The insider is still one of the most vulnerable elements of cybersecurity and it was the discussion of the recent Modern Workplace webcast on cyber intelligence and the human element.  Insiders are those who are authorized to work on company systems or in company facilities and they include trusted employees and contractors.  Whether it is through human error, social engineering, or intentional action, insiders are the cause of a significant portion of malware infections, data breaches, information theft, and privacy violations. There are some key strategies you can use to…

Continue reading

I recently did an interview with JAX Magazine on DevOps and here is the transcript of the interview. Some people call DevOps a cultural movement, others consider it a magic bullet. In your view, what is the essence of DevOps? DevOps is used to increase the efficiency of a business. It is a catalyst for collaboration between the roles of technology developers and IT operations to improve the agility of both IT and development. It is no magic bullet. The same problems such as poor communication, mismatched expectations, lack of cohesiveness and…

Continue reading

Cybercriminals extorted about one billion dollars from ransomware victims last year, according to the FBI. And nearly all of those perpetrators went unprosecuted because of the innovative methods they use to protect their identities and hide their funds. They go to great lengths to keep authorities from seizing or freezing their money. By and large, their efforts have paid off. Here’s how they do it: Hidden identities, disposable email Extortionists protect their identities whenever interacting with victims. This generally occurs when they distribute ransomware, and when they collect ransom payments…

Continue reading

If we have learned anything over the last few years about data breaches, it is that they are likely to happen.  However, data breach frequency can be reduced and its impact minimized with some key strategies. Both response and prevention efforts are greatly impacted by organizational culture.  Organizational culture is formed over years as certain values and behaviors are reinforced or discouraged through a series of successes and failures.  Security is seen as important and vital to organizational success in positive security cultures while it is ignored or even discouraged…

Continue reading

People charged with filling career positions at their companies need to be on the lookout for ransomware—especially GoldenEye ransomware. GoldenEye is a new form ransomware written by the same cybercriminal who gave us the Petya and Mischa ransomware attacks. The author has applied some of the same distribution tactics that Petya and Mischa are known for by masking the ransomware as a job application. GoldenEye attacks typically begin with an email that appears to be from someone interested in a position. The inboxes of human resource personnel and hiring managers…

Continue reading

PopcornTime is a newly-discovered form or ransomware that is still in the development stages but operates off a disturbing principle: Victims who have their files encrypted by PopcornTime can agree to pay the ransom, or they can choose to send the ransomware to friends. If two or more of those friends become infected and pay the ransom, the original victim gets their files decrypted for free. The process is reminiscent of the movie, “The Ring,” where victims who had watched a film had seven days to make a copy of…

Continue reading

Two email accounts of a ransomware distributor were recently compromised. The analysis of these accounts gives an interesting “behind the curtain” view of a ransomware distributor. It appears that even malicious hackers use a bit of security advice. The email account, cryptom27@yandex.com, which was used by the attacker behind the recent San Francisco Municipal Transportation Agency (SFMTA) ransomware incident, had an easily-guessable secret question. That allowed a security researcher to take over the account. The unidentified attacker had a backup email account, cryptom2016@yandex.com, that used the same secret question and…

Continue reading

Cybercrime is very much a psychological game and ransomware is no exception. Psychology plays a major role in almost all aspects of ransomware from the moment an attack is launched to the moment the victim pays—or refuses to pay—the ransom. Psychology of ransomware distribution Most ransomware is distributed through phishing emails, instant messages, and text messages. Distributors use psychological tactics designed to create a sense of urgency and force the victim to click a malicious link or attachment quickly. This preys on a person’s emotions, especially fear. Victims are told they…

Continue reading

This past year, ransomware has extorted vast sums of money from enterprises.  Ransomware is a form of malware that encrypts data and then demands a ransom payment to decrypt it.  The most common ransomware encrypts files likely to contain work product, cherished memories, or user-created content such as documents, spreadsheets, source code, pictures, music, and videos.  Such files are of high importance to users.  Other ransomware encrypts entire hard drives or targets database files for Oracle, MySQL, Microsoft SQL Server and email databases.  The results have been disastrous for companies…

Continue reading

Machine learning is a science that uses existing data on a subject to train a computer how to identify related data.  Just like with humans, the more training a machine learning algorithm gets, the more likely it is to succeed at its task.  We have an extensive amount of information on attacks that can be used to train machines.  After all, new attacks come out every day and over a hundred million malware samples have been collected each year since 2014.  This information, as well as the historical information, can…

Continue reading