Follow on Google News News By Tag Industry News News By Location Country(s) Industry News
Follow on Google News | KnowBe4 CyberAlert: Double-Barrel Ransomware and DDos Attack in-oneCriminal developers have created a new evil way to monetize their operations by adding a DDoS component to ransomware payloads
By: KnowBe4 This is the first time DDoS malware has been bundled within a ransomware infection. It means that while the victim is unable to access their endpoint, that same endpoint is being used to deny service to another victim. Two attacks for the price of one (and two ways cybercriminals can make money off victims). KnowBe4's CEO Stu Sjouwerman noted, "Adding DDoS capabilities to ransomware is one of those "evil genius" ideas. Renting out DDoS botnets on the Dark Web is a very lucrative business, even if prices have gone down in recent years. It looks like this is the first case where a cybermafia has bundled ransomware with a DDoS bot, but you can expect it to become a fast-growing trend." Discovered by Invincea, who said (https://www.invincea.com/ The attackers use Visual Basic to launch a file-less attack, and most antivirus and "next-gen" antivirus vendors are completely blind to file-less attack methods. Consequently, they are unable to see this until it has been dropped on the disk. At that point scanners can find it, and many do, but often that's too late. Sjouwerman advised, "The sample Invincea analyzed is being detected by 37 out of the 57 antivirus engines on VirusTotal (https://www.virustotal.com/ The ransomware is executed first, which encrypts the user's data and then blocks their access to the computer by locking the screen. After this sequence, a second binary called 3311.tmp is launched into execution and starts sending a large amount of network traffic out of the infected computer. Many people get infected with ransomware but some are able to restore from backup. By adding a DDoS bot to the ransomware payload, these cybercriminals create a two-for-one and can squeeze network traffic out of non-paying victims and use it as another criminal revenue stream. KnowBe4 offers up eight ways to address it, in addition to weapons-grade backup: 1. "From here on out with any ransomware infection, wipe the machine and re-image from bare metal. 2. If you have no Secure Email Gateway (SEG), get one that does URL filtering and make sure it's tuned correctly. 3. Make sure your endpoints are patched religiously, OS and 3rd Party Apps. 4. Make sure your endpoints and web-gateway have next-gen, frequently updated (a few hours or shorter) security layers. 5. Identify users that handle sensitive information and enforce some form of higher-trust authentication (like 2FA). 6. Review your internal security Policies and Procedures, specifically related to financial transactions to prevent CEO Fraud. (https://blog.knowbe4.com/ 7. Check your firewall configuration and make sure no criminal network traffic is allowed out. 8. Deploy new-school security awareness training, which includes social engineering via multiple channels, not just email. Since phishing has risen to become the #1 malware infection vector, and attacks are getting through company filters too often, getting users effective security awareness training which includes frequent simulated phishing attacks is a must. " For more information visit: www.knowbe4.com About KnowBe4 KnowBe4 is the world's most popular integrated Security Awareness Training and Simulated Phishing platform. Realizing that the human element of security was being seriously neglected, KnowBe4 was created by two of the best known names in cybersecurity, Kevin Mitnick (the World's Most Famous Hacker), and Inc. 500 alum serial security entrepreneur Stu Sjouwerman, to help organizations manage the problem of social engineering tactics through new school security awareness training. The company maintains a top spot in the Cybersecurity 500 (http://cybersecurityventures.com/ End
Account Email Address Account Phone Number Disclaimer Report Abuse
|
|