Monday, 16 December 2019

New Orleans hit by ransomware, city employees told to turn off computers

NOLA New Orleans
Image: mana5280

SPECIAL FEATURE

Special report: A winning strategy for cybersecurity (free PDF)
This ebook, based on the latest ZDNet/TechRepublic special feature, offers a detailed look at how to build risk management policies to protect your critical digital assets.
Source ZDNet
The city of New Orleans is dealing with a cyber-attack. The nature of the cyber-attack has been confirmed as a ransomware infection in a press conference held today by New Orleans officials.
The attack was discovered earlier today, at around 11:00 am, local time, a city spokesperson told ZDNet via phone call.
"Out of an abundance of caution, all employees were immediately alerted to power down computers, unplug devices & disconnect from the city's WiFi," said Beau Tidwell, a spokesman for New Orleans Mayor LaToya Cantrell.
The nola.gov website is also offline, being shut down with the rest of the city's servers.
According to reports from local media outlets [12], to make sure employees powered down computers as soon as possible, officials used the city hall's public loudspeakers systems to alert employees of the cyber-attack.
Besides city hall, the incident also affected the New Orleans Police Department, which shut down its IT network in entirety as well.
Police officers are still in the field, unaffected, using radios and other backup communications services, although they don't have access to historical data stored on the department's servers.
On social media, New Orleans officials said that 911 emergency services were not affected.
In a press conference held today, Mayor Cantrell said the investigation into the attack is still ongoing, and that the city knows it's ransomware, but they have not received or found a ransom demand yet.
Officials said the Louisiana State Police, FBI New Orleans, the Louisiana National Guard, and the Secret Service are helping the city investigate and recover from the attack.
This incident marks the third ransomware incident reported in the state of Louisiana.
In August, three school districts were hit by ransomware, prompting the Louisiana governor to declare a state emergency, the first one in the state's history caused by a cyber-attack, rather than a natural disaster.
A second incident took place last month when a second ransomware attack encrypted data on the Louisiana state government's IT network. Weeks after the attack, some state agencies are still having difficulties with accessing state data, although these are expected t be resolved by the end of the year.
New Orleans is the third major US city to deal with a ransomware attack in recent years after similar attacks have hit Atlanta (SamSam ransomware in 2018) and Baltimore (RobbinHood ransomware in 2019).

Source ZDNet
Read more ...

Friday, 13 December 2019

Microsoft details the most clever phishing techniques it saw in 2019


microsoft-phishing-page.jpg
Image: Microsoft

-Source ZDNET 
Earlier this month, Microsoft released a report on this year's malware and cyber-security trends. Among the few trends highlighted in the report was that phishing was one of the few attack vectors that saw a rise in activity over the past two years.
Microsoft said that phishing attempts grew from under 0.2% in January 2018 to around 0.6% in October 2019, where 0.6% represented the percentage of phishing emails detected out of the total volume of emails the company analyzed.
While phishing attacks increased, the number of ransomware, crypto-mining, and other malware infections went down, the company said at the time.
In a blog post published today, the Redmond-based tech giant reviewed three of the more clever phishing attacks it seen this year.

HIJACKING SEARCH RESULTS

The first is a multi-layered malware operation through which a criminal gang poisoned Google search results. The scheme went as follows:
- Crooks funneled web traffic hijacked from legitimate sites to websites they controlled
- The domains became the top Google search result for very specific terms
- Phishers sent emails to victims linking the Google search result for that specific term
- If the victim clicked the Google link, and then the top result, they'd land on an attacker-controlled website
- This website would then redirect the user to a phishing page

fig1-phishing-poisoned-search-results.png
Image: Microsoft

One might think that altering Google search results takes a gigantic amount of effort, but this was actually pretty easy, as attackers didn't target high-traffic keywords, but instead focused on gibberish like "hOJoXatrCPy."


Furthermore, Microsoft said "the campaign was made even stealthier by its use of location-specific search results."
"When accessed by users in Europe, the phishing URL led to the redirector website c77684gq[.]beget[.]tech, and eventually to the phishing page. Outside Europe, the same URL returned no search results," the company said.

ABUSING 404 ERROR PAGES

Another clever trick used by phishers this year was first spotted in a phishing campaign Microsoft detected back in August and documented in this Twitter thread.


The 404 Not Found page tells you that you’ve hit a broken or dead link – except when it doesn’t. Phishers are using malicious custom 404 pages to serve phishing sites. A phishing campaign targeting Microsoft uses such technique, giving phishers virtually unlimited phishing URLs.

453 people are talking about this

This campaign is deviously clever.
While most phishing emails include a link to the phishing URL they want to lure users on, for this campaign, attackers included links that pointed to non-existent pages.
When Microsoft's security systems would scan the link, they'd receive a 404 error back (because the link didn't exist), and Microsoft would deem the link safe.
However, if a real user accessed the URL, the phishing site would detect the user and redirect them to an actual phishing page instead of the server's standard 404 error page.

fig4-phishing-404-not-found-error-page.png
Image: Microsoft

Microsoft said that when this trick was coupled with techniques like subdomain generation algorithms and changing the main domain at regular intervals, attackers could generate "virtually unlimited phishing URLs."

MITM-BASED PHISHING

A third phishing trick that Microsoft wanted to highlight as a clever phishing attack this year was one that made use of a man-in-the-middle (MitM) server. Microsoft explains:
"One particular phishing campaign in 2019 took impersonation to the next level. Instead of attackers copying elements from the spoofed legitimate website, a man-in-the-middle component captured company-specific information like logos, banners, text, and background images from Microsoft's rendering site. [...] The result was the exact same experience as the legitimate sign-in page, which could significantly reduce suspicion."
This MitM-based technique isn't perfect, though, as the phishing site's URL is still visible in the address bar, just like on any other phishing site.
This means that even if users could be tricked by the perfectly-looking login page, they can avoid disasters by closely inspecting the page's URL.

fig7-phishing-microsoft-rendering-site.png
Image: Microsoft
Source -ZDNET
Read more ...

Saturday, 22 September 2018

Jordan Peterson - How to get respect without being a bully

Source - Youtube Channel of Charisma on Command
Read more ...

The interview which made Jordan Peterson famous

The Channel 4 interview of Jordan Peterson with Cathy Newman made him a overnight Internet sensation.
Read more ...

Friday, 21 September 2018

Jordan Peterson's speech that every student should hear

Watch the video that made Jordan peterson an overnight Internet sensation



Jordan Peterson - How to get respect without being a bully

The Internet's father Jordan Peterson who asks us to clean our room and take responsibilities is definitely a motivating force for the youth all around the world.

Read more ...

LinkWithin

Related Posts Plugin for WordPress, Blogger...