[IS&T Security-FYI] Security FYI Newsletter, January 7, 2015

Wed Jan 7 10:04:18 EST 2015

In this issue:

1. Fake MIT Emails Become More Sophisticated
2. Malware Identified from Attack on Sony
3. A Strong Argument for Backing Up and Virus Protection

----------------------------------------------------------------
1. Fake MIT Emails Become More Sophisticated
----------------------------------------------------------------

Cyber criminals are getting more savvy with their attempts to scam potential victims using phishing emails.

It’s likely that once a company or organization has fallen for several scams in the form of phishing emails, the criminals sending them may realize that after time, the targeted organization has learned from previous attacks. The organization becomes harder to fool, so the same group of criminals will attempt more sophisticated attacks on the organization. They step up their efforts by using language and information in their phishing emails that makes their emails harder to spot as being bogus.

Learn how to spot these bogus emails. There are examples in The Knowledge Base (kb.mit.edu<http://kb.mit.edu>) of these more sophisticated — as well as obvious — phishing attempts, all using fake MIT information to scam recipients:

Examples of phishing emails that appear to come from MIT<http://kb.mit.edu/confluence/x/VxhB>.

--------------------------------------------------------
2. Malware Identified from Attack on Sony
--------------------------------------------------------

US-CERT has released an advisory<https://www.us-cert.gov/ncas/alerts/TA14-353A> regarding the sophisticated malware that the attackers of Sony Pictures used. According to the advisory, the attackers used a Server Message Block (SMB) Worm Tool to disrupt the company’s infrastructure. The tool is equipped with five components, including a listening plant, a lightweight backdoor, a proxy tool, a destructive hard drive tool and a destructive target cleaning tool.

According a Securityweek article:<http://www.securityweek.com/hackers-used-sophisticated-smb-worm-tool-attack-sony> “The SMB worm propagates through an infected network via brute-force authentication attacks, and connects to a command and control (C2) infrastructure with servers located in Thailand, Poland, Italy, Bolivia, Singapore and the United States.”

An organization infected with this malware could experience operational impacts, including loss of intellectual property and disruption of critical systems.

Users and administrators are recommended to take preventative measures, such as using and maintaining anti-virus software, keeping software up to date, reviewing security tips for handling destructive malware<https://www.us-cert.gov/ncas/tips/ST13-003> and reviewing practices for control systems with defense-in-depth strategies.

-----------------------------------------------------------------------------
3. A Strong Argument for Backing Up and Virus Protection
-----------------------------------------------------------------------------

A recent article in the NY Times, “How My Mom Got Hacked,”<http://www.nytimes.com/2015/01/04/opinion/sunday/how-my-mom-got-hacked.html?_r=0> tells the nightmare story of how a woman had 5,726 files locked by the CryptoWall attackers.

CryptoWall is the updated version of CryptoLocker Ransomware<http://kb.mit.edu/confluence/x/IC4YCQ>. The modus operandi of the CryptoWall attackers is to install malware on your machine that locks your files or hard drive using encryption which only they can unlock. To get your files back, they demand a ransom. To pay the ransom, you have to purchase Bitcoins.

If you find yourself in this situation, unless you have information in your files that is deeply personal and if exposed would be embarrassing, or cause harm to others, the recommendation by the FBI is to not pay the extortionists.

It’s easier to do this if you don’t need the files back and have made backups. So back up your files often using an external drive or a cloud backup service. MIT offers CrashPlan<http://ist.mit.edu/backup> for students, faculty and staff.

Using anti-virus software and keeping your operating system and software up to date will protect you from getting infected with CryptoWall-type malware. Learn more about virus protection at MIT<http://kb.mit.edu/confluence/x/GwXn>.

=======================================================================================
Read all archived Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
=======================================================================================

Monique Buchanan
IT Security Communications Coordinator
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu/secure
tel: 617.253.2715

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20150107/1830a251/attachment.htm