Risk Radar Free Cyber Newsletter – Mar. 15, 2016

Locky ransomware menace is spreading
Locky ransomware continues to spread over the internet at a growing rate. A large uptick in malware spams have been seen by Trustwave using JavaScript attachments to spread the ransomware. As always a robust offline backup solution and incident response support and procedures are key to managing a ransomware attack. 4D5A Security offers an affordable annual retainer program to provide 24×7 support when you need it most.
Hackers have been offered a golden ticket to attack the Pentagon
The DoD is inviting vetted hackers to hack the Pentagon to test their security. The program is modeled after bug bounty programs of companies like Microsoft, Google, and Facebook.

Report—US to Blame Iran for Cyberattack on a N.Y. Dam
The US is attributing blame for a 2013 cyber-attack against a New York dam. Government investigators have attributed the attack to hackers working for the Iranian government. A security expert notes that there could have been for-profit motive in the attack. The integration and interdependence of cyber within critical infrastructure and SCADA systems is a troubling reality when understood as accepted risk in relationship to remote nation-state adversaries.

Security News This Week: Hackers Spoil Their $1 Billion Bank Heist With a Typo
The spelling mistake prevented a big payday by hackers going after Bangladesh Bank. The misspelling of “foundation” as “fandation” caused bank authorities to investigate the transfer order. Thank godness we never make any such speling mistakes!
Hackers Target Anti-DDoS Firm Staminus
A internet hosting provider (Staminus) that specializes in protection against distributed denial of service (DDoS) has been attack with a DDoS. Hackers posted sensitive data from Staminus during the DDoS attack. The reason for the attack is not known at this time. The article speculates that the customers of Staminus may have been the reason for the attack as the Ku Klux Klan, a white supremacist group, is a client.
Jimmy Kimmel Asks What Is Your Password?
This video from Jimmy Kimmel shows the hardest thing to secure in information security, the human being. Perhaps a great way to provide some user-awareness training while also getting a belly laugh out of our broken humanity and passwords. I love how people reveal the information for their passwords so easily, just like they do on social networking and websites.