KnowBe4 Security Awareness Training Blog

ALERT: New Ransomware Spearphish Uses One-Click Dropbox Attack

Posted by Stu Sjouwerman on Mar 30, 2015 8:47:00 AM

Pacman_RansomwareThe cyber-mafia is stepping up the pressure. As you know, there are several competing gangs that are furiously innovating in an attempt to grab as much money as possible. Call it a criminal virtual land-grab.

A new ransomware attack was spotted in Europe that uses a highly-targeted spear phishing attack using Dropbox as a delivery mechanism. It only takes one click to infect a workstation and a victim has just 24 hours to pay the ransom in Bitcoin, which is very aggressive. It's called the "Pacman" ransomware, suggesting pictures of something eating up all files.

The ransomware strain is highly malicious. Besides containing a ransomware payload, the code includes a keylogger and has "kill process" capabilities that shut down Windows operating system functions like taskmgr, cmd, regedit and more which makes it very hard to remove this malware.

Europe is often used as a beta-testing ground for attacks on the U.S., so you can just wait for this to happen here. The problem is that this spear phishing attack is focused on a small vertical, but fully automated. In this case it's chiropractors in Denmark. But remember that with the tens of millions of data-breach records out there, it's very easy to do this. Next time it can be your employees getting one of these in their inbox, specifically targeted for your company.

Here is how the attack looks, reported by CSIS. It's an email in perfect Danish from a "possible new patient", who explains they are moving into the area, have bad neck and back problems, and is looking for a new therapist. The new patient conveniently has links to his MRI and CT scan, because his back is a case of its own. 

ransom_spear_phish

This attack has been rated high-risk because of its highly targeted nature and the degree of social engineering used. 

Technical Background 

The malicious code has been developed in .NET, so it needs to have the .NET package installed, which most Windows machines have installed by default these days. 

From there, "pacman.exe" is extracted and dropped on to the system while initializing the encryption of files on the local hard disk. The code searches the disk for data files which are subsequently encrypted. After a system has been compromised it will call home to the central C&C server.

A new file extension ".ENCRYPTED" is added to all files. The process continues by replacing the desktop of the infected machine with instructions on how to regain access to the data.  

It is only a matter of time before functionality is added to encrypt both mapped and unmapped network drives

What To Do About It

1) If you have not done so already, on your "edge" device whether this is a web-filter, proxy server or firewall, include Dropbox as a blocked domain. This may not be popular but it's a corporate survival point. It's also a way to get back some control over "shadow-IT".

2) Urgently step your users through effective security awareness training, so that they will spot the Red Flags related to ransomware spear phishing attacks. 

NOTE: If you currently have a quote and are considering taking a subscription to our platform that integrates awareness training and simulated phishing, now would be a very good time. 

If you do not have a quote, find out how affordable this is for your organization today.

Get A Quote Now

 

 

NEW: This Week's Five Most Popular HackBusters Posts

Posted by Stu Sjouwerman on Mar 29, 2015 10:00:29 AM

hackbusters_Logo_betterThere is an enormous amount of noise in the security space, so how do you know what people really talk about and think is the most important topic? Well, we created the Hackbusters site for that. Hackbusters grabs feeds from hundreds of security sites, blogs and other sources. We track which topics are most liked, shared, retweeted and favored, and we built an algorithm that bubbles up the -real- hot topics. We tweet when a #1 hot security topic bubbles up. 

Here are this week's five most popular hackbusters posts:

1) Canada Revenue Agency Warns Of Text Message Phishing Scam:

2) A $60 Gadget That Makes Car Hacking Far Easier:

3) Stealing Data From Computers Using Heat

4) NSA Doesn’t Need to Spy on Your Calls to Learn Your Secrets

5) GitHub hit by Massive DDoS Attack From China

Follow @Hackbusters on Twitter and you will get tweets with the actual breaking hot security news: 

Follow Hackbusters

Scam Of The Week: 911 Phone Threat

Posted by Stu Sjouwerman on Mar 28, 2015 2:00:00 PM

MikeDeWine

Residents in Ohio are being "beta tested" by cybercrime for a scam that will inevitably also hit all other states. Here is your Scam Of The Week heads-up.

This particular scam will also very likely be sent via email so please alert your employees, friends and family. People have been receiving calls from a spoofed 911 emergency number. The message asks them to call a bogus Attorney General phone number to prevent their pending arrest, which could be settled by paying a fine.

Tricking people into paying money to avoid prosecution is not an uncommon phone scam, but the level of social engineering used by the criminals in this case sets the operation apart.

Since the beginning of the month, the Office of the Attorney General in Ohio received more than 20 complaints regarding these nefarious activity. I would send the following to your contacts. Feel free to edit:

"Recently a scam has surfaced from a fake 911 emergency number. The message states you need to call the Attorney General's Office and pay a fine or get arrested. You may also get an email stating the same. Be alert for this scam, and do not comply with demands to provide money over the phone or email even if it appears to be from law enforcement or from the government. Think Before You Click!" 

Learn more about our Security Awareness Training.

Get A Quote Now

Link with more background:

35 percent of Kansas City Employees Turn Out Phish-prone

Posted by Stu Sjouwerman on Mar 28, 2015 1:16:45 PM

INTERNET_SECURITY_IMGFrom the Kansas City Star: Would-be hackers duped 35% of Kansas City employees into opening the door to municipal computer systems sometime in the last six months, a city audit report said. 

Each employee had given up log-in credentials after responding to an email that had been sent to collect just such critical information. They’d fallen for what is commonly called a phishing attack and turned out to be Phish-prone.

Luckily, these were would-be hackers. The attack was a fake, specifically a test conducted by city auditors.

“We phished ourselves to see how we’d do,” city auditor Douglas Jones said Thursday.

Jones said he wanted to know not only how employees would treat the phishing email but also how the city’s information technology teams would handle the breach, to which they had not been privy.

So, how’d they do?

“Not bad,” Jones said. “But it only takes one to give you their information.”

The audit report said it this way. “Had our test been an actual phish email, a hacker would have about 280 chances to infiltrate the city’s information systems.”

It noted that the 280 included employees from all city departments and included some with greater access to personnel and other key systems.

Cybersecurity has become a hot topic following dramatic cyber attacks against Sony Corp. over its movie about a fictional assassination attempt on North Korea’s leader. That event, plus widely publicized attacks on retailer Target Corp. and Home Depot Inc. sparked Kansas City’s test.

Official results and recommendations from Kansas City’s test came out this week in a report to Mayor Sly James and the City Council. Work is underway on written policies to direct the IT department’s response to phishing attacks like this test, the audit report said. The city already has a “cyber terrorism mitigation plan” that would respond to larger scale attacks that might force moving operations to an alternate site.

And all employees are in for mandatory training.

It’s a standard two-prong approach that relies on technology to defend against attacks and smart behavior by individuals to recognize and avoid traps. Employers recognize that employees are the first line of defense, especially in the case of a simple phish email.

Here’s how it played out at City Hall, though Jones isn’t saying when the test took place.

The test began as 3,115 fake phishing emails started landing in employees’ in boxes. Within the hour, 66 employees had clicked on the email’s link to a fake website set up for the test. In hour two, 226 more clicked through followed by 195 in hour three.

Kansas City’s IT staff spotted the phish early in the fourth hour and began alerting employees. The effort helped reduce the potential for damage, as clicks to the fake website fell to 62 in that hour, and then fell by half in each of the next three hours.

Among other steps, the city IT staff deleted the fake email from the system so no one would be able to click on it, the audit said. It also noted that the deletion did not happen for at least a day.

Employees who had given up their log-in information were instructed to change their passwords if they’d clicked on the phishing email’s link. Tracking their actions found that two thirds had done so during the first 24 hours, but that 30 percent had not changed their passwords within 48 hours after the attack.

The audit report noted that some employees guessed the email was an attack and provided fake credentials. Not a good idea.

“Just clicking the website link in the email could expose the city’s information systems to risk,” the report said. Full article here. (Note that I have corrected the math which was completely off in the original article)

Find out for free what percentage of your employees is Phish-prone with the no-charge Email Exposure Check.

Send me my EEC

 

RANT: Renewing Office 365 Online D(H)ell

Posted by Stu Sjouwerman on Mar 28, 2015 12:07:32 PM

DellOrderOK, buying a new Dell machine 12 months ago I decided to get a subscription to Office 365. For about a year everything ran fine, but then I started to get warning messages in the apps that I needed to renew my subscription. I'm a happy camper and have used Word for a long time so I click the BUY button.

However, I do not get seamlessly dropped on an ecommerce site where I can renew (ideally with one-click). No, I get an error message thrown into my text editor. Repeatedly. The renewal process is seriously borked.

Microsoft sends me an email that I can renew at the Dell online shop. I go there and renew for 69.99. I get an email back that I will be able to download the software within 4 to 8 hours. Excuse me? This is the Internet age. There is no box to be shipped, this is just a software key.

I call support to find out why this takes so long. After calling the 800 number I get referred to (count 'em) FOUR support reps in different departments. The first one tells me my credit card is on hold. The second tells me that's not true but does not know why it takes so long. The third refers me to the fourth who barefacedly claims that all these orders are processed by hand and that is why it takes so long. I was getting amused so I started taking notes.

So, after 8 hours I get an email from Dell that the software can be taken out of my "Locker". They give me the email address and the password for this locker and tell me to log in. I guess you already know what is coming. Right. I am not able to enter the locker with the credentials they just gave me.

It suddenly dawns on me why it is called the locker, as it literally locks me out for 15 minutes after only two tries and tells me to try again after that time. I wait and try again, perhaps case sensitive, all caps, all lower case. No luck, locked out for the second time, wait 15. There is a download_software@dell.com email address, and decide try that for help.

After an hour, no response. Hmm, let's call tech support. However, on their website it states Home/Consumer Customer Support Saturdays/Sundays Closed. It is Saturday of course. The Live Chat is also closed on the weekend. Really? Let's try social media. Dell Support for Facebook Fans states a max 24-hour return time.

I find a support number and they take the service code and my name. Put me on hold. I get a UK based message that they are busy and they break the connection. Hmmm. Redial the general 800 number and I get hardware support. They can't help either and tell me to call back Monday to Customer Care. That means no support for my e-commerce purchase.

I decide to bypass Dell and go directly to Microsoft. The experience is a lot better. I start at 11am and buy a $99 upgrade for 5 PC's and make sure it renews automatically every year. By 11:53 I am back in business after a chat with their answer desk.

On Monday I will ask for a refund from Dell. They do not deserve my business for the Office 365 renewal. Michael Dell would spin in his grave if he'd know. Oh, wait, he's still alive. Mike, are you listening?

 

Experts: Social Engineering Attacks Harder To Stop

Posted by Stu Sjouwerman on Mar 28, 2015 10:42:45 AM

SE_ArticleMichael Heller at TechTarget wrote a good longish article where he concluded: "As more personal and corporate information is shared on the Web, social engineering techniques and attacks are becoming increasingly sophisticated, forcing enterprises to adopt new awareness training methods to protect employees."

I'm giving you a short summary and you can read the whole thing here. When looking at enterprise security, social engineering (SE) is often convincing a company employee to click a malicious link or open a malware-infected file, and the transmission method of these attacks is most often through email. SE is often a major component of IT's longstanding battle with phishing schemes. It's also an element in the resurgence of macro viruses, which are caused by SE messages that convince employees to override security settings designed to prevent macros from running.

According to Cody Pierce, director of vulnerability for Arlington, Va.-based security research firm Endgame: "Without the social engineering aspect, it's harder to get past the point where you need user interaction for the exploit," Pierce said. "For macro viruses and such, there will be warnings, so you need social engineering to get users past that point."

A Social Engineering Renaissance

Pierce and other experts said that these types of attacks are getting more difficult to stop because of the wealth of information made publicly available on the Web via social media. That information can be used to craft much more convincing and targeted attacks, which had led to something of a renaissance for SE 

"Twitter will tell you what app is used to post, which leads to what platform is used. LinkedIn connects to work contacts, and Facebook has everyone," said Pierce. "Phishing will continue to stay popular as long as we're all connecting over the Internet and easy to talk to or build a relationship with, because someone will take advantage of that situation."

According to Randy Trzeciak, technical manager at Carnegie Mellon University's CERT Insider Threat Center, outsiders will often use social media sites like Facebook, LinkedIn and Twitter to gather information and piece it together to look like an employee is receiving a message from someone they trust.

"I do believe [attacks] are getting more realistic looking in terms of impersonating someone in the organization," Trzeciak said. "With the amount of information publicly available on an organization's employees, outsiders are more able to craft a message that looks authentic."

Security Awareness Training Needs To Catch Up

As SE techniques get more sophisticated and attacks appear more like authentic messages, experts say that training methods need to evolve as well. Baker said that the trick to educating employees has always been to make people suspicious of these requests, but that is getting more difficult because it often isn't enough to simply have users keep an eye out for improper use of language or odd typos.

Experts all agreed that traditional training sessions that happen infrequently is not enough. Trzeciak said that training needed to be done in levels, beginning with teaching employees to look out for misspellings and improper use of language. The next level includes making some employees aware when they are at more of a risk to be targeted, including those with access to financial information and other sensitive data. Lastly, employees should be made aware of sharing habits on social networks, and to be especially careful of potentially fraudulent friend requests, which could ultimately negate any controls put in place to limit access to information.

A number of experts also advocated the use of more real-time training, which would include simulated internal phishing campaigns, sending text messages or social messages to employees trying to catch those who lapse.

We could not agree more. Find out how affordable this is for your organization today.

Get A Quote Now

 

CyberheistNews Vol 5 #12 Why Your Brain Shuts Down When You See A Security Alert

Posted by Stu Sjouwerman on Mar 24, 2015 9:20:00 AM

 
                                                       

CyberheistNews Vol 5 #12 Mar 24, 2015

                                                                       

Why Your Brain Shuts Down When You See A Security Alert

Been mystified why end-users do not seem to get it? Their eyes glazing over  when a security alert pops up on their screen? Brand new neuroscience  research using MRI shows a dramatic drop in attention when a computer user  is subjected to just two security warnings in a short time.

A group of researchers from Brigham Young University, University of Pittsburgh,  and Google, used functional magnetic resonance imaging (fMRI) to see if  different (polymorphic) warning messages could prevent users from becoming  accustomed to security alerts and simply click through them.

In a paper scheduled to be presented next month at the Association for  Computing Machinery's CHI 2015 conference, they will present data that  maps regions of the brain responsible for visual processing. The MRI  images show a "precipitous drop" in visual processing after even one  repeated exposure to a standard security alert and a "large overall drop"  after 13 of them. 

The problem has been given a fancy label: "habituation" but is of course  a known phenomenon. We have known about this in IT for a long time and  was the driving factor behind the moves between Vista and Windows 7.

The initial results seem to be positive: polymorphic warnings help reduce  "habituation" making users more likely to pay attention to the warnings  and not dismiss them outright. The ones that work best are animated,  jiggled or zoomed in. 

The researchers said: "Because automatic or unconscious mental processes  underlie much of human cognition and decision making, they likely play an  important role in a number of other security behaviors, such as security  education, training, and awareness (SETA) programs, password use, and  information security policy compliance." Here is a link to the PDF with  original research:
http://neurosecurity.byu.edu/media/Anderson_et_al._CHI_2015.pdf

Sure, animated security alerts that jump in your face may help for a  while, but you will get the same problem over time. There is only one  real solution to "habituation"; filter out all the noise and only show  the user security alerts that are really important. Too bad neuroscience  can't help with that.

In the meantime, stepping users through effective security awareness  training and sending them frequent simulated phishing attacks using  different templates all the time is a very good way to keep them on  their toes and ward off habituation. Find out how affordable this is for  your organization today.
  http://info.knowbe4.com/kmsat_get_a_quote_now

"Premera And Anthem Both Hacked Using Shrewd Social Engineering

Health records are the new credit cards. They have a longer shelf life and  are often easier to get. There are more opportunities for fraud. No wonder  that bad guys are after them with a vengeance. However, there may be even  more to the recent 11 million-record Premera Blue Cross hack. 

It looks like it was attacked using the same methods employed against health  insurer Anthem, suggesting that it's part of the Chinese cyber army (a group called Deep Panda) behind Premera. In that case the Chinese were after the  health records of U.S. Government employees which could subsequently be used  for highly targeted spear-phishing attacks.

The Anthem attackers created a bogus domain name, "we11point.com," (based  on WellPoint, the former name of Anthem and note the "1" instead of "l")  that was likely used in phishing attacks. Companies are supposed to use  security awareness training to educate employees not to fall for such  social engineering tricks but are not always successful.

One of Deep Panda's attack methods is to create fake websites that imitate  internal corporate services. In Anthem's case, the attackers set up several  subdomains based on "we11point.com," created as clones of real services  such as Anthem's HR, a VPN and a Citrix server.

By targeting Anthem employees with phishing emails and luring them to the  fake sites, it was possible for the attackers to collect the logins and  passwords and tunnel into the insurer's real systems. ThreatConnect, an  Arlington, Virginia-based security company, found that Premera appears  to have been targeted by the same style of attack. 

On Feb. 27, ThreatConnect wrote a blog post describing its research into  the Anthem attacks. In the course of that work, ThreatConnect found a  suspicious domain name -- "prennera.com."

Anthem and law enforcement have yet to say who they believe may be responsible,  and the Premera investigation is in its early stages. If an attacker is  named, it could put further pressure on the U.S. government, which has  shown less and less tolerance for what are classified as state-sponsored  attacks. More detail at ComputerWorld:
http://tinyurl.com/m75zmln

Scam Of The Week: Banking Regulator Issues New Phishing Alert

The National Credit Union Administration, (NCUA) warns netizens about  phishing emails containing links to a fraudulent website that resembles  the NCUA are being pushed to consumers. 

NCUA says the phishing emails originate from what appears to be a  legitimate website managed by an Australian financial services company  called National Credit Union that claims to offer financial products  and services to consumers in the U.S. and Europe.

The phishing emails try to trick consumers to provide personal information,  such as Social Security numbers, account numbers, log-in information and  a request to transfer large amounts of money.

The NCUA emphasizes that it has no affiliation with the “National Credit  Union” and that it would never ask consumers for such information.  At the KnowBe4 Blog you will find the section: "What To Do About It" which you can copy and paste and send to your users:
http://blog.knowbe4.com/banking-regulator-issues-new-phishing-alert


Warm Regards,
Stu Sjouwerman



Quotes Of The Week

 

Quotes of the Week:

" Do not be embarrassed by your failures, learn from them and start again.  "  - Richard Branson

" An optimist may see a light where there is none, but why must the pessimist  always run to blow it out? "  - Rene Descartes - Philosopher (1596 - 1650)

 


 

 

Thanks for reading CyberheistNews!

Please forward to your friends. But if you want to unsubscribe, you can do that right here.

You can read CyberheistNews online at our Blog!
http://blog.knowbe4.com/cyberheistnews-vol-5-6-feb-10-2015-new-ransomware-strain-encrypts-files-from-ram-/-scam-of-the-week

 

 

Security News

 

 

You Can Finally Escape From Compliance Excel Hell

It's time to get and stay PCI DSS 3.0 compliant.

Now that the new 3.0 standard has gone into effect, it's a great time to  start using a new tool that will save you half the time and half the  cost becoming compliant: KnowBe4 Compliance Manager 2015.

It comes with a pre-made PCI DSS 3.0 template that you can use  immediately to get compliant and maintain compliance in a  business-as-usual process.

Escape from Excel-hell!

Most organizations track PCI compliance using spreadsheets, MS-Word,  or proprietary self-maintained software. This is inefficient, error  prone, costly, and a risk in itself. Get and stay PCI DSS 3.0 compliant  in half the time and at half the cost with KnowBe4 Compliance Manager™.

Get a short, live web-demo, and we will show you how easy and  affordable this is.
http://info.knowbe4.com/_kcm_pci_3_14-12-30

China Finally Admits It Has A Hacker Army

China finally admits it has special cyber warfare units — and a lot of  them. This is the "advanced persistent threat" cyber security experts  have been talking about. Well, why are we not surprised. 

For years China has been suspected by U.S. and many other countries for  carrying out several high-profile cyber attacks, but every time the  country strongly denied the claims. However, for the first time the  country has admitted that it does have cyber warfare divisions – several  of them, in fact.

In the latest updated edition of a PLA publication called The Science  of Military Strategy, China finally broke its silence and openly talked  about its digital spying and network attack capabilities and clearly  stated that it has specialized units devoted to wage war on computer  networks.

An expert on Chinese military strategy at the Center for Intelligence  Research and Analysis, Joe McReynolds told TDB that this is the first  time that China has explicitly acknowledged that it has secretive  cyber-warfare units, on both the military as well as civilian-government sides.

"It means that the Chinese have discarded their fig leaf of  quasi-plausible deniability," McReynolds said. "As recently as 2013,  official PLA [People's Liberation Army] publications have issued  blanket denials such as, 'The Chinese military has never supported  any hacker attack or hacking activities.' They can't make that claim  anymore."  Full story at TheHackerNews:
http://thehackernews.com/2015/03/china-cyber-army.html?

Despite Mobile App Risks Enterprise Does Not Have Mobile Security Policy

Here is the disconnect: 82 percent of IT pros think that BYOD in the  workplace has “very significantly” or “significantly” increased IT  security risks, but less than half of organizations have a security policy  in place to define acceptable use.

A Ponemon Institute survey of a whopping 19K U.S. IT pros shows that  while the mobile apps risks are well-known, many enterprises are not  following up or dedicating the resources to combating the threat. On  average, $34 million is spent on mobile app development, but only $2  million of that budget is allotted to security, according to “The  State of Mobile Application Insecurity,” sponsored by IBM.

“It's just an indicator that we [the security community] have a problem,  [or] a risk issue that isn't necessarily being met, at least not with  respect to training and awareness,” said Larry Ponemon, chairman and  founder of the Ponemon Institute, in an interview with SCMagazine.com.

To add to the problem, less than half of organizations test their  mobile apps, but those who did found that 30 percent contained  vulnerabilities. This, Ponemon said, makes testing all the more essential.

“The secure coding issue is a big problem because we build apps that  rely on other apps that were built earlier on, instead of building  apps from scratch,” he said. “Some of the bad stuff might lie in the  old stuff. Testing will help you identify and prevent the really bad  stuff that seems to be happening right now.”

A majority of 77% blamed a “rush to release” for why vulnerabilities  existed in mobile applications. 73% said a lack of understanding and  training on secure coding practices could be the reason.

Ponemon stressed that most breaches are occurring at the app layer of  security, not the network level. This study demonstrates a need to  slow down and be more thoughtful with app development, he said.

“Train developers so they understand what secure coding really means,  so they understand their ethical responsibilities to create codes  that are safe.” he said. “Create awareness because this could be a  big problem.”

Security awareness training is not only for end-users. Developers  would also benefit from stepping through effective mobile security  training to make them aware of the risks out there.

Kaspersky AV Has Close Ties to Russian Spies

It's a real spy world tit-for-tat. Kaspersky recently revealed a U.S. based high-level hacking group. Now they have been attacked in Bloomberg  for ties to the KGB (now called FSB). Here is a quote:

"Founder and Chief Executive Officer Eugene Kaspersky was educated  at a KGB-sponsored cryptography institute, then worked for Russian  military intelligence, and in 2007, one of the company’s Japanese  ad campaigns used the slogan “A Specialist in Cryptography from KGB.” 

The sales tactic, a local partner’s idea, was “quickly removed by  headquarters,” according to Kaspersky Lab, as the company recruited  senior managers in the U.S. and Europe to expand its business and  readied an initial public offering with a U.S. investment firm.

In 2012, however, Kaspersky Lab abruptly changed course. Since then,  high-level managers have left or been fired, their jobs often filled  by people with closer ties to Russia’s military or intelligence  services. Some of these people actively aid criminal investigations  by the FSB, the KGB’s successor, using data from some of the 400  million customers who rely on Kaspersky Lab’s software, say six  current and former employees who declined to discuss the matter  publicly because they feared reprisals. 

This closeness starts at the top: Unless Kaspersky is traveling, he  rarely misses a weekly banya (sauna) night with a group of about 5  to 10 that usually includes Russian intelligence officials. Kaspersky  says in an interview that the group saunas are purely social: “When I  go to banya, they’re friends.”  Yeah, right. More at Bloomberg:
http://www.bloomberg.com/news/articles/2015-03-19/cybersecurity-kaspersky-has-close-ties-to-russian-spies

What Are Our Customers Saying?

"I was nervous implementing our training program, because people tend  to be very resistant to change here, but I have had overwhelmingly  positive feedback from my users, and therefore positive feedback  from our managers."

"Multiple people have commented that they were blown away by the  information in the training course. They said they had no idea that  criminals did that sort of thing, or how much of a problem one  little email could be. Many users have also said they’ve applied  their new security knowledge to their home browsing habits, and  many expressed interest in re-taking the training at home with their  family members present."

"Personally, I’m very impressed with the program. I went through it on  one of our admin accounts, and there’s a lot of good information in there.  I like that it’s presented in a way that anyone can understand regardless  of their level of comfort/ability with computers. It’s definitely had  a positive effect on our environment."

  "Our CFO (my boss) was a very big advocate for getting the other execs to  actually go through the training, and at some point people started taping  their completion certificates up in his office."

  "Currently, we still need to assure the last 20% of our employees take  the training, and after that we will be opening up the other courses we  received with our subscription for people to take at their leisure. This  training course is an excellent course for users, and definitely an  excellent value." - C.P. Desktop Support

Aerobatic pilot Sebb Stratta took his friends into the skies and filmed their  reactions to the aerobatic maneuvers they experienced for the first time:
http://www.flixxy.com/aerobatic-pilot-takes-friends-for-a-ride.htm?utm_source=4

Eagle cam captures stunning footage of an imperial eagle descending over 2,700 ft  (830 m) from the world’s tallest building, the Burj Khalifa, in Dubai:
http://www.flixxy.com/world-record-eagle-flight-from-worlds-tallest-building.htm?utm_source=4

You know you're having a bad day at the office or in route when you wish  you had a bulletproof laptop bag – as in proof against actual bullets.  This Bulletproof laptop bag can stop a .44 Magnum round. I want one!
http://youtu.be/YzS07GbN2_w

The Sokolov Troupe from Moscow is defying gravity with their most amazing teeterboard act:
http://www.flixxy.com/the-most-amazing-circus-act-sokolov-teeterboard-moscow.htm?utm_source=4

Take an incredible drone flight through the world's biggest cave. Amazing:
                         https://vimeo.com/121736043

Fishing on a little pond can be very boring.  Except in Russia, where there is  apparently never a dull moment:
http://www.flixxy.com/hilarious-fishing-ambush.htm?utm_source=4

In this eye-opening talk, investigative journalist Sharyl Attkisson shows how  'astroturf.' or fake grassroots movements, manipulate and distort media messages:
http://www.flixxy.com/how-astroturf-fake-grassroots-movements-manipulate-public-opinion.htm?utm_source=4

Gladys Ingle of the '13 Black Cats' changes planes and fixes new landing gear  on a disabled plane in mid-air. Note: NO PARACHUTE
http://www.flixxy.com/mid-air-airplane-repair.htm?utm_source=4

Three Shetland ponies save the day by chasing off a wild boar when it  starts running at full speed towards Marc Polet and his wife:
http://www.flixxy.com/ponies-protect-french-couple-from-wild-boar.htm?utm_source=4

                                                                       
                                                                   
                                                       
                                           
                                                                   
                                                                                                                                                                                                                       
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               
                                                                                                                                                           
                                                            Copyright © 2014-2015 KnowBe4 LLC, All rights reserved.                                                            
                                                                                                                       
                                                           
                                                            Our mailing address is:                                                            
                                                            601 Cleveland St. Suite 930, Clearwater, Florida, 33760                                                        
                                                        Unsubscribe here                                                                                                                      
                                                           
                                                                                                               
                                           
                                                                   
                                           
       
       

How to get your Phish-prone percentage up. Up? Yes, Up.

Posted by Stu Sjouwerman on Mar 23, 2015 11:14:00 AM

Something surprising happened last week. A few of our customers reported that their phish-prone percentage was going up. Up? Yes, up. Not something you normally would expect or particularly want.

So, what happened? We looked into it. Guess what.

They had started using the new Full Random feature, where each employee gets a different simulated phishing template, and also spread over time. No more warning each other not to click on phishing links. They all suddenly needed to think for themselves! 

After a while, users' security awareness wears off if they get similar "alerts". It's a known phenomenon that some scientists recently gave a fancy new label: "Habituation" - and you can actually see it on an MRI machine. It shows a dramatic drop in attention when a computer user is subjected to just two security warnings in a short time. This blog post explains more.

So, we strongly recommend you start using the new Full Random feature we released last month, to counter the "habituation" and also to block the "prairie dog" effect when users pop up out of their cubicle and warn others not to click on the phishing link.  This will really keep your users on their toes with security top of mind. Here is how it looks when you create a new phishing campaign:

full_random 

Our internal research shows that you need to send at least one phishing campaign per month to all employees. That's the minimum to keep their awareness level high enough (and also keeps your KnowBe4 crypto-ransom guarantee in place). Happy Phishing !

PS: If you are not a KnowBe4 customer, you should find out how affordable our security awareness training is for your organization. Get a quote, the cost is a no-brainer. 

Get A Quote Now

 

 

 

Premera And Anthem Both Hacked Using Shrewd Social Engineering

Posted by Stu Sjouwerman on Mar 21, 2015 10:11:41 AM

PremeraHealth records are the new credit cards. They have a longer shelf life and are often easier to get. There are more opportunities for fraud. No wonder that bad guys are after them with a vengeance. However, there may even be more to the recent 11 million-record Premera Blue Cross hack. It looks like it was attacked using the same methods employed against health insurer Anthem, suggesting that it's the Chinese cyber army (Deep Panda) behind Premera. In that case the Chinese were after the health records of U.S. Government employees which could subsequently be used for highly targeted spear-phishing attacks.

The Anthem attackers created a bogus domain name, "we11point.com," (based on WellPoint, the former name of Anthem) that was likely used in phishing attacks. Companies are supposed to use security awareness training to educate employees not to fall for such social engineering tricks but are not always successful.

One of Deep Panda's attack methods is to create fake websites that imitate internal corporate services. In Anthem's case, the attackers set up several subdomains based on "we11point.com," created as clones of real services such as Anthem's HR, a VPN and a Citrix server.

By targeting Anthem employees with phishing emails and luring them to the fake sites, it may have been possible for the attackers to collect the logins and passwords and eventually access the insurer's real systems. ThreatConnect, an Arlington, Virginia-based security company, found that Premera appears to have been targeted by the same style of attack. 

On Feb. 27, ThreatConnect wrote a blog post describing its research into the Anthem attacks. In the course of that work, ThreatConnect found a suspicious domain name -- "prennera.com."

Anthem and law enforcement have yet to say who they believe may be responsible, and the Premera investigation is in its early stages. If an attacker is named, it could put further pressure on the U.S. government, which has shown less and less tolerance for what are classified as state-sponsored attacks. More detail at ComputerWorld

Stepping end-users through effective security awareness training would be a major deterrent to attacks like this. Find out how affordable this is for your organization today.

Get A Quote Now

 

 

 

Why your brain shuts down when you see a security alert

Posted by Stu Sjouwerman on Mar 21, 2015 9:28:56 AM

MRIBeen mystified why end-users do not seem to get it? Their eyes glazing over when a security alert pops up on their screen? Brand new neuroscience research using MRI shows a dramatic drop in attention when a computer user is subjected to just two security warnings in a short time.

A group of researchers from Brigham Young University, University of Pittsburgh, and Google, used functional magnetic resonance imaging (fMRI) to see if different (polymorphic) warning messages could prevent users to becoming accustomed to security alerts and simply click through them.

In a paper scheduled to be presented next month at the Association for Computing Machinery's CHI 2015 conference, they will present data that maps regions of the brain responsible for visual processing. The MRI images show a "precipitous drop" in visual processing after even one repeated exposure to a standard security alert and a "large overall drop" after 13 of them. The problem has been given a fancy label: "habituation" but is of course a known phenomenon.

The results seem to be positive: polymorphic warnings help reduce "habituation" making users more likely to pay attention to the warnings and not dismiss them outright. The ones that work best are animated, jiggled or zoomed in. Another positive is the fact that they have illustrated the possible usefulness of applying neuroscience to the domain of IT security.

The researchers said: "Because automatic or unconscious mental processes underlie much of human cognition and decision making, they likely play an important role in a number of other security behaviors, such as security education, training, and awareness (SETA) programs, password use, and information security policy compliance." Here is a link to the PDF with original research

Sure, animated security alerts that jump in your face may help for a while, but you will get the same problem over time. There is only one real solution to "habituation"; filter out all the noise and only show the user security alerts that are really important. Too bad neuroscience can't help with that.

In the meantime, stepping users through effective security awareness training and sending them frequent simulated phishing attacks using different templates all the time is a very good way to keep them on their toes and ward off habituation. Find out how affordable this is for your organization today.

Get A Quote Now

 

Subscribe to Our Newsletter!

Subscribe to Blog

Follow Me