Security Awareness Training Blog

Gang Uses Social Engineering To Steal 147 Million Dollars

Police have arrested a 147 million international fraud and money laundering ring, and jailed nine fraudsters jailed for over 27 years

The gang targeted thousands of Lloyds and RBS business banking customers using sophisticated social engineering techniques to persuade the businesses to reveal their internet banking details.

The gang's lead was responsible for calling the victims; claiming to be from their bank’s fraud department. Using various aliases, he was able to trick customers into giving out online account information which enabled him and his associates - based around the country - to access hundreds of online business accounts and steal vast sums of money.

What is the Necurs Botnet And How Does It Spread Locky Ransomware?

In Short:

The Necurs botnet is one of the world's largest botnets with more than 6 million zombie machines tied into it. It's run by Russian organized cybercrime and responsible for millions of dollars in losses tied to the Dridex banking Trojan and more recently the Locky ransomware strain. 

Don't Make These Two Major Multi-Factor Security Mistakes

An employee sent this recent horror story to me (thanks Rachel). Remember there are three ways of learning.  :-D

1. Read it in a book, blog (or training session) understand it and apply it successfully in life.
2. See other people do it and learn that way by following their example.
3. Pee on the electrified fence... 

Price Discrimination: The Fantom Menace of Ransomware

By Eric Howes,  KnowBe4 Principal Lab Researcher.

Over the past few months we've discussed the rising use of price discrimination among purveyors of ransomware to maximize their returns on ransomware campaigns. Instead of using poorly targeted "spray-and-pray" campaigns that extract a uniform toll (one or two bitcoins) from a random and diverse collection of victims, the bad guys are increasingly using more targeted campaigns that match the ransom demands with the victims' ability and willingness to pay.

One way the bad guys have incorporated price discrimination into their standard game is the use of backdoor trojans, sophisticated keyloggers, and full-blown RATs to reconnoiter potential marks and gather data about their business operations and finances. If they determine your organization is flush with cash or is uniquely sensitive to downtime or other disruptions in service, you can expect to pay more. Much, much more.

New KnowBe4 Phishing Campaign Creation Screen

You asked and we listened! We’ve enhanced our Phishing Campaign creation options to give you more flexibility and customization when phishing your users! You can now:

• Phish your users more realistically using customizable business hours and days.
• Monitor user clicking activity for longer durations and catch the stragglers.
• Create phishing campaigns based upon template difficulty.
• Have the ability to send an entire category of System Phishing Templates but exclude the ones you do not want sent. 

Here is how the new screen looks and note that each field has a little question mark with inline help. 

These 500 Million Hacked Yahoo Accounts Are A Phishing Paradise. Warn Your Users!

It's all over the press. Here is a quote from Reuters: "Yahoo Inc said on Thursday information associated with at least 500 million user accounts was stolen from its network in 2014 by what it believed was a "state-sponsored actor." 

The data stolen may have included names, email addresses, telephone numbers, dates of birth and hashed passwords (the vast majority with the relatively strong bcrypt algorithm) but may not have included unprotected passwords, payment card data or bank account information, the company said.

New Version of iSpy Trojan Steals Your Software Licenses

Earlier this year we posted about Jsocket, a highly malicious Trojan that we spotted being delivered through phishing emails shared with us via the Phish Alert Button (PAB).  

Although ransomware has been grabbing the majority of security-related headlines, malicious RATs and Trojans like Jsocket (and its evil cousins Adwind and AlienSpy) remain an important part of the online threat landscape, allowing malicious actors to monetize compromised systems and networks in a variety of ways.

Scam Of The Week: Apple Store Phishing Attack Goes For Whole Enchilada

Phishing attacks using false Apple Store email messages, fake landing pages and sometimes fake login pages are still a very popular attack vector. They still make it through all the filters, as witnessed by the hundreds we get every day that are reported by employees of our customers' users that use our Phish Alert Button.

Bad Guy FAIL! or, When a Simple Credentials Phish Goes Horribly Wrong

By Eric Howes,  KnowBe4 Principal Lab Researcher.

Anyone who works a job in the computer security industry inevitably develops a kind of dark appreciation for the mad skills so often demonstrated by the bad guys. They consistently deliver eye-popping innovation -- even if it's the kind of innovation that regularly causes massive headaches for all the rest of us.

But the bad guys have their off days, too. And when a bad guy operation goes off the rails, you can't help but smile. It's the purest form of schadenfreude.

As Neutrino takes a hit, RIG Exploit Kit jumps at the opportunity and spreads ransomware

Andra Zaharia (the picture is really her) from the Danish Heimdal Security wrote something interesting this morning that I thought you'd like to know: