Crypsis … periodically | August 2017

Ransomware Keeps the Spotlight …

We were recently at Black Hat USA in Las Vegas, one of the world’s leading information security events. It certainly feels like the conference gets bigger every year and based on what we saw in the exhibit hall, there is a lot of focus on security analytics.

Also during the conference, Google released an interesting study. Using calculations based on bitcoin payments and blockchains, the researchers were able to determine who the top ransomware earners are. Leading the pack was Locky at $7.8 million in payments from victims, followed by Cerber at $6.9 million. Not even close to that were the two highest profile ransomeware attacks this year, WannaCry and NotPetya. The researchers said Locky pulled in more than 28 percent of the $25 million earned by ransomware since 2016 because its authors focused on keeping development separate from distribution. Meanwhile, Cerber has been using an affiliate model that has enabled it to sustain income of $200,000 a month. They also identified Spora as a ransomware to watch due to its high level of customer support in navigating payments and getting immunity from further attacks.


OfNote@Crypsis …

Joining the Crypsis team as Principal Consultant in New York City is Thomas Harris-Warrick, a digital forensics expert who will lead data breach investigations and response strategies for our clients. Thomas has nearly a decade of professional experience in computer incident response, internal investigations, and network-based analysis across a wide range of civil and criminal matters.  He comes to Crypsis after nine years at the cyber security firm Stroz Friedberg, where he organized and managed investigative teams to probe and respond to cyber incidents, uncover the activities of threat actors, and develop forensic tools to expose the presence of malware on remote systems.


What We’re Reading …

The latest “State of the Phish” report from security technology firm Wombat – This year’s report, compiled from tens of millions of simulated phishing emails, as well as from survey responses involving more than 500 security professionals and more than 1,000 end users, offers insights into what proactive organizations are doing to better train their end users to identify and avoid phishing messages. In the survey of infosec professionals, 76% reported being the victim of a phishing attack in 2016, but that was down 10% from the previous year.  Half reported that the rate of phishing attacks is increasing, but that was down 15%, while 45% said the rate of attacks was decreasing.      At the end user level, though not scientific, the results indicate that training on how to spot phishing scams is working and phishing attacks appear to be slowing, but also that risky behaviors are still a problem and there is more work to be done to educate end users on how to stay safe online.  Download the report. 


In our webinar series “Tales from the Crypsis,” our experts discuss the latest in cyber security challenges.  All of these webinars are archived and can be streamed on demand – you can find a complete listing and links on our website.

Here’s the newest one that is available for viewing…

Tales from the Crypsis:  What’s the Plan (Stan)? – A heavyweight champion once summed up prizefighting this way, “Everyone has a plan until they get punched in the face.” Companies spend large amounts of time, money, and effort to proactively harden their networks and keep bad actors out. But what happens when threat actors still manage to circumvent those efforts? During this 30-minute, on-demand webinar, The Crypsis Group’s Kirstie Failey and Jason Rebholz review best practices in developing and implementing an effective Incident Response plan and discuss key components every plan should include – with tips for how you can test your organization’s readiness. View the webinar.

Register Now for Our Next Webinar:  Cyber School is in Session, Thursday, September 07, 2017 – 2:00 PM In the course of our work at The Crypsis Group, much of what we encounter are common issues that plague organizations of all sizes. In this Back to School session, our cyber experts will share their real-world experiences and offer suggestions for how your organization can guard against and respond to cyber attacks.  We will address common mis-steps and how to avoid them, a legal perspective on legislative and policy changes you should be aware of, and practical advice on training and pre-breach resources your organization can employ to better safeguard your network.  Go to the registration site.