Dangerous new vulnerabilities including ransomware and a new WordPress flaw continue to catch many IT departments by surprise. According to recent reports, CryptoLocker variations encrypt local and mapped drives, and one strain focuses on video gaming files.

On a ransomware-infected PC, a message displays stating that decryption requires payment. Ransomware infects PCs via emails purporting to be from authentic computer security companies or falsified websites.

In October 2014, the malware spread via fake video advertisements on YouTube and infected about 113,000 PCs with ransomware in the U.S. in one month.

Ransomware in Asia is now being localized with the Crypt010ocker variant, which translates menu screens according to the victim's IP address; meanwhile, Koler mobile ransomware targets the Canadian market and locks up screens with fake government warnings, and both show signs of expansion.

The Internet Crime Complaint Center said businesses and individuals submitted 2,275 ransomware complaints from June 1, 2014, to March 31, 2015, with reported losses totaling more than $1.1 million. About 30% of ransomware victims pay to regain their data according to Irving, Texas-based cybersecurity firm Trend Micro.

Stu Sjouwerman, CEO of the Clearwater, Fla.-based IT security awareness training firm KnowBe4, said, “Users can become complacent or be tricked by social engineering by clicking on a malicious link buried in a spear phishing email or being redirected to a bad site and clicking on something they shouldn't.”

Sjouwerman added that IT departments believe their anti-virus systems have them covered but the average window of exposure is 17.5 hours before a signature that blocks the phishing attack becomes available.

“And surprisingly often, backups turn out not to work or it takes days to restore a system,” he said. “Today, an essential, additional security layer is to train your users to become part of your human firewall.”

Meanwhile, a new vulnerability threatens millions of websites running WordPress.

Read more: The new WordPress vulnerability resides in its Twenty Fifteen package …

According to a blog post published Wednesday by security firm Sucuri, the cross-site scripting (XSS) vulnerability resides in genericons, a package that's part of a WordPress theme known as Twenty Fifteen. The XSS vulnerability, installed by default, is “DOM-based,” meaning it resides in the document object model that dictates how text, images, headers and links are represented in a browser.

DOM-based XSS attacks require the target to click a malicious link. Once an administrator takes bait while logged into a vulnerable WordPress installation, the attackers can gain full control of the site.

In March, web attackers exploited a known vulnerability in a WordPress plug-in with an available patch to place an ISIS flag banner on home pages of numerous North American web sites.

Recent research sponsored by KnowBe4 shows email phishing attacks are now the number one source of data breaches with human error at the core. The study shows 67% of respondents say malware penetrated their corporate networks through email, with web surfing a close second at 63%. Another 23% say malware has infiltrated their networks but they still don't know how. The latest Verizon report shows that approximately 23% of recipients click on a phishing email. Recovering from such a tactic, even if backup works, can take hours or days.

Sjouwerman added, “Businesses that do not train their staff report annual losses of four times greater than those who do. It is much less expensive to train your staff with an effective program like the Kevin Mitnick Security Awareness Training than suffer the consequences of a data breach and loss of customer confidence.”

The rule “Patch Early, Patch Often” still applies, but these days, better to “Patch Now” on all workstations for both OS fixes and third-party apps, Sjouwerman recommended. He said to make sure your Backup/Restore procedures are in place, and regularly test to see if the restore function actually works, a step that's often overlooked.

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).