CyberheistNews Vol 1, #8
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]
[/caption]Spear Phishing Using Google Alerts
Many company executives and marketing departments use google alerts to keep
track of their products, the company, or even themselves. Essentially
google alerts warn you when some one talks about you on the web. I have
been using them for years myself, so again I was amazed with the creativity
of the bad guys. Imagine if they would use all that brain power for good
purposes instead...
But here is how it works. It's a so called Advanced Persistant Threat that
is used when a person or entity is attacked. The way this spear phish is
put together is to first create a website that is infected and delivers a
drive by download. Next, post an article about the product, organization
or person you attack.
The person you are targeting will receive their google alert message with a
link to your malicious website. The user clicks on that link because they
want to know what is being said. The website delivers its malware and
immediately compromises their PC. There you have it, that PC is now owned
by the bad guys and is a foothold into the internal network.
This is a hard one to defend against, since it's so targeted. All layers
of your 'Defense-In-Depth' need to be deployed and effective. Check out
this graph, and think it through for a moment, many layers needs to be
there for this threat to be caught:
http://www.knowbe4.com/resources/defense-in-depth/
Still, the end-user can hover the mouse over the link and see where it would
go. If it's an unknown website, do not click! It's not always easy to travel
the web and stay safe. End-users need Security Awareness Training
consistently to stay alert about attacks like this.
Find out at no cost what the Phish-prone percentage of your employees is.
You are likely to be surprised. The whole thing takes 5 minutes max:
http://www.knowbe4.com/phishing-security-test/
eThieves Steal $217k from Arena Firm
Hot off the press. Cyber thieves stole $217,000 last month from the Metropolitan
Entertainment & Convention Authority (MECA), a nonprofit organization responsible
for operating the Qwest Center and other gathering places in Omaha, Nebraska.
Brian Krebs wrote the story on his blog. Shows again that cyber crime does not
discriminate, they steal from small business, non-profits, churches, you name it:
http://krebsonsecurity.com/2011/08/ethieves-steal-217k-from-arena-firm/
Quotes of the Week
"He travels safest in the dark night who travels lightest." - Hernando Cortez
"Like all great travelers, I have seen more than I remember, and remember
more than I have seen." - Benjamin Disraeli
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/about-us/cyberheist-news/
10 scariest hacks from Black Hat and Defcon
Researchers showed all manner of serious attacks on everything from
browsers to automobiles. This is a slide show that picked the hacks
from this year's Black Hat and Defcon conferences in Las Vegas. There
are some very interesting and crafty hacks that are worth checking
out. NetworkWorld put it together:
http://www.networkworld.com/slideshows/2011/081011-blackhat-defcon-hacks.html?
Recent Dataloss Incidents
DataLossDB is a research project aimed at documenting known and
reported data loss incidents world-wide. The effort is now a community
one, and with the move to Open Security Foundation's DataLossDB.org,
asks for contributions of new incidents and new data for existing
incidents. You can find all of them at:
http://datalossdb.org/
The Cyberheist Closest To You
We now have a Google map, with many hundreds of cyberheist incidents, and
the place where they happened. Check out the cyberheist closest to you, and
find out what was stolen - cash straight from the bank account or files
that contained confidential data:
http://www.knowbe4.com/resources/cyberheist-map/
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
Remote controlled flying fish. THis is FUN!:
http://www.flixxy.com/rc-flying-fish.htm
A concept car with 250 active body panels controlled by mini solenoids
pulling on carbon nano-tube wires:
http://www.flixxy.com/concept-car-with-250-active-body-panels.htm
Real life Superman gets people to film him flying from roof to roof:
http://www.flixxy.com/real-life-superman.htm
The happiest penguin ever... SNOW!:
http://www.flixxy.com/happiest-penguin-ever.htm
