CyberheistNews Vol 1, #15
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"][/caption]
How You Get Spear-Phished
How do you think the bad guys do their spear-phishing attacks? They
do research about your organization on your website, any relevant
social networks, and then they do a deep search on the Net for any
and all email addresses with your domain name. Next, they craft an
email with a link or attachment that they hope as many employees
as possible will click on or open. The link or attachment infects
the workstation of the employee and allows the hackers in. Example:
Employees at RSA opened an infected Excel spreadsheet that was
called "2011 Recruitment Plan".
Now you can see for yourself how many of your organization's email
addresses are floating out there on the Net, free for the bad guys
to grab and attack. KnowBe4 is providing you with a FREE one-time
deep search with the addresses and where they were found. Most people
that ask for this are surprised with the results. Request your Email
Exposure Check now and see what the bad guys see:
http://www.knowbe4.com/eec/
'Enforcement Promotes Compliance'
Howard Anderson, Executive Editor at HealthcareInfoSecurity
interviewed Leon Rodrigues, The New HIPAA Enforcer.
Leon Rodriguez, the new director of the Department of Health and
Human Services' Office for Civil Rights, describes his HIPAA
enforcement agenda. Why you read about it here, is that he is
going to focus on education.
"As I've learned as a prosecutor and then as a defense lawyer,
enforcement promotes compliance," Rodriguez says. "The fact that
covered entities out there know that they are at risk for penalties
is something that, in fact, in many cases will promote compliance."
Nevertheless, Rodriguez stresses in an exclusive interview with
HealthcareInfoSecurity the need for also using education to help
boost compliance. "It's going to be important for us to make sure
that we do everything we can to assist those covered entities that
want to understand what the rules are. ... So we're also going to
be focused on outreach and education no less than on enforcement."
You can read the full article here, and also get it as a Podcast:
http://www.flixxy.com/tribute-for-steve-jobs-on-his-30th-birthday.htm
Quotes of the Week
"Optimism is essential to achievement and it is also the foundation
of courage and true progress." - Nicholas Murray Butler
"The world of achievement has always belonged to the optimist." - J. Harold Wilkins
"A pessimist sees the difficulty in every opportunity; an optimist
sees the opportunity in every difficulty." - Winston Churchill
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/about-us/cyberheist-news/
The State of Hacked (Email) Accounts
Commtouchs research report on The State of Hacked Accounts presents
statistics on the theft, abuse and eventual recovery of Gmail, Yahoo,
Hotmail and Facebook accounts. The data reveals that most users get
hacked at high rates even when they do not think they are engaging
in risky behavior, with 62% unaware of how their accounts had been
compromised. The results presented in the report rely on a comprehensive
end-user survey together with data from Commtouchs GlobalView Network,
which tracks and analyzes billions of Internet transactions daily.
Other highlights from the research include:
compromised, with over 50% relying on friends to point out their
stolen accounts.
a public Internet terminal or WiFi network.
scam that asks friends to wire funds to a foreign country, and over
half of the accounts were used to send spam.
Tell Users About The Next Android Banking Trojan
Mobile devices with the Android Operating System have been found to
get infected with a special version of the ZeuS trojan, and now there
are reports that the SpyEye malware also has made the jump to Android.
Online crime prevention vendor Trusteer reported that says that SpyEye
masquerades as a security app and can intercept incoming SMS text
messages. That allows SpyEye to bypass the mobile TAN system.
Both Android and SpyEye attack the human, they try to social engineer
the user to download and install the app. Trained users will not fall
for a trick like this, so please tell your employees about this scam.
"What's a Company's Biggest Security Risk? You."
You may not have had the chance to read the article about social
engineering in the Wall Street Journal where KnowBe4 is mentioned.
We got a PDF version of it, which you can now read. See the full
version by clicking on: 'Click Here To Read The Entire The Wall
Street Journal Article":
http://www.knowbe4.com/about-us/knowbe4-in-the-news/
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
SUPER Fave: Leaving a trail of smoke, wingsuit formation flyers skim
inches away from the mountain at a speed of over 100 mph:
http://www.flixxy.com/wingsuit-formation-flying-alt.htm
Thousands of rainbow popsicle sticks, layered together into an enormous
exploding chain reaction. Can you explain how this giant popsicle stick
wave works?
http://www.flixxy.com/popsicle-stick-wave.htm
Is this the most amazing time lapse video yet? (Spoiler: It is)
http://www.flixxy.com/landscapes.htm
A beautiful 3-minute movie by inspired by numbers, geometry and nature:
http://www.flixxy.com/nature-by-numbers.htm
Long before the iPod, iPhone or iPad, Steve Jobs was honored for his
work on the Macintosh by his Apple coworkers, who created this
never-before seen short film for his 30th birthday:
http://www.flixxy.com/tribute-for-steve-jobs-on-his-30th-birthday.htm