New Evil Locky Ransomware Strain Evades Machine Learning Security Software

ransomwareHere is the latest tactic in the cat-and-mouse game between cybercrime and security software vendors. The bad guys have come up with new a ransomware phishing attack, tricking users to open what appears to be a document scanned from an internal Konica Minolta C224e.

This model is one of the most popular business scanner/printers in the world. The emails are written to make the user think that the communication is from a vendor.

Basically, Locky is back with a vengeance and a whole new bag of evil tricks.

The campaign launched Sept. 18 features a sophisticated new wrinkle, enabling it to slip past many of the machine learning algorithm-based software sold by some of the industry’s most popular vendors, said security firm Comodo.

“The method of phishing is by an attachment of an email; the attachment is disguised as a printer output, and it contains a script inside an archive file,” said Fatih Orhan, vice president of Comodo Threat Research Labs. “These are not enough to make a phishing detection.”

This is the third recent massive Locky attack

The third in an increasingly sophisticated series of ransomware attacks launched this summer is dubbed IKARUS by Comodo, some other security vendors are calling it Locky Diablo6.

As in previous attacks, the Eastern European Locky cyber mafia is using a botnet of zombie computers which makes it hard to simply block by IP.

“Employees today scan original documents at the company scanner/printer and email them to themselves and others as a standard practice, so this malware-laden email looks quite innocent but is anything but harmless,” the report continues.

The most innovative hook of this new feature involves the way these criminal hackers manage to evade spam filters.

Here is how it evades machine learning

“Machine learning algorithms need to extract the attachment, open the archive, extract the script and understand it has a malicious intent,” said Orhan, the Comodo research head. “But usually, these scripts contain just a download component and do not have malicious intent on their own.”

“That’s why even machine learning is not sufficient in making these kind of detections,” he continued. “Complex solutions are needed to run the script dynamically, download actual payload, and perform malware analysis to conclude that it is phishing.”

In other words, it looks like that again the bad guys are ahead of your spam filters, whether that is a traditional or new machine-learning flavor.

Now, the Locky payload still ultimately uses an executable file written to disk, so your endpoint security may be able to block it. There are other types of attacks that take advantage of machine learning blind spots (fileless attacks, for example), but this isn’t one of them. What the bad guys behind Locky count on is cranking out so many new variants that antivirus (even some machine learning ones) won’t recognize and block it.

How vulnerable is your network against a ransomware attack?

Bad guys are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

KnowBe4’s “RanSim” gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 10 infection scenarios and show you if a workstation is vulnerable to infection.

This will take you 5 minutes and may give you some insights you never expected! Get your complimentary download of RanSim here:
https://info.knowbe4.com/ransomware-simulator-tool-1chn

Telemarketers Just Got Harder to Stop

New technology allows users to leave voicemail without phone ever ringing

Telemarketer Voicemails

ERIK KHALITOV/GETTY IMAGES

Developers of the backdoor voicemail argue that the “do not call list” does not apply

We have all received them, on our home phone or cellphone — a telemarketer trying to sell us a product or service. Some of us simply ignore the call, others answer and quickly hang up, while some do listen to the telemarketer’s message. Soon, however, we might not have any of those options; telemarketers have a direct way into our voicemail.

Ringless voicemail is a new technology that allows users to leave you a voicemail through a back door, without the phone ever ringing. There is growing concern that this capability can allow telemarketers to flood your voicemail, causing you to miss important messages.

The technology has been successfully used for hospitals, schools and churches, and developer Josh Justice, CEO of Stratics, says he believes it can be a success in other ways. Justice told NBC News: “Ringless voicemail drops are a non-nuisance form of messaging and are an alternative to robocalls. It really does put the power in that consumer’s hand where they can essentially listen to the message or not listen to the message.”

There are consumer protection laws that restrict some telemarketing, but it’s unclear if ringless voicemail falls under the restrictions. The providers of the technology and business groups contend that since the phone doesn’t ring, it’s not a call — and therefore exempt from the current laws, the New York Times reported.

A provider of the service has already filed a petition with the Federal Communications Commission to officially allow it. The commission has been accepting public comments on the issue, but hasn’t given a timetable of when it would make a decision.

Politicians are divided on the issue, as it could also restrict their use of the service for campaign purposes.

As of now there is no way to block the unwanted voicemails. Phones don’t yet have a spam feature comparable to those on emails, and developers of the backdoor voicemail argue that the “do not call list” does not apply. You can comment on the petition, or contact the FCC to file a complaint.

Are you tired of your inbox filling with spam?

too much spam

Wouldn’t it be great for all of that spam to be filtered BEFORE it hits your phone, computer and other devices?

Wouldn’t it be great if you could also filter email you want to read later, but not have it clutter your inbox?

My email account is over 22 years old and is probably on hundreds of thousands of email lists out there.

After a few years of use, I recommend Spamdrain.  It captures 99% of the spam I would otherwise have to deal with on all of my devices.  I’ve tried numerous spam filters over the years and this, is by far, the best, hands off, automated system I’ve found.

It also holds as “Marketing/Newsletter”, email I may want to read later like ads from companies I like and information I may want to see at another time.

You get all of this for $16.99 annually.

What are you waiting for?  Get Spamdrain now!

Positive SSL