Resume Ransomware: GoldenEye targets hiring managers, recruiters and HR

People charged with filling career positions at their companies need to be on the lookout for ransomware—especially GoldenEye ransomware.

GoldenEye is a new form ransomware written by the same cybercriminal who gave us the Petya and Mischa ransomware attacks. The author has applied some of the same distribution tactics that Petya and Mischa are known for by masking the ransomware as a job application. GoldenEye attacks typically begin with an email that appears to be from someone interested in a position. The inboxes of human resource personnel and hiring managers are often swamped with emails from potential candidates. As a result, very little time may be spent reviewing each email. Instead, recruiters and HR managers open the attachments and quickly screen resumes or cover letters to determine if the applicant is qualified for the position. GoldenEye takes advantage of this behavior. GoldenEye is currently targeting potential victims in German-speaking countries, but that could change at any moment.

GoldenEye emails include two attachments; a PDF cover letter and an Excel spreadsheet with a file name that includes the phony applicant’s last name, a dash and the word “application” in German. The cover letter looks entirely legitimate. The cover letter has an introductory statement, photograph and then states that the Excel file contains references and results from an aptitude test. The PDF attachment does not include any malicious code but the presence of a well-written cover letter aids in convincing the victim to open the second attachment, an Excel file.

The Excel file contains the ransomware as a macro. The file displays a flower logo that appears to be loading something. Microsoft Office blocks the macro unless macros have been enabled by the victim. Victims are enticed to enable the macros so that the loading screen will disappear to display the resume content. However, once enabled by the victim, the macro will save code into an executable file in the victim’s temp directory and then launch the ransomware. The program encrypts files and displays a ransom message. However, after the initial ransom message is displayed, GoldenEye restarts the machine and encrypts the Master File Table (MFT) and replaces it with a custom boot loader that shows the ransom message upon computer startup.

GoldenEye essentially performs the file encryption activities of Mischa and then restarts to perform the MFG encryption activity of Petya. Both encryption methods have been improved, and decryption methods for Petya and Mischa will not work on GoldenEye.

GoldenEye’s ransom message instructs victims go to a URL on the dark web to obtain their decryption key. Victims will need the decryption code presented in the ransom message to pay the ransom.

Be careful when opening any attachments from an unknown person and ensure you have a backup of critical files so that GoldenEye does not claim a ransom from you.

For more news and information on the battle against ransomware, visit the FightRansomware.com homepage today.

Which Security Career is Right for You?

Security is a growing field, and with its growth come many different career options. As you gain experience in different security areas, you may choose to further specialize or move into management in that area. Some security roles include analyst, network security engineer, auditor, computer forensics and penetration testing.

Analyst

Security analysts interpret security information from within the organization and from outside entities and make recommendations to management. They review security logs and data collectors for organizational systems and alert colleagues to potential threats. Some analysts work in a Network Operations Center (NOC), where information from data collectors is consolidated and presented for ongoing review and decision-making. They also review current security standards and recommend methods and controls to maintain a consistent information security risk level within the organization. Analysts are generally detail oriented, organized and thorough.

Network Security Engineer

Network security engineers implement controls as defined by management or required by regulations. They are responsible for configuring a variety of technologies including perimeter defense systems such as firewalls and intrusion detection systems; authentication systems such as directory services, remote authentication, and biometric systems; and encryption services. Network security engineers often have a background in information systems and networking.

Security Auditor

Security auditors are responsible for assessing whether adequate security controls are in place in an organization in order to satisfy regulatory requirements and organizational risk thresholds. They may work as consultants providing auditing services to clients. Auditors may use multiple methods for assessing controls: observations involve reviewing control documentation, corroboration relies upon interviews and statements of those responsible for controls, while inspection relies on direct control review. Auditors may also test controls by conducting simulations. Auditors are generally detail-oriented, pragmatic and methodical.

Computer Forensics

Computer forensics professionals such as forensic investigators or analysts collect digital evidence from devices such as computers, hard drives, phones and flash media. They follow a strict process that ensures original evidence is not modified and that a chain of custody documenting each interaction with the evidence is maintained. Computer forensics professionals analyze the data on devices, including data in deleted areas, memory or unused portions of media to find data relevant to an investigation. They may also be required to testify in court regarding their findings. Major tools used in computer forensics include Guidance Software’s EnCase, Access Data’s Forensic Toolkit (FTK) and Cellebrite.

Penetration Testing

Penetration testers assess the security of a system by attempting to break into it. Penetration testing occurs only after the owning entity of the system provides authorization for testing to be performed. The attacks used and vulnerabilities discovered are documented along with appropriate remediation steps. Major tools used in penetration testing include Metasploit, Nmap, OpenVAS and Kali. Penetration testers are generally very creative, adventurous and curious about how systems work.

Security Management

Security managers coordinate activities in their area of responsibility. They ensure that those in their department have tasks to accomplish and the resources to complete those tasks. Security managers ensure that costs stay within budgets and approve or make recommendations on new equipment purchases or staffing changes. Security managers also provide leadership and coaching to their departments while interfacing with other executives to coordinate activities and communicate the status of ongoing work. Security managers may be responsible for areas such as a Network Operations Center (NOC), Security Operations Center (SOC), penetration testing team, auditing department, incident response, system analysis, or other areas.

Managers are sometimes promoted from within a department or may come from a business or project management background in another field. If you wish to get into management, gain familiarity with an information security discipline and then begin developing your project management and leadership skills.

You are in for an exciting career no matter which role you choose. Consider your own personality and think about which of these areas appeals to you. One element common to all these roles is continual learning. The security field is constantly changing, and you will need to stay abreast of these changes to be effective in your role.

Continue reading

Security Career Networking Tips

Do you know why all the major online retailers offer a way for users to review products? It’s because people want feedback from others when making a decision. Job searches are no different. A resume may say a lot about skills and experience, but it says little about a person and, in the end, it’s the person who gets hired. Start networking to accomplish this. You can do this by building a network, networking through groups and through social networking.

Building a network

A word from a colleague or associate regarding an applicant makes a much greater impression than a good resume. For this reason, it is important that you not only gain the necessary skills and experience but also build a network of professionals in the industry.

You can begin the process right now. Create a list of the people you already know, such as friends and family, neighbors, co-workers, coaches or trainers. Even people you have met in the past such as friends of your parents, your doctor, insurance agent or lawyer can help.

Discuss your career goals with people you know and seek their advice on how best to prepare. Most people have a desire to help and enjoy providing advice if they know that advice will be appreciated. Make sure you follow their advice if it sounds reasonable and keep them up to date on your progress.

If you don’t follow their advice, let them know why. These people will be your champions once they see that you are willing to listen attentively, pursue your goal tenaciously and communicate with them. You are giving them a success story they can later relay to a hiring manager, which can go a long way in establishing that you’re fit for the job.

Networking through groups

Join one or more professional groups such as ISACA, ISSA, ACM, or Infragard and begin attending their meetings. As you talk to people, concentrate on asking questions about their work and some of the challenges they face. Work on being a good listener by concentrating on the person, thinking through what they say and asking questions to clarify.

Don’t forget about your nonverbal communication. Smile and make eye contact. Shake hands firmly and keep an open, inviting stance. Be aware of their nonverbal communication as well, especially indications that they want to switch to a different topic or step away from the conversation.

It can help to collect business cards and take notes on the people you meet; it’s easy to forget important details if you don’t write them down. Review your notes before your next meeting so you can engage with people again and pick up where you left off.

Social networking

Develop a LinkedIn profile and possibly a Google+ or Twitter profile. Add the people you meet to your social networks so you can continue to interact with them and better understand their relationships with others. However, don’t rely solely on social networks, because they are simply an extension of your real-life networking activities.

When it comes time to search for a job, let those in your network know what you are looking for. Be specific. Don’t just say you are looking for a job. Rather, say what position you would like to have. A large number of positions are filled without ever being posted to a job board. Those in your network may be aware of one of these possibilities and could mention you to the hiring manager.

Remember, you are asking a great favor of someone when they recommend you for a job. Make sure you have developed a good relationship with that person before asking. In other words, don’t ask someone about potential opportunities the first or second time you meet them.

Make those personal connections and begin networking now. The process itself will make you a better communicator, and the relationships you build will benefit you long after you start your career.

Continue reading

Getting Over The Experience Hurdle

New graduates are in a tough spot, especially those interested in cyber security. A majority of cyber security positions require one or more years of experience; and thus the difficulty, because experience is often earned on the job. Don’t let this hold you back from applying for one of these positions, because there are many ways to get the experience you need.

Certification

Certification is an excellent way to demonstrate skills, especially when experience is lacking. Certification tests are typically timed, multiple-choice exams that measure knowledge of a specific subject. Some of the mainstream certifications, such as the Certified Information Systems Security Practitioner (CISSP), have an experience requirement but many others, such as the Security+, Certified Ethical Hacker (CEH) and the Holistic Information Security Professional (HISP), do not.

Volunteering

Do you belong to a group or support a cause that might need your help? Experience does not have to be gained on the job. Instead, offer to secure the website code for your scout troop, update the computers at your church or school, teach residents of a local nursing home how to protect their privacy online or configure wireless access points for people in your apartment complex. Lastly, don’t forget to list these volunteer activities on your resume. You can include them in a skills section if you have only volunteered once or twice but if you volunteer regularly, create a volunteer section on your resume to specifically highlight these.

Extracurricular Activities

There are likely professional groups in your area that discuss security such as ISACA, ISSA, ACM, or Infragard. If you are in a major city, there are probably dozens of groups. While some cost money to join, many memberships or attendance of group events are free. These groups might meet monthly to discuss relevant topics in cyber security—join one or more of them and start attending their meetings. After you become comfortable with the members and venue, approach the group’s leadership about helping out. Most groups are always in need of help, and this will also allow you to network with others in the industry and stay current on important topics.

Internships

Most of the suggestions so far have offered ways to gain experience outside of the workforce. Internships, however, offer on-the-job experience that can easily be added to your resume. Internships are advertised in the same places you’d find job postings: job boards, Craigslist, school career portals and company websites just to name a few.

Some internships are unpaid, but don’t be frightened by this. Unpaid internships are generally more geared toward preparing an intern for the workforce. Paid internships, on the other hand, usually involve tasks that are more directly related to the company’s business—there may be less mentorship and guidance.

Either way, internships give you a chance to try your skills out in the real world and to tackle real problems that you can discuss in an interview or cover letter. Also, don’t forget to ask for a letter of recommendation from your supervisor if you did a good job in your internship.

Everyday Activities

The last area where you can demonstrate experience is in your everyday life. This is especially relevant for soft skills or general business skills such as communication, time management, organization, project management and planning. You can begin this process right now. I recommend creating a skills inventory that you can draw upon as you begin your job search. You can start with a simple outline. Create main sections for computer skills, critical thinking, problem solving, leadership, organization, communication and so forth.

Next, think about times when you had to use these skills in your daily life. For example, for leadership you could list how you took charge of a team project for one of your classes. Describe how you divided responsibilities and helped set a shared vision for the group. Make sure to describe the outcome as well.

Armed with one or more certifications, volunteer and extracurricular experience, an internship and your everyday skills, start looking for jobs and create a resume and cover letter tailored to the desired traits indicated on the job description.

Continue reading