Important Cybersecurity News (June 2017)
Ransomware and phishing are still favorites of cyber-criminals these days. But the members see phishing attacks as the #1 method of choice from the hackers. The methodology has become pretty predictable now: The hacker stands up a web-page that looks exactly as that member’s HR login page and then sends targeted e-mails to member employees just before the next payroll run. The phishing e-mail that they receive varies in its message, but in essence the employee is encouraged to click on a link in the e-mail and then put their login credentials into the web page, just like they would do if it were the real HR web page, except it’s not. Once the employee puts in their credentials, the hacker has what they want because they’ve captured the employee’s login credentials to the real HR web site. The hacker then simply uses those credentials to log into the real HR web page, masquerading as the employee and then changes the employee’s direct deposit information. Then, when the next payroll run occurs, the hacker has now successfully transferred the employee’s entire pay into their bank account!
Ransomware is another type of malware that infects a computer and restricts a user’s access to the infected computer. This type of malware, which has now been observed for several years, attempts to extort money from victims by displaying an on-screen alert. These alerts often state that their computer has been locked or that all of their files have been encrypted, and demand that a ransom is paid to restore access. This ransom is typically in the range of $100–$300 dollars, and is sometimes demanded in virtual currency, such as Bitcoin.
Ransomware is typically spread through phishing emails that contain malicious attachments and drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and malware is downloaded and installed without their knowledge. Crypto ransomware, a variant that encrypts files, is typically spread through similar methods, and has been spread through Web-based instant messaging applications.
The most recent and well-known of these is WannaCry. It infected more than 200,000 computers worldwide and lock numerous organizations our of their data, including hospitals and governments. The United Kingdom was especially hard hit as their National Health Service (NHS) was targeted specifically. The only way to recover data was from backups or by paying the attacker $300 ransom to decrypt all of your data. One of the most poignant lessons? The weakness that WannaCry attacked in Windows computers was well known to Microsoft, who released a fix (patch update) months earlier. Many organizations failed to install the update or were using operating systems on computers that were no longer supported by Microsoft. Three simple steps to make sure attacks like WannaCry never infect your computers:
- Patching: make sure computers, mobile devices, apps and anything else connected to the Internet are up-to-date.
- Backups: even some ransomware may be able to infect up-to-date systems, which means the second best way to combat this is to back up your data very regularly. When you lose data, you can recover that information from a backup.
- Be aware of phishing attacks: Don’t fall for that e-mail that looks somewhat official. Question the validity of every e-mail. If it is suspicious, it’s likely a phishing e-mail with an infected file attached or a bogus link in the e-mail.
SANS has an excellent program called Securing the Human which seeks to educate all of us regarding security awareness in these uncertain times. Follow this link to go to their short but really excellent video vignettes in security awareness.
The cybersecurity function here at The Texas A&M University System is focused on the following areas of cybersecurity:
- State & Federal Requirements (security + breach) – Texas Bus & Comm code ¶ 521.053, TAC 202, TAC 206, FERPA, FISMA, etc.
- Security through a shared-service model or Security Operations Center (SOC)
- Monitoring our networks and the state of our network
- International Requirements (TAMUS overseas)
- Legal matters when there is an investigation or forensic review
- Privacy issues
- Business issues (PCI, research granting, private donations, etc.)
- Intellectual Property (identification, valuation, security)
- Key personnel security (fraud, blackmail, extortion)
- Student information security
- Third Parties
- Physical Security
In many ways though, even as we find ourselves improving and hardening our infrastructure to withstand the attacks of known and unknown entities, the common thread which consistently exposes important information is our own people. We must continue to build our monitoring and defensive capabilities at the members and at the newly-formed Security Operations Center (SOC) to provide good and complete security over our information assets while also providing an environment that fosters collaboration and collegial relationships between genuine research and learning partners.
Threatpost | The first stop for security news
The First Stop For Security News