The latest strain of Snatch ransomware performs a devious task to ensure tools designed to protect against ransomware are nowhere to be found during encryption. This one is pure evil genius! The latest variant of Snatch has been identified by the researchers at Sophos. Infecting Windows 7 through 10 (in both 32-bit and 64-bit versions), […]
Global Utilities See Cyberattacks as Greater Threat to Operations than IT with Half Experiencing Outages
Global industrial organizations are seeing and feeling the effects of cyberattacks, recognizing the material impact potential upon operations. The latest report from Ponemon and Siemens, entitled Are Utilities Keeping Up with the Industrial Cyber Threat?, discusses the current operational readiness of global utilities. According to the report, over half (56%) of global utilities report at […]
Pervasive Ransomware Infection Cost German Software Company Pilz Tens Of Millions Of Euros
A pervasive ransomware infection cost the German automation company Pilz an estimated tens of millions of euros, says Jan Tournois, director of the Dutch department of the multinational. Pilz systems became infected with the BitPaymer ransomware in mid-October, which is used for targeted attacks. All server-based offices were affected by the attack. The black hats […]
Business Email Compromise Topples Over $26 Billion in Losses
This lucrative business of tricking companies into fraudulently transferring funds into cybercriminal-owned bank accounts is showing signs of growing. Scammers use many forms of attack to attempt to separate your organization from its’ money. BEC—aka CEO Fraud— is one of the easiest; using little more than really good social engineering in some cases, the bad […]
You Can’t Always Trust a Dot-Gov Domain
It may be easier than one thinks to register a dot-gov domain, according to KrebsOnSecurity. People have tended to regard urls with the top-level domain dot gov as generally reliable, but this may need to change. KrebsOnSecurity says it “received an email from a researcher who said he got a .gov domain simply by filling […]
A Look at Cryptocoin Scams
Scammers are taking advantage of the allure of new cryptocurrencies to trick people who want to get in early on the next Bitcoin, according to Naked Security. Criminals set up Initial Coin Offerings (the cryptocurrency version of an Initial Public Offering, or IPO) and invite people to invest in their new currency while it’s still […]
Google Sent 12K Nation-State Phishing Warnings In Three Months
Google’s Threat Analysis Group (TAG) delivered thousands of alerts of government-backed attempts to spearphish gmail users over just a three-month period earlier this year, they reported. TAG director Shane Huntley revealed that from July to September 2019 his team sent 12,000 warnings to users in 149 countries. From a heat map attached to the blog […]
The Top Lesson From The Recent Louisiana 2,000-server Ransomware Infection: “User Education, User Education, User Education”
Louisiana suffered a ransomware attack last week that took down more than two thousand of the state’s computers and servers. The ransomware apparently entered the network after a user downloaded an unauthorized file. This is how most malware attacks occur, because only one user needs to fall for a phishing attempt in order for the […]
The Bank of Hawaii early alert of scam phone calls spoofing caller ID
In an early-alert sign, The Bank of Hawaii is warning of a spate of scam phone calls that are spoofing the caller ID of the bank’s real call center, the Honolulu Star-Advertiser reports. The bad guys are likely to repeat scams like this nationwide or even worldwide, so it pays off to watch for this. […]
Click Confessions of a Security Expert
As a “human security” expert, I used to take a lot of pride in my well-honed security hygiene. Yeah… that all ended back in early 2017 when I joined KnowBe4. You see, up until that time, I’d received a number of simulated phishing, attempted real phish, and I’d even run my own simulated phishing programs […]