[HEADS-UP] What are “WannaMine” attacks, and how do I avoid them?

suddenly all over the news. In hindsight, it was a matter of "not if, but when".  Sophos just warned against a new hybrid worm that combines the ETERNALBLUEexploit and cryptomining. ETERNALBLUE is the infamous escaped NSA code that was used in the WannaCry worm, so the combination of this method of breaking in, followed by a cryptomining payload, has been dubbed WannaMine. WannaMine attacks aren't new, but the Sophos Support team has recently had a surge in the number of enquiries from people asking for advice about the issue. Sophos posted a 13 minute video interview, here it is. Here are the quick Questions and Answers, based on the video. Q. Is WannaMine like WannaCry? Is it ransomware that scrambles my disk? A. The name "WannaMine" is a coined term (pun intended) that refers to a malware family that uses the network spreading capabilities of WannaCry to deliver cryptominingmalware rather than ransomware. Q. What is cryptomining malware? Is it as dangerous as ransomware? A. Cryptomining is when crooks secretly get your computer to do the calculations needed to generate cryptocurrency, such as Bitcoin, Monero or Ethereum; the crooks keep any cryptocoin proceeds for themselves. To make money with cryptomining, you need a lot of electricity to deliver a lot processing power on a lot of computers. By illegally installing cryptominers inside your network, the crooks therefore steal your resources to do their work. Q. Can cryptomining damage my computer? A. We've seen stories of mobile phone batteries bulging due to overheating when the device was deliberately forced to do mining calculations for hours on end. However, WannaMine doesn't run on mobile phones – it attacks Windows computers. Nevertheless, even if no permanent damage is done, you'll probably find your laptop batteries draining much faster than usual, your fans running flat out, and your laptop being noticeably hotter than usual. Also, if malware like WannaMine can penetrate your network, you are at serious risk of other malware at the same time, including ransomware. We frequently see evidence of cryptomining left behind on computers that were zapped by ransomware, so don't ignore WannaMine infections if they show up – where one crooks goes, others will surely follow. Q. If I don't own any cryptocoins and I'm not part of the cryptocurrency scene, am I still at risk? A. Yes. WannaMine malware attacks aren't trying to locate your digital cryptocurrency stash and steal it. They want free use of your computer for cryptomining calculations of their own, whether you're interested in cryptocurrency or not. Q. Can security software prevent WannaMine attacks? A. Yes. Exploit prevention software (e.g. Sophos Intercept X) can block the ETERNALBLUE attack to prevent malware like this from entering your network in the first place. Anti-virus and host intrusion prevention software (e.g. Sophos Endpoint Protection) can stop the malicious processes that allow the WannaMine attack to proceed, even if the exploit triggers at te start. Network security software (e.g. Sophos XG Firewall) can block the network activity required for malware like WannaMine to work. Q. What else can I do? A. Patch promptly, and pick proper passwords. WannaMine malware typically includes the same ETERNALBLUE exploit that was abused by WannaCry and allowed it to spread. This exploit was patched last year in Microsoft update MS17-010, so a properly patched network wouldn't be open to the exploit in the first place.  If the ETERNALBLUE hole is already closed, WannaMine can try to spread using password cracking tools to find weak passwords on your network. Sophos said: It only takes one user with poor password hygiene to put your whole network at risk. Here are three things you can do about this right now Re-test your whole network for Patch MS17-010 and make 100% sure that all machines are indeed updated Step your users through new-school security awareness training, and have them do the new Strong Passwords Module. Download the free Weak Password Test tool, and immediately scan AD for passwords that need to be beefed up. How weak are your user's passwords? Are they... P@ssw0rd? Verizon's recent Data Breach Report showed that 81% of hacking-related breaches used either stolen and/or weak passwords. Employees are the weakest link in your network security, using weak passwords and falling for phishing and social engineering attacks. KnowBe4's complimentary Weak Password Test (WPT) checks your Active Directory for several different types of weak password related threats. WPT gives you a quick look at the effectiveness of your password policies and any fails so that you can take action. WPT tests against 10 types of weak password related threats for example; Weak, Duplicate, Empty, Never Expires, plus 6 more. Here's how Weak Password Test works: Reports on the accounts that are affected Tests against 10 types of weak password related threats Does not show/report on the actual passwords of accounts Just download the install and run it Results in a few minutes! This will take you 5 minutes and may give you some insights you never expected! Download Now: or cut & paste this link in your browser: https://info.knowbe4.com/weak-password-test  Warm regards, Stu Sjouwerman Founder and CEO, KnowBe4, Inc. PS, this is also on the KnowBe4 blog, please forward to your friends: https://blog.knowbe4.com/what-are-wannamine-attacks-and-how-do-i-avoid-them

[Heads-up] New Ransomware Strain Encrypts Cloud Email Real-time VIDEO

OK, here is something new and really scary. KnowBe4's Chief Hacking Officer Kevin Mitnick called me with some chilling news. A white hat hacker friend of his developed a working "ransomcloud" strain, which encrypts cloud email accounts like Office 365 in real-time. My first thought was: "Holy $#!+". I asked him: "Can you show it to me?", and Kevin sent this to me a few hours ago. Lucky for us, this ransomware strain is not in the wild just yet, but it's on the horizon, so this is your heads-up! If a white hat can do this, so can a black hat.  This new strain uses a smart social engineering tactic to trick the user to give the bad guys access to their cloud email account, with the ruse of a "new Microsoft anti-spam service". Once your employee clicks "accept" to use this service, it's game over: all email and attachments are encrypted real-time! See it for realz here in 5 minutes and shiver: https://blog.knowbe4.com/heads-up-new-ransomware-strain-encrypts-cloud-email-real-time-video (NOTE: KnowBe4 uses the Intercom platform to communicate to people who created an account on our website. They redirect links, and if you do not like that—which you shouldn't—just copy and paste the link in your browser.)  And while you have this open...      * Survey: Would You Like A KnowBe4 User Conference?       We are looking at a User Conference during 2018, and we'd like your input about several things like where it should be, how long, if it should be attached to a show like Black Hat or not, and what tracks you would like to see there. This is a lightning-fast survey that might take you 2 minutes at best. Hope to see you there! Here is the link at surveymonkey: https://www.surveymonkey.com/r/KB4-User-Conference Warm regards Stu Sjouwerman Founder and CEO KnowBe4, Inc.

Private Vs Public Vs Hybrid Clouds: What's the Difference?

Organizations big and small are now using cloud services to facilitate their operations. According to RightScale's State of the Cloud Report, 95% of Information Technology (IT) professionals use some type of cloud service, up from 93% in 2015. As cloud technology improves by becoming faster and more secure, this number will likely grow even higher in the years to come.

But if you're thinking of adopting cloud services in your organization, you should familiarize yourself with the three different deployment models, including private, public and hybrid clouds. While all cloud services are characterized by the use of remote servers to process and store data, there are nuances between the different deployment models.

Public Clouds

A public cloud is a cloud service that's available to the public. Some public clouds are free, while others use a traditional pay-as-you-go format. The Cloud Service Provider (CSP) hosts and maintains the server and other associated hardware, which the customer accesses over the internet.

The public cloud's defining characteristics are public availability and multi-user environment. Any person or organization can access and use a public cloud. As a result, each public cloud typically has multiple users.

Some of the benefits of public clouds include:

•   No local hardware to maintain

•   No long-term commitment (pay as you go)

•   Easy to scale

•   Effective testing environment

•   Reliable

On the other hand, public clouds limit customization and configuration while also posing a higher risk of cyber intrusion.

Private Clouds

Also known as an internal cloud, a private cloud differs in the sense that it's operated by a single organization or entity. While public clouds are available to everyone -- and many organizations use the same public cloud -- a private cloud is only available to one organization.

Private clouds perform the same basic functions as public clouds, allowing users to process and store data remotely.

Private clouds can be managed either internally within an organization or externally by a third-party CSP. Because they are restricted to a single organization, however, private clouds tend to offer greater security than their private counterpart.

Some of the benefits of private clouds include:

•   No long-term commitment (pay as you go)

•   Lower risk of cyber intrusion

•   More customization and configuration options

•   Supports virtually any application

•   Easy to scale

•   Reliable

The only real downsides to a private cloud are its high cost and complexity. For many organizations, however, the unlimited freedom to configure their cloud according to their needs is well worth the investment.

Hybrid Clouds

The third type of cloud-computing infrastructure is the hybrid cloud. As the name suggests, this includes two or more separate clouds that are bound and deployed together. An organization, for instance, may use a hybrid cloud to automatically shift processing demands from a private to a public cloud during hours of peak usage. In doing so, the organization avoids overages with its private cloud without any interruption of service.

Another example of a hybrid cloud application is when an organization uses a private cloud to host sensitive data and a public cloud to host less sensitive data. Being that private clouds are more secure, this protects the organization's sensitive data from cyber threats.

Some of the benefits of hybrid clouds include:

•   No long-term commitment (pay as you go)

•   More secure than a standalone public cloud

•   Low cost of set up

•   Greater flexibility of IT architecture

To recap, the three primary cloud deployment models are public, private and hybrid. Public clouds are available to the public; private clouds are restricted to a single organization; and hybrid clouds use both public and private clouds.

For more information about this or other Bit by Bit solutions you can contact us at 877.860.5831

Robert Blake

Only Two Days Left! Find out If You Can Be Spoofed for a Chance to Win

Find out for a chance to win a Stormtrooper Helmet! Hello.  Did you know that one of the first things hackers try is to see if they can spoof the email address of someone in your own domain? Now they can launch a "CEO fraud" spear phishing attack on your organization. KnowBe4 can help you find out if this is the case with our complimentary Domain Spoof Test and enter you for a chance to win an awesome Stormtrooper Helmet Prop Replica at the same time. Also, EVERYONE in the US/Canada will receive a real Kevin Mitnick collectible stainless steel lock-pick business card. Hurry, offer ends December 31st...  Don't like to click buttons? Copy-and-paste this into your browser: https://info.knowbe4.com/dst-sweepstake-dec2017 Warm Regards, Stu Sjouwerman Founder & CEO KnowBe4, Inc.