CyberheistNews #9

CyberheistNews Vol 1, #9

Editor's Corner

[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"] cybercrime

[/caption]

Check Out This Week's Phishing Scam!

Your CEO, Accountant and Marketing Manager all get an email from a well-known

legal company seen on TV. The law firm claims your organization is

using their client's copyrighted images on your website. It's a very

professional looking email and urgent in tone. The link to the page

delineating the infringements looks legit. But guess what? It is actually

malicious, and will attempt to infect your PC with malware so hackers

can get in. This is happening right now. Don't fall for it.

Cyberheists Up 250% Year over Year

Cybercriminals really can hit a home run when they take over your business

bank accounts. And as I wrote in my book Cyberheist, that is increasingly

happening. And we now have some new numbers. The Financial Services Information

Sharing and Analysis Center (FS-ISAC), recently polled its members (banks that

cooperate with the Treasury Department and the FBI on cybersecurity).

In the results of the poll which were released this week, FS-ISAC reported

that 21 banks reported a total of 108 commercial account takeovers during

the first 6 months of 2010, compared to 86 for the full year of 2009. Do

the math, that is a 250% increase year over year.

Untitled event

These bank account takeovers happen to non-profits, school districts, churches,

and Small and Medium Enterprise. Cybercriminals take over the bank customer's

business computers that are used for funds transfers. The malware they use

for this is specifically created for this purpose, the ZeuS variants are

most prevalent.

The banks are getting a little bit better in blocking these account takeovers,

in 2010 they caught 36% of the attempted fraudulent transfers, as opposed to

20% in 2008. But that means you still have a whopping 64% chance to lose

hundreds of thousands of dollars if your accountant's PC gets infected with

malware, usually because they click on a phishing link.

Find out at no cost what the Phish-prone percentage of your employees is. You

are likely to be (unpleasantly) surprised. The whole thing takes 5 minutes max:

http://www.knowbe4.com/phishing-security-test/

Quotes of the Week

"Age wrinkles the body. Quitting wrinkles the soul." - Douglas MacArthur

"Pain is temporary. Quitting lasts forever." - Lance Armstrong

Please tell your friends about CyberheistNews! They can subscribe here:

http://www.knowbe4.com/about-us/cyberheist-news/

Hackers Take $1 Billion a Year as Banks Blame Their Clients

A new article in Bloomberg Businessweek puts the finger on the sore spot:

"Valiena Allison got a call from her bank on a busy morning two years ago

about a wire transfer from her companys account. She told the managers she

hadnt approved the transfer. The problem was, her computer had.

As Allison, chief executive officer of Sterling Heights, Michigan-based

Experi-Metal Inc., was to learn, her company computer was approving other

transfers as she spoke. During hours of frantic phone calls with her bank,

Allison, 45, was unable to stop this cybercrime in progress as transfer

followed transfer. By days end, $5.2 million was gone.

She turned to her bank, a branch of Comerica Inc., to help recover the money

for her metal-products firm. It got all but $561,000 of the funds. Then

came the surprise: the bank said the loss was Experi-Metals problem

because it had allowed Allisons computer to be infected by the hackers.

"At the end of the day, the fraud department at Comerica said: "Whats

wrong with you? How could you let this happen?" Allison said. In

increments of a few thousand dollars to a few million per theft,

cybercrooks are stealing as much as $1 billion a year from small and

mid-sized bank accounts in the U.S. and Europe like Experi-Metal,

according to Don Jackson, a security expert at Dell SecureWorks. "And

account holders are the big losers."

Been tellin' ya for a while... And it's all because someone clicks on

a phishing link! Read the very interesting article here:

">http://www.businessweek.com/news/2011-08-04/hackers-take-1-billion-a-year-as-banks-blame-their-clients.html

NSA Helps With Network Security

Alan Paller at SANS wrote: "The NSA just released a useful guide called

'Best Practices for Securing Your Home Network' that goes beyond home

networks and wireless to cover email and traveling with mobile devices

and more. It's worth making copies and distributing to your co-workers

and employees."

"What makes it particularly useful is that it reflects the real-world

knowledge of the NSA Blue Teams and Red Teams. On the back page are

references to five additional guides: Social Networking, Defense Against

Drive By Downloads, Defense Against Malicious E-mail Attachments, Mac

OSX 10 Hardening Tips, and Data Execution Prevention. You'll find it

at the NSA web site":

http://www.nsa.gov/ia/_files/factsheets/Best_Practices_Datasheets.pdf

Cyberheist 'FAVE' LINKS:

* This Week's Links We Like. Tips, Hints And Fun Stuff.

Flash mob at Copenhagen Central Station. Copenhagen Philharmonic playing

Ravel's Bolero. This is a lot of fun:

http://www.flixxy.com/symphony-flash-mob-copenhagen-central-station.htm

Who needs magic tricks, when you've got science to amaze you with an

incredible optical illusion like this?:

http://www.wservernews.com/go/1314436970437

And these are the Best Wedding Pictures Ever! Scroll down:

http://www.wservernews.com/go/1314437130812