Subscribe to our Newsletter!

Subscribe to Blog

Follow Me

KnowBe4 Security Awareness Training Blog

Current Articles | RSS Feed RSS Feed

Survey Finds Half of Holiday Shoppers Will Avoid Hacked Stores

 

Hacked Retailers Will HurtHuffington Post Survey: "As another holiday shopping frenzy nears, a new survey suggests that many consumers plan to avoid the growing number of retailers that have been hacked.

Nearly half of people -- 45 percent -- say they would “definitely not" or "probably not” shop this holiday season at retailers like Target or Home Depot that acknowledged computer breaches exposed customer credit card data, according to a survey released Monday by CreditCards.com.

In addition, 48 percent said they are more likely to use cash more often this holiday season out of concern over the numerous cyberattacks against retailers, according to the survey of 865 credit and debit card holders.

“It’s a clear sign that people are at least somewhat concerned about shopping in a place that has had a data breach,” said Matt Schulz, a senior industry analyst at Creditcards.com. full survey at HuffPost.

Another good reason to step all employees through effective security awareness training, and send them regular simulated phishing attacks to keep them on their toes with security top of mind. 

CyberheistNews Vol 4, # 42 Ransomware Hits Admin Workstation and Kills 7 Servers

 
CyberheistNews Vol 4, # 42
KnowBe4
Stu Sjouwerman's New Security Newsletter Don't miss the Fave Links! Case Studies Resources About Us Contact Us
Facebook LinkedIn Blog Twitter YouTube YouTube
 

CyberheistNews Vol 4, 42

Editor's Corner

KnowBe4

Ransomware Hits Admin Workstation and Kills 7 Servers

Here is a tale of Ransomware that will make your blood run cold, very appropriate with Halloween around the corner. This is the real story of what happened last week, in their own words:

"We are a 250 employee non-profit and we heavily rely on our computer systems in almost everything we do. Yesterday, one of our admin workstations was hit with CryptoWall Version 2.0, and because this workstation had drives mapped to all our servers, and the administrator had permissions, all our seven servers got encrypted and we were dead in the water.

CryptoWall took just 55 minutes to encrypt 75 Gigs of information, and it had penetrated most of our network before we found out what was happening, isolate the workstation and get it disconnected from the network. We had backups of the seven servers but it would take days to restore those, so we opted to find out if we could decrypt the files first.

Luckily we had just signed up for KnowBe4’s Kevin Mitnick Security Awareness Training, which came with a crypto-ransom guarantee in case something like this would happen. We called them and got instant help with this very urgent problem.

They had bitcoins ready in a wallet and were able to pay the $500 ransom within hours. The CryptoWall criminals were actually also pretty quick, and we were issued our decryption key soon after. We immediately started to decrypt all the files with the provided decryption tool and pulled an all-nighter. It was amazing how long it took to get through all of the data. It finally completed at around 8:30 am. So we estimate about 18 hours of running the decrypt tool on our 75 gigs of data.

So far it only appears that one older database file was corrupted during the encryption, but we restored it from our backup and all is fine. I can’t say enough about KnowBe4’s quick response and support with this situation. We dodged a very big bullet here.

While only a portion of our staff have completed the training, something tells me more will complete the training requirement after this event. Thank you very much!
" - Q.M. IT Director

As you can see, ransomware hitting a key employee like an admin or perhaps a CEO, controller, or CFO with a lot of access, can do immense damage. Having all employees step through security awareness training and sending them simulated phishing (and now also vishing) attacks, is an essential element of your defense-in-depth!

Why security awareness training? Ransomware, that's why! Find out how affordable this is for your organization. Get a quote now:
http://info.knowbe4.com/dont-get-hit-with-ransomware-0

P.S. Ransomware goes Prime Time. This week's episode of The Good Wife has a whole office infected with ransomware that throws them into turmoil. Great for a lunchbreak and to forward to management:
http://www.cbs.com/shows/the_good_wife/video/

Scam of the Week: Ebola Phishing Grows in Volume

I have warned before that Ebola phishing attacks would be more and more prevalent, as a result of the mass-media spending increasing amounts of time covering this threat.

And sure enough, it was only a matter of time until you could see phishing and malware attacks using social engineering to trick users into clicking on links or opening attachments.

The US-CERT (United States Computer Emergency Readiness Team) has issued a warning about it, and they advise users to keep an eye out for fraudulent emails of this kind, in order to stay safe from malicious cyber campaigns.

I would use this CERT notification and send the link to your users. It's short, easy to understand, and it's official so it may make a bigger impression than normal. Feel free to copy/paste/edit this blurb:

"I would like to alert you all of a recent increase in scams related to Ebola. Please double check anything you receive via email or see on social media related to Ebola, like emailed warnings, web-alerts, news updates and possibly even videos. The only way to get news about this is straight from a reputable source. Also, do not fall for fake websites that solicit online donations for Ebola victims. Verify the site is legit before you donate anything. I have said it before and I am saying it again: "Think Before You Click!"

Here is an official message from the U.S. Government about Ebola scams:
https://www.us-cert.gov/ncas/current-activity/2014/10/16/Ebola-Phishing-Scams-and-Malware-Campaigns

No Time to Figure Out Sandworm and Poodle?

Paul Ducklin at Sophos issued a one-minute video where he quickly describes what these vulnerabilities are, illustrated by a little graphic. Very handy to know and a great service from Sophos:
http://nakedsecurity.sophos.com/2014/10/18/oops-sorry-about-that-60-sec-security-video/

Quotes of the Week

"If everything seems under control, you're just not going fast enough." - Mario Andretti

"You don't burn out from going too fast. You burn out from going too slow and getting bored." - Cliff Burton

Thanks for reading CyberheistNews! Please forward to your friends. But if you want to unsubscribe,
you can do that right here


You can read CyberheistNews online at our Blog!:
http://blog.knowbe4.com/bid/398370/CyberheistNews-Vol-4-41-Scam-of-the-Week-Whatsapp-Gold-Security-News-Roundup

Thanks for reading CyberheistNews! Warm Regards, Stu Sjouwerman | Email me: feedback@knowbe4.com
Facebook LinkedIn Blog Twitter YouTube YouTube
KnowBe4

New PCI 3.0 Rule - Needs to Be Continuous All Year

Heads-up. This quote is straight from the NEW PCI 3.0 standard:

"To ensure security controls continue to be properly implemented, PCI DSS should be implemented into business-as-usual (BAU) activities as part of an entity’s overall security strategy. This enables an entity to monitor the effectiveness of their security controls on an ongoing basis, and maintain their PCI DSS compliant environment in between PCI DSS assessments."

This is exactly what KnowBe4 Compliance Manager allows you to do.

Most organizations track PCI compliance using spreadsheets, word processors or proprietary self-maintained software. This is inefficient, error prone, costly, and a risk in itself. Keep your PCI compliance in real-time with KnowBe4 Compliance Manager™.

Get PCI 3.0 compliant in half the time and half the cost. Fill out the form for a live web-demo:
http://info.knowbe4.com/_kcm_pci_30

KnowBe4

Russian Cybercrime Rakes In $2.5 Billion These Last 12 Months

There is a Russian computer forensics outfit called Group-IB. They released a report October 15th which goes into great detail on how Russian cybercrime makes its money. The picture is not pretty but very interesting.

Russian cybercrime raked in $2.5 billion between mid 2013 and mid 2014, and the biggest contributor to that revenue stream was the Target hack. Why? While financial fraud is still a big earner -- accounting for $426 million -- it's being surpassed by the simple buying and selling of credit card data. The carding business brought in a whopping $680 million. Here is a backgrounder on why all this Russian cybercrime.
http://blog.knowbe4.com/bid/398140/Why-All-This-Russian-Cybercrime-in-Five-Minutes

A short summary of other bad news: ATM hacks are on the rise. Spamming still pays well. New criminal groups are hitting the scene, specializing in mobile threats. And POS attacks will only get worse, because they can deliver data that's 10 times more profitable than your average plaintext credit card number.

Sara Peters, Senior Editor at Dark Reading, took apart the new 70-page IB-group report and has a good article about it:
http://www.darkreading.com/russian-hackers-made-$25b-over-the-last-12-months-/d/d-id/1316631

The report itself can be downloaded here:
http://report2014.group-ib.com

KnowBe4

KnowBe4 Console User Management Improvements

We have some exciting news for existing users and organizations that are looking at subscribing to Kevin Mitnick Security Awareness Training. Significant improvements have been made to the user management section of your KnowBe4 console.

An existing user said: "I am happy to see that the console is still being developed and extended. The latest change in the user console where you can see the training progress of an individual user is a great improvement. So I’m pleased."

Here are the new features:

Delete users improvements

Delete will not actually delete the users but they will be marked as ‘archived’. Archived users will not show in any user management screens. To “Delete” a user you go to the users page and select from the drop down on the right of the table the "Delete" option. You can filter by "Only deleted users" to find all deleted users. You can "Restore" users from the individual settings menu or "Restore selected" option. If a user is deleted and later imported, the user will be automatically restored

Bulk user delete

- You can now delete users in bulk from a CSV file

Users

When a user signs up, the screen will provide more information on what to do if the email they’re trying to sign up with is in use already: "Email has already been taken? Try to Resend confirmation instructions or Reset password." Users page now has a better layout, shows total number of users, grouped. We capture more information, so account admins can better manage the users: Location, Division, Manager Name, Employee Number. You can now see individual user details, overall statistics on clicks, opened attachments and training status.

Groups:

We redesigned the index page and you now have an option to remove all users from a group in the groups list. The group details page was redesigned to be more user friendly, you can now export users in a group to CSV, and we added a feature to be able to delete all users in a group.

KnowBe4

Symantec Intelligence Report (SIR): September 2014

It's that time of month again, the latest Symantec Intelligence Report just dropped. All the latest on the bad things the bad guys are trying to do. Ben Nahorney is one of their top Cyber Security Threat Analysts as well as the chief architect of the SIR.

Symantec Intelligence aims to provide the latest analysis of cyber security threats, trends, and insights concerning malware, spam, and other potentially harmful business risks. Here is a snippet that is relevant for this issue:

"The average number of spear-phishing attacks rose to 53 per day in September, after a 12-month low in August. Spear-phishing activity has returned to levels seen earlier in the summer, but is still down from the 12-month average of 85 attacks per day." Much, much more at:
http://www.symantec.com/security_response/publications/monthlythreatreport.jsp

KnowBe4

This Is a Data Privacy Survey for Your HR People

It's about Employment Verification Outsourcing & Employee Data Privacy Trends. Data privacy is a hot button issue. Does your firm outsource employment verification processing to a third party employment verification vendor? Does your firm understand its obligations to its employees under the Fair Credit Reporting Act (FCRA)? Take this survey to weigh in on this crucial topic. Leave a comment with your Email address for a chance to win a $150 Amazon gift card. All responses are confidential. Please forward this survey to your HR people. Here's the link:
https://www.surveymonkey.com/s/GYCL69V

KnowBe4

Cyberheist 'FAVE' LINKS:

* This Week's Links We Like. Tips, Hints And Fun Stuff.

This week's episode of The Good Wife has a whole office infected with ransomware that throws them into turmoil. Great for a lunch break and to forward to management:
http://www.cbs.com/shows/the_good_wife/video/

Need a 4-minute "feel-good-shot-in-the-arm?" I assure you you will feel better with this one. Turn up the volume and ENJOY this collection of dance clips from almost 40 movies, from dance movies to comedies, from Fred Astaire to Michael Jackson:
http://www.flixxy.com/movie-dancing-compilation.htm?utm_source=4

A novel way to move a couch from the third story of an apartment building. Will it work or be a disaster?:
http://www.flixxy.com/epic-couch-moving.htm?utm_source=4

A compilation of clips from America’s Funniest Videos of the 24 best cats and dogs talking like humans:
http://www.flixxy.com/24-pets-who-can-talk-like-humans.htm?utm_source=4

Super Typhoon Vongfong as the astronauts saw it from the International Space Station on October 9, 2014:
http://www.flixxy.com/super-typhoon-seen-from-the-international-space-station.htm?utm_source=4

It all begins when she is meeting her girlfriend for lunch at a cafe ... Cafe Lip-Dub Proposal "Marry Me"
http://www.flixxy.com/cafe-lip-dub-proposal-marry-me.htm?utm_source=4

The human powered airplane 'Airglow' flown by Mike Truelove at the Icarus Cup 2012 on a 1km (0.62 mile) stretch:
http://www.flixxy.com/human-powered-aircraft.htm?utm_source=4

 

A commercial for a new Toyota, and they pulled _all_ the tricks out of the photography bag for this one:
http://youtu.be/9wDPPmHBZu0

 

FlameStower Charger: Charge USB Devices with Fire. Really!
http://www.gadgetify.com/flamestower/

 

"Lady is a tramp" on Vimeo. This is called surrealism. I think it's weird!
http://vimeo.com/108100081

 

Jonathan Mann performs a song he wrote using only the iOS 8 QuickType autocomplete feature. Riot:
http://www.flixxy.com/ios-autocomplete-song-by-jonathan-mann.htm?utm_source=4

 

The Sukhoi Su-35 and Su-37 pilots show the amazing maneuverability of their aircraft at an air show in Dubai:
http://www.flixxy.com/sukhoi-su-35-and-su-37-air-show-demo.htm?utm_source=4

 

 
KnowBe4
Facebook LinkedIn Blog Twitter YouTube YouTube

Scam Of The Week: Ebola Phishing Grows In Volume

 

Ebola Email Scams Growing In VolumeI have been warning here before that Ebola phishing attacks would be more and more prevalent, as a result of the mass-media spending increasing amounts of time covering this threat.

And sure enough, it was only a matter of time until you could see phishing and malware attacks using social engineering to trick users into clicking on links or opening attachments.

The US-CERT (United States Computer Emergency Readiness Team) has issued a warning about it, and they advise users to keep an eye out for fraudulent emails of this kind, in order to stay safe from malicious cyber campaigns.

I would use this CERT notification and send the link to your users. It's short, easy to understand, and it's official so it may make a bigger impression than normal.

Feel free to copy/paste/edit this blurb:

"I would like to alert you all of a recent increase in scams related to Ebola. Please double check anything you receive via email or see on social media related to Ebola, like emailed warnings, web-alerts, news updates and possibly even videos. The only way to get news about this is straight from a reputable source. Also, do not fall for fake websites that sollicit online donations for Ebola victims. Verify the site is legit before you donate anything. I have said it before and I am saying it again: "Think Before You Click!"

Here is an official message from the U.S. Government about Ebola scams:

https://www.us-cert.gov/ncas/current-activity/2014/10/16/Ebola-Phishing-Scams-and-Malware-Campaigns

Russian Cybercrime Rakes In $2.5 Billion These Last 12 Months

 

Sara Peters at DarkReadingThere is a Russian outfit called Group-IB. They released a report October 15th which goes into great detail on how Russian cybercrime makes its money. The picture is not pretty but very interesting.

Russian cybercrime raked in $2.5 billion between mid 2013 and mid 2014, and the biggest contributor to that revenue stream was the Target hack. Why? While financial fraud is still a big earner -- accounting for $426 million -- it's being surpassed by the simple buying and selling of credit card data. The carding business brought in a whopping $680 million. Here is a backgrounder on why all this Russian cybercrime. 

A short summary of other bad news: ATM hacks are on the rise. Spamming still pays well. New criminal groups are hitting the scene, specializing in mobile threats. And POS attacks will only get worse, because they can deliver data that's 10 times more profitable than your average plaintext credit card number.

Sara Peters, Senior Editor at Dark Reading, took apart the new IB-group report and has a good article about it:

http://www.darkreading.com/russian-hackers-made-$25b-over-the-last-12-months-/d/d-id/1316631

Ransomware hits admin workstation and kills 7 servers

 

describe the imageI wanted to share a horror story with you, something that happened to somebody the day before yesterday. This is what happened in their own words:

"We are a 250 employee non-profit and we heavily rely on our computer systems in almost everything we do. Yesterday, one of our admin workstations was hit with CryptoWall Version 2.0, and because this workstation had drives mapped to all our servers, and the administrator had permissions, all our seven servers were encrypted and we were dead in the water.

CryptoWall took just 55 minutes to encrypt 75 Gigs of information, and it had penetrated most of our network before we found out what was happening, isolate the workstation and get it disconnected from the network. We had backups of the seven servers but it would take days to restore those, so we opted to find out if we could decrypt the files first.

Luckily we had just signed up for KnowBe4’s Kevin Mitnick Security Awareness Training, which came with a crypto-ransom guarantee in case something like this would happen. We called them and got instant help with this very urgent problem.

They had bitcoins ready in a wallet and were able to pay the $500 ransom within hours. The CryptoWall criminals were actually also pretty quick, and we were issued our decryption key soon after.  We immediately started to decrypt all the files with the provided decryption tool and pulled an all-nighter. It was amazing how long it took to get through all of the data. It finally completed at around 8:30 am. So we estimate about 18 hours of running the decrypt tool on our 75 gigs of data.

So far it only appears that one older database file was corrupted during the encryption, but we restored it from our backup and all is fine. I can’t say enough about KnowBe4’s quick response and support with this situation. We dodged a very big bullet here.

While only a portion of our staff have completed the training, something tells me more will complete the training requirement after this event. Thank you very much!" - Q.M. IT Director

As you can see,  ransomware hitting a key employee like an admin or perhaps a CEO, controller, or CFO with a lot of access, can do immense damage.

Having all employees step through security awareness training and sending them simulated phishing (and now also vishing) attacks, is an essential element of your defense-in-depth! 

Find out how affordable this is for your organization. Click the button:

  Stop RansomWare

Warm regards,

Stu Sjouwerman

Founder and CEO, KnowBe4

 

PS: Want to understand why all this Russian Cybercrime is happening? Here is a 5-minute explanation!

The Snappening - Snapchat naked selfies have leaked - but how?

 

Little GhostSnapchat is supposed to not keep pictures and basically delete ("self-destruct") any pictures automatically. The ghostly cloud service itself was not hacked, but many megabytes of saved images have leaked... how?

Snapchat itself denies being hacked and blames an unauthorized third party which would have downloaded the "private" selfies to a website called Snapsaved which is accessible to the Internet, and was in turn hacked itself.

Snapsaved was being smart and reverse-engineered the API that Snapchat provides. This Application Programming Interface allowed Snapsaved to circumvent the “instant deletion” feature of Snapchat’s own mobile app, and save zillions of pictures to disk.

So, if you, friends, or underage family members have ever exposed any private parts to someone on Snapchat – there is a chance that this picture is now in the hands of hackers, and intimate photographs...could technically qualify as child pornography. Ouch, that gets you right in Federal pen.

Internet users, and especially teenagers should understand that anything you put on the Internet is there forever, and that is why you don't push your cell phone in your pants because it will bite you in the butt sometime later.

Security Awareness Training is a must for any Internet user! More about this at Infosecurity magazine.

 


 

I was just interviewed on TV about the JP Morgan Hack

 

Tampa TV station 10News WTSP interviewed me about the JP Morgan Hack. You can see the short clip here: 

 

or click this link to see it:

https://www.youtube.com/watch?v=79YufWUULqg&feature=em-upload_owner#action=share

CyberheistNews Vol 4, 41 Scam of the Week: "Whatsapp Gold" & Security News Roundup

 
CyberheistNews Vol 4, # 41
KnowBe4
Stu Sjouwerman's New Security Newsletter Don't miss the Fave Links! Case Studies Resources About Us Contact Us
Facebook LinkedIn Blog Twitter YouTube YouTube
 

CyberheistNews Vol 4, 41

Editor's Corner

KnowBe4

Scam of the Week: "Whatsapp Gold" & Security News Roundup

A new scam is doing the rounds that may hit your employees soon. I suggest you send them a warning about these types of scams. Feel free to copy/paste/change this and blast to everyone, especially if they use company-provided smartphones.

"Many of us use texting apps too quickly get word to someone, both private and in business. Cyber criminals have released a fake "Gold Edition" version of the very popular Whatsapp messaging app, and it is being pushed via social networking websites. This bogus version promises exclusive features like custom backgrounds and emoticons, but it actually subscribes you to high-cost messaging services that rips you off with $2 per text you send.

"This may also happen with the current texting-app you use, so do not fall for hacker tricks like this, which either drive up your phone bill, or download spyware or ransomware to your phone. The bad guys try to scam as many people as they can and promote that the app is available for both iOS and Android.

"Remember, legit smartphone apps do NOT ask for your mobile phone number and/or any other personal information so never give this out. Think before you click (or tap)!"

Why All This Russian Cybercrime? Explained in Five Minutes...

(This may be something interesting to forward to your friends!)

We all know that a large amount of cybercrime originates in Russia and other eastern European countries that were former USSR satellite states. But why is that?

I decided to dig into this and did some research which turned out to be eye opening. One of the most fascinating sources of reliable information was a book called Putin's Kleptocracy: Who Owns Russia? by Karen Dawisha, professor of Political Science at Miami University.

Why cybercrime is so widespread in eastern Europe is closely connected and date-coincident with the rise of Vladimir Putin to Russia's autocratic leader. If this all sounds too unreal, I assure you it's the unpleasant truth.

I'm going to give you a very, very short summary of what happened, so you get the big ugly picture. Putin came up in the 1990's in the KGB in Leningrad, and was also stationed in the German town of Dresden as a recruiter for agents, and obtaining high-tech secrets from the West. Yup, Putin was a spook stealing Western high tech intellectual property.

He created his personal network in Leningrad (renamed to St. Petersburg), consisting of political allies, his personal security people, and Russian Organized Crime (OC). The group he has around him today, is the same group that brought him to power.

At the onset, Putin and his circle wanted to create an authoritarian regime, (call it a modern Stalinism really), ruled by a close-knit cabal with the interest to only enrich themselves, and not create a real democracy. The cabal consists of former KGB, mafia, and political and economic forces that joined together. They claim to be devoted to Russia and did this to save her, but they are more devoted to their personal survival and prosperity. The whole enterprise is being bolstered by high oil prices and state control over almost the entire media space.

It started out with the KGB moving all the Communist Party's vast financial reserves offshore, absorbing the Russian mafia and using them for black ops as a price for operating on Russian territory. At the same time, the KGB created hundreds of companies and several banks inside and outside of Russia to launder money. Good examples are the Bank Russia, and energy company Gazprom. Putin's cronies were put in charge of many of these, and many of these people have become billionaires. Their price? Total loyalty and like the mafia, silence: "Omerta".

While moving all this money abroad, the KGB found themselves using the same channels as the mafia for their illicit gains, and these funds started to get mingled up to a point where it was no longer possible to tell which monies belonged to the KGB and which to the mafia. So, when more or less spontaneous privatization began to occur through Russia, the KGB and the mafia was given a head start.

To make all this happen in an invisible way, a top-down corruption scheme was hatched that truly starts with Putin and then goes all the way down to low-level government employees. You only get into Russian government by paying for it, and then get rewarded via "tribute" payments. The system put in place by Putin causes the Russian economy to be badly hamstrung because their is no technical innovation, except in cybercrime where the criminal innovation is furious.

Russia scores very high in overall education, but the well-trained young graduates only have three choices: go abroad, start working for the corrupt government, or go into cybercrime. The third option pays very, very well and many take it.

The long and short of it is that organized crime in Russia is being allowed to operate, and has moved into cybercrime in a massive way, ransomware like CryptoLocker and CryptoWall being a good example. Now and then the cyber mafias are used by Putin as a resource to harass countries that get into his way. The same is more or less the case in countries like the Ukraine, where cybercrime has become a measurable percentage of their gross domestic product.

Since they are thousands of miles removed, the major ways these bad guys can penetrate your systems are limited:
   1) Badly configured servers and workstations
   2) Known and unknown vulnerabilities in software
   3) Social engineering

That's why stepping users through effective security awareness training is such an important part of your defense-in-depth. Find out how affordable this is for your organization now:
http://www.knowbe4.com/get-a-quote-kmsat/

Quotes of the Week

"The World is a book, and those who do not travel read only a page." - Augustine of Hippo (354 - 430 AD)

"You’re off to great places! Today is your day! Your mountain is waiting, So get on your way!" - Dr. Seuss, Writer (1904 - 1991)

Thanks for reading CyberheistNews! Please forward to your friends. But if you want to unsubscribe,
you can do that right here

Thanks for reading CyberheistNews! Warm Regards, Stu Sjouwerman | Email me: feedback@knowbe4.com
Facebook LinkedIn Blog Twitter YouTube YouTube
KnowBe4

Is Your Compliance Management Like "Death By 1,000 Cuts"?

Are you finding yourself having to deal with more and more regulatory items? Do you spend more and more time in "Excel Hell" trying to manage all these controls? Is the cost of compliance getting higher every quarter?

Most organizations track compliance using spreadsheets, word processors or proprietary self-maintained software. This is inefficient, error prone, costly, and a risk in itself. Streamline your audit compliance management with KnowBe4 Compliance Manager™ (KCM).

Finally, an affordable compliance workflow automation tool! Fill out the form for a live web-demo and/or a 30-day trial.
http://info.knowbe4.com/knowbe4-compliance-manager_14-10-14

KnowBe4

CryptoWall 2.0 Ransomware Moves to TOR network

A new version of the world's most widespread ransomware CryptoWall has migrated to the TOR network. It has been upgraded to version 2.0, and continues to encrypt files so that ransom can be extracted if there are no backups or if the backup process fails (which happens more often than you think).

Earlier versions of CryptoWall were not using TOR but HTTP, which allowed researchers to analyze the communication between the infected machine and the command & control server so they could take down the servers that delivered the malware.

October 1st, CryptoWall 2.0 went live after a few months of testing, and now only uses the TOR network, which makes it much harder to analyze its communications and take down malware servers. You can expect this new version to spread like wildfire and use innovative ways to propagate itself, like using ads on websites that utilize vulnerabilities in browsers and browser plug-ins that were not patched by the user.

So, here are three things you HAVE TO, HAVE TO do:

 

  1. Make regular backups, and have a backup off-site as well. TEST your restore function regularly to make sure your backups actually work.
  2. Patch browsers AS SOON AS POSSIBLE, and keep the amount of plug-ins as low as possible. This diminishes your attack surface.
  3. Step all users through effective security awareness training to prevent malware infections to start with.

 

KnowBe4

Three Scary, but True, Security Tales

While Halloween only comes around once a year, there are some truly frightful security mishaps occurring on a daily basis. Some of these mishaps have made headline news, while others were too terrifying to share… until now.

Just in time for Halloween, renowned cyber security expert and SANS Faculty Fellow, Dr. Eric Cole, shares three horrific tales of hideous human behavior which he has personally witnessed – and lived to tell!

  1. Ghost Employees
  2. From Billions to Millions
  3. A Hideous Discovery
Fun and instructive stories over at the CSO site:
http://www.csoonline.com/article/2690759/data-protection/three-scary-but-true-security- tales.html?

 

KnowBe4

Snowden’s Privacy Tips: Get Rid of Dropbox, Avoid Facebook a nd Google

At TechCrunch: "According to Edward Snowden, people who care about their privacy should stay away from popular consumer Internet services like Dropbox, Facebook, and Google.

Snowden conducted a remote interview today as part of the New Yorker Festival, where he was asked a couple of variants on the question of what we can do to protect our privacy.

His first answer called for a reform of government policies. Some people take the position that they "don’t have anything to hide," but he argued that when you say that, "You’re inverting the model of responsibility for how rights work".

When you say, "I have nothing to hide," you’re saying, "I don’t care about this right." You’re saying, "I don’t have this right, because I’ve got to the point where I have to justify it." The way rights work is, the government has to justify its intrusion into your rights.

He added that on an individual level, people should seek out encrypted tools and stop using services that are "hostile to privacy." For one thing, he said you should "get rid of Dropbox," because it doesn’t support encryption, and you should consider alternatives like SpiderOak. (Snowden made similar comments over the summer, with Dropbox responding that protecting users’ information is "a top priority.") More:
http://techcrunch.com/2014/10/11/edward-snowden-new-yorker-festival/

KnowBe4

NEW: Security News Roundup

- FBI Director gave a great 60 Minutes interview on Cybercrime. He highlights the dangers of ransomware at about 12:30 in, and states that people do not understand the risks of malware and cyber espionage:
http://www.cbsnews.com/videos/fbi-director-on-threat-of-isis-cybercrime/

- Pentagon, U.S. Cyber Command wants to build a 6,000-person cyber mission force and create 133 teams across the nation by 2016 to defend against threats to U.S. networks:
http://www.capitalgazette.com/maryland_gazette/news/ph-ac-gn-cyber1001-20141001,0,792082.story

- Ex-Homeland Security Secretary Tom Ridge together with Lloyd's starts an insurance company specifically for cyber risks:
http://www.ridgecyberins.com/resources/release.aspx

- Australian ABC TV Station off the air due to ransomware infection. The hacking attack, which reportedly originated in Russia, used fake emails containing a link which downloads malicious software. An employee fell for it:
http://www.abc.net.au/news/2014-10-07/fake-auspost-emails-used-in-crypto-ransomware-attack/5795734

- Russian botnet of 500,000 machines shows half of them are XP, recent research by Proofpoint shows. Time to get rid of XP or install some whitelisting software on those boxes:
http://www.proofpoint.com/threatinsight/posts/the-insider-view-of-a-russian-cybercrime-infrastructure.php

- Google updated Chrome to rev 38.0.2125.101 and patches a whopping 159 security fixes, including 113 relatively minor fixes found using MemorySanitizer. One of the patches was labeled "critical" so I would go to Settings | About Google Chrome | Update and do this manual instead of waiting for the automatic update:
http://googlechromereleases.blogspot.nl/2014/10/stable-channel-update.html

KnowBe4

Cyberheist 'FAVE' LINKS:

* This Week's Links We Like. Tips, Hints And Fun Stuff.

SUPER FAVE: In this imaginative performance by Japanese dance troupe 'Enra' two dancers interact with points of light to create an amazing experience. Now THIS is an innovative laser light show. Think about the graphics horsepower behind this for a moment. Gorgeous:
http://www.flixxy.com/enra-pleiades.htm?utm_source=4

John Van Horne jumps from the top of the 1,099-foot Kuala Lumpur Tower into the rooftop pool of the nearby Pacific Regency Hotel. Now that's a way to make an entrance and impress the girls:
http://www.flixxy.com/urban-base-jumper-crashes-a-rooftop-pool-party.htm?utm_source=4

A couple of Russian guys climb a very high building in Hong Kong and hack the billboard that sits on top. Vandalism, but funny. They have a drone and record themselves top-down:
https://www.youtube.com/watch?v=jJkuCzgg7fo&app=desktop

Rodafonio - a magical big wheel with three musicians and two cyclists moving through the city streets performing classic, jazz and rock music. Wonderful lunatics:
http://www.flixxy.com/music-bike.htm?utm_source=4

A hawk wasn't happy to share his airspace over Magazine Beach Park, Cambridge with a remote-controlled quadcopter and took some quick and divisive action:
http://www.flixxy.com/hawk-vs-quadcopter.htm?utm_source=4

During his time in office Ronald Reagan told jokes about life under communism in the USSR. Very funny!:
http://www.flixxy.com/ronald-reagan-tells-soviet-jokes.htm?utm_source=4

TED: Glenn Greenwald: Why privacy matters. Greenwald was one of the first reporters to see — and write about — the Edward Snowden files, with their revelations about the United States' extensive surveillance of citizens:
http://www.ted.com/talks/glenn_greenwald_why_privacy_matters

 

An impressive demonstration of the new Tesla Model S with dual motors, all-wheel-drive, 0-60 in 3.2 seconds and an amazing autopilot system:
http://www.flixxy.com/tesla-motors-demonstrates-model-s-with-dual-motors-and-autopilot.htm?utm_source=4

 

Pentatonix covers the hit single 'Rather Be' by Clean Bandit using only their voices, music video recorded in Japan:
http://www.flixxy.com/pentatonix-rather-be.htm?utm_source=4

 

3D printed car takes 2-days to build, 40mph top speed:
http://www.slashgear.com/3d-printed-car-takes-2-days-to-build-40mph-top-speed-09349972/

 

Last but not least, this guy 3D-prints a paper airplane "machine gun". Good thinking!
https://m.youtube.com/watch?v=J7K91g8yG_w

 

 
KnowBe4
Facebook LinkedIn Blog Twitter YouTube YouTube

Why All This Russian Cybercrime in Five Minutes

 

putin cleptocracyWe all know that a large amount of cybercrime originates in Russia and other eastern European countries that were former USSR states. But why is that? I decided to dig into this and did some research which turned out to be eye opening. One of the most fascinating sources of reliable information was a book called Putin's Kleptocracy: Who Owns Russia? by Karen Dawisha, professor of Political Science at Miami University.

Why cybercrime is so widespread in eastern Europe is closely connected and date-coincident with the rise of Vladimir Putin to Russia's autocratic leader. If this all sounds too unreal, I assure you it's the unpleasant truth. 

I'm going to give you a very, very short summary of what happened, so you get the big ugly picture. Putin came up in the 1990's in the KGB in Leningrad, and was also stationed in the German town Dresden as a recruiter for agents, and obtaining high-tech secrets from the West. Yup, Putin was a spook stealing Western high tech intellectual property.

He created his personal network in Leningrad (renamed to St. Petersburg) there, consisting of political allies, his personal security people, and Russian Organized Crime (OC). The group he created around him, is the same as the one today that brought him to power

From the beginning, Putin and his circle wanted to create an authoritarian regime, (call it a modern Stalinism really), ruled by a close-knit cabal with the interest to only enrich themselves, and not create a real democracy. The cabal consists of former KGB, mafia, and political and economic forces that joined together. They claim to be devoted to Russia and did this to save her, but they are more devoted to their personal survival and prosperity. The whole enterprise is being bolstered by high oil prices and state control over almost the entire media space.  

It started out with the KGB moving all the Communist Party's vast financial reserves offshore, absorbing the Russian mafia and using them for black ops as a price for operating on Russian territory. At the same time, the KGB created hundreds of companies and several banks inside and outside of Russia to launder money. Good examples are the Bank Russia, and energy company Gazprom. Putin's cronies were put in charge of many of these, and many of these people have become billionaires. Their price? Total loyalty and like the mafia, silence: "Omerta".

While moving all this money abroad, the KGB found themselves using the same channels as the mafia for their illicit gains, and these funds started to get mingled up to a point where it was no longer possible to tell which monies belonged to the KGB and which to the mafia. So, when more or less spontaneous privatization was occurring through Russia, the KGB and the mafia got a head start.

To make all this happen in an invisible way, a top-down corruption scheme was hatched that truly starts with Putin and then goes all the way down to low-level government employees. You only get into Russian government by paying for it, and then get rewarded via "tribute" payments.  The system put in place by Putin causes the Russian economy to be badly hamstrung because their is no technical innovation, except in cybercrime where the innovation is furious.

Russia scores very high in overall education, but the well-trained young graduates only have three choices: go abroad, start working for the corrupt government, or go into cybercrime. The third option pays very, very well and many take it.

The long and short of it is that organized crime in Russia is being allowed to operate, and has moved into cybercrime in a massive way, ransomware like CryptoLocker and CryptoWall being a good example. Now and then the cyber mafias are used by Putin as a resource to harass countries that get into his way. The same is more or less the case in countries like the Ukraine, where cybercrime also has become a measurable percentage of their gross domestic product. 

Since they are thousands of miles removed, the major ways these bad guys can penetrate your systems are limited:  

  1. Badly configured servers and workstations
  2. Known and unknown vulnerabilities in software
  3. Social engineering 

That's why stepping users through effective security awareness training is such an important part of your defense-in-depth. Find out how affordable this is for your organization now:

Stop RansomWare

CyberheistNews Vol 4, # 40 Most Dangerous Cyber Celebrity of 2014?

 
CyberheistNews Vol 4, # 40
KnowBe4
Stu Sjouwerman's New Security Newsletter Don't miss the Fave Links! Case Studies Resources About Us Contact Us
Facebook LinkedIn Blog Twitter YouTube YouTube
 

CyberheistNews Vol 4, 40

Editor's Corner

KnowBe4

Who is the Most Dangerous Cyber Celebrity of 2014?

No, it's not who you think. In recent years it was always a female celebrity like Emma Watson, Heidi Klum or Cameron Diaz that lured web surfers to sites laced with malware. At the end of this item is a link to a slide show that you should send to your users, and you will surprise them with which celebs are on the list.

Somehow a male comedian has become the most dangerous celebrity to search for online, with one in five (wow) searches winding up on an infected site. Per McAfee, he is only the second male to rank number one on this list, with Brad Pitt the only other male in 2008.

"Most consumers are completely unaware of the security risks that exist when searching for celebrity and entertainment news, images and videos online, sacrificing safety for immediacy," said Gary Davis, chief consumer security evangelist at McAfee, in a statement.

Another surprise is that the Kardashians have dropped out of the Top 10. But don't be fooled: They're still dangerous. Here is the slide show!
http://www.networkworld.com/article/2688080/security/security-165087-mcafee-s-most-dangerous-cyber-celebrities-of-2014.html

October 2014: National Cybersecurity Awareness Month

The President of the United States of America made a proclamation on September 30, 2014 that is worth having a look at. Knowing now that the U.S. Government is deep into offensive cyber war with advanced malware like Stuxnet, and the NSA almost able to get into anything, anywhere using unknown 0-day vulnerabilities, this becomes very interesting reading.

President Obama started out with: "Cyber threats pose one of the gravest national security dangers the United States faces. They jeopardize our country's critical infrastructure, endanger our individual liberties, and threaten every American's way of life. When our nation's intellectual property is stolen, it harms our economy, and when a victim experiences online theft, fraud, or abuse, it puts all of us at risk. During National Cybersecurity Awareness Month, we continue our work to make our cyberspace more secure, and we redouble our efforts to bring attention to the role we can each play."

If I were you, I would use this as a great opportunity to kick off a campaign in your own organization, and use this proclamation as something all employees could read to start off with, and then follow up with other campaign activities. Things that come to mind are "spot-the-phish" contests between departments, where departments get sent phishing security tests and the best (lowest) scoring department wins a fun prize.

Here is the proclamation, forward far and wide!
http://www.whitehouse.gov/the-press-office/2014/09/30/presidential-proclamation-national-cybersecurity-awareness-month-2014

Top 5 eLearning Statistics for 2014 [Infographic]

Are you (planning to) step users through web-based on-demand security awareness training? Here is some interesting data. The rise in eLearning’s popularity isn’t showing any signs of slowing.

In fact, judging by the following Top 10 eLearning statistics for 2014, the future of the eLearning Industry is brighter than ever. Take a look at the "Top 5 e-Learning Statistics for 2014 You Need To Know":
http://blog.knowbe4.com/bid/397580/Top-5-eLearning-Statistics-for-2014-Infographic

Quotes of the Week

"Our greatest weakness lies in giving up. The most certain way to succeed is always to try just one more time." - Thomas A. Edison, Inventor

"The secret of genius is to carry the spirit of the child into old age, which means never losing your enthusiasm." - Aldous Huxley, Novelist

"Dare to think for yourself." - Voltaire, Writer and Philosopher

Thanks for reading CyberheistNews! Please forward to your friends. But if you want to unsubscribe,
you can do that right here

Thanks for reading CyberheistNews! Warm Regards, Stu Sjouwerman | Email me: feedback@knowbe4.com
Facebook LinkedIn Blog Twitter YouTube YouTube
KnowBe4

Your Money or Your Files!

New KnowBe4 Whitepaper: A Short History of Ransomware

Read the short and brutal history of how vicious ransomware came into existence. 2014 was the year that ransomware went mainstream... but how did we wind up here?

Learn about: Hacking Generations, the first ransomware in 1989 (!), Bitcoin 101, and why criminals want to be paid in Bitcoin, CryptoLocker and its copycats, different ransomware types and families, the future of ransomware, and how to best mitigate against it. Download here:

http://info.knowbe4.com/whitepaper-ransomware-history-14-10-07

KnowBe4

Poll: Employees Clueless About Social Engineering

Fresh from Dark Reading: "When it comes to social engineering, Pogo, the central character of a long-running American comic strip, said it best. "We have met the enemy and he is us."

It was 1971 when Walt Kelly penned the cartoon with the celebrated quote; Pogo, who lived in a swamp, was talking about Earth Day. Today, the same sentiment can be applied to employees who are blissfully ignorant of the lengths criminals will take to gain their confidence in order to breach an organization’s security and steal proprietary data.

But don’t take my word for it. According to a recent Dark Reading flash poll, more than half of 633 security professionals who responded said that the most dangerous social engineering threat to their organizations was due to a lack of employee awareness." Full article with much more data and graphs at Dark Reading:
http://www.darkreading.com/perimeter/poll-employees-clueless-about-social-engineering-/a/d-id/1316280

KnowBe4

SANS October Issue of OUCH! Released

Sans said: "We are excited to announce the October issue of OUCH! This month, led by Guest Editor Lenny Zeltser, we cover the top five steps to staying secure. With both technology and threats constantly evolving, people are often confused with changing security advice. In this edition, we cover the fundamentals that apply regardless of what technology you are using or where you are using it.

In addition, we are releasing something new for National Cyber Security Awareness Month (NCSAM)

A companion tips sheet that highlights the same five points covered in this month's edition of OUCH! This tip sheet was designed to be a simple reference that people can print out and post at their desk or computer. Please take a moment to read the details below. As always, we encourage you to download and share OUCH! with others." (PDF):
http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201410_en.pdf

KnowBe4

Data Leak Prevention Has a New Challenge

"Through glass transfer" is a new area. At the COSAC 21st International Computer Security Symposium and SABSA World Congress in Naas, Ireland, a researcher demonstrated a protocol he had devised that automates the transfer of data from any display to devices like smart phones. Richard Stiennon has the (very interesting) story:
http://www.forbes.com/sites/richardstiennon/2014/10/01/data-leak-prevention-has-a-new-challange-introducing-through-glass-transfer/

KnowBe4

Latest Anti-Phishing Working Group Report

The latest APWG report came out: "Phishers are criminal, but they do make rational decisions about how to go about their work. They’re in it for the money, and they work to make their schemes as productive as possible while evading detection. To combat phishing we need to know what the phishers are doing, and how. Where is the phishing taking place? What companies are most vulnerable? Were the slew of new top-level domains a bonanza for phishers? By analyzing the phishing that took place in the first half of 2014, the authors have some answers, and those answers may surprise you."

- The major findings in this report include:

  1. Apple became the world’s most-phished brand.
  2. The introduction of new top-level domains did not have an immediate major impact on phishing.
  3. Chinese phishers were responsible for 85% of the domain names that were registered for phishing.
  4. Malicious domain and subdomain registrations continue at historically high levels, largely driven by Chinese phishers.
  5. The average uptimes of phishing attacks remain near historic lows, pointing to some success by anti-phishing responders.
  6. The companies (brands) targeted by phishing targets were diverse, with many new targets, indicating that e-criminals are looking for new opportunities in new places.
  7. Mass hackings of vulnerable shared hosting providers led to 20% of all phishing attacks.

 

Recommended reading! The PDF is at the apwr.org site:
http://docs.apwg.org/reports/APWG_Global_Phishing_Report_1H_2014.pdf
KnowBe4

Cyberheist 'FAVE' LINKS:

* This Week's Links We Like. Tips, Hints And Fun Stuff.

SUPER FAVE: A compilation of some of the best wingsuit flights in the Swiss Alps and the Norwegian Fjords. Amazing photography and beautiful music!:
http://www.flixxy.com/best-of-wingsuit-flying.htm?utm_source=4

SUPER MAGIC: Enzo Weyne does the impossible with his 'magic cube' at the French television show 'The World's Greatest Cabaret.' wait for the end, this is a stunner:
http://www.flixxy.com/enzo-weyne-magic-cube-the-worlds-greatest-cabaret.htm?utm_source=4

Now that I am driving a Tesla Model S myself, this video of how they are made is suddenly a lot more interesting and real. This car drives like a bat outta hell!
http://www.flixxy.com/how-the-tesla-model-s-is-made.htm?utm_source=4

Now for some old-fashioned magic. Vlad performs some stunning magic tricks with his feet at the French television show 'The World's Greatest Cabaret':
http://www.flixxy.com/magic-feet-vlad-and-elena.htm?utm_source=4

Ten of the world's best supercars and sports cars selected by Motor Trend Magazine face off in an epic quarter-mile sprint. Their only fail... no Tesla! [grumble] :-D
http://www.flixxy.com/worlds-greatest-drag-race-2014.htm?utm_source=4

Ohio State marching band with an incredible Wizard of Oz halftime show, complete with tornado, dancing scarecrow, and flying witch on a broomstick:
http://www.flixxy.com/ohio-state-marching-band-wizard-of-oz-halftime-show.htm?utm_source=4

 
KnowBe4
Facebook LinkedIn Blog Twitter YouTube YouTube
All Posts