CyberheistNews Vol 4, 26 Scam: You Are Summoned To Court



CyberheistNews Vol 4, # 26
KnowBe4
Stu Sjouwerman's New Security Newsletter Don't miss the Fave Links! Case Studies Resources About Us Contact Us
Facebook LinkedIn Blog Twitter YouTube YouTube
 

CyberheistNews Vol 4, 26

Editor's Corner

KnowBe4

Scam Of The Week: You Are Summoned To Court

The AppRiver team discovered an increase in phishing scams containing the Zortob Trojan. The new surge uses an existing successful scam, which warns the victim that they've been ordered to appear in court. The scam is a textbook phishing & social engineering trick. Scare the potential victim with severe consequences if they don't immediately do what is required. In this Scam Of The Week, it's a notice to appear in court, with dire threats if the person fails to show up. The idea is to have the person open the attached "summons" to find out what's going on. It would not hurt to remind your users that this scam is doing the rounds again.

Survey: IT Pros Concern Over Ransomware Skyrocketing

Thanks to the hundreds of you that filled our the Ransomware survey. You should have received the free key for the home internet security course last Friday. Let me know if you did not.

Well, the survey shows your growing alarm about the threat of ransomware like the infamous CryptoLocker. The survey of 300 IT Pros compared the levels of concern over ransomware to a similar survey by IT Security company Webroot in January of this year.

There is a rapidly growing apprehension over ransomware, rising to 73% from 48% of those who are very or extremely concerned about it. At this point in time, nearly half of you know someone who has experienced a ransomware attack and it worries you more now with 88% expecting ransomware to increase for the remainder of the year compared to 66% at the start of this year.

We thought it would be interesting to use the same questions as Webroot to see what impact ransomware has had in six months time. We found the threat of ransomware is very real and IT pros are increasingly realizing traditional solutions like endpoint security are failing.

The survey showed that end-user Security Awareness Training is one of the most effective security practices to combat these ransomware threats, of course combined with backups.

Failed Backups + CryptoLocker = Deadly Combination

Most IT managers rely on backup get out of a tight spot but 57% agree that if their backup fails, they would be forced to pay the ransom. This can have a grave impact on organizations as backup fails 50-66% of the time, according to the method used (tape vs cloud). According to a report by Symantec in 2013, 47% of enterprises lost data in the cloud and had to restore their information from backups, 37% of SMBs have lost data in the cloud and had to restore their information from backups and 66% of those organizations saw recovery operations fail. Ouch.

Among the highlights of the KnowBe4 ransomware survey;

   - 88% expect ransomware to increase the rest of the year.
   - 47% feel email attachments pose the largest threat.
   - Confidence in endpoint security to stop ransomware dropped from
     96% in January to 59%.
   - 88% consider Security Awareness Training the most effective protection
     from ransomware over 81% for backup.
   - Only 16% feel their current solutions are very effective, while 72%
     feel they are somewhat effective.
   - Confidence in email and spam filtering effectiveness dropped from
     88% to 64%.
   - If faced with 4 hours of lost work from ransomware encryption,
     81% would rely on backup.
   - If confronted with a scenario where backups have failed and weeks
     of works might be lost, an astounding 57% would begin with paying the
     $500 ransom and hope for the best.

It appears the Russian cyber mob has picked a highly profitable business model. Our study shows the overwhelming majority of IT Pros think the criminals behind ransomware should be prosecuted and sent to jail for a long time. We agree, but US law enforcement has no jurisdiction in Eastern Europe where these criminals are largely free to commit their crimes.

According to report by EMA, 56% of employees still receive no security awareness training, and the programs that do exist vary in effectiveness. We recommend frequent phishing security tests to keep employees aware and feel so confident about the effectiveness of our program that we will cover your crypto-ransom if you get hit. Get a quote here:
http://www.knowbe4.com/we-will-pay-your-crypto-ransom-if-you-get-hit-with-ransomware/

Want Instant Alerts on Major IT Security Events?

Follow me on Twitter. My handle is @stuallard, and I will tweet about breaking news that usually is seen first at our www.hackbusters.com site.

Reminder: Please Whitelists Our New Mailserver

For existing KnowBe4 customers, the first week of July we will cut over to a new mailserver, which allows you to use different "hover-domains" (meaning a user sees something else than the domain we used as the default up to now). Next, we will deploy PDF attachments and you will see that feature in the third quarter.

To make sure the new mail server will not get blocked, please whitelist any of the following, which fits best in your environment.

Domain: phishtest.knowbe4.com
IP Addresses: 23.21.109.197, and 23.21.109.212 (Amazon Web Services)
Email Header: X-PHISHTEST

Quotes of the Week

"Be yourself; everyone else is already taken." - Oscar Wilde

"Every child is an artist. The problem is how to remain an artist once he grows up." - Pablo Picasso

Thanks for reading CyberheistNews! Please forward to your friends. But if you want to unsubscribe,
you can do that right here

Thanks for reading CyberheistNews! Warm Regards, Stu Sjouwerman | Email me: feedback@knowbe4.com
Facebook LinkedIn Blog Twitter YouTube YouTube
KnowBe4

Security Awareness Training Success Story

"The training feedback from the floor was excellent. The biggest surprise was that employees asked if they could get the same training for their household. You guys helped us out with that and we appreciate that greatly. Initial phishing results were bad, the second round improved. I think we have the third one at the end of this week. Thank you very much." - B.B.

Find out how affordable this is for your own organization. Click on the orange "Get A Quote" button:
http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/

KnowBe4

2014: The Year Extortion Went Mainstream

Brian Krebs wrote: "The year 2014 may well go down in the history books as the year that extortion attacks went mainstream. Fueled largely by the emergence of the anonymous online currency Bitcoin, these shakedowns are blurring the lines between online and offline fraud, and giving novice computer users a crash course in modern-day cybercrime." He goes over the different types of extortion in use at the moment where they want to be paid in Bitcoin.

Even as the ink was still drying on the press releases about the Cryptolocker takedown, a new variant of Cryptolocker — Cryptowall — was taking hold. These attacks encrypt the victim PC’s hard drive unless and until the victim pays an arbitrary amount specified by the perpetrators — usually a few hundred dollars worth of bitcoins. Many victims without adequate backups in place (or those whose backups also were encrypted) pay up. More:
http://krebsonsecurity.com/2014/06/2014-the-year-extortion-went-mainstream/

KnowBe4

Dell: Simulated Attacks & Training Cut Susceptibility

Simulated attacks and user training are the best ways to raise employee awareness of malicious email, says Tom Sammel at the Gartner Security & Risk Management Summit in D.C.

Tom Sammel, interim director of Incident Response for Dell SecureWorks, explained that companies often "make it easy" for attackers to invade their infrastructures by neglecting certain basic security protections:
   - Allowing users with system-level administrative rights
   - No enterprise-level scanning/remediation
   - Lack of application whitelisting
   - Weak endpoint control policies
   - Poor awareness of malicious email

Reversing the last point, in particular, relies heavily on educating the workforce, because email protection software is almost always lagging behind the newest scams and attacks. “Technology alone won’t work without user compliance,” Sammel said during a presentation called "Social Engineering Kryptonite: Creating SuperUsers to Counter the Threat." In other words, employees need to be smart enough to not be fooled. Whole article with more ammo here:
http://techpageone.dell.com/technology/security-it/simulated-attacks-training-cut-susceptibility-to-email-threats/#.U6x9QvldV8E

KnowBe4

Security Awareness And Concern Are Both On The Rise Among IT Pros

What a difference a year makes. When Lancope conducted a survey of IT pros at Infosecurity Europe in 2013 it seemed as if the majority were either completely oblivious, or just in denial about the state of the security landscape. Lancope surveyed IT professionals again this year, and found much more of them in touch with the reality—and gravity—of the situation.

Lancope found that the concern over BYOD security has declined dramatically—50 percent of respondents cited it as a top concern last year, but only 30 percent this year. However, the threat of insider attacks, or insiders compromising or exposing data rose from 32 percent in 2013 to 40 percent this year. The first trend may be a reflection of maturing BYOD programs and better IT tools to manage and protect BYOD mobile devices, while the second trend is likely a response to the Snowden NSA revelations and concerns over how an employee was able to exfiltrate so much valuable and sensitive data undetected. More at the CSO website:
http://www.csoonline.com/article/2385000/security-awareness/security-awareness-and-concern-are-both-on-the-rise-among-it-professionals.html

KnowBe4

Cyberheist 'FAVE' LINKS:

* This Week's Links We Like. Tips, Hints And Fun Stuff.

John Cleese in a rant about football. Now. don't get offended, it is Python's John Cleese after all! LOL
http://youtu.be/2sD_8prYOxo

The Longest Jump. This is more than a story about a world record car jump attempt. (and a spectacular wipe-out at the end)
https://www.youtube.com/watch?v=HWOANXNGrZc&app=desktop

Cesar Falistocco, captain of the Argentina Aerobatic Squadron, raises Argentina and Chile's flags with the wingtip of his plane skimming the grass.
http://www.flixxy.com/low-flying-plane-picks-up-flags-from-ground.htm?utm_source=nl

These 11 Ads Are So Good, You'll Forget They're Ads. Strap yourself in, and prepare to ENJOY. Awesome!!!
http://blog.hubspot.com/marketing/great-advertising-examples?

Hammond on his bicycle, James in a Mercedes SUV, Clarkson on a speadboat and Stig using public transport compete to find the quickest way to get across London. The winner will surprise you:
http://www.flixxy.com/race-across-london-bicycle-vs-car-vs-boat-vs-public-transport.htm?

A woman returns to Polar Park - the World´s Northernmost Wildlife Park in Bardu, Norway and gets greeted by the wolves:
http://www.flixxy.com/reunion-between-a-woman-and-the-wolves.htm?

This Mechanical Watch Has A Magic Button That Sets It By GPS:
http://techcrunch.com/2014/06/27/this-mechanical-watch-has-a-magic-button-that-sets-it-by-gps/

Colin Furze is a plumber by day - but in his spare time he invents all kinds of weird and wonderful contraptions like the Jet Bike and World's Fastest Mobility Scooter.
http://www.flixxy.com/colin-furze-backyard-inventor.htm

What you see all depends on your point of view. This is pretty cool:
http://www.flixxy.com/look-closer-to-see-the-big-picture.htm?utm_source=4

Father Guido Sarducci explains his 5-minute university. Not that different from some diploma mills on the Internet these days!
http://www.flixxy.com/five-minute-university-father-guido-sarducci.htm

The Russian dance troupe "Berezka" seem to actually float over the floor at 1:30: Dancers are told to keep the 'floating step' technique a secret, and not to share it even with their family:
http://www.flixxy.com/amazing-berezka-dancers-float-across-the-stage.htm?utm_source=4

 
KnowBe4
Facebook LinkedIn Blog Twitter YouTube YouTube



Subscribe To Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews