Fear is a fantastic way to spread malware, which is why hackers around the world are using the fear of a flu pandemic as a hook to install a nasty strain of ransomware.

Researchers at MyOnlineSecurity have detected a cunning email campaign which spoofs the Centers for Disease Control and bears headlines warning of a Flu Pandemic.

The message is short and to the point, explaining that a flu pandemic has been detected and urges recipients to read the attached document for further instructions to protect their families and help keep it from spreading.  The instructions also helpfully include the note that in order to view the document properly you’ll need to click the ‘Enable Editing’ button.

The attachment bears the name “Flu Pandemic Warning,” which reinforces the message itself. It’s an excellent choice from the perspective of the hackers, because they know that a relatively high percentage of those who receive this message from what appears to be a trusted agency will open it.

Unfortunately, the moment they open the file and click to enable editing, they doom themselves.  The word document is poisoned and contains scripts that will install the GrandCrab v5.2 ransomware on the victim’s machine, which will promptly lock their files and demand a hefty payment.

While this is a nasty and especially effective campaign, it’s not the only one that the creators of Grand Crab are engaged in.  Recently, the Chinese government issued their own alert, stating that beginning on March 11, various government departments were bombarded with phishing-style emails intent on installing ransomware on their servers.

All that to say, vigilance is more important now than ever.  There’s no telling how long this campaign will run, or what may come after it, but one thing you can be sure of.  They’re not going to stop.

We’ve known for some time now that the next big crisis the internet will have to come to grips with is the dramatic rise of the Internet of Things (IOT).

The Internet of Things is made up of any and all devices, and their components, that connect to each other and the internet.  Including cell phones, computers, coffee makers, washing machines, and anything you can think of.

The problem isn’t with the devices themselves, which are enormously helpful and rapidly growing in their popularity.  Rather, it lies in the fact that the overwhelming majority of IoT manufacturers have been notoriously lax when it comes to building even basic security protocols into the goods they make and sell.

The lack of security and complete absence of security has made the Internet of Things the new “low hanging fruit” of the internet.  Hackers have been happy to take advantage of the incredibly easy access.

Kaspersky Lab has recently given us hard numbers to provide a sense of the scope and scale of the problem.

Last year, the company detected a total of 32,615 malware infections on IoT devices.  In just the first six months of this year, the company has spotted 121,588 infections on IoT devices, representing a staggering 273 percent increase.

Far and away, the most commonly compromised devices were routers. Behind them were a whole raft of other IoT devices including smart TVs, refrigerators, DVRs, printers, washing machines and more.

Earlier this year, the FBI issued a public service announcement in a bid to warn users of the dangers of unsecured devices.

These can be slaved by hackers to create enormous botnets like the one that brought down the internet on the entire eastern seaboard earlier this year.  However, if they are connected to your home or office network, they provide a perfect launchpad for attacks against other network connected devices.

Sadly, manufacturers to this point have shown little interest in beefing up the security of the devices they sell, so the problem is likely to get much worse before it starts getting better.

Questions about Cybersecurity or need assistance? Contact us today.

Used with permission from Article Aggregator