Risk Radar Free Cyber Newsletter – Oct 26, 2016

Following Lull, New Campaigns Pushing Retooled ‘Pumpkin’ Locky
Locky ransomware is getting into the Halloween season with a new wave of emails with malicious .zip archives. These phishing emails use a receipt ploy to get people to open the .zip files. The article makes the case that Locky ransomware is on the cutting edge of ransomware, they consistently change and adapt to current situations.

Request the Ransomware Epidemic whitepaper from 4D5A Security for more information on how to defend against ransomware.

Dyn DDoS Work of Script Kiddies, Not Politically Motivated Hackers
Researchers are moderately confident that the Dyn DDoS attack is the work of script kiddies using Mirai malware. They are linking the attack to the Hackforums community. The government is still researching to verify the initial findings. Mirai malware scans the internet for known IoT devices and uses them in DDoS attacks.

Staying ahead of threats: Growing dangers
It is a constant battle to stay ahead of the threats facing business today. This article covers many of the threats that people are facing today, it also covers ways to defend against these threats. A more long term solution with software is the integration of security and DevOps.

EC3 warns of mobile malware threat
It should come as no surprise that the European Cybercrime Center (EC3) is stating the importance of protecting mobile devices from malware. The article comes from a European Union perspective, but it covers all mobile devices
Researchers Leverage Voicemail Flaw to Compromise Messaging Apps
There is an interesting voicemail flaw that is being used to attack messaging apps like Telegram, WhatsApp, and Signal. An old voicemail caller-ID spoofing flaw can be used to get activation codes sent by the messaging apps. The details of the attack are described in the article.
Being the Adult in the Room
Working in security can be a hard job. There are so many distractions that can take a business off course. A CISO and a security staff can help to identify the best defense-in-depth strategy consistent with the companies risk profile. This can go a long way to minimizing the distractions and potential losses all companies deal with.