CyberheistNews Vol 1, #18
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"][/caption]
Scam Of The Week: So I Googled Your Name And Found...
A Twitter phishing attack! Especially CEOs, Business Owners that do
their own marketing, or Marketing VPs need to watch this scam. Some
of these messages claim that they found a horrible blog post about you,
or something funny, they say you look like you have lost weight or
something else personal.
Whatever they claim, the scam is always the same. Cybercriminals will
send you this scam message usually from the compromised account of one
of your Twitter followers. In the message they use social engineering
to make you click on the link.
That link always leads to a fake Twitter login page - designed to grab
your own username and password. They use that to send out more spam,
or worse, they use it to try to break into your other online and/or
business accounts, since they know a lot of people use the same user
name and password on many different websites. An attack like this could
be used as a means to penetrate your organization's network.
Please inform the people in your organization that use Twitter about
this new attack.
DHL Phish 'Delivery Notification' Carries Trojan Malware
Cybercriminals fired off a golden oldie with a little twist. Phishing
emails with the sender info spoofed, so that it looks like it came
from DHL. The subject line states: "DHL Express Notification for shipment
for 26 Oct 2011". This date will undoubtedly change over time.
The tricky bit is a request not to reply to the email, since it was
sent by an 'automated mailrobot', but instead open the attached file
for details about the shipment. (yeah, sure.)
Once the attachment is unzipped, executable malware shows up, and woe
the user that clicks on this. This type of phishing can make it through
your spam filters and antivirus, so advise users to be on the lookout
for this one, and delete it without opening the attachment, because the
malware is is currently detected only by a few antivirus products.
How Big Is Your Email Attack Surface?
How many of the email addresses of your organization are floating
out there on the Net? Easy to find by hackers, and used for phishing
attacks? Find out now, for free:
Quote of the Week
"Smart is an elusive concept. There's a certain sharpness, an ability to
absorb new facts. To ask an insightful question. To relate to domains
that may not seem connected at first. A certain creativity that allows
people to be effective." - Bill Gates, born this day in 1955.
Please tell your friends about CyberheistNews! They can subscribe here:
New Tool To Help Small Businesses Plan For Cyberattack
With hackers increasingly setting their sights on small businesses, the
U.S. Federal Communications Commission said Monday it will provide an
online tool to help those businesses develop a cybersecurity strategy.
The Small Biz Cyber Planner will ask a series of questions such as
"Does your business use credit cards?" and "Does your business have
a public website?" Based on the responses, it will generate a planning
guide to help companies put in place basic policies to protect against
"With larger companies increasing their protections, small businesses
are now the low-hanging fruit for cybercriminals," FCC Chairman Julius
Genachowski said an event to launch the tool, according to his prepared
remarks posted online. It will be available at the FCC website in November
and will be free to use. More at NetworkWorld:
Remember The NASDAQ Breach? It's Worse Than Previously Thought
Mathew Schwartz at Information Week had a very interesting story:
Last week, two experts with knowledge of NASDAQ OMX Group's internal
investigation said that while attackers hadn't directly attacked trading
servers, they had installed malware on sensitive systems, which enabled
them to spy on dozens of company directors. "God knows exactly what they
have done. The long-term impact of such [an] attack is still unknown,"
cyber security expert Tom Kellermann, CTO of AirPatrol, told Reuters,
which reported the experts' findings.
In February 2011, NASDAQ OMX Group had confirmed that its servers had been
breached, and suspicious files found on servers associated with Directors
Desk, which is a Web-based collaboration and communications tool for
senior executives and board members to share confidential information. The
product has about 10,000 users, according to the company's website.
At the time, NASDAQ said that it had discovered the attack in October
2010, immediately removed the suspicious files, and launched an
investigation, saying "at this point there is no evidence that any
Directors Desk customer information was accessed or acquired by hackers."
But it wasn't clear how long the malicious files may have resided on
NASDAQ's systems. Indeed, based on past breaches, many businesses fail
to spot when they've been hacked, at least right away. More at:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
History of malware: It's Halloween this week. From script kiddies to rootkits.
A scary look at how much more dangerous malware has become since the 1970s:
Cockpit footage taken from the backseat of a Blue Angels jet during an
airshow. This looks like so much fun:
A German fish lover added an observation tower to his Koi pond. The fish
enter and swim up the tower at will. Evidently they like the view:
Your Own HAL 9000 (aka Control the new iPhone 4S Siri software from
across the room) I want one:
True innovation here, with this Japanese spherical flying machine.
Death Star anyone?: