What Can I Do With A Hijacked Email Account? Part 2

On Monday we opened this discussion about hijacked email accounts, and showed some examples of the phishing tricks that attackers use to get you to reveal your email password.  Today we will explore the many useful and profitable exploits that a compromised email account offers a cyber-criminal or other attacker.

I consider email account compromise to be one of the most personally harmful cyber-exploits.  When another person has access to your email ...

Continue Reading →
0

Ransomware is not Dead Yet

Toward the end of last year I made a pair of bold predictions.  The first, that ransomware exploits would start declining, because anti-malware software companies were bringing products online that would prevent the encryption from taking place.  The second, there would be an increase in Business Email Compromise (BEC) exploits, as cyber-criminals turned to new income streams.  I was only half right.

BEC exploits have increased, because the potential returns are so ...

Continue Reading →
0

Current Events Round-up

Seems to be a busy summer so far.  Barely finished up with WannaCry and now we are dealing with Petya.  Here are some useful links

About Petya:

I have ...

Continue Reading →
0

The War for Your Inbox

I recently gave a presentation titled “Email Security – Resist That Click” on May 23 2017 at the Phipps Theatre in Hudson WI.  This event was sponsored by First State Bank and Trust of Bayport MN.  I was also asked to present this topic at the MnCCC Conference (Minnesota Counties Computer Consortium) in Alexandria MN on Wednesday June 7, 2017.  This presentation was titled “The War for Tour Inbox.”

First State Bank and Trust had my presentation video recorded, and it ...

Continue Reading →
0

Android Game Hides Crypto-Ransomware Exploit

There is a new encryption ransomware exploit hiding inside a spoofed copy of the popular Chinese game “King of Glory.”  Right now, this malware is affecting users in China, but it is a matter of time before another cyber-criminal group modifies it for English speaking victims.

This game is available on international gaming forums, and is being spread when gamers download a copy to ...

Continue Reading →
0

Windows 10 S – The S is for Security

Are you sick and tired of having to have your computer restored after every malware infection?  Looking for a way to fend off crypto-ransomware attacks for good?  Then Windows 10 S may be for you.

Windows 10 S is a new, stripped down and hardened version of the popular operating system.  This is a great option for computer users who mostly use computers for searching the web and reading email.  The only ...

Continue Reading →
0

This Will Make You Wanna Cry

A post about an alert I received first from AlienVault, and then from everybody.  There is a new crypto-ransomware variant called Wanna Cry that is taking advantage of a recent Microsoft vulnerability that was patched back on March 14.  If your computers have not been updated with MS17-010, then those computers are vulnerable.  Microsoft considers this vulnerability significant enough to release it for Windows XP, even though official support ended over two ...

Continue Reading →
0

Interesting DDoS Ransom Threat Arrives By Postal Mail

When you work in a cybersecurity organization that serves other business entities, every now and again you see something really unique.  This one crossed my desk on March 28th.  A client of ours received a letter by postal mail that threatened to shut them down with a distributed denial of service attack.  They are probably trying to avoid the Computer Fraud and Abuse Act, but extortion by postal mail is a ...

Continue Reading →
0

Top Cyber Threats for 2017

2017 is promising to be another difficult year for cyber-defenders who are protecting company and government networks from attack.  Here are what I think will be the top attack vectors this year.

Business Email Compromise

CEOs and other C suite officers will increasingly be targeted for email account hijacking.  This is an easy exploit to run because high ranking employees and officers often are ...

Continue Reading →
0
Page 1 of 2 12