Security Central: October is Cybersecurity Awareness Month, Yahoo Triples Down

This week’s Security Central takes a peek inside the ‘5 Deadly Sins of Privileged Access Management’, explores Yahoo’s latest conundrum, and takes a look at the new Locky ransomware strain.

Well here we are, five days into October - the month of Halloween, Pumpkin Spice Lattes and... wait for it...  cybersecurity awareness. Yes, October is officially National Cybersecurity Awareness Month (NCSAM), which, as described by the Department of Homeland Security, is an annual campaign to raise awareness about the importance of cybersecurity. Interesting description, as news of attacks and breaches plague our feeds and airwaves almost daily. Don't get me wrong - awareness is a good thing. Essential. But it sort of makes you wonder... when are things actuallygoing to change?

Morey Haber, Vice President of Technology for BeyondTrust, shares this sentiment. "It’s really surprising that the US government would even ‘need’ to run a marketing campaign to highlight the cyber tragedies we see in the news every day," says Haber. "When will we learn? If you have not heard of attacks like WannaCry or Petya, just think of household names like FedEx, Maersk, Deloitte, Equifax and Sony—they have all been victims of recent cybersecurity breaches.”

Brands like these are a part of our everyday lives, but the risks they face are the same threats we endure every day at work, and at home. Anyone, anywhere, is susceptible to the effects of phishing attacks, social engineering and missing security patches that can be exploited. As we've seen, many businesses do not manage these threats well and if corporations are failing at basic cyber security hygiene, but they're not the only ones floundering. Odds are folks are probably failing at home as well.
BeyondTrust recently conducted a study designed to determine why businesses, that should know better, continue to execute the same behavior that lead to data breaches. The results of the study, called The 5 Deadly Sins of Privileged Access Management, were extremely eye-opening. The research found that human traits like Apathy, Greed, Pride, Ignorance and Envy are helping fuel many of the breaches we see today.

“Despite knowing the security risks of default passwords, password re-use, and dictionary based passwords, end users and security professional continue to ignore the statistics," continues Haber. "To mitigate the risks, users and security professionals should consider relieving themselves of these burdens and hiring third party professionals like MSPs to help manage these risks. The tasks of secure storage for credentials can be managed externally and the user behavior of pride and ignorance removed from the persona equation.”

Our second story takes a look at our pals over at Yahoo, who apparently can't stop tripping over their cyber shoelaces. The web giant's very embarrasing reveal last year stated that the hack exposed more than one billion accounts. Turns out, it was a tiny bit more than that. Yahoo is now saying that all 3 billion of its accounts were hit by the 2013 attack. Oops...

This new information is based on new intelligence that came about after Verizon's $4.5 billion acquisition of the company, and compares with Yahoo’s initial estimate that 1 billion accounts were compromised. The information stolen did not include passwords, payment data or bank accounts, but it has compromised trust with Yahoo users. 

"Whether it's 1 billion or 3 billion is largely immaterial. Assume it affects you," Sam Curry, chief security officer for Boston-based firm Cybereason, said. "Privacy is really the victim here." (As reported by ABC).

Yahoo had already required users to change their passwords and invalidate security questions so they could not be used to hack into accounts. 

We close the week with a look at a new strain of the Locky ransomware, one that evades machine learning security software. Oh good. As if security software vendors didn't have enough to deal with. This time, the bad dudes have pulled ahead, creating a new a ransomware phishing attack that tricks users into opening what looks like a document scanned from an internal server. 

This latest ransomware attack is a “Locky” malware variant dubbed IKARUSdilapidated by Comodo. As in similar past attacks, the hackers are using a arsenal of zombie computers linked through well-known IP addresses to send the phishing emails. (As reported by Talkin' Cloud.

The emails are intended to convince an end user that the note is from a vendor, and they're pretty darn convincing. According to Comodo researchers, the larger of the two attacks in this 3rd Locky ransomware wave is presented as a scanned document emailed to you from your organization’s scanner/printer.

The most intriguing factor out of all of this is the way the hackers manage to evade anti-malware software. “Machine learning algorithms need to extract the attachment, open the archive, extract the script and understand it has a malicious intent,” says Fatih Orhan, vice president of Comodo Threat Research Labs “But usually, these scripts contain just a download component and do not have malicious intent on their own.” 

According to Orhan, that's why even machine learning is not sufficient in making these kind of detections. He states that complex solutions are needed to run the script dynamically, download actual payload, and perform malware analysis to conclude that it is phishing.

What do you think?


The views expressed in this column do not necessarily reflect the views of Penton Media or The VAR Guy editorial staff.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.