CyberheistNews Vol 3, 19
Fraud-as-a-service Goes Mainstream
Researchers at RSA stumbled upon a Facebook page that had been up for several months, and was marketing the Zeus banking Trojan. This is something new as up to now, this type of marketing was limited to the 'darknet' criminal underground. The Facebook page has been taken down but Trojans being sold out in the open with 'hints and tips' how to steal credit cards shows that cybercrime is going mainstream. RSA's Limor Kessem said: "Social networks are such a great place for malware infections and phishing, why not just market the botnet directly from there?" Full article over at BankInfoSecurity:
Scam Of The Week: Mother's Day
Cybercrime has their yearly campaigns carefully mapped out just like real internet marketers. The first Mother's Day scams are sticking up their ugly heads, and they usually start off with: "Don't Forget Mother's Day - $19.99 Flowers". Once you click on the link, you get to a website with all kinds of potential presents, but if you buy these, the only present you give is your credit card information for free to the bad guys. Other Mother's Day scam sites promote jewelry, designer clothing and shoes. Send your users a quick heads-up and tell them to browse for gifts only at sites they know and are reputable!
Yahoo Warns: "Your Small Business May Have Already Been Hacked"
Veteran IT reporter Dan Tynan has a very popular Yahoo SMB column. He interviewed me and I was quoted in his April 25 article about hacking. There is a lot of good ammo in there if you need (to increase) IT security budget: "While attacks on large enterprises have declined slightly over the last year, threats to SMBs have risen sharply. Cyber attacks targeting businesses with 250 employees or less doubled in the first six months of last year, according to Symantec. The average loss per attack: more than $188,000."
"One of the biggest fallacies about small-to-medium businesses is that they're too small to be noticed by hackers,” he says. “That's simply not the case.” In fact, for SMBs the opposite is true. Here is the article:
Quotes of the Week
"You get the best out of others when you give the best of yourself." - Harvey S. Firestone
"If you want something done, ask a busy person to do it. The more things you do, the more you can do." - Lucille Ball
Please tell your friends about CyberheistNews! They can subscribe here:
You can read CyberheistNews online at our Blog!:
Stop Phishing Security Breaches
Your end-users are the weak link in your network security. Today, your employees are frequently exposed to advanced phishing attacks, and over 90% of data breaches start with a phishing attack.
IT Security specialists call it your 'phishing attack surface'. The more email addresses that are exposed, the bigger your attack footprint is, and the higher the risk. It's often a surprise how many of your addresses are actually out there, and who's.
Find out now which of your email addresses are exposed. The Email Exposure Check (EEC) is a one-time free service. KnowBe4 customers with a Gold package get an EEC sent to them regularly so they can address the issues that are found. An example would be the email address and password of one of your users on a crime site. Fill out the form and we will email you back with the list of exposed addresses. The number is usually higher than you think.
Sign Up For Your Free Email Exposure Check Now:
FAQ: Phishing Tactics And How Attackers Get Away With It
Network World reported: "Phishing attacks on enterprises can be calamitous in terms of compromised networks or damaged brand names, and the Anti-Phishing Working Group (APWG), which aggregates and analyzes phishing trends data worldwide, offers some of the best insight from industry into what's occurring globally in terms of this cybercrime. The following list of frequently asked questions about phishing is derived from the APWG's April report that covers the period July-December 2012 worldwide:
What Do Spear-Phishing Emails Have To Do With Drones?
It begins its infiltration, as so many attacks do, with spear-phishing emails – in this recent case, those mentioning drone tech. There is an Advanced Persistent Threat coming out of China that tries to uncover anything it can about Drones. Imagine they are able to hijack one of those and use it against ourselves for real. No longer the stuff of movies only... http://www.infosecurity-magazine.com/view/31961/fresh-operation-beebus-attack-targets-military-drone-technology
Why We Need Security Awareness Training Programs
I found a great article by Kai Roer, Senior Partner at the Roer Group.
"Lately, some of the smartest people in Infosec decided that security awareness trainings are a waste of time. Last out is Bruce Schneier, who decided to speak up against awareness training.
"The claim that security awareness trainings are not working is, in my opinion, a claim based on wrong assumptions. It also shows a clear lack of understanding of the inner workings of the human mind, and a total lack of respect for your co-workers.
"If all you focus on is technology, code and cryptology, and you have very little real interaction with people, I can understand where you are coming from. It takes more than code to decrypt the subtleness of human interaction." He continues with a clear cut case for training that I think you will enjoy: http://www.net-security.org/article.php?id=1833&p=1
The 7 Elements Of A Successful Security Awareness Program
Ira Winkler and Samantha Manke wrote: "When we were asked to keynote a recent CSO event, it was a pleasant surprise that the top concern of the CSOs was "security culture." From performing many security assessments and penetration tests, it is sadly obvious that even the best technical security efforts will fail if their company has a weak security culture.
"It is heartwarming that CSOs are now moving past straight technological solutions and moving towards instilling a strong security culture as well. To determine the components of a truly successful security awareness program, we performed a study to identify critical success factors for building one. We interviewed security awareness practitioners at Fortune 500 companies and surveyed the security staff and general employees at the companies. Additionally, we validated the results and gathered additional information at a security executive event in the United Kingdom with more than 150 security executives participating.
"While there are many more lessons to be learned, what follows are the 7 most notable habits we found that lead to successful security awareness programs." Here they are!
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
Tech columnist David Pogue shares 10 simple, clever tips for computer, web, smartphone and camera users. (Believe it or not, I didn’t know about the spacebar scroll…) Great tips!
"If anyone knows any reason why these two should not be married, speak now or forever hold your peace" LOL:
Spring is in the air and it is in Ultra High Definition. Just select "Original" in the resolution menu to view it in 4K HD:
Tigers, lions and leopards love boxes too! Just like domestic cats!
Check out the ad for the Nokia Lumia 920, one of the latest Windows 8 handsets. Pretty funny actually:
How does money come into existence and how does it work? Very interesting:
This fully automated printing and filing system was discovered by accident when the staff at a college noticed printouts disappearing mysteriously. You cannot make this up:
UK Counter Espionage and Big Biz team up against cyber attacks. The new team is called 'Fusion Cell'. Here is the video:
Got Kids interested in Robots? This kit provides a solar powered robot they can configure in 14 different modes. Actually pretty cool, see the video they have on this page. And only 30 bucks...
The Netherlands Opera staged a Flash mob in an Amsterdam department store with "Let's drink from the joyful cup" from Giuseppe Verdi's opera La Traviata:
There is no way you have ever seen skills like these with a remote control helicopter. This guy is amazing: