CyberheistNews Vol 1, #23
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"][/caption]
How Cybercrime Lures Employees
Here's one of the most important ways cybercriminals lure employees to
click on malware links, get their PC infected, and open up the network
to the bad guys. First, the cybercriminals hack websites that are known
and trusted. Then they create a whole bunch of pages on that site with
links to malware. These pages float into search results of Google, Bing,
and other search engines. Employees are not trained to suspect links in
Google, so they click on the link and BAM, another infected workstation.
It's called SEP: Search Engine Poisoning.
Web phishing attacks now overwhelmingly come from popular and trusted
web sites hacked by cybercrime. And what is the most damaging? It has
moved from text searches to image searches. Pirated movies, games and
adult content are top lures.
The upshot is that you need defense-in-depth and a crucial piece of
the security puzzle is that employees need to be trained and know
that bad guys are around the corner, especially when they surf the
web during a break, and are visiting non-work related sites. This
takes some effort, but is worth doing. A whopping 45% of all malware
infections are caused by user interaction.
Here is a Search Engine Poisoning article that goes into more detail:
https://www.helpnetsecurity.com/2011/06/09/how-search-engine-poisoning-works/
Quotes of the Week
"All things are difficult before they are easy" – Thomas Fuller
"By working faithfully 8 hours a day you may eventually get to be
boss and work 12 hours a day" - Robert Frost
"Far and away the best prize that life has to offer is the chance to
work hard at work worth doing" – Theodore Roosevelt
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/about-us/cyberheist-news/
"We Discovered A Serious Human Vulnerability"
"I'm a system administrator and we regularly get user's workstations
infected with malware. Then Microsoft reported that 45% of the infections
are caused by the users being 'social engineered', so we decided to test it
out for ourselves."
"First we did the Email Exposure Check. Out of our 197 users, 87 email
addresses were found on the Internet. Then we did the Phishing Security
Test, and sent these 87 a relatively simple simulated phishing attack,
that could have been sent by any bad guy."
"We were shocked to see that our spam filters and antivirus did not
catch the phishing email, and that 24 of these 87 clicked on the link.
We discovered a serious human vulnerability." -- P.H. System Admin
Find out for yourself how big this human security hole is in your
organization. Fill out this form, you will the results for free:
http://www.knowbe4.com/eec/
Very Useful US-CERT Service Bulletins
The US-CERT Cyber Security Bulletin provides a summary of new
vulnerabilities that have been recorded by the National Institute
of Standards and Technology (NIST) National Vulnerability Database
(NVD) in the past week. The NVD is sponsored by the Department of
Homeland Security (DHS) National Cyber Security Division (NCSD) /
United States Computer Emergency Readiness Team (US-CERT). For
modified or updated entries, please visit the NVD, which contains
historical vulnerability information:
http://www.us-cert.gov/cas/bulletins/SB11-332.html
Beware New Banking Scams
Tracy Kitten over at BankInfoSecurity reported that The American
Bankers Association warned of an uptick in phishing, smishing and
vishing.
You know what Phishing is, but smishing is the same thing over phones
using the text service, which technically is called SMS: Small Message
Service, thus 'smishing'. And Vishing is short for Voice over IP
Phishing; Vishing is the criminal practice of using social engineering
over the telephone system, using landlines for automated scams.
"The ABA has issued a new warning to highlight increases in phishing
scams linked to consumer bank accounts. According to the ABA, phishing
schemes that aim to gather credit and debit details from consumers are
on the rise. The crux of most scams: Misinforming consumers about
closure of or trouble with their bank accounts, a lure to consumer
replies from the socially engineered scam.
Last week's smishing attack, which targeted thousands of Wells Fargo
customers by sending out a flood of phony text messages to mobile
numbers in Oregon, is a prime example. The scam, feigning to come
from Wells, attempted to get mobile recipients to respond with bank
details related to their Wells accounts
Earlier this month, Police in Pima County, Ariz., issued a similar
warning about smishing, phishing attacks, targeting mobile users in
the Tucson region.
Authorities say consumers were receiving phishy text message that
asked accountholder to call specified numbers to resolve possible
compromises of their bank accounts. The smishing attacks included
the last four digits of the user's debit card, which made the text
messages appear legitimate.
The ABA says these types of schemes are common. In some cases, consumers
are even asked to text or e-mail card expiration dates and CV security
codes. Phishing schemes that aim to gather credit and debit details
are on the rise. The American Bankers Association offers tips on
exactly what you should tell your employees and customers about these
scams. More...
http://www.bankinfosecurity.com/articles.php?art_id=4192
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
Super Fave 1: You know you’re pushing the limits of wingsuit proximity
flying when you can shake hands with your own shadow. One of the best
proximity flying footage ever:
http://www.flixxy.com/proximity-flying-2011.htm
Super Fave 2: The mountain ride of a lifetime on a single-pipe alpine
coaster in Austria:
http://www.flixxy.com/alpine-coaster.htm
A fascinating video that explains how particles originating from deep inside
the core of the sun create northern lights, also called Aurora Borealis,
on our planet:
http://www.flixxy.com/aurora-borealis.htm
12-Year Old Music Prodigy. The amazing story of Jay Greenberg, a 12
year-old composer, who already has written five full-length symphonies:
http://www.flixxy.com/12-year-old-music-prodigy.htm
NSK develops weird four-legged robot "guide dog". But then this is Japan!:
http://www.gizmag.com/nsk-four-legged-robot-guide-dog/20559/?
Animation created in real time with a bicycle and a video camera. Crafty!:
http://www.flixxy.com/bicycle-animation.htm