CyberheistNews Vol 3, 09
Scam Of The Week - Target: IT
This week, it's you specifically being targeted with a phishing attack. The bad guys know very well that the most powerful weapons are administrator's credentials, as those really are the keys to the kingdom. So, what they are using is the instantly famous report that Mandiant wrote about the Chinese military hacking into 141 mostly U.S. businesses. An infected PDF version of the original report, titled "APT1: Exposing One of China's Cyber Espionage Units, is now being used as spear phishing bait to get IT people to open it up using two fake names: Mandiant.pdf and Mandiant_APT2_Report.pdf
The infected document leverages a just-patched hole in Adobe Reader and was first spotted in Asia. Keep your eyes peeled for it hitting your own inbox. In the meantime, the actual report is fascinating reading, and you can find it here at the Mandiant website:
Warn Your Users: PDF 0-day Vulnerability
Last week, Adobe warned customers that a few new exploits that target Acrobat Reader were being exploited in the wild. Keep an eye out for patches that are expected soon. The exploits are particularly nasty, as they use a new blackhat technique to escape the sandbox technology used in reader. The irony is that this sandbox was created to prevent the impact of vulnerabilities such as these. Please warn your users to be very cautious BEFORE they open any PDF they did not ask for. Link:
Here is some FREE ammo you can send to all your users. It's a Social Engineering Red Flag document (yes, ironically it -is- a PDF) with the 22 Red Flags they need to watch out for. This is Kevin Mitnick's 30+ year hacking experience distilled into one page you can stick on the wall!
Want Alerts Like These Real-time?
Follow me on Twitter. My handle is:
@StuAllard and I tweet these the moment I see them!
Quotes of the Week
"Why make things complicated, after all simplicity is the answer to most problems." - ReTweet by Hacker Fantastic
"Life is not complex. We are complex. Life is simple, and the simple thing is the right thing." - Oscar Wilde
Please tell your friends about CyberheistNews! They can subscribe here:
You can read this newsletter online at the KnowBe4 Blog:
Stop Phishing Security Breaches
Your end-users are the weak link in your network security. Today, your employees are frequently exposed to advanced phishing attacks, and over 90% of data breaches start with a phishing attack.
IT Security specialists call it your 'phishing attack surface'. The more email addresses that are exposed, the bigger your attack footprint is, and the higher the risk. It’s often a surprise how many of your addresses are actually out there, and who’s.
Find out now which of your email addresses are exposed. The Email Exposure Check (EEC) is a one-time free service. KnowBe4 customers with a Gold package get an EEC sent to them regularly so they can address the issues that are found. An example would be the email address and password of one of your users on a crime site. Fill out the form and we will email you back with the list of exposed addresses. The number is usually higher than you think.
Sign Up For Your Free Email Exposure Check Now:
Security Firms Slow To React To China Hack Spear Phishing
Antone Gonsales at the CSO site hits the nail on the head: “Email security vendors have failed to do enough to protect customers against advanced cyberattacks like the one recently linked to the Chinese military, experts say.
“Vendors have needlessly left customers exposed to spear phishing, which is the most effective way hackers have of penetrating corporate networks. The technique involves scouring the Web for information related to the target in order to craft an email most likely to trick the person into clicking an attachment or visiting a malicious website.
“The players that have had email and Web security solutions have failed at their job,” Rick Holland, an analyst at Forrester Research, said last week.
The result has been successful spear phishing-based cyberattacks like the one recently uncovered by Mandiant. The security vendor this week released a 60-page report that traced an advanced cyberespionage operation to a Chinese military unit.
Researchers at the Georgia Institute of Technology are working on analytics that they hope will one day be able to spot bogus email and warn recipients. Before starting the project, research scientist Andrew Howard investigated the market last year and found only one vendor that he believed had reliable analytics.
“The technologies available out there to help with this problem are severely inadequate,” Howard said.
Which brings me to the point of all this. An essential part of your ‘defense-in-depth’ strategy is security awareness training because your security software cannot keep up with the bad guys.
Full CSO article here:
DDoS Attack Used to Hide Cyberheist
Late December 2012, cyber criminals launched a DDoS attack (Distributed Denial-of-Service) against a California bank trying to create a diversion while they tried to steal more than US $900,000 from the accounts of a Sacramento construction company, using fake automated clearinghouse (ACH) transactions.
The gang used a whopping 62 money mules based in the US to help immediately transfer the funds. The victim company's president stated that when their controller tried to access their bank, she simply could not do it as her workstation was completely taken over by the criminals. It is suspected that other companies' bank accounts were emptied out at the same time.
Lesson learned: The moment you see internet traffic flow going up like that, know that this may well be an attempt to 'smoke screen' the actual attack going on. Alert the relevant people and organizations that control your financial infrastructure. All details at Brian Krebs' site:
6 Types of Data Chinese Hackers Pilfer
The GovInfoSec site has dug into the Mandiant report (see Editor's Corner) and listed six categories of information that's commonly pilfered from business and government computers by hackers from a Chinese military unit it dubs APT1. According to Mandiant, the data stolen relate to:
1) Product development and use, including information on test results, system designs, product manuals, parts lists and simulation technologies;
2) Manufacturing procedures, such as descriptions of proprietary processes, standards and waste management processes;
3) Business plans, such as information on contract negotiation positions and product pricing, legal events, mergers, joint ventures and acquisitions;
4) Policy positions and analysis, such as white papers, and agendas and minutes from meetings involving high-ranking personnel;
5) E-mails of high-ranking employees;
6) User credentials and network architecture information.
Here is the whole article, interesting data!
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
OK, Perhaps I am weird, but this gets me excited! Ric Kaner set out to find a new way to make graphene, the thinnest and strongest material on earth. What he found was a new way to power the world:
Only in Russia! Man fills his homemade power-glider at a local gas station, drives onto the freeway, and takes off into the skies:
French Rally world champion Guerlain Chicherit takes a John Cooper Works Mini Countryman and makes it do a backflip:
Ever dreamed of zooming through the water and leaping in the air like a dolphin? Now you can - thanks to the "Flyboard." I want one:
A trip around the world, from Lake Hallstatt (Austria) to Venice (Italy), Strasbourg (France), St. Petersburg (Russia) and Chicago (USA):
Time Travel, it is easier done than said. Award-winning short film: