COM
Operations Technology Security Reform Resulting from COVID-19 – COVID-19 has increased the risks associated with many aspects of doing business. One area that was previously seen as lower risk is technology operations. Dark Reading details four steps:
- Step One: Don’t Settle
- Step Two: Leverage Security to Enable Business Operational Outcomes
- Step Three: Make a One-Time, Step-Function Increases in OT Security
- Step Four: Bring OT Personnel Onto Security Teams)
These steps organizations can use to shore up controls. Click the following link to learn more about what these four steps and what they entail. DarkReading
CISA and MC-ISAC Release Joint Ransomware Guide – The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released a joint Ransomware guide.
"First, the guide focuses on best practices for ransomware prevention, detailing practices that organizations should continuously do to help manage the risk posed by ransomware and other cyber threats. It is intended to enable forward-leaning actions to successfully thwart and confront malicious cyber activity associated with ransomware. Some of the several CISA and MS-ISAC preventive services that are listed are Malicious Domain Blocking and Reporting, Regional CISA Cybersecurity Advisors, Phishing Campaign Assessment, and MS-ISAC Security Primers on ransomware variants such as Ryuk. The second part of this guide, response best practices and services, is divided up into three sections: (1) Detection and Analysis, (2) Containment and Eradication, and (3) Recovery and Post-Incident Activity. One of the unique aspects that will significantly help an organization's leadership as well as IT professionals with response is a comprehensive, step-by-step checklist. With many technical details on response actions and lists of CISA and MS-ISAC services available to the incident response team, this part of the guide can enable a methodical, measured and properly managed approach.”
Click the following link to read more about the guide and how it can help an organization such as yours, combat against ransomware. Cybersecurity & Infrastructure Security Agency
Chinese Malware Gang SilentFade Used Facebook to Steal $4 Million – SilentFade (malware gang) was active between 2018 and early 2019. Utilizing multiple attack methods, the group was able to infect Facebook users' accounts to gain access to payment information. The group was able to steal approximately 4 Million dollars before Facebook stopped it. Click the following link to read more about SilentFade and its attack. ZDNet
Preventing Insider Threats – According to a blog written by AT&T, Cybersecurity insider threats pose a significant risk to organizations. The blog cites that 71% of insider attacks were accidental, 65% were due to not following policy, and 60% were intentional. The cost to businesses from these attacks can range from $270,000 upwards $20 million. It provides details on various types of attacks (Pawn, Collaborator, The Lone Wolf, and Goof). Finally, the blog gives detailed information on how to safeguard against these attacks (such as through training, physical security, monitoring and reporting suspicious activity, securing desktops, and more). Click the following link to read more. AT&T Cybersecurity
Ransomware Attacks Up Over First Six Months of 2020 – According to Bleeping Computer, ransomware attacks continue to pose risk, with the second half of 2020 being higher than the first. Three ransomware families (Maze, Ryuk, and REvil) lead in the number of attacks. The U.S. is on the top five list of countries under attack reporting a 98.1% increase in the third quarter. IBM provided additional supporting information stating that REvil may have netted 81 million dollars from its attacks this year. Click the following link to read more. BleepingComputer
SunCrypt Ransomware – SunCrpyt (a form of ransomware originating from November 2019) is escalating its ransomware attack. In addition to the traditional data encryption element of a ransomware attack, SunCrypt also leveraged DDoS (distributed denial of service attacks) against a company that failed to respond to the attack resulting in customers being unable to access the company’s site. Click the following link to read more about SunCrypt. CywareSocial
Emotet Banking Trojan Attacks Increasing – Emotet is an older banking Trojan (dating back to 2014) that was recently used in attacks against U.S. entities in August of this year. The Cybersecurity and Infrastructure Security Agency (CISA) posted an alert about this stating that over 16,000 Emotet activity alerts were logged since July. Click the following link to read more about the alert and the Emotet attacks. BleepingComputer
How Can You Secure a Smart Car from a Cyberattack – I have mentioned in the past the vulnerabilities associated with smart car technology. This month, I wanted to share an interesting article that further outlines these vulnerabilities and provides insight into exactly how attackers gain access to technology in a smart car. Security Boulevard explains that threat actors do this by exploiting weak security and multiple connection points. Wireless technology (such as even with key fobs) poses an opportunity for fraudsters to intercept signals and gain access. Also, all the applications used for convenience may vulnerabilities that hackers can take advantage of. The potential for these attacks to be devasting is very high. A vehicle in motion could be taken over and cause an accident result in injuring and/or death. Click the following link to learn more. SecurityBoulevard
Advanced Persistent Threat (APT) Hackers Attacking Government Networks – Advanced persistent threat (APT) hackers (typically coordinated by, or supported by, a nation-state) were found to be targeting government networks and election organizations in October. The Cybersecurity & Infrastructure Security Agency (CISA) posted a joint advisory with the FBI about this issue. The alert details what attackers are going after (such as VPN and remote desktop control technology). It also details what attackers do once they gain access to networks (such as gaining access to active directories to access power user credentials). Use the following link to read more about APTs. HealthITSecurity
State Financial Regulators, the Bankers Electronic Crimes Task Force, and the U.S. Secret Service Launch Ransomware Mitigation Tool – State financial regulators, the Bankers Electronic Crimes Task Force, and the U.S. Secret Service have launched a Ransomware Self-Assessment Tool. This tool has 16 questions that are meant to help financial institutions address and reduce the risk of a ransomware attack. Click on the following link to learn more about this new tool. CSBS
Emails Scams Continue to Use COVID-19 Related Subject Lines – “Coronavirus-related email subjects continue to dominate phishing campaigns, remaining the primary threat, with more than half of phishing emails containing some information related to the COVID-19 pandemic.” Click the following link to read more. Hot For Security
Zoom Rolls Out End-to-End Encryption for all Video and Meetings – The increased use of Zoom during the pandemic led to significant vulnerabilities being discovered that resulted in attacks earlier in the year. To address the security issues known to be associated with the Zoom video and audio-conferencing software, the company has rolled out end-to-end encryption to address these vulnerabilities and better secure the service. Click the following link to read more about what that encryption entails and how it is being deployed. ZDNet
The Pace of Ransomware Attacks Expected to Continue into 2021 – According to DarkReading, the outlook for ransomware attacks in 2021 appears to be just as bad, if not worse, than what we saw in 2020. In an article posted in late October, DarkReading discusses the nature of ransomware attacks and trends in 2020, and predictions for what we may see next year.
"Looking forward into 2021, mobile ransomware will continue to get more advanced," he predicts. "Threat actors are investing significant resources in mobile ransomware's ability to be effective for a long time."
Click the following link to read more about ransomware attacks in 2021. DarkReading
Email and Domain Spoofing Usage in Attacks Increasing – “Email and domain spoofing is a popular practice by cybercriminals to fool recipients to deploy various phishing and malware campaigns. Recently, the FBI has issued a warning about attackers attempting to impersonate the U.S. Census Bureau for phishing and credential theft attacks." Click the following link to read more about what is happening, how it works and recent incidents. CYWARESocial
Barnes & Noble Ransomware Attack by Egregor – The well-known bookseller Barnes & Noble was hit by a ransomware attack orchestrated by the new ransomware gang Egregor. This attack resulted in eBook Nook users complaining about being unable to access their library content because the company had to shut down its network to address the attack. Barnes & Noble did lose some unencrypted financial and audit data. Click the link to read more. BleepingComputer
Financial Crimes Enforcement Network (FinCEN) Assesses $60 Million Penalty Against Larry Dean Harmon of Helix and Coin Ninja Cryptocurrency Tumblers – FinCEN has assessed a penalty against Larry Dean Harmon of Helix and Coin Ninja Cryptocurrency mixing services for violating money-laundering laws.
“FinCEN assessed a $60 million civil money penalty against Larry Dean Harmon, the founder and operator of the Helix and Coin Ninja cryptocurrency tumblers, for violating the Bank Secrecy Act (BSA) and its regulations while operating the two services as unregistered money services businesses (MSB).”
Click the following link to learn more about happened and why: BleepingComputer
Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments – The Department of the Treasury posted an advisory regarding ransomware payments on October 1, 2020. The advisory explains what ransomware is and discussed the increase in attacks. The prevailing theme throughout the advisory is a concern in paying ransomware attackers causing a vicious cycle of continuity in attacks. The advisory also warns about making payment to entities that are potentially on OFAC sanction lists. Click the following link to read the full advisory. Department of the Treasury
AUTHOR: Mark J. Dixon, AAP, APRP, NCP
Director, Payments Innovation
As the Director of Payments Innovation for NEACH, Mark focuses on exploring innovative solutions and technologies that will help position members for success, both now and in the future. Connect with Mark to read more of his blogs, articles, and posts.