There has been a great deal of media attention concerning the ‘Gameover ZeuS & Cryptolocker’ threats this week, particularly since the NCA Announcement on Monday, 2nd June 2014. A handful of SureCloud clients and partners have been in contact with us for expert guidance and recommendations to help mitigate the threat.
The size and scale of the operation behind this attack is far greater than any other seen in recent times. The success rate of the attacker/s has been high which in turn has led to exceptional growth and spread of these threats. The only reason for the intense level of attention is due to the sheer volume of infections and extent of the botnet’s control over infected machines. Nothing however is ground breaking and the attack vectors, exploitation techniques and delivery methods are no different from many other infections.
The NCA and other law enforcement agencies have shut down a large portion of the command and control networks used by the attackers. They have ‘estimated’ a two week window for the criminal organisation/s behind these attacks to be fully functional again, this window may be longer or much shorter.
The risk of these similar threats are:-
In spite of the ‘frenzied panic’ depicted in the media, being infected does not necessarily lead to an immediate compromise of your bank account, credit cards, website passwords or other secrets. The delivery mechanism for both of these threats is ‘usually’ via spear phishing. A user or batch of users will receive an email with either a hyperlink to a website or malicious attachment which they are encouraged to open. If clicked/opened, the machine will be infected via a browser-based or third party software-based vulnerability (e.g. Adobe Reader, Flash, Java Runtime etc.).
https://nakedsecurity.sophos.com/2013/10/18/cryptolocker-ransomware-see-h…
https://blogs.sophos.com/2014/06/02/heres-how-you-can-help-stop-gameoverz…
https://www.pcadvisor.co.uk/how-to/security/3523019/how-protect-your-pc-f…
https://blogs.mcafee.com/mcafee-labs/game-zeus-cryptolocker
Should you wish to discuss this or any other threats, please contact the SureCloud team today by opening a Support Ticket (https://secure.surecloud.com) or sending an email to support@surecloud.com.
Whilst every effort is made to ensure the accuracy and robustness of any information presented, it is not possible for SureCloud to test every possible scenario an organization may face, and SureCloud cannot be held liable for any loss or damage which may arise from taking action on any of the contents provided. SureCloud strongly advises that all recommendations, solutions and detection methods detailed, are thoroughly reviewed and tested in non-production environments before being considered suitable for production release, in-line with any existing internal change control procedures.