Loading...

Ransomware is the New Multi-Level Marketing Business
2016 has proven to be a banner year for Ransomware.  The year kicked off with a series of ransomware attacks on a trio of hospitals including the well-publicized incident at Hollywood Presbyterian Medical Center which forced its IT staff to shut down the network while coerced administration officials agreed to pay a $17,000 bitcoin ransom.  The year is culminating in dramatic fashion as well as thousands of San Francisco commuters got to ride for free as a result of a ransomware attack on the San Francisco Municipal Transportation Agency which infected 2,112 computers and took its light rail transit system offline for more than 24 hours.
 
The idea of altering the files of a computer system through some sort of malware is nothing new.  It was not uncommon back in the 90’s to get infected with some sort of virus that would delete your files.  It was hard to understand the motivation for such types of attacks other than mere nefarious degenerate behavior by some obnoxious individuals with coding skills.  Today however, the alteration of files is big business, and as the saying goes, money changes everything.
DOWNLOAD INFOSEC TIP POSTERS
IoT Devices Make Ideal Soldiers for Cyber Criminals
We all remember gazing in wonder at the armies of elite empirical storm troopers as they collectively marched into battle to subdue the rebel forces in those early Star Wars movies. Many of us recall the machines spotlighted in the Terminator series which led the battle against the humans. Science fiction is good at conjuring up creative visions of the technical forces we may combat in the future, but even the most creative science fiction writer couldn’t have come up with the idea of an army of cameras attacking our Internet infrastructure; Yet, that is what happened.

On October 21st, 2016 a collected army of some 50,000 cameras were utilized in an effective attack aimed at Dyn, a major Internet infrastructure company headquartered in New Hampshire. The attack resulted in severed access for some of the largest and most prominent web-based organizations in the world such as Amazon, Twitter, Netflix and Spotify.
 
2016 Proved a Dark Year for Cyber Attacks on Healthcare Organizations 
The famous American criminal Willie Sutton was asked once why he robbed banks, to which he is reported to have answered, “Because that’s where the money is”. In similar fashion, cybercriminals such as a hacker group that calls itself “TheDarkOverLord” could be asked why they continued to breach a series of healthcare organizations throughout 2016. They would have probably replied, “because that’s where the personal information is, and personal information equals money!” In fact, it is estimated that personal information is worth ten times more on the black market than a credit card number. As Paul Syverson, Co-creator of the Tor web browser says, “Your medical records have bullseyes on them.”

2016 kicked off with a much publicized ransomware attack on the Hollywood Presbyterian Medical Center in February. The attack was initiated in response to an employee clicking a link in a phishing email which downloaded a malware ransomware application that quickly infiltrated the enterprise. The attack proved highly successful, encrypting endless files and forced the IT staff to shut down the network. The hospital was forced to divert hundreds of patients to nearby hospitals and cancelled most treatments. On top of that, the radiation and Oncology departments were shut down completely. 
Are Employee Personal Social Media Accounts Making Your Network Vulnerable? 
Social media seems harmless enough especially when your employees stick to using it for personal reasons, but it can indirectly be responsible for critical security breaches. With some social engineering and patience, an attacker can use personal social media profile information to gain access to your corporate network. The attack is completely outside of your control and uses a combination of social engineering and phishing techniques.

Gaining Access to Employee Information

Let’s start the attack from the beginning. Let’s assume that your company employs 50 people. Most of these people (as you can guess) use Facebook as their main social platform. We’ll stick to just one platform for simplicity, but many employees have multiple different platform accounts.

 
HALOCK Security Labs
1834 Walden Office Square | Suite 200 | Schaumburg, IL 60173
P: 8042124352
https://www.halock.com
© 2018 HALOCK Security Labs. All rights Reserved.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
View