CyberheistNews Vol 1, #6
"Houston, we have a network breach"
These are the last words anyone wants to hear, in any organization, from the top execs to the system and/or
network administrator, because that is where the nightmare starts. Once you have been through it, you never
want to experience it again. The time, lost production and direct cost to the organization are often staggering.
I recently posted a new page about the Return On Investment (ROI) of Security Awareness Training. One paragraph goes into the direct loss of productivity and revenue, and I wanted to share this with you.
A Real Life Example
In an earlier company I had a client, let’s call them Acme, Inc. They have a small network of 20 workstations, an Exchange server, a SQL server and a separate dedicated server that runs their website, all connected via broadband. The whole thing is a relatively small network, and no one in the company was IT trained, one person was wearing a (very) part time administrator hat. Their business was focused on providing a subscription to their specialized database.
Last year, Acme found out that their webserver was compromised. Suddenly all kinds of much higher traffic was going to countries they did not do any business with. Turned out their server was hosting an illegal music download service. We went over and had a look, and sure enough the logs showed what was going on. Turns out that one of the workstations was infected with nasty malware, after the user clicked on a phishing email, and from there the hackers penetrated the whole network. Some of the workstations and all servers were compromised. The bad guys completely owned the network. So here was what was needed to disinfect the network, and these are only the headlines:
- Select, order, configure and install a good quality firewall – 10 hrs
- Build a new webserver from scratch, load with their backups, and bring it near-line -20 hrs
- Scanning all workstations and servers with several anti-malware tools, we discovered rootkits -25 hrs
- Wipe and rebuild Windows on all workstations to make sure no rootkits were left – 15 hrs
- Install and configure high-quality anti-malware software on all servers and workstations – 10 hrs
- Bring new webserver online and debug initial problems – 10 hrs
- Debug various things that broke during this rebuild, bring printers back online, install drivers, etc – 20 hrs
So the Direct loss of productivity and revenue was $18,900 consisting of:
- repair cost by outside consultants: $9,900
- lost revenues: $6,600
- lost production time: $2,400
And all that because one employee clicked on a phishing link and got infected with the Zeus malware. You can now calculate the cost of doing the whole disinfection with in-house IT staff as well, and the number might be a bit lower, but not by much.
And you have not looked yet at the loss of reputation!! Read more about that here:http://www.knowbe4.com/resources/roi-calculation/
And this is where you start your free Phishing Security Test: http://www.knowbe4.com/phishing-security-test/
Quotes of the Week
"A creative man is motivated by the desire to achieve, not by the desire to
beat others." - Ayn Rand
"It is wonderful how much may be done if we are always doing." - Thomas Jefferson
"Either you run the day or the day runs you." - Jim Rohn
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/about-us/cyberheist-news/
Selected Dataloss Incidents This Week
Not many people are aware of the excellent work that the people at the www.datalossdb.org do. They gather all cyber security events and put these in a database, free for everyone to query. Here are some selected incidents of last week. There are a lot more, varying from records dumped instead of shredded to stolen laptops with confidential information.
Do yourself a favor, and take a minute to review this 'Defense-In-Depth' page. It clearly shows and explains the six areas you need to defend, and how it all -starts- with Policies, Procedures & Awareness.
Selected Incidents:
Reported Date: 2011-07-16
Summary: Customers' names, work and home addresses, and types of DNA testing kit ordered exposed online
Organizations: Medvet Laboratories
http://datalossdb.org/incidents/4449
Reported Date: 2011-07-16
Summary: Planning applicants' personal information, including birth certificates, bank account details and drivers' licenses, posted online
Organizations: Meath Council
http://datalossdb.org/incidents/4453
Reported Date: 2011-07-11
Summary: 90,000 military email addresses, encrypted passwords and an assortment of data related to other companies and government networks including source code
Organizations: Booz Allen Hamilton
http://datalossdb.org/incidents/4370
Reported Date: 2011-07-11
Summary: 2,551 names, postal and e-mail addresses, phone numbers, and work locations acquired and posted by hackers
Organizations: Monsanto Company
http://datalossdb.org/incidents/4388
Reported Date: 2011-07-11
Summary: 11 admins' e-mail addresses and plain text passwords, 784 users' e-mail addresses and plain text passwords
and more than two dozen resellers' names, e-mail addresses and plain text passwords acquired and posted by hacker
Organizations: Toshiba Corporation
http://datalossdb.org/incidents/4384
Reported Date: 2011-07-11
Summary: Health and dental plan members' names, addresses and social security numbers on compromised server
Organizations: AssureCare, Lansing Community College
http://datalossdb.org/incidents/4415
Banking Trojan hits Android phones
A banking Trojan that has plagued Symbian, BlackBerry and Windows Phone users has now made its way to Android devices. The Zitmo Trojan, which has been used by the ZeuS criminal gang to steal banking information, was confirmed to be on Android devices by security firm Fortinet last week. In a blog post on the company's website, senior antivirus analyst Axelle Apvrille said that the Trojan poses as a banking activation application and then once installed sniffs out SMS sent from the bank to the user. It then combs through the SMS to pull out the mobile transaction authentication number (mTAN) that is used as a one-time password to complete mobile banking transactions. More at Networkworld:
http://www.networkworld.com/article/2179236/malware-cybercrime/banking-trojan-hits-android-phones.html
FTC: "Yes" To Facebook Activity Inclusion in Background Checks
The U.S. Federal Trade Commission has just given a company called SIC (Social Intelligence Corp) the OK to include Facebook profile activity in its background checks when screening employees. This is definitely a reason to check your Facebook privacy settings. According to the FTC, Social Intelligence Corp, has been given the legal thumbs up to archive
seven years’ worth of your Facebook posts. These archives will be used by SIC as part of their background checking service for job applicants. Wow. This is something to share with your friends and co-workers:
inclusion-in-background-checks/3973">http://www.zdnet.com/blog/feeds/ftc-says-yes-to-facebook-activity-
inclusion-in-background-checks/3973
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
This is a Photography-themed Rube Goldberg Machine. The time they must have put into this is enormous. Enjoy the clip!
https://www.youtube.com/watch?v=qKpxd8hzOcQ
Watch a Freightliner semi truck race up Mt. Washington. Insane:
http://www.flixxy.com/freightliner-semi-truck-races-up-mt-washington.htm
How One Man Flies Like a Bird:
http://mashable.com/2011/07/13/yven-rossy-jet-wing/
This Freaky Optical Illusion Turns People Into Horrible Monsters:
http://gizmodo.com/5819584/this-weird-optical-illusion-turns-beautiful-girls-into-horrible-monsters