CyberheistNews #14



CyberheistNews Vol 1, #14







Editor's Corner



KnowBe4


[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]cybercrime[/caption]

Phishing Target Of The Week: Your Spouse



Chris Larsen, head of Blue Coat Systems' research lab, outlined a

recent attack where the bad guys targeted executives of a major

corporation through their spouses. The logic was that at least one

executive would have a poorly secured PC at home shared with a

non-tech savvy spouse, which would then provide the backdoor needed

to compromise the executive and gain access into the target company.







This type of attack is called 'whaling', going after all the

executives of an organization. And often, their email addresses

are easy to find. KnowBe4 provides a one-time free service called

Email Exposure Check. We will do a 'deep search' on the Internet

and report back to you which email addresses with your domain name

are floating out there on the Net. Request your free EEC here:


http://www.knowbe4.com/eec/





This Is National Cyber Security Awareness Month!









The Department of Homeland security and the National Cyber Security

Alliance are sponsoring this yearly event. The idea is to raise

awareness and oh boy it's needed. October is a great month to get

budget for your security awareness training.







The point to make is that awareness is a continuous process. You might

be able to check a compliance box if you subject all employees to

a death-by-powerpoint once a year, but you are shooting yourself in

the foot by doing so.







You really need to ding in security awareness on a constant basis.

Humans need education, education, education. Use it or lose it is

very much applicable here, and you simply cannot afford employees

clicking on phishing links, infecting workstations and let hackers

in freely.



"What's a Company's Biggest Security Risk? You."









A bunch of people did not get to read the article about social

engineering in the Wall Street Journal where KnowBe4 is mentioned

on page two, column one. We got a PDF version of it, which you can

now read. See the full version by clicking:

Click Here To Read The Entire The Wall Street Journal Article:


http://www.knowbe4.com/about-us/knowbe4-in-the-news/

Quotes of the Week









"A vigorous five-mile walk will do more good for an unhappy but

otherwise healthy adult than all the medicine and psychology in

the world."
- Paul Dudley White









"If it weren’t for the fact that the TV and the refrigerator are

so far apart, some of us wouldn’t get any exercise at all."
– Joey Adams


(Maybe this one should be updated to change "TV" to "computer). Tip 'o the Hat to Deb Shinder.







Please tell your friends about CyberheistNews! They can subscribe here:


http://www.knowbe4.com/about-us/cyberheist-news/



KnowBe4






5 More Dirty Tricks: Social Engineers' Latest Pick-Up Lines







Joan Goodchild, Senior Editor of Chief Security Officer Magazine did

a good job identifying the most recent scams. "From a new twist on

tech support to playing the odds with a large number of desperate job

seekers, today's social engineers are getting very specific in their

plans to manipulate their marks.







"You may now be savvy enough to know that when a friend reaches out

on Facebook and says they've been mugged in London and are in desperate

need of cash, that it's a scam. But social engineers, the criminals

that pull off these kinds of ploys by trying to trick you, are one step

ahead.







Mark Patterson, CEO of Maine-based PATCO Construction Inc., is one of

the more noted fraud victims. He sued his former bank after his company

lost more than $500,000 to fraudsters. "The FBI realizes this is a

huge threat to our businesses and government entities," he says,

pleased that this topic has made its way to Congress. "The laws

need to be changed to hold the transferring agencies, i.e., the

banks, accountable for the ACH fraud."





Social engineering attacks are getting more specific, according to

Chris Hadnagy author of Social Engineering: The Art of Human Hacking.

"Targeted attacks are earning social engineers better results," he said.

What that means is they may need to do more work to find out personal

information, and it may take longer, but the payoff is often larger.





"Attacks now are not just a broad spam effort, sending out a million

emails with an offer for Viagra," said Hadnagy. "These are now individual

attacks where they are going after people one by one." Here are five

new scams circulating that employ much more individual involvement"

1) "This is Microsoft support —we want to help"

2) "Donate to the hurricane recovery efforts!"

3) "About your job application..."

4) "@Twitterguy, what do you think about what Obama said on #cybersecurity?"

5) "Get more Twitter followers!"

Read more details about each scam here:




5-more-dirty-tricks-social-engineers-latest-pick-up-lines?">http://www.csoonline.com/article/690451/

5-more-dirty-tricks-social-engineers-latest-pick-up-lines?










KnowBe4






Government Security Incidents Soar by 650% in 5 Years







It was all over the news this week, but Eric Chabrow over at the

GovInfo Security site had a good write-up. The Government Accountability

Office blames weaknesses in security controls at 24 major agencies

for the skyrocketing statistics.









"Security incidents reported over the past five years have placed the

confidentiality, integrity and availability of sensitive government

information and information systems at risk, an annual GAO review

reveals.







"In its annual review required by the Federal Information Security

Management Act, the GAO blames weaknesses in information security

controls at 24 major federal agencies for creating the risk environment.

"Agencies have not fully implemented their information security

programs," Gregory Wilshusen, GAO director of information security

issues, writes in the 49-page report. "As a result, they have limited

assurance that controls are in place and operating as intended to

protect their information resources, thereby leaving them vulnerable

to attack or compromise." Yowser, look at those ugly graphs. Read

the rest of the article here:


http://www.govinfosecurity.com/articles.php?art_id=4114





KnowBe4






Analysis: Dim Prospects For Cybersecurity Law In 2011



And the irony is that the state of Infosec Legislation in Congress

is not good at all. There are many bills floating around, but not

much progress in getting any of them written into law. Melissa

Hathaway at GovInfo Security sat down and counted all the pending

cybersecurity bills. There are 32, excluding intelligence and defense

authorization bills. Here is a table with all the initiatives and

their status:


http://www.govinfosecurity.com/articles.php?art_id=4100



KnowBe4






Invitation: Server Hardware, Database Reliability Survey



KnowBe4 and ITIC are teaming up to conduct an online survey on Server

hardware and Database Reliability. The aim of this survey is to gauge

user satisfaction with the reliability and uptime of your major server

and DB platforms and your satisfaction with the pricing, service and

support you receive from your vendors. Are the hardware and databases

performing up to expectations? Are they too expensive or too hard to

use? Tell us what you think.





As always, we know that you’re busy. This survey should take only a

few minutes to complete. All responses are kept confidential. The

survey is for informational purposes only. No one will call or Email

you with any sales pitches.





Once again, ITIC and KnowBe4 are giving away a free iPad and a free

iPod to the survey respondents who provides the most insightful

response to the final essay question. So be sure to leave your Email

address along with your comment within the Essay question response.

Once the survey is finalized, we'll publish the Executive Summary

and survey highlights in the Cyberheist newsletter. To further show

our appreciation, anyone who completes the survey can get a

complimentary copy of the Report once it's published by Emailing:

ldidio@itic-corp.com.





Once again, ITIC and KnowBe4 are giving away a free iPad and a free

iPod to the survey respondents who provides the most insightful

response to the final essay question. So be sure to leave your Email

address along with your comment within the Essay question response.

Once the survey is finalized, we'll publish the Executive Summary

and survey highlights in the Cyberheist newsletter. To further show

our appreciation, anyone who completes the survey can get a

complimentary copy of the Report once it's published by Emailing:

ldidio@itic-corp.com.





Here’s the link to the survey:


https://www.surveymonkey.com/s/26HR5TY



KnowBe4






Monster Spam Campaigns Lead to Cyberheists





Phishers and cyber thieves have been casting an unusually wide net lately,

blasting out huge volumes of fraudulent email designed to spread

password-stealing banking Trojans. Judging from the number of victims who

reported costly cyber heist in the past two weeks, many small to medium

sized organizations took the bait. More at the Brian Krebs Blog:


http://krebsonsecurity.com/2011/10/monster-spam-campaigns-lead-to-cyberheists/





KnowBe4






Well Organized, Sophisticated, Fast' Cybercriminals Scare US Banks







The CSO website had a very interesting interview with Paul Smocer, the

U.S. Financial industry's IT policy arm new leader. He's an expert in

email security and authentication.







Smocer is taking the lead of BITS at a time when financial services

firms are responding to the emergence of new technologies -- including

social networking, mobile computing and cloud computing -- while

remaining under attack from ever-savvier cybercriminals. BITS is

coordinating efforts by the U.S. banking industry to create new

top-level domains -- such as .bank, .insure and .invest -- that would

be restricted to financial services firms and could offer consumers

extra protection from phishing, malware and other attacks.







They interviewed Smocer about the online threats and opportunities that

he is most concerned about. Here are excerpts from the conversation:

http://www.csoonline.com/article/690922/

-well-organized-sophisticated-fast-cybercriminals-scare-us-banks?







KnowBe4






Cyberheist 'FAVE' LINKS:







* This Week's Links We Like. Tips, Hints And Fun Stuff.





Prairie dogs love to ride around the house on an "iRobot Roomba"

vacuum cleaner:


http://www.flixxy.com/prairie-dogs-on-irobot-roomba.htm






"Easy Rider" on the streets of Poland with a powered paraglider engine

on his back:


http://www.flixxy.com/propeller-bike.htm





Russian biker and musician Alexander Ishutin mounts a drum kit on his

motorcycle and takes the show on the road:


http://www.flixxy.com/russian-motorcycle-bandwagon.htm





Loosecubes is a community marketplace for workspace. They connect people

who have great workspace with people who need it. Great concept:


http://www.loosecubes.com/





Italian kid loves Led Zeppelin (with English subtitles). You gotta

see this:


http://www.flixxy.com/italian-kid-loves-led-zeppelin.htm




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews