sign in sign up
<<
Home , Albert Gonzalez, Computer virus, Macro virus

FOCUS ON:

the security awareness SAC COMPANY FOCUS ON: CONTENTS

RANSOMWARE 3 Case Study: The Original Ransomware History does tend to repeat itself. Ransomware has changed everything. It wasn’t all that long 4 Malicious Macros ago that a meant the loss of personally identifiable Macros - Useful? Dangerous? information. Said information would be turned loose on the 5 What is Ransomware? dark web and often sold to other cybercriminals. Exactly what it sounds like. While major data breaches still occur at record levels, the 6 Top 10 Ways to Avoid Scams How to identify and avoid being phished. theft and resale of PII is no longer necessary for criminal to make a profit. Instead, ransomware has made it possible for 7 Catching How to ‘avoid’ it and how to ‘catch’ it. them to steal your data and sell it right back to you. 8 Case Study: My Mom Got Hacked Ease of use and promises of lucrative paydays have made Ransomware is a business after all. ransomware one of the fastest growing areas of . 8 The Ransomware Business Model Unlike other threats to , this one is How ransomware works. supported by a sophisticated network of criminals and a strong 9 The Lifecycle of Ransomware business model that features customer service for victims. Printable infographic With its popularity growing, ransomware has become the 10 What is the Dark Web? The Dark Web may not be exactly what focus of information security professionals worldwide. In the you perceive it to be. following pages, we’ll cover every aspect, from the origins of 12 Who are the Cybercriminals? ransomware, to the criminals behind it, with a focus on how to A short rundown of who the cybercriminals are...and are not. avoid becoming a victim. 13 Cybercrime Starts With You! You are also the solution.

14 Case Study: Ransomware Red-Flags NASCAR Team How NASCAR got hacked.

15 Mouse-Overs: A Case Study Think before you click.

16 Smishing: Phishing Gone Mobile Text message phishing­—the new craze that is sweeping the nation.

17 Ransomware Case Study Victim: The University of Calgary

18 Types of Malware Who knew there were so many? Sound Ransomware’s rise to prominence over the last year has been fueled both by its success Familiar? and by media attention. It has become the History does have a tendency to default method for cyber criminals to repeat itself. And humans have a extort money from their victims using tendency to be curious. A study in advanced technology and is which 297 flash drives were dropped delivered, most often, by some of on a large university campus revealed that nearly social engineering. half of found drives will be plugged in. But the original ransomware attack Now, imagine if those USB drives had been sent by occurred long before computers were mail in professional looking packaging (and imagine household items. Back in 1989, a company if they contained ransomware). It’s fair to estimate called PC Cyborg mailed an estimated that an overwhelming majority would be plugged in 20,000 floppy disks to 90 different and their contents accessed.

The Original Ransomware countries. The contents of the disk were In 1989, Dr. Popp convinced his targets to plug labeled as “AIDS Information - Introductory in his malicious disks through the use of social Diskettes” and came with an installation engineering. Fast-forward to today, nearly 30 years for an interactive that later, and people are still plugging in devices from calculated a person’s chances of contracting unknown sources. AIDS by asking them a series of questions. LLC. What recipients of the disk did not know is Case Study: that once they installed the program, they also installed a Trojan known now as the AIDS Trojan. After a certain number of boots user’s computers were encrypted until a licensing fee of $189 was mailed to a PO Box in Panama. Company, Awareness The Security 2016 ©

What did we learn?

We learned that plugging in USB flash drives from unknown sources is a bad idea.

We learned that social The encryption method of the Trojan was engineering has a track record of quite weak and it didn’t take long to crack. success and we need to stay alert The Computer Incident Advisory Capability sent at all times. out a report on Dec 19, 1989 to alert people of

the scam, and inform them that, if infected, We learned that the only thing that’s changed in they should not pay the fee since recovery over the years is the number of procedures had already been developed. users and, therefore, the number of (To read the full report: http://www. targets for cybercriminals. securityfocus.com/advisories/700) The man behind the malware, Dr. As always, think before you click. Joseph L. Popp , was eventually If it sounds phishy, it is. Use common sense, and when in doubt, delete. arrested and charged. But the judge saw him unfit for trial, allowing Dr. Popp to walk without any conviction. Popp also claimed that he planned to donate all profits to AIDS education and research. Perhaps his intentions were good, but Dr. Popp’s Trojan would be be further analyzed and its weaknesses corrected, ultimately setting the blue print for what we now know as ransomware.

the security awareness “See something? Say something! Incident reporting is all about timing!” SAC CA MALICIOUS MACROS

Macros explained: How you get infected:

Microsoft Office documents containing built-in macros New threats include sophisticated social engineering can be dangerous. Macros are essentially bits of computer and spear phishing attacks that convince users to enable code, and historically they’ve been vehicles for malware. macros and allow the malicious code to run. The sender Luckily, modern versions of Office contain security tries to get you to open the Excel or Word attachment and features that will protect you from macros. Macros are still then enable macros. potentially dangerous. But, like a lion at the zoo, you’d have to go out of your way to be hurt by them. As long as you don’t bypass the built-in security features, you shouldn’t How to Protect Yourself have to worry. To actually be infected, you would have to download a file containing a malicious and go What is a macro? out of your way to disable Office’s built-in security features. As a result of this, macro are now Office documents — Word, Excel, PowerPoint, much less common. Here’s all you need to do: Only and other types of documents — can contain run macros from people or organizations you trust embedded code written in a programming when you have a good reason to do so. Don’t disable language known as Visual Basic for the built-in macro security features by clicking the Applications (VBA). This allows you to “Enable Content” button that appears as part of automate repetitive tasks - Macros the Security Warning. Macros are like any other you’ve created yourself are fine and computer program and can be used for good or don’t pose a security risk. However, for bad. Organizations may use macros to do more malicious people could powerful things with Office or you may create write VBA code to create macros to automate repetitive tasks on your own. macros that do harmful But, like any other computer program, you should things. They could then embed only run macros from sources you trust. these macros in Office documents and distribute them online.

Macro in action:

As you might expect, malware authors took advantage of such insecurities in to create malware. One of the most well-known is the virus from 1999. It was distributed as a Word document containing a . When opened, the macro would execute, gather DO NOT CLICK the first 50 entries in the users address book, and mail a copy of the macro-infected Word ENABLE CONTENT document to them via . Ransomware is exactly what it sounds like: a form of malware that holds you, your computer and your data hostage for a ransom. It hides itself in fraudulent attachments and bogus links. When clicked or downloaded, they unleash a Trojan which encrypts your data—effectively locking you out of your computer. In short, it’s a phishing scam built as that criminals use to con victims out of their money by kidnapping data. As you can imagine, large companies have been the top target. The more data there is to kidnap, the bigger the payday. Recent attacks have seen major corporations forced into forking over tens of thousands of dollars. But the monetary loss is often dwarfed by the damages sustained while data is inaccessible. Take a hospital, for example: in a scenario where employees and managers suddenly lose access to medical records and they rely on to care for patients, money is not the only thing at stake. Ransomware can lead to a life-or-death situation. Ransom fees aside, the cost of downtime is devastating for any size company, in any line of work. Why Ransomware A Trojan is a type of malware that is often disguised as Works: The really legitimate software. Trojans can be employed by cyber- simple answer to why thieves and hackers trying to gain access to users' systems. ransomware works is because humans generally value possessions over money, especially when those possessions Personally Identifiable Information are irreplaceable. To that end, the is any data that could potentially data stored on our hard drives, whether identify a specific individual. it’s precious family photos and the novel you’ve been working on for five years, or the PII of thousands of clients from an organization standpoint, holds top value.

The more complicated answer comes down to psychology. Ransomware is a scare tactic that criminals use to frighten their victims. The fear of losing data notwithstanding, humans are also afraid of looking foolish, afraid of admitting mistakes and afraid of being punished. So they’ll gladly pay the ransom in hopes of making the entire Bitcoin is a digital asset and a situation go away. payment system invented by Its success is also driven by its Satoshi Nakamoto. simplicity. Beginners can purchase the malware on the dark web for cheap, and How Ransomware Works: Once a cyber criminal’s With this sort of “handshake” in place, the malware it’s fairly simple to use once they have target is established, social engineering campaigns are carried begins encrypting files and changing extensions, it. Furthermore, unlike previous data breaches, attackers have a built in out to bypass the security of an organization or individual. effectively rendering them useless to the owner. customer. Rather than selling the This is most often done with phishing that contain The victim, realizing that they now have no control stolen data to other criminals malicious links or documents. Once clicked or downloaded, over their systems and are denied service, has two choices: on the dark web, they can the malware installs itself on the victim’s computer. pay the requested ransom—most often in the form of bitcoins just sell it right back to the Before encrypting, the malware communicates to a server —to retrieve the decryption from the criminals, or attempt victims they robbed. maintained by the criminals. The server then generates two sets of to restore their systems through the use of data . keys: one on the target computer, and one on the criminal’s server. Top 10 Ways to Avoid Phishing Scams

Stop clicking so fast. Read each message as it comes in , and think before you click. x Mouse-over links to see what really lies beneath the URL.

Beware of poor spelling and grammar. They are big, red flags that an email u is probably a phishing attack.

If you receive an email asking you to your account, don’t login through the email.

Open a new browser tab, type in the URL and

login to your account through the website. w LLC.

Verify the email address and company logos. Scammers can change a single letter in an email address or slightly change the color of a logo to make them look quite similar Company, Awareness The Security 2016 and easily undetectable. y © If an email says you have a date with your favorite movie star or that some uncle you’ve never heard of wants to send you money, it is probably a phishing attack.

If you have agreed to sell an item through an online marketplace, and someone offers to pay more thany what the item is worth, it is a scam.

There are new phishing scams being sent every day, and they are getting more refined. Read security blogs and stay in the know about the latest risks, threats & ways to protect yourself through common sense and security awareness. (One fun and informative blog that you can check out is blog.thesecurityawarenesscompany.com) x Notify companies such as Amazon, PayPal or your bank if you receive a phishing email masquerading as a real message.

Phishing emails often come with malware attached. Scan incoming emails with -virus and anti-malware software.

the security awareness “See something? Say something! Incident reporting is all about timing!” SAC CA Catching Malware

Verb: catch; contract (an illness) through infection or contagion In English, the word “catch” has several meanings, but when talking about malware

we will stick with two of them. The first is like catching a cold or getting infected, and LLC. so it is with all types of computers and mobile devices. Even smart cars get infected with malware that can have deadly results. Almost no matter where you go on the , you will sooner or later be targeted with malware. This is not because you are you, but because you are one of hundreds of millions of people who are mass-spammed in the hopes that a few people will catch or get

infected by the malware. Company, Awareness The Security

In many cases, once you have caught the malware, your machine becomes a 2016 © distributor of even more malware, attempting to catch other people. You have now become a part of a ­—or collection of millions of personal devices that are owned and operated by criminal groups around the world. If it sounds scary, it is. You really want to do everything you can to avoid catching any malware under THIS definition. Now, for the second meaning of ‘catch’... So how can you catch malware? Verb: catch; engage a person’s interest, to perceive, notice, observe, discern, detect Oh, let us count the ways. With this second definition of catch or catching malware, we combine technology and Bad habits. Clicking without thinking. common sense. And here is when we DO want to catch the malware. Accepting invitations to “events” or to be “friends” with First, let’s talk about the technology. No malware detection software is perfect, and the bad people you don’t know in real life. guys are always coming up with new ways to sneak past the scanning software. But, if used properly, detection software can make your life better. Responding to ads that say your computer is infected. For your Windows or Apple computers at home, consider using two different products, Believing you won the Irish lottery or that a great aunt perhaps one you pay for and one of the many free malware detection software products. Do from Ethiopia left you a fortune. a little research to make sure there are no known conflicts between the two. Many folks only Accepting IM attachments from strangers. use free anti-virus and detection software. Whichever approach you take, be sure to scan your machine and all storage devices (like drives) regularly. Scan all incoming and Not using antivirus and malware detection software. outgoing email for infections. Update the software as recommended by the vendor. Not using a personal . (Only do this on personal devices. With increasingly hostile attacks toward Android and iOS, a similar detection-based Never add, edit or delete security on business equipment.) approach is suggested for mobile devices. Products come and go, so it’s up to you to search for Downloading apps & games with poor reputations. the best or anti-virus apps. Search through reviews and ask tech savvy friends. Visiting websites your browser says are questionable. The better software offers privacy settings, blacklisting, app scanning and a host of other valuable security features. Leaving JavaScript on by default, except Now, what if some super-smart new malware (like a zero-day or a previously unknown when required at work. attack) gets past the technology? Then it’s up to you, the human firewall, to stay alert and Not patching and updating software. on the defense. On any device, phishing awareness is ultimately the final barrier to getting Giving out personal details to websites you don’t know. infected. Stay alert, use common sense, and, when in doubt, don’t click but ask! (As usual, Clicking on email attachments from unknown people. never make changes to any security settings, install or remove any software without permission at work. Make sure you know and follow policy.) Using Adobe Reader/Acrobat with default settings.

Your human detection skills should Do I know the person who sent Should I contact this What makes the most sense? apply common sense. Always ask me this file/link/invite? person to verify the yourself a few key questions: authenticity? What does company policy say? Does the email/invite look “odd” or “suspicious” in Do I really want to take a Should I click before I think? any way? chance on getting infected?

the security awareness “See something? Say something! Incident reporting is all about timing!” SAC CA This tale from journalist Alisa Simone explains how her mom got hit with ransomware.

The long and short of it is this: a woman in receives a ransomware message that she has seven days to pay the $500 fee. Case Study: After seven days, the price doubles and eventually all of her files will be destroyed. My Mom How she got infected with ransomware wasn’t disclosed. But it’s fair Got Hacked to assume she was phished or clicked a bogus advertisement on a compromised website.

She agreed to pay the fee, but due to the ever-changing Bitcoin rates, she came up about $25 short and missed the seven-day deadline, causing the price to double. Interestingly enough, the woman pleaded with the criminals explaining how a snow storm prevented her from getting to a Bitcoin ATM and that she had every intention of paying the initial $500 fee. The criminals responded by sending the decryption key.

The Ransomware Business Model At its core, when you look past the hacks and malicious This story really illuminates two intentions, ransomware is a business developed around things: customer service. If we think about it in terms of e-commerce, we First, ransomware can happen to get a better idea of why it has been so successful. anyone. Cybercriminals aren’t just It begins with the creators of the malware. Once the Trojan has targeting major enterprises or large been developed, its creators will often sell it to other cybercriminals businesses. Attackers aren’t biased. and take a small percentage of the profits. The cyber criminals that target victims ­­(or in e-commerce terms, customers) have an obligation Second, ransomware, as Simone to provide customer service, which includes . Failure noted, is really e-commerce more than to do so puts their integrity at risk and may prevent them from working anything. with other ransomware developers. Keep in mind that not a lot of people know much about Bitcoin, or even how to purchase them or use them in any manner. So when Grandma gets hit with Ransomware, it’s important that she receives detailed instructions on how to make the payment. It’s also important for the cyber criminals to make things as easy as possible. This is really Business 101. Ease of use, customer service, and customer satisfaction all play major roles in the success of ransomware. Ease of Use – the customer receives detailed instructions on how to make a payment and get their data back. Like all businesses, especially those that are internet-based, convenience is key. Customer Service – even with detailed instructions, criminals have to be prepared to deal with non-tech savvy customers. After all, that is the ransomware market: people who are easy to phish. Therefore, customer service is of the utmost importance. One strain of ransomware went as far to offer live support via chat. Customer Satisfaction – like every business, satisfaction is an absolute must for repeat business. If a victim pays the ransom (akin to buying goods and services), the seller (our cybercriminal) has an obligation to fulfill his end of the bargain. If word gets out that decryption keys are being withheld even after payment, future victims will be much less likely to make the payment. In the case of Simone, her mom ran into an issue and couldn’t process the payment on time. The criminals could have said tough luck and demanded the increased payment, instead they did what any good business would do and forgave the mishap. The ransomware economy would collapse if customer satisfaction wasn’t met. The Lifecycle of Ransomware

Inception A team of cyber criminals creates malware that, when implemented, crawls the infected computer and encrypts files that can only be decrypted by the criminals. They then either research targets and plan out attacks, or sell the malware Extraction on the dark web to other cyber Infection criminals. When the ransom is paid, the Once a target is established, social criminals usually release the engineering campaigns are carried decryption key and allow the out to bypass the security of an organization to return to an online organization or individual. This status. In some cases, the criminals is most often done with phishing may refuse and attempt to extort emails that contain malicious links more money. There is never a or documents. Once clicked or guarantee of cooperation. downloaded, the malware installs itself on the victim’s computer.

Extortion Encryption The victim, realizing that they Before encrypting, the malware now have no control over their communicates to a server systems and are denied service, maintained by the criminals. The has two choices: pay the requested server then generates two sets of ransom—most often in the form of keys: one on the target computer, bitcoins—to retrieve the decryption and one on the criminal’s server. key from the criminals, or attempt With this sort of “handshake” to restore their systems through the in place, the malware begins use of data backups. encrypting files and changing extensions, effectively rendering them useless to the owner. What is the DARK WEB? LLC.

You may have read or heard about the infamous Dark The Dark Web is a part of the Deep Web (a very small Web. The general perception of the Dark Web assumes part of it). It cannot be accessed by standard browsers it is rife with criminal activity—a place to buy drugs and or search engines and instead requires specific software. stolen credentials or hire hitmen—the digital version of Websites on the Dark Web have their identities hidden the black market. While some of that is unfortunately so they cannot be traced. Likewise, visitors have their Company, Awareness The Security

true, the Dark Web isn’t all illicit activity and scary IP addresses hidden so they are when 2016 © cybercriminals. It has other purposes, like providing browsing and can’t be tracked or have their privacy a private, completely safe chat room for victims of compromised. This is accomplished, most often, with Tor, rape or abuse, and giving journalists a place to safely a free platform designed to keep you private in a world communicate with whistleblowers without the worry of where our personal data is for sale. being monitored by governments. An important distinction to make is the difference between the Dark Web and the Deep Web. The two “Tor protects you by bouncing your communications around are incorrectly interchanged in publications, with most a distributed network of relays run by volunteers all around the tabloids opting to use the former given its shock value. world: it prevents somebody watching your Internet connection The Deep Web is everything you don’t see when you visit from learning what sites you visit, and it prevents the sites you a website. If you visit someone’s blog, the page where visit from learning your physical location.” they design and post new blogs is a part of the Deep Web. If you’ve ever worked with a content management system (CMS), you have accessed the Deep Web. Medical To read more about the specifics of Tor and to download records, scientific data and subscription information are the software for your own use, visit Torproject.org. all part of the Deep Web.

the security awareness “See something? Say something! Incident reporting is all about timing!” SAC CA Script Kiddies Hacktivist Scammers & Phishers Younger, less-informed cyber threats Not always conventional criminals, these These are the criminals that reach who generally attempt to misbehave hackers are a part of the “hacktivism” into your inbox promising large sums by using malware purchased from the movement, which utilizes hacking of cash in return for a small, upfront internet underground. They do not to further political agendas such as payment (an advance-fee or 419 scam), always understand the consequences of human rights or freedom of speech and or spoofing a service (such as a bank or their actions. information. company) to get you to click Malware Authors Cyber Terrorists on a malicious link or attachment.

In a way, malware authors are the Experts agree that future conflicts will Insider Threats brains behind much of cyber crime. be initiated by techniques. Insider threats include current or former

They handcraft malicious codes and Examples like the alleged Russian-DDoS employees that compromise sensitive LLC. means of delivery, and often offer attacks against and are information, either intentionally, by their services to lesser-skilled criminal often just the first steps. (Read more accident, or negligence. Insiders can hackers in exchange for a fee or here: http://ubm.io/2bj6Dtp) Defending work alone or with outsiders, but the percentage of profits. critical infrastructures has become a motive is generally personal gain. Aware national mandate across the globe. individuals are less likely to trigger an

unintentional security event or breach. Company, Awareness The Security 2016 hackers are © THIS IS A : people too! In the 1996 movie Independence Day when the world is attacked by If you merely scan the headlines aliens, David Levinson (Jeff Goldblum) THIS IS NOT A HACKER: from popular news cycles, you might successfully breached the aliens’ network From 2005 to 2007, a man by the name be led to believe in a false narrative by reading satellite transmissions of their of Albert Gonzalez carried out the biggest about hackers. In truth, a hacker is communications. His brilliant idea to stop fraud in history by stealing and reselling simply someone with an advanced the aliens from eradicating Earth was to 170 million credit card and ATM numbers. understanding of computers and attack their network by “giving it a cold”—a Gonzalez and his crew targeted the networks. Unfortunately, that word —that would disable their payment systems and networks of major has been used irresponsibly by the shields. Levinson and Capt. Steven Hiller corporations such as T.J. Maxx and Barnes media for decades, resulting in a (Will Smith) socially engineered their & Noble, among many others. Gonzalez negative image which unfairly groups way into the mothership by disguising was eventually arrested, and is currently bad guys with good guys. To be clear, themselves as aliens and flying an alien serving a 20-year prison sentence. all hackers are not criminals; only aircraft up to the ship. Essentially, this Gonzalez is not a hacker. He’s criminal hackers are criminals. was a real life version of a phishing a criminal. Even if he used hacking attack. Levinson uploads his virus to the techniques, and obviously has advanced Want to learn more about the hacker mothership, which ultimately disables the community? Check out these two computer know-how, as soon as he used force fields of all the alien ships (denial of documentaries Hackers Are People his skills to break the law and harm his service). Too and DEFCON: The Documentary! fellow citizens, he became a criminal. In short, a hacker saved the world.

the security awareness “See something? Say something! Incident reporting is all about timing!” SAC CA Cyber Crime Starts With You!

2017 will likely be worse for personal, professional and to make an intelligent decision mobile security than any previous year. There are certainly about every email that reaches no hints that the bad guys (including small-time criminals, your inbox – at home, at work or organized cyber-gangs, nation-states engaged in state- on your mobile devices. You have sponsored espionage, and cyber-terrorists) are going to give to decide if the email is safe, if it up on the most successful tool in their arsenal: phishing. comes from a friend or foe, if it’s According to a study by Trend Micro, 91% of APT hostile, and if it’s really from your boss, (Advanced Persistent ) attacks start with a spear a family member, or a criminal halfway phishing email. The tremendous amount of spam, sales around the world. pitches and fraudulent emails must be separated from The majority of phishing emails that actually legitimate business and personal emails. bypass technical defenses and controls can still be We all have spam filters and anti-virus software detected and deleted by a person with a just a small installed, but sitting at the end of all this technology dose of security awareness. This is where common sense is the most important line of defense: YOU. You are comes in. You must stay alert and aware. It’s important the ultimate arbiter. You sit there, deciding whether to to resist the temptation to click too quickly. We all must click or not, deciding which emails to delete. You have learn how to read between the lines in an email.

Here’s a sample of what you can expect to see and what you should know how to defend against. LLC. DO NOT PANIC! Ask yourself a couple of questions before clicking. Do you actually have a Starbucks account? (Or, do you have a Starbucks “mag stripe” card that you load up from time to time? This is the same as cash, and anonymous!)

Have you even visited Starbucks recently? Did Company, Awareness The Security 2016

you ever spend $132 at a Starbucks? Is there © any errant charge on a credit card to Starbucks? The answers are probably, “No.” Remember to think before clicking on anything. Our advice? Delete, delete, delete!

Once again, if you receive a message like the one on the right, think before you click anything! First of all, did you actually make a payment using PayPal recently? If you did, log in to PayPal directly and check your account that way. You can also contact the company yourself. Second, this email looks a little “phishy” anyway, don’t you think? Why would the email address come from a “paypal-billing.com” domain instead of “paypal.com,” and why would the email use a low-res, skewed version of their logo? Shouldn’t they have used the name on your account instead of addressing you as a generic “PayPal Member?” The grammar is also off and the last paragraph is an attempt to scare you into clicking the links (which are definitely phishing links). DELETE!

the security awareness “See something? Say something! Incident reporting is all about timing!” SAC CA Mouse-Overs A Case Study

Millions of businesses rely on shipping services every single day. So, perhaps receiving an email like the one below would not be too much By hovering (not clicking!) your of a surprise. After all, everyone has probably used UPS at one point or mouse’s cursor over a hot link (a another. And the example looks like it’s from UPS, doesn’t it? URL or email address, for example), the real, underlying URL is revealed. It’s got their logo, colors, and their web address. Plus, the number looks Taking a few seconds for a Mouse- legit. So, it couldn’t hurt to click it and find out, right? Not if you’re being Over is a superb method to detect security aware! Before clicking, perform a quick mouse-over. phishing attacks.

But look at what the mouse-over reveals here. The “content/GB/ EN/” followed by that strange combination of letters in the URL should be a clue that something is odd, especially if you are not even located in Great Britain (GB).

Then, if we mouse over the tracking number link, we see “wwwapps.ups.com” in the URL, again followed by a strange series of numbers and letters. Suspicious, don’t you think?

Finally, take a look at the attachment. “Details.zip” is innocuous sounding enough, but think about the naming conventions of real business documents. Wouldn’t something like “CompanyName_UPSShipping_042015.” be a more useful name? (And generally, services such as UPS won’t send you ANY sort of attachments that you aren’t aware you’ll be receiving first.)

(Continued q) Many websites (including the IRS, UPS, Mouse-Overs PayPal, etc.) now have sections showcasing (Continued) fake email examples to help you recognize when they’re legitimately communicating with The better action would be to access your UPS account directly you, and instructions about what to do if you think you’ve received a spoofed email. if you have one. If you are not satisfied with what you see there, C contact the company directly. UPS: http://bit.ly/1jNNGfH

When you adopt a security aware attitude, phishing emails like PayPal: http://bit.ly/1ErWLHT this lose their power. In fact, they seem a little silly! But not to the bad guys who send millions of these every day. Despite the fact Etsy: http://etsy.me/1DlyB1T that these types of emails are often not even personalized or as Amazon: http://amzn.to/1zy6uu9 specifically tailored as a spear phishing attack, phishing remains the most successful attack. It relies upon laziness, curiosity, and a IRS: http://1.usa.gov/1gI0yUS complete lack of awareness on the part of the recipient.

More Examples from Real Life Emails

FAST FACTS > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > 60.6% 27.7% 7.4% 4.3% of attacks of attacks of attacks of attacks are motivated by are motivated by are motivated by are motivated by CYBER CRIME HACKTIVISM ESPIONAGE CYBER WARFARE Smishing: Phishing Gone Mobile By now, we’ve all had our share of phishing scams show up in link. In more sophisticated scenarios, the text message may ask our inbox. They’re typically easy to spot due to poor grammar you to call a phone number, which will connect you to a live or absurd, urgent requests. But scammers aren’t just targeting person who pretends to be someone from your bank, requiring your computers; they’re after your mobile devices, too. your personal information to verify your account. Smishing is phishing via text messages, or SMS (hence the Regardless of the scenario, the core of the scam is based on the term “smishing”). Often, scammers send a text to your phone same principal as phishing: social engineering. Smishing works disguised to be from your bank or other financial institution. because the fraudster attempts to hack the human and not the It might warn that your account has been suspended and device. Remember, being security aware isn’t a technical immediate action is required, accompanied by a (malicious!) skill. YOU are the best defense against scammers.

A REAL WORLD SMISHING EXAMPLE Earlier this year, a man in Sheffield, England was conned out of nearly £23,000/$33,730 when he received a text message that appeared to come from his bank. The message warned him of potentially fraudulent activity on his account and advised him to call the listed phone number. The man obliged, called the number, talked to the fraudsters and ultimately was robbed of his life savings after they were able to extract his banking information from him. Read the entire story here: http://bit.ly/1nVNfGT.

How to avoid becoming a victim of Smishing 2015 STATS You might think this could never happen to you. There’s no way you’d fall victim to a text message scam! But we urge you to not be overly confident. These scams are becoming more and more sophisticated, to the point of impersonating major banks to near perfection. Here are 5 ways to avoid becoming a victim: Around 1/3 of all SMS If you get a text from your bank, delete it. Banks don’t send text spam includes messages unless you personally set up Text Banking, and even then you generally have to initiate the texting conversation with specific commands smishing to receive specific information, and they won’t include any links. attempts.

Never call an unknown phone number, regardless of the message. If you receive a request to call a certain business, look up the customer service 5 out of 6 contact information of said business and call that number to verify. large companies were targeted with spear Look out for urgency. Like with phishing emails, smishing attempts will often include words like “urgent” or “immediate” or “verify.” These are phishing campaigns clear signs that a con is at play.

Never click on miscellaneous links. Unlike a computer where you can easily 33.61% hover over a link to determine its legitimacy, it’s much more difficult to do so of global phishing scams on a mobile device. A quick click is a quick way to get infected with malware! caused infection. When in doubt, delete. Don’t respond to random messages containing Source: http://www.business2community.com/infographics/protecting- company-spear-phishing-infographic-01543662#79kuWWsLUxvwykkU.97 unknown phone numbers or URLs. If you’re not sure, just delete the message! ransomware case study VICTIM: University of Calgary ATTACKER’S ANGLE: UCalgary was a target due to their status as a “world-class research facility.” The seizure of staff and faculty email and lockdown of university-issued computers prevented access to valuable data. RESPONSE: University IT was able to isolate the attack and restore affected portions of their network. Experts from cybersecurity and the Calgary Police Service were brought in as a part of the investigation. RESULTS: Despite the efforts of their IT team, the university determined their best course of action was to pay the ransom and begin the process of decryption. RANSOM PAID: $20,000 CDN/$15,500 USD Macros Macros are programs that are embedded in documents to perform specific tasks. Macros aren’t Dear Security Guru, inherently bad, and can be quite useful for doing I’m so afraid of getting ransomware. What can I repetitive tasks within applications like Word or Excel. do to protect myself? – Concerned in Copenhagen But someone with nefarious intent (like a criminal You’re not alone. It seems like an incident or new strain of hacker) can create a malicious macro to do any ransomware is reported every day. Criminals behind these number of things: embed itself into other documents, attacks are getting craftier with social engineering, too, making install software without the users’ consent, and email them harder to identify. These “best practice” steps make itself to all your contacts. protecting yourself fairly simple. As always, follow policy when Macro security has improved significantly over the handling work-related data and devices. years. For example, Microsoft created a new naming Don’t automatically click on links or attachments in emails system in 2007 to help identify files with or without without thinking, even if the email appears to come from macros: any file that has the extension .docx is a someone you know. Phishing is the number one way criminals regular file, and a file that contains the extension carry out their attacks. .docm has embedded macros. (Read more here: http:// Utilize the 3-2-1 Backup Strategy: On personal equipment, 1 abt.cm/2bb9cRd) But even that isn’t foolproof! Follow is your primary device, 2 is your local backup, and 3 is off site these steps to help avoid malicious macros: (such as the cloud). Criminals lose their leverage if you have a way of retrieving your data without their decryption key. At work, always follow policy. 1. Trust but verify. Believe it or not, ransomware is coming to a NEVER download an attachment from an smartphone near you. the reputation of any app before UNKNOWN sender. downloading and installing. Stay up-to-date and informed. Not only should you make 2. sure your computers, including mobile devices, are on the latest VERIFY AND SCAN with anti-virus software before you versions of software and firmware, you should also keep an eye download an attachment from a KNOWN sender. on the news. Familiarize yourself with the latest threats and attacks. 3. Follow policy. Know how and when to respond to suspicious DO NOT ENABLE macros unless you are 100% positive activity at work. If you’re not sure, ask! they are legitimate and safe. Symantec’s researchers suggest that almost 1 billion different types of malicious software are roaming around the internet. In some countries, more than 50% of all computers are infected with malware. The bottom line? The exact numbers don’t matter, because there is too much out there to count! PUPS PUPs (Potentially Unwanted Programs) are generally not harmful, but are still software you don’t need or want. PUPs can eat up your system resources and turn a perfectly good computer into a snail.

Adware is the least dangerous and most lucrative form of malware. It merely displays ads on your screen.

SPYWARE WORMS SCAREWARE Spyware is software A worm is a program , sometimes called Scareware, that can track your that replicates itself. pretends to be a good program that will remove all internet activities and Some destroy data and your malware infections, but it is actually the malware send adware back to files in their path while itself! Often, it will even turn off your real anti-malware your system. Worse, RATs others just clog computer software so that it can function undetected. (Remote Administration resources. Tools) can turn on your camera and microphone – without your knowledge. TROJANS & BACKDOORS

A is a piece of software that is secretly installed on your computer or mobile device. It can be VIRUSES programmed to do anything the designer chooses. A virus is a self-producing piece of software. It might be Backdoors – a specific kind of Trojan or Worm – open a harmful, it might not; it depends upon its . However, digital “,” providing unauthorized access to a they are no longer the malware of choice for smart criminals. network.

BROWSER FAKE SOFTWARE HIJACKERS Malware can be disguised as “Hi-Quality-but- A Browser Hijacker resets Inexpensive” software, made to look so enticing your browser settings you have to try it. It can be found on legit and without your knowledge. beautifully designed sites as well as on social This is especially media...virtually anywhere! Be cautious! dangerous when banking or shopping online. These sites can look harmless, KEYLOGGERS but in almost every case infectious malware lies Keyloggers record and transmit everything typed in order to steal login credentials and other in wait. sensitive info.(Keep in mind: one legitimate use of a keylogger is parental control software!) Types of Malware