CyberheistNews Vol 4, 30 DELL Warns Against Social Engineering



CyberheistNews Vol 4, # 30
KnowBe4
Stu Sjouwerman's New Security Newsletter Don't miss the Fave Links! Case Studies Resources About Us Contact Us
Facebook LinkedIn Blog Twitter YouTube YouTube
 

CyberheistNews Vol 4, 30

Editor's Corner

KnowBe4

DELL Warns Against Social Engineering

Dell has its own news site called Tech Page One. A few days ago they had a new article that started with: "Human errors that aid social engineers; the weakest links in computer networks targeted by hackers aren’t operating systems or software programs — they’re humans who can be duped by deceptive techniques."

Lance Spitzner from SANS and I are quoted several times and it's a great article from a reputable source to send to managers and C-level people because it makes the topic real to them and illustrates the cyber risks of untrained employees. Read it here, and forward to all relevant people:
http://techpageone.dell.com/technology/human-errors-that-aid-social-engineers/

And while you are at it, this is another interesting article with a link to an ISACA study citing 1 in 5 businesses got hit by an APT. They started out with something we all more or less know: "Even as Threats Persist, CEOs Remain Unconvinced About Need for Cyber Security Initiatives". But there are a few hints and tips to get them convinced to spend budget:
http://www.hightech-highway.com/cyber-security-2/even-as-threats-persist-ceos-remain-unconvinced-about-need-for-cyber-security-initiatives/

Scam Of The Week: "Transportation Manager"

This scam is making the rounds again in a new form and I suggest you warn all your employees as soon as possible.

Unscrupulous eastern European cyber mafias are preying on U.S. employees who try to make ends meet and look for a second (or third) job. This is not a new scam, but it is rearing its ugly head again in a different form. The scam was newly reported by our friends at hoax-slayer.

Phishing emails go out looking for a "Transportation Manager" which involves accepting, repacking and reposting various parcels. It looks like an easy and well-paid job that you can do from home.

The scam comes in two forms:

There are two forms of this scam. One is to have the person fill out a form with a lot of personal information which then gets used for Identity Theft. The second form is even worse. The job is in fact a criminal ruse designed to trick you into receiving goods bought with stolen credit cards and sending them on to your new criminal 'employer', often overseas. Supposedly, the 'company' will cover all postage fees and you will receive a monthly salary as well as a per-package 'commission'.

"Job" is a reshipping Scam

The criminals are too smart to have the goods delivered directly to their own homes So, instead, they line up a "parcel mule" (you) who will accept delivery of the ill-gotten goods and reship them to a location specified by the thieves.

To add insult to injury, the victim may be paid via a fake or stolen check, or worse, funds transferred from hijacked accounts. The employee may be asked to deduct their "wages" and "commission" from these funds and wire the remainder back to the company via a money wire service such as Western Union. This way, the employee not only reships tainted goods, they are also be tricked into laundering money stolen by the criminals.

Employees May Become Trapped and Face Criminal Charges

Often, investigations lead police directly to the doors of the victim. People caught up in such scams have faced criminal charges and had to deal with ongoing and damaging consequences. Moreover, people can become trapped within such schemes and find it quite difficult to extricate themselves. After they have already started the job, they may belatedly realize that they are involved in a scam.

But, by that time, they may be too scared to involve police in case they get in trouble themselves. And, if they try to terminate the arrangement, the criminals may threaten them with exposure or bully them into continuing.

The upshot

Treat any offer that involves you receiving goods at your house or payments on your bank accounts as very suspect, delete these emails and never answer them. If you get emails that promise easy jobs via the Internet, and ask for a lot of personal information, do not give out any personal data unless you are sure that the outfit is legit, and even then be very wary!

BOOK REVIEW: Recommended Summer Cyber Thriller: Lethal Code

This is a good one. It illustrates in a realistic way what happens when the bad guys get the upper hand, pull the trigger and bring the grid down. A quote from the back cover: "America’s worst nightmare has come true: a " cyber–Pearl Harbor" attack by unknown terrorists has crippled the nation’s power grid—and brought the land of the free to its knees. As widespread panic and violence ravage the country, its ruthless captors issue their ultimatums…and vow an apocalyptic reckoning." A good read and a good education at the same time:
http://www.amazon.com/Lethal-Code-Thomas-Waite-ebook/dp/B00J9P2EMO/

Quotes of the Week

"The less effort, the faster and more powerful you will be." - Bruce Lee, Martial Artist (1940 - 1973)

"Life is really simple, but we insist on making it complicated." - Confucius, Philosopher (551 - 479 BC)

Thanks for reading CyberheistNews! Please forward to your friends. But if you want to unsubscribe,
you can do that right here

Thanks for reading CyberheistNews! Warm Regards, Stu Sjouwerman | Email me: feedback@knowbe4.com
Facebook LinkedIn Blog Twitter YouTube YouTube
KnowBe4

NEW RELEASE KnowBe4 Security Awareness Training Version 3.0

We have just released the new V3.0 of the admin console with a host of new features. Here are the three main highlights:

 

  1. Attachments: Word, Excel, PowerPoint and Zip, (also zipped versions of these files). If a user opens the attachment, it will show in your console.
  2. Phish Domain: Customizable "hover-links" aka "Phish Domain" that show when a user hovers their mouse over a link.
  3. Corporate Policy Acknowledgment - Ability to add company policy link and specify that the user needs to read your organization’s Security Policy and confirm they have read it and will comply with that policy.

 

Scott Alan Miller, one of Spiceworks' top thought leaders gave us 5 STARS and said: "KnowBe4 is awesome in that they take the human approach to security and assume that wetware is where problems are likely going to be and tackling that in a practical way. They have great products and services for companies looking for ways to get their people to be more secure."

Check out the updated product page and click on the orange "Get A Quote" button to find out how affordable it is for your own organization.
http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/

KnowBe4

For The Cost Of A Tablet, You Too Can Be A Cybercriminal

Tony Bradley at CSO makes a very good argument for spending more cybersecurity budget:

"It’s fairly common when discussing the cost of things to compare it to other items people commonly buy. Commercials for charities often state that donating costs less than a cup of coffee per day, and many tech articles cite cost in terms of a visit to Starbucks (apparently coffee is a useful theme for comparison). A new infographic from Trustwave illustrates how much bad guys are paying for malware kits compared to ordinary things you might spend money on.

"The sad fact is that you don’t have to be a coding genius to be a cybercriminal. You don’t have to know how to discover vulnerabilities, or craft custom exploits. Shady characters can simply shop for a malware kit that makes executing a malware attack about as simple as operating a microwave oven.

"There is an underground black market for these sorts of malware kits. Trustwave researchers did some digging to find out how much it costs to acquire certain well-known malware kits, and they were shocked to find out just how cheap it can be to get into the cybercrime business.

"For less than the cost of a decent tablet like the Amazon Kindle Fire HDX, or the Google Galaxy Nexus, you can buy the Neutrino Bot malware kit online. For about the same cost as buying a flagship smartphone like the iPhone 5s without a carrier subsidy, you can buy the Betabot Remote Access Trojan. If you want to spend as much as an average 7- day cruise for one person, you can move up to the Stoned Cat Bot mobile malware kit.

"The average cost of a data breach for an organization is estimated to be $3.5 million. That data breach can be executed by an attacker with a couple hundred dollars—sitting in his underwear in his living room and checking a few boxes in a malware kit.

"This is what businesses and consumers are up against. This is why it is more important than ever to have the right processes and tools in place to protect your network and devices. It is even more imperative to educate users and maintain awareness of security trends and emerging attacks.

"If an attacker can spend as little as $200 to execute an attack that could cost your organization $3.5 million, you’d better put some very serious consideration into how much you want to invest in defending against that attack." Here's the link to the article and InfoGraphic at CSO:
http://www.csoonline.com/article/2457448/malware-cybercrime/for-less-than-the-cost-of-a-week-s-groceries-you-too-can-be-a-cybercriminal.html

KnowBe4

Service Drains Competitors’ Online Ad Budget

Another great story from Brian Krebs. This guy is an incredible investigative reporter. He started out with: "The longer one lurks in the Internet underground, the more difficult it becomes to ignore the harsh reality that for nearly every legitimate online business there is a cybercrime-oriented anti-business. Case in point: Today’s post looks at a popular service that helps crooked online marketers exhaust the Google AdWords budgets of their competitors.

"Enter “GoodGoogle,” the nickname chosen by one of the more established AdWords fraudsters operating on the Russian-language crime forums. Using a combination of custom software and hands-on customer service, GoodGoogle promises clients the ability to block the appearance of competitors’ ads." Perhaps your own company's AdWords budget has been the victim of this...
http://krebsonsecurity.com/2014/07/service-drains-competitors-online-ad-budget/

KnowBe4

Beating Back Malicious Mobile Apps

QUIZ TIME! This fun seven-question quiz will test you on the key points they covered in their malicious mobile apps Security School by Mike Cobb. If you have faithfully read this newsletter you know all the answers as well. I took the test and got six out of seven, the first question I thought was somewhat up for "multiple interpretations" but whatever, I got all the others right. Here is the quiz and have fun. Let me know how you did? (and oh, we have a module for mobile device security if you ever need one) Here is the Quiz:
http://searchsecurity.techtarget.com/quiz/Beating-back-malicious-mobile-apps

KnowBe4

Changing Your Face In The Public Eye: Kevin Mitnick

Changing your face in the public eye is not easy. The Stance site expands an earlier post called How to Cope with The Negative Face of a Brand and use Kevin Mitnick as a great example:

Kevin Mitnick is a formerly infamous social engineer and computer hacker known to be the "World’s Most Wanted"; from the 1970s up until his last arrest in 1995 Kevin Mitnick eluded and bypassed security safeguards, penetrating some of the most well-guarded systems. Mitnick certainly wasn’t a white hat in the world of computer hacking, but he is very much so now.

Mitnick now owns a security consulting company, and is a New York Times Bestselling Author currently residing in our ever sunny Las Vegas working to educate and provide services to assist people while still being able to use his talents in social engineering and hacking. Watch him recount how he evaded the Feds and bought them the "FBI Donuts" he put in his fridge for them:
http://stancebranding.com/kevin-mitnick-positive-face/

KnowBe4

Cyberheist 'FAVE' LINKS:

* This Week's Links We Like. Tips, Hints And Fun Stuff.

A very close call for longboarders in Brazil skating down a curvy mountain road. Holy $#!+, do not do this at home!
http://www.flixxy.com/gnarly-escape.htm

Introducing the 912 HP QUANT e-Sportlimousine with nanoFLOWCELL drive, using flow cell batteries and salt water to power four electric motors:
http://www.flixxy.com/car-runs-on-salt-water-quant-e-sportlimousine.htm?utm_source=nl

Magician Mat Franco stretches the boundaries of a card trick and paints a picture of Howie Mandel at America's Got Talent 2014. Think about it for a moment and you will know how he did it:
http://www.flixxy.com/card-magic-mat-franco-americas-got-talent-2014.htm?utm_source=nl

Astrophysicist Neil deGrasse Tyson answers the question about why we haven't encountered any alien life yet. 3.5 minutes that are fun and instructive!:
http://www.flixxy.com/neil-degrasse-tyson-is-worried-that-humans-are-too-stupid-for-aliens.htm?utm_source=nl

Two pieces of metal are being fused together with one of the simplest forms of creating heat - friction:
http://www.flixxy.com/the-power-of-friction.htm?utm_source=nl

NASA Curiosity Rover captures a solar eclipse on Mars. Kewl!:
http://www.flixxy.com/solar-eclipse-on-mars.htm?utm_source=nl

A short clip from a precision walking competition in Japan. Who would have though the simple act of walking could be an exciting competitive sport?:
http://www.flixxy.com/japanese-precision-walking.htm?utm_source=nl

A rabbit and a cat go for daily walks together in the small town of Taragi, Southern Japan:
http://www.flixxy.com/cat-and-fluffy-bunny-go-for-a-walk-together-in-japan.htm?utm_source=nl

A hilarious compilation of dogs enjoying their ride in the car with the windows down. Flappy lips anyone?:
http://www.flixxy.com/dogs-on-summer-joyrides.htm?utm_source=nl

Acrobats from the Circus of China Shenyang Acrobatic Troupe perform in Sao Paulo, Brazil. Talk about being trapped in a giant hamster wheel:
http://www.flixxy.com/giant-wheel-circus-of-china.htm?utm_source=nl

Goats just wanna have fun ... in high places!
http://www.flixxy.com/goats-riding-horses-compilation.htm?utm_source=nl

 
KnowBe4
Facebook LinkedIn Blog Twitter YouTube YouTube



Subscribe To Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews