Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

Proofpoint: "45% Surge In CEO Fraud" And Domain Spoofing Even Higher [infoGraphic]

CEO Fraud, aka Business Email Compromise (BEC), is skyrocketing. Proofpoint recently conducted research into this type of attacks across more than 5,000 enterprise customers. Their research shows a clear acceleration in attack sophistication and volume. 

KnowBe4 Appoints Former Gartner Research Analyst Perry Carpenter as Chief Evangelist and Strategy Officer

Perry Carpenter, former Research Director, Security & Risk Management and esteemed analyst at Gartner, has joined KnowBe4 as Chief Evangelist and Strategy Officer. As the provider of the most popular platform for security awareness training and simulated phishing, KnowBe4 developed this new role to strengthen innovation and lead efforts to evolve how the human element of security is approached. Carpenter brings a unique point of view to help KnowBe4 and its customers achieve an even higher degree of success and effectiveness.

Chinese Hackers Use Fake Cellphone Tower to Spread Android Banking Trojan

Check Point Software blogged about Chinese hackers who have taken smishing to the next level, using a rogue cell phone tower to distribute Android banking malware via spoofed SMS messages.

Does DoubleAgent Turn Antivirus Into Malware? We Are Calling BS On That.

It was all over the press. Initially reported by Bleepingcomputer and picked up by sites like Endgadget, they all went gaga over a new technique that allows the bad guys to take over your computer by "turning your antivirus into malware." Here is an example snippet:

Ransomware Is Skyrocketing, But Where Are All The Breach Reports?

More than 4,000 ransomware attacks occur daily and healthcare is the largest target. However, despite disclosure requirements and the risk of late or no HIPAA notification at all, breach reporting simply doesn’t match up.

I found some interesting data in a new survey by Healthcare IT News and HIMSS Analytics that showed more than half of hospitals were hit with ransomware from April 2015 to April 2016, but breach reporting to the OCR was practically non-existent.

Who Were The Two Big US Tech Companies That Lost $100 Million In CEO Fraud?

In an update on an earlier post of April 2016, more detail came known about this massive CEO Fraud spear phishing attack that tricked 2 American tech companies in wiring a whopping 100 million to bank accounts controlled by a crafty scammer in Lithuania. The press was all over this like white on rice, not mentioning that it initially was discovered April last year. The big mystery is exactly which 2 companies fell victim, because the court documents do not reveal the names.

CyberheistNews Vol 7 #12 A Single Spear Phishing Click Caused the Yahoo Data Breach

CyberheistNews | KnowBe4

Mandiant M-Trends 2017: "Cybercrime Skills Now On Par With Nation States"

There was some good news reported in Mandiant's M-Trends 2017 report, but this was heavily outweighed by a lot of very bad news.

Mandiant, which is a Fireye company, found that in 2016 companies are becoming a little better at identifying breaches with the average number of days between being compromised and discovery now at 99 days, down from 146 days in 2015. However more than 3 months is an eternity on the internet, and cybercrime bad guys can make off with the crown jewels in just a few days.

A Single Spear Phishing Click Caused The Yahoo Data Breach

A single click was all it took to launch one of the biggest data breaches ever.

One mistaken click. That's all it took for a Canadian hacker aligned with rogue Russian FSB spies to gain access to Yahoo's network and potentially the email messages and private information of as many as 1.5 Billion people.

The U.S. Federal Bureau of Investigation has been investigating the intrusion for two years, but it was only in late 2016 that the full scale of the hack became apparent. On Wednesday, the FBI indicted four people for the attack, two of whom are rogue FSB spies who work for the division that is supposed to cooperate with America’s FBI on cybercrime investigations.  (The FSB is the succcessor to the KGB). 

Subscribe To Our Blog

Phish Your Users

Get the latest about social engineering

Subscribe to CyberheistNews