| |
CyberheistNews Vol 4, 35
Editor's Corner
Scam Of The Week: Jennifer Lawrence Nude Pictures
There is a new (true) current event which unfortunately is the ultimate click bait. A hacker got into Apple's iCloud and hacked the account of Jennifer Lawrence and many other celebs. Apparently she had taken nude pictures of herself and they are all out there now. You would think these celebs would have learned by now, but no. Sigh. Apple has patched a bug that would allow brute force attacks on iCloud, and this may have been how the hack was done, or it could be simply a guessed password.
The cyber mafia are already working on campaigns to exploit this event and these are going to be very enticing phishing attacks over the next few months. I would send your users something like this:
"This weekend, it was all over the news that hackers leaked nude pictures of Jennifer Lawrence and other celebrities. The news is true, and the pictures are out there. The problem is that the bad guys are going to use this to trick people to click on links and open attachments, which will infect their computer with malware. Do not get curious and fall for these scams. Continue to 'Think Before You Click!'"
For KnowBe4 customers we have created a Current Event template that you can use to inoculate your users, based on the YouTube Video attack template. I understand there may possibly be a conflict with your corporate culture, as this template is not very politically correct, but remember that the bad guys don't care about this and will use possible corporate reluctance to talk about this to their advantage. At least, it's here for you now if you decide to use it!
CryptoWall Now Beats CryptoLocker In Total Damage
Malware comes in waves. CryptoLocker was the first major, vicious ransomware, and set off a bunch of copycats. Recently 16 competing ransomware gangs were identified. After CryptoLocker got dinged by Operation Tovar in June, the new kid on the criminal block is CryptoWall.
CryptoWall filled the void left by CryptoLocker on the ransomware landscape through aggressive distribution using a variety of tactics that included spam emails with malicious links or attachments, drive-by-download attacks from sites infected with exploit kits and through installations by other malware programs already running on compromised computers.
The former CryptoLocker wannabe has netted 625,000 infected systems (80,000 more than CryptoLocker) according to a new report by Dell SecureWorks' Counter Threat Unit (CTU).
They stated in a new threat intelligence report they "consider CryptoWall to be the largest and most destructive ransomware threat on the Internet as of this publication, and they expect this threat to continue growing."
CryptoWall social engineers an end-user, infects an endpoint, and encrypts what it can get access to: hard disks, removable drives, network drives, and even cloud storage services that are mapped to a targeted file system.
CryptoWall has encrypted 5.25 billion files. Victims pay ransoms ranging from $200 to $10,000 apiece, the majority being $500. Over the course of six months CryptoWall criminals extorted 1,683 victims to pay ransom. CryptoWall only allows Bitcoin payments which are hard to come by for people that have no wallet set up.
"The threat actors behind this malware have several years of successful cybercrime experience and have demonstrated a diversity of distribution methods," the report said. "As a result, CTU researchers expect this threat will continue to grow." Heatmap with infections at SecureWorks here:
http://www.secureworks.com/cyber-threat-intelligence/threats/cryptowall-ransomware/
If This Is Your First Issue Of CyberheistNews...
CyberheistNews is the world's largest e-zine for IT professionals about social engineering and security awareness training. Need to protect your networks from penetration by the bad guys?
CyberheistNews is published by KnowBe4 LLC, arrives in your inbox once a week and looks at IT security from the human side. KnowBe4 has partnered with Kevin Mitnick to create next-gen Security Awareness Training combined with regular simulated phishing attacks.
In CyberheistNews we aim to help you keep your network safe with important news, hints, and tips so that you are aware of the latest social engineering scams and can do something about it.
KnowBe4 lives 100% in the cloud, we use SalesForce as our CRM and via their Data.com service we licensed your address. Consider this your sample issue. You can unsubscribe at any time (a few lines below), and you will stop receiving any and all further email.
Two Cyber Book Recommendations
1) Bill Gardner and Valerie Thomas wrote "Building an Information Security Awareness Program". It's the first book that shows you how to build a successful security awareness training program from the ground up. Forewords by Kevin Mitnick and Dave Kennedy. I have a copy in my hands and it has earned a "Stu's Warmly Recommended". More at Amazon:
http://www.amazon.com/Building-Information-Security-Awareness-Program/dp/0124199674/
2) "The Cynja" is an illustrated story introducing kids to the awesome world of cybersecurity and technology. Hidden deep inside our planet’s virtual world, lurking in the darkened cyber alleys of our digital neighborhoods, a new generation of bad guys have risen. Zombies, worms, botnets – all threaten our happiness and future. But there is hope. A lone warrior battles this new sinister cyber evil. He is the Cynsei. This book touches on multiple technical areas in cyber security that you can use as talking points with kids. Be ready to do some explaining and picture drawing! More at Amazon:
http://www.amazon.com/Cynja-1-Chase-Cunningham-ebook/dp/B00I16EFLU/
Quotes of the Week
"The reading of all good books is like a conversation with the finest minds of past centuries." - Rene Descartes - Philosopher (1596 - 1650)
"Outside of a dog, a book is a man's best friend. Inside of a dog it's too dark to read." - Groucho Marx
"I was reading a book... 'the history of glue' - I couldn't put it down." - Tim Vine
Thanks for reading CyberheistNews! Please forward to your friends. But if you want to unsubscribe,
you can do that right here
|
3-minute Survey: Would You Run An Enterprise Whitelisting Layer?
As you may have heard, KnowBe4 has run a Beta of an endpoint whitelisting tool since April this year. We are ready for the next step and are starting a Beta for the Enterprise version, which has a server that can run thousands of clients.
This is a short, 7-question survey that should really take less than 3 minutes to fill out. You would help us a lot if you could take that time and give us your input about the enterprise whitelisting version. Here is the link to the survey, and I look forward to your feedback! This tool is "by admins, for admins".
https://www.surveymonkey.com/s/MalwareShieldEnterprise
Keep Bad Guys Out Of Your Server Room
Now that FLIR has a device you can clip to the back of your iPhone, you want the keypads that protect sensitive areas like your server room to have METAL KEYS, not plastic or rubber. See this video and shiver:
https://www.youtube.com/watch?v=8Vc-69M-UWk
Chase Bank Is Asking For Phishing Trouble
Chase bank says to click links if you suspect phishing. Huh? Yup, they do. Check out this email from Chase, scratch your head, and do not make this error in your own organization. If you want to train people to NOT click on dodgy links, be consistent about this in everything you do. This is what it says: "If you are concerned about the authenticity of this message, please click here or call the phone number on the back of your credit card. If you would like to learn more about e-mail security or want to report a suspicious e-mail, click here..." FAIL !! The email was sent to Salted Hash by one of their readers. Thanks for the heads-up! You can see the offending Chase email at the KnowBe4 Blog: http://blog.knowbe4.com/bid/395552/Chase-Is-Asking-For-Phishing-Trouble
Why Russian Hackers Are Beating Us
Antone Gonsalves at CSO wrote: "Russian hackers like the ones who breached the computer systems of JP Morgan Chase and at least four other banks win because they think strategically like the best chess players, an expert says. 'Russians are more intelligent than Americans,' Tom Kellermann, chief cyber-security officer for Trend Micro, said. 'They're more intelligent because they think through every action they take to a point where it's incredibly strategic.'"
"Russian hackers operate within a grey area in which cybercrime is ignored as long as it occurs outside the country and the hackers are willing to conduct government-sponsored campaigns when asked," Kellermann said. He continued with: "The regime essentially sees the underground of hacking as a national resource, as long as the hackers in Russia abide by the rules." This is an interesting article and explains to a large degree why they are often kicking our collective butt:
http://www.csoonline.com/article/2600212/data-protection/why-russian-hackers-are-beating-us.html?
Russians Install Malware Out Of Patriotism
Cyber criminals leverage Russian nationalism to spread their malicious code. The gang that runs the Kelihos botnet has started a new campaign so they can add more zombie PC's to their network. However, they are taking a new approach and simply ask the victim to install the malware. The emails, written in Russian, state simply:
"We, a group of hackers from the Russian Federation, are worried about the unreasonable sanctions that Western states imposed against our country. We have coded our answer and below you will find the link to our program. Run the application on your computer, and it will secretly begin to attack government agencies of the states that have adopted those sanctions."
Wow. That's an innovative way to social engineer victims and install malware on their PC. I wonder if the opposite would work here in America:
"We, a group of hackers from America, are worried about the unrelenting criminal wave of Eastern European spam, phishing and cyberheists against our country. We have created software to strike back and below you will find the link to our program. Run the application on your computer, and it will secretly begin to attack the websites and servers of the crime syndicates that are robbing America blind."
Any takers? :-D
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
Some people are very lucky. And some are very alert with a quick reaction time. A compilation of close calls and near misses. OMG some of these!!!
http://www.flixxy.com/that-was-close-lucky-people-2014.htm?utm_source=4
Navdy's transparent Head-Up Display (HUD) projects information as if it's floating six feet in front of you...in the car you already have:
https://www.navdy.com/
Turns out that Amazon is not the only one experimenting with drones to deliver goods. Google introduces the Project Wing delivery system:
http://www.flixxy.com/google-introduces-project-wing.htm?utm_source=4
500 gymnasts dancing in the sky - an amazing opening performance at the Nanjing Youth Olympics 2014:
http://www.flixxy.com/stunning-opening-performance-nanjing-youth-olympics-2014.htm?utm_source=4
BabyX First Words on Vimeo. Teaching AI how to read and recognize objects. This is getting pretty real:
http://vimeo.com/103501130
Dad Makes Hovercraft For His Kid. A homemade hovercraft made from polystyrene insulation board and powered by a hand vacuum. FUN project for the house!:
https://www.youtube.com/watch?v=dTQjchn1KHE
Four DARPA projects that could change the world:
http://i-hls.com/2014/08/four-darpa-projects-change-world/?
Aerobatics pilot Hannes Arch takes off from the road for a wild ride over the beautiful Austrian Alps:
http://www.flixxy.com/aerobatics-pilot-takes-off-from-the-road-in-the-austrian-alps.htm?utm_source=4
An easy way to get all the fruit out of a pineapple in less than a minute:
http://www.flixxy.com/how-to-peel-a-pineapple.htm?utm_source=4
Billionaire Elon Musk: How I Became The Real 'Iron Man' - Lunch & Learn:
https://www.youtube.com/watch?v=mh45igK4Esw&feature=youtu.be&app=desktop
Why do we perceive stars star-shaped, when we know they are really big, hot, round balls of plasma and far enough away that they are basically just dots?
http://www.flixxy.com/why-are-stars-star-shaped.htm?utm_source=4
|
|
