Phorpiex Botnet Reinvents Itself as Sextortion Email Distributor

The Phorpiex (aka Trik) botnet has been active for nearly a decade and operates more than 500,000 infected hosts. And, according to research just released by Check Point it has recently morphed itself to generate income in a whole new way – by running large scale “sextortion” email campaigns.

Image Courtesy of Check Point Research

Evolve or Die

In the past, Phorpiex was monetized primarily by distributing other malware including GandCrab, Pony, Pushdo, and by siphoning off its host’s computing power to mine cryptocurrency. Recently, like any virus, Phorpiex evolved again by adding sextortion emails as its latest form of revenue generation.

Extortion Email on the Rise

In 2018 the FBI’s Internet Crime Complaint Center registered a 248% increase in extortion email activity. The majority of that email? Sextortion, of course! And why not? Once you have the assets in place such as an underutilized botnet, a high volume sextortion email campaign can generate a healthy passive income 24X7X365.

Leveraging a Cheap Commodity for a Novel Use

One of the more clever aspects of the sextortion scam is the use of real passwords to bolster the veracity of the email’s claims, thereby increasing the compliance rate of the victims.

Leaked credential lists that contain passwords that don’t necessarily match the associated email are very inexpensive on the black market. That’s because the combination of the two won’t give you access to a real email. However, when used as a way to scare a sextortion victim into believing you really have incriminating video or pictures of them doing something naughty, they can be pretty convincing as the income numbers show.

Here is how this inexpensive data is used in the email:

From: Save Yourself
Subject: I recorded you – ██████

Hi, I know one of your passwords is: ██████

Your computer was infected with my private malware, your browser wasn’t updated / patched, in such case it’s enough to just visit some website where my iframe is placed to get automatically infected, if you want to find out more – Google: “Drive-by exploit”.
My malware gave me full access to all your accounts (see password above), full control over your computer and it also was possible to spy on you over your webcam.

The email goes on but it is that initial “proof” that is being bought in huge quantities for very little money that makes the campaign work so well.

$22,000 a Month from 30,000 Emails an Hour

Check Point researchers have monitored the activities of the Phorpiex campaign for 5 months and during that time the campaign wallets have taken in more than 14 Bitcoins equating to a respectable $22,000 per month. Not bad for an auto-pilot business that leverages its 500,000 zombie computers to send out up to 30,000 emails an hour.

Extortion, Malware, Phishing we’ve Seen it All

At Konsultek we specialize in giving our customers peace of mind through customized security solutions that utilize the most advanced prevention, detection and response technologies available.

Have manpower or talent issues? Our managed security suite allows organizations to gain access to superb security engineers as needed without the expense and hassle of recruiting and hiring staff. Call us today to learn about how your organization’s future can become more secure.

Yahoo Announces Class Action Settlement for Data Breach

Following on the heels of Equifax settlement in July, 2019, Yahoo has announced that it will settle class action litigation against it for its series of massive data breaches.

In case you can’t quite remember all that went wrong with Yahoo in regards to breaches, here is a quick recap from their press release:

  1. 2012 Data Security Intrusions: From at least January through April 2012, at least two different malicious actors accessed Yahoo’s internal systems. The available evidence, however, does not reveal that user credentials, email accounts, or the contents of emails were taken out of Yahoo’s systems.
  2. 2013 Data Breach: In August 2013, malicious actors were able to gain access to Yahoo’s user database and took records for all existing Yahoo accounts—approximately three billion accounts worldwide. The records taken included the names, email addresses, telephone numbers, birth dates, passwords, and security questions and answers of Yahoo account holders. As a result, the actors may have also gained access to the contents of breached Yahoo accounts and, thus, any private information contained within users’ emails, calendars, and contacts.
  3. 2014 Data Breach: In November 2014, malicious actors were able to gain access to Yahoo’s user database and take records of approximately 500 million user accounts worldwide. The records taken included the names, email addresses, telephone numbers, birth dates, passwords, and security questions and answers of Yahoo account holders, and, as a result, the actors may have also gained access to the contents of breached Yahoo accounts, and thus, any private information contained within users’ emails, calendars, and contacts.
  4. 2015 and 2016 Data Breach: From 2015 to September 2016, malicious actors were able to use cookies instead of a password to gain access into approximately 32 million Yahoo email accounts.

Do You Qualify for Compensation?

If you received a notice from Yahoo about the data breaches, or if you had a Yahoo account at any time between January 1, 2012 and December 31, 2016, and are a resident of the United States or Israel, you are a “Settlement Class Member.”

Under the terms of the Settlement, Yahoo has created a Settlement Fund of $117,500,000 and will provide victims a minimum of two years of Credit Monitoring Services to protect Settlement Class Members from future harm, or an alternative cash payment for those who verify they already have credit monitoring or identity protection.

If you can prove that you’ve had out-of-pocket losses, including but not limited to loss of time dealing with the breach you may qualify for additional compensation.

The complete list of all available legal rights and options can be found here.

Prevention is the Better Option

At Konsultek we firmly believe that an ounce of prevention is worth a pound of cure. The negative impact a breach can have on your brand is far greater than any fine or lawsuit that could potentially be levied against you. That is why we specialize in developing custom security solutions that utilize the most advanced prevention, detection and response technologies available.

Have manpower or talent issues? Our managed security suite allows organizations to gain access to superb security engineers as needed without the expense and hassle of recruiting and hiring staff. Call us today to learn about how your organization’s future can become more secure.

Entire Population of Ecuador’s Data Leaked

While in sheer numbers the Ecuadorian leak is far smaller than many corporate breaches in the US, the Ecuador government is taking the breach far more seriously than the US government ever has or probably ever will take a security breach and is meting out justice swiftly and decisively.

According to a post on vpnmentor.com more than 20 million people, including 7 million minors, had their most sensitive data leaked including the Ecuadorian equivalent of social security numbers, tax payer ID numbers and a host of other information including:

  • full name (first, middle, last)
  • gender
  • date of birth
  • place of birth
  • home address
  • email address
  • home, work, and cell phone numbers
  • marital status
  • date of marriage (if applicable)
  • date of death (if applicable)
  • level of education.

Image Source: CNN.com

A Significant Breach Deserves Significant Consequences

At least that is how the Ecuadorian Government feels. According to an article on CNN the Ecuadorian’s take their breaches a little more seriously than we do here in the States.

“On Monday, prosecutors and a federal police force raided the home of Novaestrat’s legal representative, William Roberto G., seizing electronic equipment and computers. Later that evening, the police found and detained him in Ecuador’s northwestern Esmeraldas province.

“He will be transferred immediately so that the Ecuador prosecutor can gather information in the framework of the investigation that is taking place,” tweeted Interior Minister Maria Paula Romo.

“If it’s confirmed that they violated the personal privacy of Ecuadorians, it is a criminal offense that must be punished,” said Telecommunications Minister Andres Michelena on Twitter.”

Imagine if the CEOs of Target, HomeDepot and Equifax were dragged out of their homes in response to their breaches! That might get the always challenged CISO budget enhanced and approved!

Konsultek Takes Security Seriously Too

Whether your organization handles the data for 30 or 30 million people, Konsultek will help keep your network safe and your data secure.

If you are unclear as to whether or not your security is up to the challenges of today’s hackers, we can help you find out.

Our team of experts is happy to provide an outside, independent and unbiased analysis of your network’s security. Simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.

You’ll receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but also demonstrate the likelihood of a breach occurring.

Recommendations for CISOs Facing Tough Challenges with Limited Resources

That’s the message voiced loud and clear by a group of 200 CISOs interviewed as part of a Forbes Insights report conducted in association with Konsultek partner Fortinet.

The 24 page report concludes with the following recommendations for maximizing success

  1. Focus on protecting the brand – An organization’s brand and brand assets are often the targets of malicious actors and are the most important assets to be protected.
  2. Make the business case for the CISOs budget – Threats are on the rise and today’s CISOs must be able to make a solid business case as to why their budget needs to rise commensurately or risk being underfunded, understaffed and outgunned.
  3. Automate your resources as much as possible – Staff will be constrained. And, unless automation is leveraged, your staff will be consumed with tactical, repetitive functions instead of focusing on the more strategic aspects of security that can drive lasting improvement.
  4. Move more resources from prevention to detection and response – Prevention is not dead but it is not 100% effective either. Once the barbarians have breached the walls you need to quickly detect and respond.

Image Courtesy of Forbes Insight

  1. Be sure you are focusing on your organization’s cybersecurity knowledge – Cybersecurity is everyone’s concern and only by inculcating the entire organization with a security culture and providing actionable training will you and your team be able to operate with maximum efficiency and effectiveness.

Konsultek – The CISOs Secret Weapon

At Konsultek, we and our world class partners help CISOs develop and deploy robust security solutions utilizing the most advanced prevention, detection and response technologies available. Our managed security suite allows CISOs to gain access to superb security engineers as needed without the expense and hassle of recruiting and hiring staff.

If you are looking for a security partner that can give you a strategic advantage pick up the phone and contact us. Your secret weapon is just a phone call away.

Did the First Hack From Space Just Occur?

As cool as that would be, I’m not sure someone using a willingly shared password actually counts as a hack even if that shared password was indeed used from space to access a now estranged person’s account.

Astronaut vs. Former Air Force Intelligence

Anne McClain, a former U. S. Army pilot who flew more than 800 combat hours during Operation Iraqi Freedom before joining NASA in 2013 has been accused of “hacking” her estranged spouse Summer Worden’s bank account by the former Air Force intelligence officer. Worden used her spy skills to track down the offending IP address to NASA. Since Ms. McClain happened to be on the International Space Station at the time we have the possibility that this is the first cybercrime committed from space!

Who Is Deputy Dawg in Space?

When it comes to enforcing the law in space you might think it could be tricky. Turns out that legal framework was laid out long ago.  According to BBC News the law dictates any crime committed in space falls under the jurisdiction of the offending astronaut’s country of origin. Surprisingly simple and straight forward – must have been developed by scientists, not politicians or lawyers!

Terrestrial or Extraterrestrial Konsultek has you Covered

Whether your next attack comes from the ISS, the moon or next door our custom security solutions will keep your network safe and your data secure.

If you are unclear as to whether or not your security is up to the challenges of today’s hackers, we can help you find out.

Our team of experts is happy to provide an outside, independent and unbiased analysis of your network’s security. Simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.

You’ll receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.

Consumer Watchdog Estimates 3000 People could die in Automotive Cyber Attack

Vulnerabilities in connected cars could allow a malicious hacker to wreak havoc on our nation’s roadways leading large scale injuries and death according to Consumer Watchdog.

If it’s Connected it’s Vulnerable

That’s the general message we’ve been reporting for the past decade on this blog and automobiles are no exception. Way back in 2015 researchers Miller and Valasek showed that they could take control of an unaltered 2014 Jeep Cherokee affecting both the steering and braking systems. At this year’s Black Hat hacker conference researchers from Keen Security Lab revealed details of vulnerabilities they found in late model BMWs. Clearly automobiles remain vulnerable and to make matters worse there are far more connected cars today than there were back then.

CAN Bus Vulnerability

While someone hacking your car’s infotainment system to steal your personal information would be annoying and perhaps leave you in a bad mood, someone hacking your car’s CAN bus system could leave you injured or dead. Your car’s CAN bus system is akin to your body’s central nervous system. It controls all of the essential engine, braking, transmission, electrical, climate AND Safety systems.

Comfort Might Kill You

So you might ask “Why would an automaker connect something as critical as CAN bus to the Internet and create a vulnerability?” That’s a great question with a lot of possible answers but one answer is that they do it on purpose to allow you, the end user, to have a more comfortable automotive experience! You see, that same creature feature that allows you to remotely start your car from your smart-phone and dial down the AC so you can hop into a pre-cooled car is just one example of how CAN bus systems become connected to the Internet. Unfortuntately, there are many many more examples that affect vehicles of all shapes, sizes and price points so driving a budget box doesn’t necessarily mean that your car is not vulnerable!

The Numbers

According to Consumer Watchdog a concerted large scale attack could unfold according to this troubling schedule:

  • 19 Million cars on the roads at rush hour
  • 75 Million cars potentially hacked at once
  • 262,500 cars actively being driven at the time of attack
  • 134,400 projected injuries from attack
  • 3,000 projected fatalities.

It takes little imagination to envision what a complete mess the roadways would be with that many disabled vehicles clogging the roads. Emergency response would be crippled and life-saving aid delayed.

Kill Switch – The Recommend Short Term Fix

The Consumer Watchdog report concludes that the simplest and least expensive “quick fix” to these vulnerabilities is a “kill switch”. This $0.50 switch would allow the consumer to create an air gap between all remotely-accessible components and the CAN bus system. Of course, unless these switches could somehow suddenly be installed on all the existing vulnerable automobiles on the road it isn’t really a viable solution. A simpler and even less expensive approach they argue would be to remove all vehicles from the cellular network. Of course that would disable a host of features that many consumers enjoy and rely upon and automakers advertise and market to make their cars more attractive. Chances are neither of these recommendations is ever going to happen.

Posted in IoT

Hack an iPhone and Apple will give you $1Million

That was the announcement made at last week’s Black Hat conference by Ivan Krstić, Apple’s head of security.

Keep in mind that the $1,000,000 is not for just any hack but for gaining full control of the device remotely without the user having to touch or handle the device. And, by the way, that device can be any Apple device running iOS or macOS, not just an iPhone.

Bug Bounties on the Rise

Apple launched its bug bounty program in 2016. At that time they were offering up to $200,000 for vulnerabilities that allowed the hacker to gain full control of a device running iOS without user involvement.

So why the rapid rise in Apple paid bounties? Well as it turns out they are simply trying to be more competitive in the bug bounty market. Even at $1,000,000  though, Apple is still far behind Zerodium who will pay up to $2,000,000 for the same exploit. And who knows how much governments would pay for the ability to hack iPhones at will! It seems that if you are good enough to pull it off, there are plenty of other organizations you could sell your wares to besides Apple and for a lot more money.

How Vulnerable are Your Systems?

Konsultek is happy to test the vulnerability of your systems for FREE! Our experienced team of engineers will, at your request, quickly and efficiently determine the vulnerability of your network and offer solutions for any weaknesses found.

If you are interested in getting an outside, independent and unbiased analysis of your network’s security, simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.

The first 20 respondents will receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.

Costs of Data Breaches Disproportionately High for Small Businesses

IBM’s 2019 Cost of a Data Breach Report finds among other things that data breaches have a disproportionately high negative impact on small businesses as compared to their larger brethren. Also, as compared to the rest of the world, the cost of data breaches in the United States is substantially higher than the rest of the world. Neither of these are good news if you are and SMB here in the States.

Image Source: IBM 2019 Cost of a Data Breach Report

“We found significant variation in total data breach costs by organizational size. The total cost for the largest organizations (more than 25,000 employees) averaged $5.11 million, which is $204 per employee. Smaller organizations with between 500 and 1,000 employees had an average cost of $2.65 million, or $3,533 per employee. Thus, smaller organizations have higher costs relative to their size than larger organizations, which can hamper their ability to recover financially from the incident.” –IBM Security

Some other interesting findings:

Lost Business is the Biggest Cost of a Breach

The loss of customer trust that accompanies a data breach translates into significant financial loss for businesses. The study found that the average cost of lost business attributable to a breach was $1.42 million or roughly 36% of the total average cost of a breach which now clocks in at a substantial $3.92 million.

Costs Linger for Years

Approximately 1/3 of data breach costs manifest more than one year after the incident occurs. So, while roughly 2/3 of the costs happen relatively quickly it can take upwards of 3 years or longer for all of the costs to work through the organization. The study found that the more regulated the environment the organization plays in the more evenly the costs are spread out over the first 3 years.

Breach Life Cycles are Getting Longer

As compared to previous years, the time between a breach incident and full containment of that breach is getting longer. This year’s report found a lifecycle increase of 5% vs. 2018.

Malicious Attacks are the Most Common and Most Expensive

This of course is bad news for all since the amount of breaches being caused by malicious attacks is growing by leaps and bounds. As compared to 2014, the share of malicious breaches has grown by 21% and now represents 51% of all breaches. And, because the life-cycle of a malicious breach tends to be longer their costs are also elevated. As compared to the average human error breach the average malicious attack costs roughly 27% more.

Prevention is Less Expensive than Recovery

As with most things, Ben Franklin’s adage “an ounce of prevention is worth a pound of cure” holds true when it comes to data and network security. Here at Konsultek we help our customers of all sizes and across all industries cost effectively prevent data loss by developing custom security solutions that fit their unique needs. So, if your organization agrees with Mr. Franklin, please give us a call sooner, rather than later to learn about how we can help you get an ounce of the right kind of prevention.

No More Ransom Helps Victims Avoid $108 Million in Ransom so Far

In just 3 short years No More Ransom, an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and McAfee, has prevented ransoms of $108 million by allowing users to decrypt their files using free tools. That, according to Europol as reported on July 26th.

No More Ransom provides a platform for law enforcement and IT security companies to collaborate with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.

Thank You Contributors!

Amazon AWS and Barracuda host NoMoreRansom.org and a veritable who’s who of anti-virus and security companies have donated encryption keys including but not limited to:

  • Emisoft
  • Avast
  • Bleeping Computer
  • Bitdefender
  • Kaspersky
  • Check Point
  • McAfee

Source: Europol Infographic

200,000 Victims Helped

In its 3 year life over 3 million users from around the world have visited the site and more than 200,000 victims have been helped. 2019 has so far seen the addition of 14 new tools bringing the total number of different ransomwares that can be decrypted as of the July 26, 2019 press release to 109. Nearly 40,000 people have successfully decrypted files ransomed by GandCrab alone, saving roughly $50 million in ransom payments.

“When we take a close look at ransomware, we see how easy a device can be infected in a matter of seconds. A wrong click and databases, pictures and a life of memories can disappear forever. No More Ransom brings hope to the victims, a real window of opportunity, but also delivers a clear message to the criminals: the international community stands together with a common goal, operational successes are and will continue to bring the offenders to justice.” – Steve Wilson, Head of Europol’s European Cybercrimme Center (EC3)

Who is Your Security Partner?

No More Ransom is a shining example of the security success that can be achieved by partnering with the top security firms in the world. That same philosophy is at work every day at Konsultek. Our partner providers represent the best-in-class solutions for all facets of network security and our security solutions in turn provide our clients with holistic best-in-class solutions for their networks.

If you’re ready to take your security to the next level we’re here to help. Simply call us or hit us up on our contact form.

Equifax has Settled! What’s in it for You?

As reported on Fox Business Equifax has reached a proposed settlement with the Federal Trade Commission that could cost the company up to $700 million for their 2017 data breach. That breach, large by any standards, revealed the personal information of 147 million individuals (roughly half the US population), including social security numbers and has been and will likely be an ongoing catalyst for identity theft.

What Equifax is Offering?

As reported so far, the terms of the Equifax deal are as follows:

  1. Up to $20,000 for out-of-pocket costs incurred as a result of the breach. While you will not have to prove that your identity theft was a direct result of the Equifax breach, you will have to show that your particular situation could have arisen from the data stolen from Equifax.
  2. $25/hour for time spent addressing the breach. You may be eligible for up to 20 hours of personal time wasted dealing with the fallout of which 10 hours can simply be “self-certified” and will not require significant documentation.
  3. Ten years of free credit monitoring or a $125 cash payment. The monitoring will be done by a 3rd party and will include credit reports from the top 3 agencies, Equifax, Experian and TransUnion for the first 4 years as well as $1 million in identity theft insurance. Rather have the cash? You can get $125 and six free credit reports for 7 years instead.

How Will I Know What to do?

Equifax plans on emailing all affected parties 4 times, running social media and digital outreach campaigns, radio ads and print ads. You can also visit www.equifaxbreachsettlement.com or call them at 1-833-759-2982.

How Secure is Your Data?

At Konsultek our job is to keep our customers out of the news by preventing hacks and breaches. Our custom security solutions use a combination of technologies to prevent, detect and quarantine intrusions before they can cause damage. If you are unclear as to whether or not your security is up to the challenges of today’s hackers, we can help you find out.

Our team of experts is happy to provide an outside, independent and unbiased analysis of your network’s security. Simply give us a call or click here: https://konsultek.com/executive-risk-assessment/.

You’ll receive a complimentary Executive Risk Assessment. This assessment will not only show you the risk and impact to your most critical digital assets but demonstrate the likelihood of a breach happening.

© Copyright 2018 Konsultek