CyberheistNews Vol 1, #9
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]
[/caption]Check Out This Week's Phishing Scam!
Your CEO, Accountant and Marketing Manager all get an email from a well-known
legal company seen on TV. The law firm claims your organization is
using their client's copyrighted images on your website. It's a very
professional looking email and urgent in tone. The link to the page
delineating the infringements looks legit. But guess what? It is actually
malicious, and will attempt to infect your PC with malware so hackers
can get in. This is happening right now. Don't fall for it.
Cyberheists Up 250% Year over Year
Cybercriminals really can hit a home run when they take over your business
bank accounts. And as I wrote in my book Cyberheist, that is increasingly
happening. And we now have some new numbers. The Financial Services Information
Sharing and Analysis Center (FS-ISAC), recently polled its members (banks that
cooperate with the Treasury Department and the FBI on cybersecurity).
In the results of the poll which were released this week, FS-ISAC reported
that 21 banks reported a total of 108 commercial account takeovers during
the first 6 months of 2010, compared to 86 for the full year of 2009. Do
the math, that is a 250% increase year over year.
Untitled event
These bank account takeovers happen to non-profits, school districts, churches,
and Small and Medium Enterprise. Cybercriminals take over the bank customer's
business computers that are used for funds transfers. The malware they use
for this is specifically created for this purpose, the ZeuS variants are
most prevalent.
The banks are getting a little bit better in blocking these account takeovers,
in 2010 they caught 36% of the attempted fraudulent transfers, as opposed to
20% in 2008. But that means you still have a whopping 64% chance to lose
hundreds of thousands of dollars if your accountant's PC gets infected with
malware, usually because they click on a phishing link.
Find out at no cost what the Phish-prone percentage of your employees is. You
are likely to be (unpleasantly) surprised. The whole thing takes 5 minutes max:
http://www.knowbe4.com/phishing-security-test/
Quotes of the Week
"Age wrinkles the body. Quitting wrinkles the soul." - Douglas MacArthur
"Pain is temporary. Quitting lasts forever." - Lance Armstrong
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/about-us/cyberheist-news/
Hackers Take $1 Billion a Year as Banks Blame Their Clients
A new article in Bloomberg Businessweek puts the finger on the sore spot:
"Valiena Allison got a call from her bank on a busy morning two years ago
about a wire transfer from her companys account. She told the managers she
hadnt approved the transfer. The problem was, her computer had.
As Allison, chief executive officer of Sterling Heights, Michigan-based
Experi-Metal Inc., was to learn, her company computer was approving other
transfers as she spoke. During hours of frantic phone calls with her bank,
Allison, 45, was unable to stop this cybercrime in progress as transfer
followed transfer. By days end, $5.2 million was gone.
She turned to her bank, a branch of Comerica Inc., to help recover the money
for her metal-products firm. It got all but $561,000 of the funds. Then
came the surprise: the bank said the loss was Experi-Metals problem
because it had allowed Allisons computer to be infected by the hackers.
"At the end of the day, the fraud department at Comerica said: "Whats
wrong with you? How could you let this happen?" Allison said. In
increments of a few thousand dollars to a few million per theft,
cybercrooks are stealing as much as $1 billion a year from small and
mid-sized bank accounts in the U.S. and Europe like Experi-Metal,
according to Don Jackson, a security expert at Dell SecureWorks. "And
account holders are the big losers."
Been tellin' ya for a while... And it's all because someone clicks on
a phishing link! Read the very interesting article here:
">http://www.businessweek.com/news/2011-08-04/hackers-take-1-billion-a-year-as-banks-blame-their-clients.html
NSA Helps With Network Security
Alan Paller at SANS wrote: "The NSA just released a useful guide called
'Best Practices for Securing Your Home Network' that goes beyond home
networks and wireless to cover email and traveling with mobile devices
and more. It's worth making copies and distributing to your co-workers
and employees."
"What makes it particularly useful is that it reflects the real-world
knowledge of the NSA Blue Teams and Red Teams. On the back page are
references to five additional guides: Social Networking, Defense Against
Drive By Downloads, Defense Against Malicious E-mail Attachments, Mac
OSX 10 Hardening Tips, and Data Execution Prevention. You'll find it
at the NSA web site":
http://www.nsa.gov/ia/_files/factsheets/Best_Practices_Datasheets.pdf
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
Flash mob at Copenhagen Central Station. Copenhagen Philharmonic playing
Ravel's Bolero. This is a lot of fun:
http://www.flixxy.com/symphony-flash-mob-copenhagen-central-station.htm
Who needs magic tricks, when you've got science to amaze you with an
incredible optical illusion like this?:
http://www.wservernews.com/go/1314436970437
And these are the Best Wedding Pictures Ever! Scroll down:
http://www.wservernews.com/go/1314437130812
