CyberheistNews Vol 1, #27
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"][/caption]
Security Risk for 2012 Is...
Humans are the weakest link that needs to be healed. New laws aimed at
improving IT data security are being written by the bushel, loaded with
penalties for non-compliance and security breaches, but unless we start
with strengthening the weakest link, things are not going to get any
better.
Gartner, the largest computer industry analyst, was right when they said:
"Many of the most damaging security penetrations are, and will continue
to be, due to Social Engineering, not electronic hacking or cracking.
Social Engineering is the single greatest security risk in the decade
ahead." -- Gartner, 2010
The technical director of Symantec Security Response said that bad guys
are generally not trying to exploit technical vulnerabilities in Windows.
They are going after employees instead. "You dont need as many technical
skills to find one person who might be willing, in a moment of weakness,
to open up an attachment that contains malicious content." Only about
3% of the malware they run into tries to exploit a technical flaw. The
other 97% is trying to trick a user through some type of social engineering
scheme.
This means it does not matter if the workstation is a PC or a Mac. The
final line of defense is you guessed it: your users.
The Economy For The Next Decade And What That Means For You
The Wall Street Journal today had a very interesting article about
a hedge fund called Bridgewater. These guys are pretty smart and
have a very good track record. So what do they expect for the next
10 years? Well, they are bearish. Long story short, for the next
decade you have for both Europe and the U.S with broken economic
systems that are on life support. From the early fifties until now,
the economies have been leveraging up, borrowing increasing amounts
of money. That's no longer sustainable, and it's going to take 15
to 20 years to leverage down and get rid of all the debt. We are
only 4 years into that process. Expect interest rates to be super
low for a long time to come, and Central Banks to print more money.
What that means in the IT Trenches? Your budgets will remain tight,
and you will be asked to do more with less even more frequently.
There will be a move towards the cloud, simply for budget reasons,
and you'd be smart to get trained on how that works. Better yet,
become a cloud security specialist and you'll do extremely well
this coming decade!
Quotes of the Week
"The best way to predict the future is to invent it." -
Alan Curtis Kay - computer scientist at a 1971 meeting of PARC
"Everyone here has the sense that right now is one of those moments
when we are influencing the future." - Steve Jobs
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/about-us/cyberheist-news/
"We Discovered A Serious Human Vulnerability"
"I'm a system administrator and we regularly get user's workstations
infected with malware. Then Microsoft reported that 45% of the infections
are caused by the users being 'social engineered', so we decided to test it
out for ourselves."
"First we did the Email Exposure Check. Out of our 197 users, 87 email
addresses were found on the Internet. Then we did the Phishing Security
Test, and sent these 87 a relatively simple simulated phishing attack,
that could have been sent by any bad guy."
"We were shocked to see that our spam filters and antivirus did not
catch the phishing email, and that 24 of these 87 clicked on the link.
We discovered a serious human vulnerability." -- P.H. System Admin
Find out for yourself how big this human security hole is in your
organization. Fill out this form, you will get the results for free:
http://www.knowbe4.com/eec/
IT Security Predictions for 2012
Orin Thomas, columnist for the Windows IT Pro website looks at 2012
security from the perspective of a Sysadmin in an organization that
runs mainly on Windows machines. The majority of us do, so I thought
I would give you a link to what he thinks is going to happen during
the next 12 months, and of course after reading them, I mostly agree!
"As Dilbert author Scott Adams once said, the great thing about
predicting the future is that if youre right you can point back to
your initial prediction and proclaim your genius, if youre wrong,
most people wouldnt remember your predictions in the first place.
So with that caveat in mind, here are some of the things I expect
to see in the IT security news in the coming 12 months":
administration-blog-18/security/security-predictions-2012-141752">http://www.windowsitpro.com/blog/hyperbole-embellishment-and-systems-
administration-blog-18/security/security-predictions-2012-141752
Japanese Government Working On Defensive Cyberweapon
This is the article on a Japanese news site, the Daily Tomiuri Online.
"The Defense Ministry is in the process of developing a computer virus
capable of tracking, identifying and disabling sources of cyber-attacks,
The Yomiuri Shimbun has learned. The development of the virtual
cyberweapon was launched in 2008. Since then, the weapon has been
tested in a closed network environment.
Cyberweapons are said to already be in use in countries such as the
United States and China. However, in Japan there is no provision on the
use of cyberweapons against external parties in existing legislation
on foreign attacks. With this in mind, the Defense Ministry and Foreign
Ministry have begun legislative consideration regarding the matter,
according to sources."
Interesting, as there are bound to be unintended consequences attached
to something like this. More:
http://www.yomiuri.co.jp/dy/national/T120102002799.htm
Understanding The Ecosystem Of Modern Malware
Excellent little article from Wade Williamson on the SecurityWeek site.
"Constant demand for advanced malware, paired with a co-opetition model,
this ecosystem directly impacts how quickly and efficiently new threats
can spread. As malware gets progressively more complex, its important
to understand how the major players in the malware industry fit together
and how these relationships affect the ways that malware is developed,
distributed and ultimately used in attacks.
"When we talk about attacks on IT security, we often talk about "the hacker"
as some sort of lone wolf hidden away in a dark corner of the world. In
reality there is a very broad and interconnected ecosystem behind the
malware industry, where individuals and hacking groups both cooperate
and compete to further their cause.
"It is important to understand this ecosystem because it has a direct
impact on the speed and efficiency with which new innovations arrive and
how quickly new threats can spread." Here is the rest of the article:
http://www.securityweek.com/understanding-ecosystem-modern-malware
Five Generations Of Cybercrime
And to add to the above article, it helps to understand more about the
history of hacking, when you need to defend yourself against cyber
criminals. So here is your Executive Summary. Early hacking started
when guys like Kevin Mitnick became digital delinquents and broke
into the phone company networks. That was to a large degree to see
how far they could get with social engineering, and it got them way
further than expected. Actual financial damage to hundreds of thousands
of businesses started only in the nineties, but has moved at rocket
speed these last 20 years. Click here for the Five Generations Of
Cybercrime:
http://www.knowbe4.com/resources/five-generations-of-cybercrime/
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
YouTube's biggest stars would like to wish you a Happy New Year!
http://www.flixxy.com/happy-new-year-cats.htm
Pass The Kindness Forward. One act of kindness leads to another.
All shot in one take, quite crafty and a really nice idea:
http://www.flixxy.com/pass-the-kindness-forward.htm
iPad controlled aircraft has a camera that broadcasts what it sees:
http://www.flixxy.com/ipad-controlled-aircraft.htm
Billiards trick shots of almost magical quality. I'm not a pool shark but
those curves are perfection!:
http://www.flixxy.com/amazing-pool-player.htm
Amazing underwater footage from the Fiji islands, featuring the most
astonishing and enchanting marine life:
http://www.flixxy.com/amazing-underwater-life-fiji-tonga.htm
These flying robots build a 6-meter high tower. This is cool
technically:
http://vimeo.com/33713231
Casios New G-SHOCK Connects To Smartphones, Shows Incoming Calls,
Emails, and SMS. I want one:
http://techcrunch.com/2011/12/30/casio-g-shock-smartphones/
From the Weird Japanese Video Department, here is another one:
https://www.youtube.com/watch?v=NLy4cvRx7Vc
Golden retriever loves guitar music, moving his head in rhythm and
making sad faces whenever the music stops:
http://www.flixxy.com/golden-retriever-loves-guitar-music.htm