KnowBe4 Security Awareness Training Blog

Criminal Hackers Steal Your Database? See You In Court

Posted by Stu Sjouwerman on Jul 3, 2015 1:45:00 PM

Jim Flynn wrote: "Helping to demonstrate that every cloud has a silver lining if you look hard enough, hacking has proven to be of great benefit to the legal profession. That's because every major hacking event has resulted in a flurry of litigation.

For example:

- Sony Pictures Entertainment is being sued in a class-action lawsuit initiated by nine former employees who claim the company failed to take adequate safeguards to protect personal information.

- Shortly after the Anthem data breach this year, the company was sued in several lawsuits alleging the company did not take adequate measures to secure its data.

- Target, in the aftermath of the massive breach it suffered in late 2013, has agreed to pay $10 million in damages to settle a class-action lawsuit brought on behalf of individuals whose personal information was compromised.

But that's not all. There is also a widespread finger- pointing exercise going on involving merchants who accept credit card payments, banks where merchants deposit their credit card payments, banks that issue credit cards, and credit card payment system companies such as MasterCard and Visa.

The reason is, when a data breach involving credit card information occurs, federal law protects card holders from liability for unauthorized transactions. Losses, therefore, initially fall on credit card issuers, which are, for the most part, banks.

Read More

What KnowBe4 Customers Say About Us July 3, 105

Posted by Stu Sjouwerman on Jul 3, 2015 1:09:38 PM

Hi Stu,

"We're happy with the product. Getting good feedback from users who've gone through the programme and my management is highly impressed with the quality of the information given. We've also been leveraging the CyberheistNews advisories into our own infosec newsletter.

"The real clincher through is the phishing tests. The broad range of e-mails makes sure they don't get stale and I personally can't wait to roll out the new ISIS one after the Canada Day holiday here but before the July 4th in the US one. Hoping to bag alot of folks who haven't made the time to take the training. I have to present metrics to my management every week on the progress of this security awareness training programme. Your offering makes it easy to set different KPIs related to our awareness programme.

"I've tried to pay it forward and recommend this training to our clients as it was recommended to us. I hope a few of our more security conscious clients have called or e-mailed KnowBe4 as when I demo'ed what we had done internally they were mightily impressed." - Regards, Dave / Senior Network Analyst

Read More

OPM Phishing Attack: "Your Data Was Hacked, How To Protect Yourself"

Posted by Stu Sjouwerman on Jul 3, 2015 10:24:04 AM

And yes, as we predicted, there are now phishing attacks that mimic Office of Personnel Management (OPM) data breach notifications. The breach has expanded to millions more records.  It now looks like 14 million -- and who knows how many more --  have been exfiltrated to China. Anyone who works for the government or has worked for it in the past must now worry about scammers trying to capitalize on the data that was stolen. 

Read More

Scam Of The Week: Payment By Facebook Friend

Posted by Stu Sjouwerman on Jul 2, 2015 5:37:00 PM

As of last Tuesday, Facebook has switched on person-to-person (P2P) payments for users in the US to "instant-message" money to their friends, using the debit cards connected to their bank accounts.

Fantastic idea. What could go wrong? It's time for a scam of the week post.

Essentially, how it works is pretty simple.
  1. Start a message with a friend
  2. Tap the $ icon and enter the amount you want to send
  3. Tap Pay in the top right and add your debit card to send money

To receive the money, you open your friend's conversation, click Tap Add Card in the message and add your debit card to accept money for the first time. After you've added a debit card to your Messenger
account, you can also create a PIN for additional security the next time you send money which arrives after one to three business days.

Facebook claims they are not using credit cards to reduce fraud and fees. They also promise they have wrapped the whole system in secure layers with encrypted connections between users and itself and "layers of software and hardware protection that meet the highest industry standards."

"Trust us!" Facebook says, pointing out that it's been processing transactions for game players and advertisers since 2007 and at this point is processing over 1 million transactions daily.


Read More

Confidence In Antivirus Falls To All-time Low

Posted by Stu Sjouwerman on Jul 2, 2015 11:17:00 AM

Bromium is a company with a new antivirus mousetrap, so it will try to make old mousetraps look, well... old.

However, they do point out correctly that traditional antivirus is starting to get smelly. They are repositioning antivirus as "detection" tools and present themselves as "prevention", which in itself is a bit of a cheesy marketing tactic.

Their recent survey showed confidence is waning in traditional detection-based security solutions, such as antivirus and firewalls. Instead, interest is shifting toward prevention-based security solutions, such as endpoint threat isolation. However the number one worry had nothing to do with technology. 

Users are the Greatest Risk To The Organization

When asked, “which do you feel are the greatest areas of risk to your organization?” the overwhelming response was the user, which makes sense considering their tendency to click on anything, open anything and circumvent security controls that they find restricting. 

Read More

CyberheistNews Vol 5 #26 FBI Alert: Latest CryptoWall Ransomware Damage More Than $18 Million

Posted by Stu Sjouwerman on Jun 30, 2015 9:16:00 AM

CyberheistNews Vol #5 #26 June 30, 2015

FBI Alert: Latest CryptoWall Ransomware Damage More Than $18 Million

The latest version 3.0 of CryptoWall, descendant of the infamous CryptoLocker, is the most advanced and most damaging ransomware in the wild at the moment, specifically targeting U.S. businesses and individuals. We have been sounding  the alarm about CryptoWall in CyberheistNews since last year, and its magnitude  is now confirmed by law enforcement to some degree.

The FBI, through their Internet Crime Complaint Center (IC3), released an  alert on June 23, 2015 that between April 2014 and June 2015, the IC3 received  992 CryptoWall-related complaints, with victims reporting losses totaling over  $18 million. And that is only the reported part, the estimate is that the actual infections are at least two or three times more. Going by the reported incidents only, it's a $70 million per year criminal enterprise, but in reality  it looks more

like $200 million which is unbelievable. Link:

Some quick math shows $18,145 in costs per victim, caused by network  mitigation, network countermeasures, loss of productivity, legal fees, IT  services, and/or the purchase of credit monitoring services for employees  or customers. As you can see, the total costs of a ransomware infection  goes well above just the ransom fee itself, which is usually around $500 but can go up to $10,000. 

The four infection vectors sorted by frequency:

    1. Phishing email with infected attachment

    2. Phishing email with malicious URL

    3. User clicks on infected ad

    4. User visits infected website
By far the most used vector at the moment is phishing emails that have a zipped attachment that claims to be the resume of a girl. Open it up and unzip it, and a page opens up with a link to another zipped file which  contains the payload. This tactic bypasses all antivirus engines and relies  on social engineering your end user. A few months ago they used poisoned help-file attachments, and they continue to innovate fast to stay ahead of the spam filters.

You probably know that defending a workstation against another workstation that has been compromised has a relatively good chance of success. However,  defending a workstation against a malicious server is very difficult. This gang  also uses malicious URLs which when clicked drive the user to a compromised  website with an exploit kit. These exploit kits scan for known vulnerabilities in hundreds of applications that may not have been patched and can own the workstation in literally less than one second.

That is what infection vectors 2, 3 and 4 ultimately use, drive users to that  compromised website and infect the workstation and network that way. It can go through a URL that drops the user onto that site, or an ad that  redirects the user that way, or they compromise a site the user visits  regularly and that is how they get infected.

It's a nasty business, and it's growing. You are dealing with a criminal hybrid of very high quality coding, used for sophisticated digital hijacking,  and supported by commercial-grade "customer service" which makes sure they  can generate cash from their malware. Ironically, these gangs are concerned  with their reputation in the market. If word gets out they do not decrypt,  their revenue stream will dry up because of bad word-of-mouth. 

What To Do About It

IBM recently warned against spear phishing attacks using the Dyre Trojan for cyberheists of more than $1 million at a time, and suggested policy and procedures to block these attacks. Obviously things like having recent  backups, excellent patching discipline and good filters at the network  edge are a given. Their recommendations are on the mark:

"Organizations will remain only as strong as their weakest link. Proactive  end-user education and security awareness training continue to be critical  in helping prevent incidents like the one described in this advisory.
    • Train employees on security best practices and how to report suspicious activity.

    • Consider conducting periodic mock-phishing exercises where employees receive emails or attachments that simulate malicious behavior. Metrics can be captured on how many potential incidents would have happened had the exercise been a real attack. Use these findings as a way to discuss the growing security threats with employees.

    • Offer security training to employees to help understand threats and measures they can take to protect the organization.

    • Provide regular reminders to employees on phishing and spam campaigns and that they shouldn’t open suspicious attachments or links from both work and personal emails.

    • Train employees in charge of corporate banking to never provide banking credentials to anyone. The banks will never ask for this information.
We could not agree more. New school security awareness training which combines web-based on-demand training by a social engineering expert, combined with  frequent simulated phishing attacks is a must these days to protect your  organization against these kinds of attacks. 

You can find this post at the KnowBe4 Blog here:

Ransomware Interview: Pay It Or Fight It?

Colin Neagle at Network World interviewed me as part of his article about the  pros and cons of paying the ransom if you get infected with criminal ransomware:

"Ask security experts what to do when hit with ransomware – the sophisticated  malware that infects a device or network, uses military-grade encryption to  restrict access, and demands payment for the decryption key – and you'll  typically get the same answer: "never pay the ransom."

"But for many, that's simply not an option. For example, last November an  employee in the Sheriff's Department in Dickinson County, Tenn., accidentally  clicked on a malicious ad and exposed the office network to the infamous  CryptoWall ransomware. Detective Jeff McCliss told local News Channel 5  that CryptoWall had encrypted "every sort of document you could develop  in an investigation," such as witness statements and evidence photos. 

"Even after consulting with the FBI and U.S. military, McCliss told the news  station that the only solution was to pay the $500 to the cybercriminals  to get their files back." You may come to the same conclusion if your backups fail. Read the whole interview here:

Warm Regards,
Stu Sjouwerman

Quotes Of The Week
" The good life is one inspired by love and guided by knowledge." - Bertrand Russell

" If you treat an individual ... as if he were what he ought to be and could  be, he will become what he ought to be and could be."  - Johann Wolfgang von Goethe
     Thanks for reading CyberheistNews

Security News

This Week's Five Most Popular HackBusters Posts

There is an enormous amount of noise in the security space, so how do you  know what people really talk about and think is the most important topic? 

Well, we created the HackBusters site for that. HackBusters grabs feeds  from hundreds of security sites, blogs and other sources. We track which  topics are most liked, shared, retweeted and favored, and we built an  algorithm that bubbles up the real hot topics and we tweet the #1.  Here are this week's five most popular hackbusters posts:
    1. World’s First 200Gb microSD Card Arrives:

    2. U.S. data hack may be much bigger:

    3. Computers used to issue flight plans allegedly breached:

    4. Google Chrome Silently Listening to Your Private Conversations:

    5. Google's Project to Offer Free Superfast Wi-Fi Internet to the World has Begun:   

Finally Some Good News: Europol Arrests Gang Behind ZeuS Banking Malware

The law enforcement agencies from six European countries have taken down a  major Ukraine-based cyber crime gang that was developing, distributing and  deploying Zeus and SpyEye banking malware. According to officials, the gang  has caused financial damages estimated at more than 2 Million Euro, but that  is a low-ball estimate.

According to the report on the Europol website, authorities arrested five  suspects on June 18th and 19th. All five cyber gangsters are accused of infecting  hundreds of thousands of computers worldwide with malware and banking Trojans.

"On the underground digital forums, they actively traded stolen credentials,  compromised bank account information and malware," Europol said in their  statement: "while selling their hacking ‘services’ and looking for new  cooperation partners in other cybercriminal activities."

Each cyber criminal of the alleged group had their own specialty. Also, the  cyber gang was involved in developing malware, infecting machines and trading  stolen bank credentials, malware, and hacking for hire services in underground  fraudster forums. More at:

Ammo To Get Approval For User Education

You may know Gartner, the 800-pound gorilla in the IT Analyst space.  When a market is mature enough they create their Magic Quadrant (MQ)  with the leading vendors in that particular space. Normally there are  hundreds of players in a mature market but only 20 or so of the actual  worldwide leaders make it on the MQ, and KnowBe4 is on it.

The Gartner Managing Vice President who covers the security awareness  training  market and manages this MQ is called Andrew Walls, here is his bio: 

Walls revealed some interesting numbers that may help you to get budget: The security awareness training market globally exceeds one billion in  annual revenue. This market is growing about 13 percent per year.

CISOs are increasingly turning to educational security awareness solutions. This is good ammo if you need to get budget approval to train your employees,  C-level peer pressure is a great incentive to hop onto a trend and not fall behind. 

InfoWorld's security guru Roger Grimes reviewed KnowBe4's integrated awareness training and phishing platform. It's great to send to executives  as an addendum to a business case for user education: Here is the article: 

Great Article In Washington Post: How Lopht Foretold Internet Disaster

This is great to read over a lunch break, it's got a great history of how the Internet was made with built-in vulnerabilities. They started out with:

"The seven young men sitting before some of Capitol Hill’s most powerful  lawmakers weren’t graduate students or junior analysts from some think tank.  No, Space Rogue, Kingpin, Mudge and the others were hackers who had come  from the mysterious environs of cyberspace to deliver a terrifying warning  to the world.

"Your computers, they told the panel of senators in May 1998, are not  safe — not the software, not the hardware, not the networks that link them  together. The companies that build these things don’t care, the hackers  continued, and they have no reason to care because failure costs them  nothing. And the federal government has neither the skill nor the will  to do anything about it.

“If you’re looking for computer security, then the Internet is not the place  to be,” said Mudge, then 27 and looking like a biblical prophet with long brown  hair flowing past his shoulders. The Internet itself, he added, could be taken  down “by any of the seven individuals seated before you” with 30 minutes of  well-choreographed keystrokes. 

"The senators — a bipartisan group including John Glenn, Joseph I. Lieberman  and Fred D. Thompson — nodded gravely, making clear that they understood  the gravity of the situation. “We’re going to have to do something about  it,” Thompson said. What happened instead was a tragedy of missed  opportunity, and 17 years later the world is still paying the price in  rampant insecurity. Read it and weep/enjoy:

Banks Get Attacked Four Times More Than Other Industries

According to a new report from Websense Security Labs, the average number of  attacks against financial services institutions is four times higher than  that of companies in other industries.

Criminals aren't just going after banks for their money, according to Carl  Leonard, principal security analyst at Websense. They're also using banks as  a vehicle to reach other victims.

For example, a compromised email account at a bank could allow hackers to  leverage the trust that customers have in their bank to reach out to their  business and retail customers.

"Typo-squatting also made a strong comeback this year, now in combination  with email-based social engineering tactics, at an average cost of $130,000  per incident." More:

Cyberheist 'FAVE' LINKS:
Copyright © 2014-2015 KnowBe4 LLC, All rights reserved.

Our mailing address is: 33 North Garden Ave Suite 1200, Clearwater, Florida, 33755
Read More

Patch Flash NOW Or Get Infected With CryptoWall

Posted by Stu Sjouwerman on Jun 29, 2015 12:00:00 PM

It is now urgent to patch any Adobe Flash Player machines in your network. Why? There is an exploit kit called Magnitude that now uses a recently patched Flash zero-day vulnerability. An emergency out-of-band update for Flash was released June 23-rd.

French researcher Kafeine reported that a sample he encountered was dropping two instances of Cryptowall ransomware on any Windows 7 computer running Internet Explorer 11. Cryptowall is a strain of ransomware that encrypts files on a victim’s computer and demands a ransom, generally paid in Bitcoin. The FBI last week said that consumers have reported losses of more than $18 million related to infections caused by this leading strain of ransomware

Flash vulnerabilities are a favorite attack vector for criminal hackers and nation-state groups because of the player’s ubiquity on Windows machines especially. These groups are moving quickly in developing exploits for patched vulnerabilities; Kafeine said it took only four days for this one to show up in Magnitude, for example.

Now that criminals have absorbed the exploits into Magnitude, they expect to turn a profit against unpatched machines by infecting them with Cryptowall, fast becoming one of the most prolific crypto-ransomware tools in use.

Read More

FBI Alert: Latest CryptoWall Ransomware Damage More Than $18 Million

Posted by Stu Sjouwerman on Jun 27, 2015 11:09:00 AM

The latest version 3.0 of CryptoWall, descendant of the infamous CryptoLocker, is the most advanced and most damaging ransomware in the wild at the moment, specifically targeting U.S. businesses and individuals. We have been sounding the alarm about CryptoWall in CyberheistNews since last year, and its magnitude is now confirmed by law enforcement.

The FBI, through their Internet Crime Complaint Center (IC3), released an alert on June 23, 2015 that between April 2014 and June 2015, the IC3 received 992 CryptoWall-related complaints, with victims reporting losses totaling over $18 million. And that is only the reported part, the estimate is that the actual infections are at least two or three times more. Going by the reported incidents only, it's a $70 million per year criminal enterprise, but in reality it looks more like $200 million which is unbelievable. 

Some quick math shows $18,145 in costs per victim, caused by network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers. As you can see, the total costs of a ransomware infection goes well above just the ransom fee itself, which is usually around $500 but can go up to $10,000.

The four infection vectors sorted by frequency:

  1. Phishing email with infected attachment
  2. Phishing email with malicious URL
  3. User clicks on infected ad
  4. User visits infected website
Read More

World's Most Famous Hacker Kevin Mitnick: IoT Is Exploitable

Posted by Stu Sjouwerman on Jun 26, 2015 11:09:00 AM

Clad in a blue suit and conservative necktie, KnowBe4's Chief Hacking Officer Kevin Mitnick no longer looks the part of the precocious teen who started hacking into computer systems while still in high school.

But when asked if any system is unhackable, there’s a youthful gleam in his eyes.

"I don’t know any system out there that’s impenetrable,” Mitnick told an audience of about 1,500 engineers at the Freescale Technology Forum (FTF) in Austin, Texas this week. “In our experience, when we are hired by clients to attack their systems, our success rate is 100%.”

Mitnick, who goes by “the world’s most famous hacker,” knows about computer vulnerabilities. His resumé is replete with conquests of 40 major corporations. He once had the dubious distinction of being on the FBI’s Most Wanted list, and spent prison time in solitary confinement because prosecutors feared he could break into NORAD computers from his cell and launch nuclear missiles.

The pictures show Kevin talking about security with Freescale Semiconductor CEO Gregg Lowe. 

At this week’s FTF conference, Mitnick focused on the growing influence of the Internet of Things (IoT), and the possibility of such applications being easily compromised. He suggested that the IoT has many of the same issues that now face corporate computer networks. Lack of encryption, authentication weaknesses, and password reset problems are just as likely to compromise the security of IoT applications, he said.

Read More

CyberheistNews Vol 5 #25 Scam Of The Week: Spoofed CEO Money Transfer Request

Posted by Stu Sjouwerman on Jun 23, 2015 8:52:59 AM

CyberheistNews Vol #5 #25 June 23, 2015

Scam Of The Week: Spoofed CEO Money Transfer Request

Heads-up, there is a real wave of this scam going on at the moment. I would copy and paste this section plus link to the story on our blog and send it  to your CEO, CFO/Controller and/or Compliance officer right this minute.

The scam goes like this. The criminals are monitoring emails between the CEO and CFO for months and wait till the CEO is on a business trip. How do they monitor email? They either have credentials obtained somehow, hacked the email server or they have a keylogger on the machine(s) of the CEO/CFO. Remember, per the FBI there are two kinds of people; the ones that know their network has been penetrated, and the ones that don't.

Cybercrime has gone pro, and this scam comes well prepared. The bad guys have registered a domain name that looks very much like your existing one, they spoof the CEO's "from" address, and give the CFO or someone in Accounting specific instructions to transfer a large amount of money to a foreign bank for some very believable reasons, like an acquisition or large equipment purchase. The request looks very, very  real and ask for urgency and confidentiality.

Here is a recent, real story of a publisher that recently lost $1.5m in a  phishing scam like this, and what happened with their CEO:

The 5 Security Awareness Training Generations [CARTOON]

Today, your employees are frequently exposed to advanced phishing and ransomware attacks. Your users are the weak link in your IT security. There are 5 ways (generations) to train end-users.

Take 1 minute, check out the cartoon over at the KnowBe4 Blog:

Participate In Scientific Awareness Training Research

We are looking for a few organizations of 100+ employees that are willing to participate in a scientific study regarding security awareness training. You cannot be an existing KnowBe4 customer, and we would like you to be  in finance, manufacturing and/or healthcare. The study requires employees to fill out a short 6-question survey before the 4-month study starts.

It will start with a baseline phishing test, and 1 consecutive simulated phishing email every month after, for a total of 4 emails to your employees. In exchange for participating, you will get a 1-year subscription. If you  are interested, please send an email to with a short description of your organization. First come, first serve.

Warm Regards,
Stu Sjouwerman

Quotes Of The Week
" Appreciation is a wonderful thing: It makes what is excellent in others belong to us as well." - Voltaire - Philosopher (1694 - 1778)

" There is no cloud. Only other people's servers."  - Found recently on Twitter

     Thanks for reading CyberheistNews!

Security News

Use Gmail As Your Corporate Email? Watch This.

There is an insanely simple way to social engineer an employee into giving away access to their Gmail account. It's a variation on a password reset scam. All that is needed is the email address that the hacker wants to own, and the employee cell phone number.

Here’s how it works: An attacker can try to log in to a victim’s email  address. The attacker can then say he or she forgot the password and,  if two-step authentication is in place, ask the email provider to text  a code to the cell phone to reset the password.

Once this is done, the attacker can then send the victim another  text asking for the code. The attacker's text would look something like this: "This is Google. There has been unauthorized activity on your  account. Please reply with the verification code we just sent you."

If the victim unknowingly replies to the attacker's text with the code, the email account is pwned. Symantec made an excellent, very instructive little video about this, that I would send to all employees using Gmail, either at the office or at the house:

Win a $150 Amazon Gift Card - Take The 'Internet of Things' Survey

The Internet of Things (IoT) is all over the news. Strategy Analytics has teamed with KnowBe4 on the 2015 IoT Deployment and Usage Trends Survey.

This survey examines the business and technology drivers and challenges associated with IoT. The survey should take about 10 minutes to complete. Leave a comment with your Email address for a chance to win a $150 Amazon gift card.

In the Digital Age of BYOD, the Cloud and the Internet, there is no hotter topic for corporations and consumers than the Internet of Things (IoT). IoT environments advance pure Machine-to-Machine (M2M) device connectivity and use Big Data and predictive analytics to drive real-time analysis, enabling corporations and consumers to make more informed and intelligent  decisions to drive top line revenue and business decisions. 

When properly deployed and managed IoT platforms and services can also  improve reliability, minimize risk and help companies to cut costs and  accelerate ROI. Take the survey here:

All responses are confidential. No sales person will call you and we never share your information with anyone. Once the survey is complete, we will publish an Executive Summary on the CyberheistNews and Strategy Analytics websites. Additionally, anyone who has completed the survey is eligible  for a complimentary copy of the full Report and PowerPoint slide deck by emailing

In Search of The Most Dangerous Town On the Internet

It is a well-known fact that after communism in a country collapses, the first thing that happens is a crime wave. Romania is a good example, last year a billion dollars were stolen by Romanian hackers. Watch the  cybercrime documentary profiling the Romanian town nicknamed "Hackerville" or "Most Dangerous Town on the Internet."

Convicted blackhat hackers, like Guccifer (real name), talk worms, viruses, social engineering,  identity theft, and even hacking Hillary Clinton's email:

Cardinals-Astros Hack: Don’t Use Old Passwords At Your New Company

Bob Sullivan wrote: "First of all, if you haven’t read it, you must: The FBI is investigating baseball’s St. Louis Cardinals for hacking the  Houston Astros, according to the New York Times. Someone from the Cardinals allegedly stole data offering insight into the Astros player evaluation files, details on possible trades, and so on.

This kind of corporate espionage goes on all the time, and if you didn’t  believe that, well, there you are." This is an interesting story:

Cyberheist 'FAVE' LINKS:
Copyright © 2014-2015 KnowBe4 LLC, All rights reserved.

Our mailing address is: 
33 North Garden Ave Suite 1200, Clearwater, Florida, 33755
Read More

Subscribe To Our Newsletter

Subscribe To Our Blog

Follow Me