Campaigns using WannaCry Phishing Emails Detected

hackers are using WannaCry phishing emails to conduct campaigns using the fear surrounding the global network worm attacks.

An email campaign has been discovered in the United Kingdom, with BT customers being focused on. The hackers have been able to spoof BT domains and made their WannaCry phishing emails look very realistic. BT branding is used, the emails are well composed and they claim to have been shared from Libby Barr, Managing Director, Customer Care at BT. A quick review of her name on Google will reveal she is who she claims to be. The WannaCry phishing emails are realistic, cleverly put together, and are likely to trick many customers.

The emails claim that BT is working on enhancing its security after the massive ransomware campaign that impacted over 300,000 computers in 150 countries on May 12, 2017. In the UK, 20% of NHS Trusts were impacted by the incident and had data encrypted and services majorly damaged by the ransomware attacks. It would be extremely hard if you live in the UK to have avoided the news of the attacks and the extent of the damage they have inflicted.

The WannaCry phishing emails provide a very good reason for taking quick action. BT is offering a security upgrade to stop its customers from being harmed by the attacks. The emails claim that in order to keep customers’ sensitive data secure, access to certain features have been turned off on BT accounts. Customers are told that to restore their full BT account functionality they need to confirm the security upgrade by selecting the upgrade box contained in the email.

Of course, visiting the link will not lead to a security upgrade being applied. Customers are required to share their login credentials to the hackers.

Other WannaCry phishing emails are likely to be issued claiming to be originating from other broadband service providers. Similar campaigns could be used to quietly install malware or ransomware.

Hackers often take advantage of global news events that are garnering a lot of media interest. During the Olympics there were many Olympic themed spam emails. Phishing emails were also prevalent during the U.S. presidential elections, the World Cup, the Zika Virus epidemic, and following every major news stories.

it is vital never to click on links sent in email from people you do not know, be extremely careful about visiting links sent from people you do know, and assume that any email you receive could be a phishing email or other malicious message.

Just one phishing email sent to a member of staff can lead to a data breach, email or network compromise. It is therefore crucial for employers to be careful. Employees should be provided with phishing awareness training and taught the giveaway signs that emails are not authentic.  It is also vital that an advanced spam filtering solution is employed to stop most phishing emails from landing in end users inboxes.

In relation to that, TitanHQ is here to help you out. get in touch with the team now to see how SpamTitan can protect your business from phishing, malware and ransomware campaigns.

Email Spam and Botnet Infection Levels Quantified

Although many reports seem to indicate that email spam is dropping, email spam and botnet infection is still a major danger for most U.S organizations and people – with criminal practices netting hacking gangs billions of dollars every year.

Estimating the infection levels and the amount of spam being sent was one of the chief aims of the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG). M3AAWG, is a global network tasked with promoting cybersecurity best practices and tackling organized internet crime. M3AAWG was created 10 years ago by a number of leading internet service providers, with the goal of enhancing collaboration and sharing knowledge to make it more complicated for criminals to spam account users. By reducing the impact of email spam on individuals and organizations, ISPs would be able to better secure users, IPS’s email platforms and their reputations.

It was noticed that quantifying email spam and botnet infection levels was an extremely difficult task; one that was only possible with collaboration between internet service suppliers. Arising out of this collaboration, the organization has produced reports on the global state of email spam and botnet infection. Its latest analysis suggests that approximately 1% of computer users are part of a botnet network.

The data gathered by M3AAWG involved assessing 43 million email subscribers in the United States and Europe.,The data analysis showed that IPS’s normally block from 94% to 99% of spam emails. The company’s report suggests that overall, IPS’s do a good job of blocking email spam.

The figures look good but, taking into account the huge scale of email spam, billions of spam emails are still making it through to users, with financial organizations and other companies now being regularly focused on with spam and malware.

Email spammers are well backed financially, and criminal organizations are using email spam as a means of getting hold of tens of billions of dollars annually from internet fraud. Spam emails are sent to phish for sensitive information, such as bank account information, credit card details and other highly sensitive data including Social Security numbers. Accounts can be cleaned out, credit cards maxed out and data used to carry outt identity theft; racking up tens of thousands of dollars of debts in the victims’ names.

In previous years, email spammers were dedicate to sending emails randomly to accounts with offers of cheap Rolexes, Viagra, potential brides and the opportunity to claim an inheritance from a long lost relative. Currently, spammers have realized there are far greater rewards to be gained, and emails are now sent containing links to malware-infected websites which can be used to gain access to users’ PCs, laptops and Smartphones, gaining access to highly sensitive data or locking devices and seeking ransoms.

Some emails may still be shared manually, but the majority are sent via botnets. Networks of infected machines that can be used to send huge volumes of spam emails, spread malware or organize increasingly complex attacks on individuals and organizations. The botnets are available via rental, with criminals able to rent botnet time and use them for any number of taks.

A large number of attacks are now coming from countries where there is little regulation and a very low risk of the perpetrators being caught. Africa states, as well as Indonesia and the Ukraine house huge volumes of scammers. They have even established call centers to deal with the huge amount of enquiries from criminals seeking botnet time to carry out phishing and spamming campaigns. Tackling the issue at the source is difficult, with corruption rife in the countries where the perpetrators live.

However, it is possible to lower spam level, and the danger of staff members being tricked by a scam or downloading malware by installing a robust email spam filter, reducing the potential for spam emails and phishing campaigns getting through to individual accounts.  A report from Verizon showed that 23% of users view phishing emails and 11% open attachments and visit links included. Making sure that the emails reaching users is therefore one of the most successful methods of defense against these attacks.

How to Create a Strong Security Awareness Program

Due to the ever evolving and more intricate nature of hacking, spamming and activity of cyber criminals, it is now vital that all companies, groups and organizations have an effective security awareness program and to make sure all employees, staff and workers know how to recognize email threats.

Threat actors are now creating very sophisticated tactics to download malware, ransomware, and obtain login credentials and email is the attack style of choice. Companies are being targeted and it will only be a matter of time before a malicious email is delivered to an worker’s inbox. It is therefore crucial that employees are trained how to identify email threats and told how they should respond when a suspicious email lands in their inbox.

If security awareness training is not made available for staff then there will be a huge hole in your security defenses. To assist yo in getting back on the right track, we have listed some vital elements of an effective security awareness strategy.

Vital Important Elements of an Strong Security Awareness Program

Have C-Suite Involved

One of the most vital starting points is to see to it that the C-Suite is on board. With board involvement you are likely to be able to dedicate larger budgets for your security training program and it should be simpler to get your plan adapted and followed by all departments in your organization.

In practice, getting the backing of executives to support a security awareness program can tricky. One of the most effective ways to increase the chance of success is to clearly explain the importance of developing a security culture and to back this up with the financial advantages that come from having a strong security awareness program. Provide data on the extent that businesses are being hit, the volume of phishing and malicious emails being shared, and the money that other businesses have had to cover to address email-based attacks.

The Ponemon Institute has completed several major surveys and provides annual reports on the expense of cyberattacks and data breaches and is a good source for facts and figures. Security awareness training companies are also good sources of figures. Current data indicates the benefit of the program and what you require to ensure it is a success.

Get Other Departments On Board

The IT department should not be the only one responsible for developing a strong security awareness training program. Other departments can supply help and may be able to offer additional materials. Try to get the marketing department to support this, human resources, the compliance department, privacy officers. Those outside of the security team may have some valuable input not only in terms of content but also how to provide the training to get the best results.

Create a Continuous Security Awareness Strategy

A one-time classroom-based training session conducted once annually may have once been enough, but due to the rapidly changing threat landscape and the volume of phishing emails now being sent, an annual training session is no longer adequate.

Training should be conducted an ongoing process provided during the year, with up to date information included on present and emerging threats. Each employee is different, and while classroom-based training sessions work for some, they do not work for all employees. Create a training program using a variety of training methods including annual classroom-based training sessions, constant computer-based training sessions, and use posters, games, newsletters, and email alerts to keep security issues to the fore of workers’ minds.

Provide Incentives and Gamification

Reward individuals who have finished training, alerted the group to a new phishing threat, or have scored well in security awareness training and tests. Try to establish competition between departments by publishing details of departments that have performed very well and have the highest percentage of employees who have finished training, have reported the most phishing threats, scored the highest in tests, or have correctly identified the most phishing emails in a round of phishing simulations.

Security awareness training should ideally be interesting. If the training is fun, employees are more likely to want to participate and retain knowledge. Use gamification methods and choose security awareness training providers that offer interesting and engaging content.

Test Knowledge with Phishing Email Simulations

You can conduct training, but unless you test your employees’ security awareness you will not know how effective your training program has been and if your staff have been paying attention.

Before you begin your training program it is important to have a baseline against which you can gauge success. This can be achieved using security questionnaires and completing phishing simulation exercises.

Running phishing simulation exercises using real world examples of phishing emails following training has been completed will highlight which employees are security titans and which need further training. A failed phishing simulation exercise can be transformed into a training opportunity.

Comparing the before and after results will let you see the advantages of your program and could be used to help get more funding.

Train your staff constantly and review their understanding and in a relatively short space of time you can create a highly effective human firewall that complements your technological cyber security security measures. If a malicious email breaks through your spam filter, you can be happy that your employees will have the skills to recognize the threat.

Social Media

Social media can be a key factor of a  group’s marketing operations – it can also be the gateway for many online threats. Internet users who choose not to use unique passwords for their online activities, share their passwords, or willingly provide confidential information without due consideration for the security implications can be risking the online security of an entire group.

Instead of an employee threaten the integrity of your group’s online security, it is in your best interests to implement an Internet filtering solution from TitanHQ. An Internet filtering solution – and proper training about the risks of communicating confidential data online – can address the risk of your organization´s online defenses being compromised by an staff member’s carelessness or naivety.

Free Bart Ransomware Decryptor Made Available

Bitdefender has created a free Bart ransomware decryptor that permits victims to unlock their files without meeting a ransom demand.

Bart Ransomware was first discovered in June 2016. The ransomware variant stood out from the others due to its ability to encrypt files even without an Internet connection. Most ransomware variants rely on a link to their command and control server to generate public-private key pairs; however, Bart ransomware does not. Only the decryption process needs an Internet connection to transfer the ransom payment and get the decryption key.

Bart ransomware posed a major threat to corporate users. Command and control center communications could possibly be prevented by firewalls preventing encryption of files. However, without any C&C contact, corporate users were in danger.

Bart ransomware was thought to have been developed by the gang behind Locky and the Dridex banking Trojan. Bart ransomware shared a large portion of code with Locky, was distributed in the same manner and used a ransom message very similar to that implemented by Locky.

As with Locky, Bart ransomware encrypted a wide variety of file types. While early versions of the ransomware variant were fairly uncomplicated, later versions saw flaws addressed. Early versions of the ransomware variant prevented access to files by locking them in password-protected zip files.

The initial method of locking files was ‘cracked’ by AVG, although only by guessing the password using brute force tactics. In order for the brute force method to work, a copy of an encrypted file along with its unencrypted original was necessary. In later versions of the ransomware, the use of zip files was ended and AVG’s decryption technique was rendered ineffective. The encryption process used in the more recent versions was much stronger and the ransomware had no known weaknesses.

Until Bitdefender developed the most recent Bart Ransomware decryptor, victims had two choices – recover encrypted files from backups or pay the attackers’ ransom demand.

Luckily, Bitdefender was able to create a Bart Ransomware decryptor from keys supplied by Romanian police which were obtained during a criminal review. The Bart ransomware decryptor was created by Bitdefender after working with both the Romanian police and Europol.

From April 4, 2017, the Bart ransomware decryptor has been made available for free installation from the No More Ransom website. If your files have been encrypted by ransomware, it is possible to see if the culprit is Bart from the extension added to encrypted files. Bart uses the .bart, .perl, or bart.zip extensions.

Bart ransomware may be thought to have links to Locky, although there is no indication that keys have been obtained that will permit a Locky ransomware decryptor to be created. The best form of security against attacks is blocking spam emails to stop infection and ensuring backups of all sensitive data have been put in place.

Email Retention Legislation in the U.S.

Email retention laws in the United States require companies to maintain copies of emails for many years. There are federal laws applying to all companies and groups, data retention laws for specific industries, and a swathe of email retention laws in the United States at the individual state level. Ensuring compliance with all the proper email retention laws in the United States is vital. Non-compliance can prove incredibly expensive Multi-million-dollar fines await any group found to have breached federal, industry, or state regulations.

All electronic files must be retained by U.S groups, which extends to email, in case the information is required by the courts. eDiscovery requests often require massive volumes of data to be provided for use in lawsuits and the failure to provide the data can land a group in serious trouble. Not only are heavy fines issued, groups can face criminal proceedings if certain data is erased.

For decades, U.S groups have been required to store documents. Document retention laws are included in numerous legislative acts such as the Civil Rights Act of 1964, the Executive Order 11246 of 1965, the Freedom of Information Act of 1967, the Occupational Safety and Health Act of 1970, and the Reform and Control Act of 1986; however, just over 10 years ago, data retention laws in the United States were updated to grow the definition of documents to include electronic communications such as emails and email attachments.

To enhance awareness of the many different email retention laws in the United States, a summary has been included in this article. Please remember that this is for information purposes only and does not constitute legal advice. For legal counsel on data retention laws in the United States, we recommend you get in touch with your legal representatives. Industry and federal electronic data and email retention legislation in the United States are also subject to amendment. Up to date information should be sought from your legal team.

As you can see from the list here, there are several federal and industry-specific email retention pieces of legislation in the United States. These laws apply to emails received and shared, and include internal as well as external emails.

Email retention legislation Who it is applicable to How long emails must be kept
IRS Regulations All companies 7 Years
Freedom of Information Act (FOIA) Federal, state, and local agencies 3 Years
Sarbanes Oxley Act (SOX) All public companies 7 Years
Department of Defense (DOD) Regulations DOD contractors 3 Years
Federal Communications Commission (FCC) Regulations Telecommunications companies 2 Years
Federal Deposit Insurance Corporation (FDIC) Regulations Banks 5 Years
Food and Drug Administration (FDA) Regulations Pharmaceutical firms, food manufacturers, food storage and distribution firms, manufacturers of biological products Minimum of 5 years rising to 35 years
Gramm-Leach-Bliley Act Banks and Financial Institutions 7 Years
Health Insurance Portability and Accountability Act (HIPAA) Healthcare groups (Healthcare providers, health insurers, healthcare clearinghouses and business associates of covered bodies) 7 Years
Payment Card Industry Data Security Standard (PCI DSS) Credit card businesses and credit card processing groups 1 Year
Securities and Exchange Commission (SEC) Regulations Investment banks, investment advisors, brokers, dealers, insurance agents & securities companies Minimum of 7 years up to a lifetime

 

Email retention legislation in the United States that are applied by each of the 50 states are beyond the reach of this article.  There area also European Union laws, such as the GDPR email requirements.

Storing emails for a few years is not likely to take up masses of storage for a small company with a couple of members of staff. However, the more employees a group has, the greater the need for extensive resources just to store emails. The average size of a business email may only be 10KB, but multiply that by 123 – the average number of emails sent and received each day by an average company user in 2016 (Radicati email statistics report 2015-2019), and by 365 days in each year, and by the number of years that those emails need to be maintained, and the storage requirements become massive.

If any emails ever need to be obtained, it is vital that any email archive or backup can be searched. In the case of standard backups, that is likely to be an incredibly long process. Backups were not created to be searched. Finding the right backup alone can be almost impossible, let along finding all emails sent to, or received from, a specific company or person. Backups have their uses, but are not suitable for companies for email retention purposes.

For that, an email archive is necessary. Email archives contain structured email data that can easily be reviewed and searched. If ever an eDiscovery order is received, finding all email correspondence is a quick and simple task. Since many email archives are cloud based, they also do not require large storage resources. Emails are stored in the cloud, with the space provided by the service supplier.

ArcTitan is a cost-effective, quick and easy-to-manage email archiving solution supplied by TitanHQ that meets the needs of all businesses and enables them to adhere with all email retention laws in the United States.

ArcTitan includes a variety of security protections to ensure stored data is kept 100% secure and confidential, with email data encrypted in transit and storage. As opposed to many email archiving solutions, ArcTitan is fast. The solution can process 200 emails per second from your email server and archived emails can be retrieved instantly though a a browser or Outlook (using a plugin). Emails can be archived from any location, whether in the office or on the go via a laptop or tablet. There are no restrictions on storage space or the number of users. The solution can be scaled up to meet the needs of companies of all shapes and sizes.

To find out more about ArcTitan, get in touch with the TitanHQ team today.