CyberheistNews #23



CyberheistNews Vol 1, #23







Editor's Corner



KnowBe4


[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]cybercrime[/caption]

How Cybercrime Lures Employees





Here's one of the most important ways cybercriminals lure employees to

click on malware links, get their PC infected, and open up the network

to the bad guys. First, the cybercriminals hack websites that are known

and trusted. Then they create a whole bunch of pages on that site with

links to malware. These pages float into search results of Google, Bing,

and other search engines. Employees are not trained to suspect links in

Google, so they click on the link and BAM, another infected workstation.

It's called SEP: Search Engine Poisoning.







Web phishing attacks now overwhelmingly come from popular and trusted

web sites hacked by cybercrime. And what is the most damaging? It has

moved from text searches to image searches. Pirated movies, games and

adult content are top lures.







The upshot is that you need defense-in-depth and a crucial piece of

the security puzzle is that employees need to be trained and know

that bad guys are around the corner, especially when they surf the

web during a break, and are visiting non-work related sites. This

takes some effort, but is worth doing. A whopping 45% of all malware

infections are caused by user interaction.







Here is a Search Engine Poisoning article that goes into more detail:


https://www.helpnetsecurity.com/2011/06/09/how-search-engine-poisoning-works/









Quotes of the Week









"All things are difficult before they are easy" – Thomas Fuller









"By working faithfully 8 hours a day you may eventually get to be

boss and work 12 hours a day"
- Robert Frost









"Far and away the best prize that life has to offer is the chance to

work hard at work worth doing"
– Theodore Roosevelt









Please tell your friends about CyberheistNews! They can subscribe here:


http://www.knowbe4.com/about-us/cyberheist-news/






KnowBe4






"We Discovered A Serious Human Vulnerability"







"I'm a system administrator and we regularly get user's workstations

infected with malware. Then Microsoft reported that 45% of the infections

are caused by the users being 'social engineered', so we decided to test it

out for ourselves."







"First we did the Email Exposure Check. Out of our 197 users, 87 email

addresses were found on the Internet. Then we did the Phishing Security

Test, and sent these 87 a relatively simple simulated phishing attack,

that could have been sent by any bad guy."







"We were shocked to see that our spam filters and antivirus did not

catch the phishing email, and that 24 of these 87 clicked on the link.

We discovered a serious human vulnerability." -- P.H. System Admin







Find out for yourself how big this human security hole is in your

organization. Fill out this form, you will the results for free:




http://www.knowbe4.com/eec/





KnowBe4






Very Useful US-CERT Service Bulletins







The US-CERT Cyber Security Bulletin provides a summary of new

vulnerabilities that have been recorded by the National Institute

of Standards and Technology (NIST) National Vulnerability Database

(NVD) in the past week. The NVD is sponsored by the Department of

Homeland Security (DHS) National Cyber Security Division (NCSD) /

United States Computer Emergency Readiness Team (US-CERT). For

modified or updated entries, please visit the NVD, which contains

historical vulnerability information:


http://www.us-cert.gov/cas/bulletins/SB11-332.html





KnowBe4






Beware New Banking Scams







Tracy Kitten over at BankInfoSecurity reported that The American

Bankers Association warned of an uptick in phishing, smishing and

vishing.







You know what Phishing is, but smishing is the same thing over phones

using the text service, which technically is called SMS: Small Message

Service, thus 'smishing'. And Vishing is short for Voice over IP

Phishing; Vishing is the criminal practice of using social engineering

over the telephone system, using landlines for automated scams.







"The ABA has issued a new warning to highlight increases in phishing

scams linked to consumer bank accounts. According to the ABA, phishing

schemes that aim to gather credit and debit details from consumers are

on the rise. The crux of most scams: Misinforming consumers about

closure of or trouble with their bank accounts, a lure to consumer

replies from the socially engineered scam.







Last week's smishing attack, which targeted thousands of Wells Fargo

customers by sending out a flood of phony text messages to mobile

numbers in Oregon, is a prime example. The scam, feigning to come

from Wells, attempted to get mobile recipients to respond with bank

details related to their Wells accounts







Earlier this month, Police in Pima County, Ariz., issued a similar

warning about smishing, phishing attacks, targeting mobile users in

the Tucson region.







Authorities say consumers were receiving phishy text message that

asked accountholder to call specified numbers to resolve possible

compromises of their bank accounts. The smishing attacks included

the last four digits of the user's debit card, which made the text

messages appear legitimate.









The ABA says these types of schemes are common. In some cases, consumers

are even asked to text or e-mail card expiration dates and CV security

codes. Phishing schemes that aim to gather credit and debit details

are on the rise. The American Bankers Association offers tips on

exactly what you should tell your employees and customers about these

scams. More...


http://www.bankinfosecurity.com/articles.php?art_id=4192





KnowBe4






Cyberheist 'FAVE' LINKS:







* This Week's Links We Like. Tips, Hints And Fun Stuff.





Super Fave 1: You know you’re pushing the limits of wingsuit proximity

flying when you can shake hands with your own shadow. One of the best

proximity flying footage ever:


http://www.flixxy.com/proximity-flying-2011.htm






Super Fave 2: The mountain ride of a lifetime on a single-pipe alpine

coaster in Austria:
http://www.flixxy.com/alpine-coaster.htm





A fascinating video that explains how particles originating from deep inside

the core of the sun create northern lights, also called Aurora Borealis,

on our planet:
http://www.flixxy.com/aurora-borealis.htm





12-Year Old Music Prodigy. The amazing story of Jay Greenberg, a 12

year-old composer, who already has written five full-length symphonies:
http://www.flixxy.com/12-year-old-music-prodigy.htm





NSK develops weird four-legged robot "guide dog". But then this is Japan!:
http://www.gizmag.com/nsk-four-legged-robot-guide-dog/20559/?





Animation created in real time with a bicycle and a video camera. Crafty!:
http://www.flixxy.com/bicycle-animation.htm




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews