According to a recent article on Naked Security, not at all hard. While at Black Hat in Las Vegas, researchers from Sophos gave a presentation that dissected the “Philadelphia” ransom software as a service (SaaS) model.
Anyone can buy the Philadelphia ransomware kit on the Dark Web for $400. And for this nominal investment, the would-be attacker gets a simple executable file that sets up the whole system automatically. ...
Continue Reading →
On Monday and Wednesday we looked at email account hijacking, how it happens, and what can happen after the account is controlled by an attacker. Today we will see how an attacker could use the beachhead they established in your email account to extend their intrusion.
They have already proven that you are susceptible to phishing and other social engineering exploits. So sending the victim other phishing emails that allow more ...
Continue Reading →
Has it been another year already? Tomorrow is System Administrator Appreciation Day.
Gifts are always appreciated. Some easy do-ers. Mountain Dew, Doritos, Pie, Pizza.
Here are some cool ideas from my Pinterest feed.
On Monday we opened this discussion about hijacked email accounts, and showed some examples of the phishing tricks that attackers use to get you to reveal your email password. Today we will explore the many useful and profitable exploits that a compromised email account offers a cyber-criminal or other attacker.
I consider email account compromise to be one of the most personally harmful cyber-exploits. When another person has access to your ...
Continue Reading →
Toward the end of last year I made a pair of bold predictions. The first, that ransomware exploits would start declining, because anti-malware software companies were bringing products online that would prevent the encryption from taking place. The second, there would be an increase in Business Email Compromise (BEC) exploits, as cyber-criminals turned to new income streams. I was only half right.
BEC exploits have increased, because the potential returns are ...
Continue Reading →
Seems to be a busy summer so far. Barely finished up with WannaCry and now we are dealing with Petya. Here are some useful links
About Petya:
I have followed with great interest ...
Continue Reading →I recently gave a presentation titled “Email Security – Resist That Click” on May 23 2017 at the Phipps Theatre in Hudson WI. This event was sponsored by First State Bank and Trust of Bayport MN. I was also asked to present this topic at the MnCCC Conference (Minnesota Counties Computer Consortium) in Alexandria MN on Wednesday June 7, 2017. This presentation was titled “The War for Tour Inbox.”
First State Bank and Trust had my presentation video recorded, and it ...
Continue Reading →
There is a new encryption ransomware exploit hiding inside a spoofed copy of the popular Chinese game “King of Glory.” Right now, this malware is affecting users in China, but it is a matter of time before another cyber-criminal group modifies it for English speaking victims.
This game is available on international gaming forums, and is being spread when gamers download a copy ...
Continue Reading →
Are you sick and tired of having to have your computer restored after every malware infection? Looking for a way to fend off crypto-ransomware attacks for good? Then Windows 10 S may be for you.
Windows 10 S is a new, stripped down and hardened version of the popular operating system. This is a great option for computer users who mostly use computers for searching the web and reading email. The ...
Continue Reading →
A post about an alert I received first from AlienVault, and then from everybody. There is a new crypto-ransomware variant called Wanna Cry that is taking advantage of a recent Microsoft vulnerability that was patched back on March 14. If your computers have not been updated with MS17-010, then those computers are vulnerable. Microsoft considers this vulnerability significant enough to release it for Windows XP, even though official support ended over ...
