CyberheistNews Vol 2, #1



CyberheistNews Vol 1, #27







Editor's Corner



KnowBe4


[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]cybercrime[/caption]

Security Risk for 2012 Is...





Humans are the weakest link that needs to be healed. New laws aimed at

improving IT data security are being written by the bushel, loaded with

penalties for non-compliance and security breaches, but unless we start

with strengthening the weakest link, things are not going to get any

better.

Gartner, the largest computer industry analyst, was right when they said:

"Many of the most damaging security penetrations are, and will continue

to be, due to Social Engineering, not electronic hacking or cracking.

Social Engineering is the single greatest security risk in the decade

ahead." -- Gartner, 2010







The technical director of Symantec Security Response said that bad guys

are generally not trying to exploit technical vulnerabilities in Windows.

They are going after employees instead. "You don’t need as many technical

skills to find one person who might be willing, in a moment of weakness,

to open up an attachment that contains malicious content." Only about

3% of the malware they run into tries to exploit a technical flaw. The

other 97% is trying to trick a user through some type of social engineering

scheme.







This means it does not matter if the workstation is a PC or a Mac. The

final line of defense is… you guessed it: your users.









The Economy For The Next Decade And What That Means For You



The Wall Street Journal today had a very interesting article about

a hedge fund called Bridgewater. These guys are pretty smart and

have a very good track record. So what do they expect for the next

10 years? Well, they are bearish. Long story short, for the next

decade you have for both Europe and the U.S with broken economic

systems that are on life support. From the early fifties until now,

the economies have been leveraging up, borrowing increasing amounts

of money. That's no longer sustainable, and it's going to take 15

to 20 years to leverage down and get rid of all the debt. We are

only 4 years into that process. Expect interest rates to be super

low for a long time to come, and Central Banks to print more money.







What that means in the IT Trenches? Your budgets will remain tight,

and you will be asked to do more with less even more frequently.

There will be a move towards the cloud, simply for budget reasons,

and you'd be smart to get trained on how that works. Better yet,

become a cloud security specialist and you'll do extremely well

this coming decade!









Quotes of the Week



"The best way to predict the future is to invent it." -

Alan Curtis Kay - computer scientist at a 1971 meeting of PARC







"Everyone here has the sense that right now is one of those moments

when we are influencing the future."
- Steve Jobs







Please tell your friends about CyberheistNews! They can subscribe here:


http://www.knowbe4.com/about-us/cyberheist-news/



"We Discovered A Serious Human Vulnerability"







"I'm a system administrator and we regularly get user's workstations

infected with malware. Then Microsoft reported that 45% of the infections

are caused by the users being 'social engineered', so we decided to test it

out for ourselves."







"First we did the Email Exposure Check. Out of our 197 users, 87 email

addresses were found on the Internet. Then we did the Phishing Security

Test, and sent these 87 a relatively simple simulated phishing attack,

that could have been sent by any bad guy."







"We were shocked to see that our spam filters and antivirus did not

catch the phishing email, and that 24 of these 87 clicked on the link.

We discovered a serious human vulnerability." -- P.H. System Admin







Find out for yourself how big this human security hole is in your

organization. Fill out this form, you will get the results for free:




http://www.knowbe4.com/eec/





KnowBe4






IT Security Predictions for 2012









Orin Thomas, columnist for the Windows IT Pro website looks at 2012

security from the perspective of a Sysadmin in an organization that

runs mainly on Windows machines. The majority of us do, so I thought

I would give you a link to what he thinks is going to happen during

the next 12 months, and of course after reading them, I mostly agree!





"As Dilbert author Scott Adams once said, the great thing about

predicting the future is that if you’re right you can point back to

your initial prediction and proclaim your genius, if you’re wrong,

most people wouldn’t remember your predictions in the first place.

So with that caveat in mind, here are some of the things I expect

to see in the IT security news in the coming 12 months":




administration-blog-18/security/security-predictions-2012-141752">http://www.windowsitpro.com/blog/hyperbole-embellishment-and-systems-

administration-blog-18/security/security-predictions-2012-141752






KnowBe4






Japanese Government Working On Defensive Cyberweapon







This is the article on a Japanese news site, the Daily Tomiuri Online.





"The Defense Ministry is in the process of developing a computer virus

capable of tracking, identifying and disabling sources of cyber-attacks,

The Yomiuri Shimbun has learned. The development of the virtual

cyberweapon was launched in 2008. Since then, the weapon has been

tested in a closed network environment.





Cyberweapons are said to already be in use in countries such as the

United States and China. However, in Japan there is no provision on the

use of cyberweapons against external parties in existing legislation

on foreign attacks. With this in mind, the Defense Ministry and Foreign

Ministry have begun legislative consideration regarding the matter,

according to sources."







Interesting, as there are bound to be unintended consequences attached

to something like this. More:


http://www.yomiuri.co.jp/dy/national/T120102002799.htm





KnowBe4






Understanding The Ecosystem Of Modern Malware





Excellent little article from Wade Williamson on the SecurityWeek site.





"Constant demand for advanced malware, paired with a co-opetition model,

this ecosystem directly impacts how quickly and efficiently new threats

can spread. As malware gets progressively more complex, it’s important

to understand how the major players in the malware industry fit together

and how these relationships affect the ways that malware is developed,

distributed and ultimately used in attacks.





"When we talk about attacks on IT security, we often talk about "the hacker"

as some sort of lone wolf hidden away in a dark corner of the world. In

reality there is a very broad and interconnected ecosystem behind the

malware industry, where individuals and hacking groups both cooperate

and compete to further their cause.







"It is important to understand this ecosystem because it has a direct

impact on the speed and efficiency with which new innovations arrive and

how quickly new threats can spread." Here is the rest of the article:


http://www.securityweek.com/understanding-ecosystem-modern-malware








KnowBe4






Five Generations Of Cybercrime





And to add to the above article, it helps to understand more about the

history of hacking, when you need to defend yourself against cyber

criminals. So here is your Executive Summary. Early hacking started

when guys like Kevin Mitnick became ‘digital delinquents’ and broke

into the phone company networks. That was to a large degree to see

how far they could get with social engineering, and it got them way

further than expected. Actual financial damage to hundreds of thousands

of businesses started only in the nineties, but has moved at rocket

speed these last 20 years. Click here for the Five Generations Of

Cybercrime:


http://www.knowbe4.com/resources/five-generations-of-cybercrime/





KnowBe4






Cyberheist 'FAVE' LINKS:







* This Week's Links We Like. Tips, Hints And Fun Stuff.





YouTube's biggest stars would like to wish you a Happy New Year!


http://www.flixxy.com/happy-new-year-cats.htm





Pass The Kindness Forward. One act of kindness leads to another.

All shot in one take, quite crafty and a really nice idea:


http://www.flixxy.com/pass-the-kindness-forward.htm





iPad controlled aircraft has a camera that broadcasts what it sees:
http://www.flixxy.com/ipad-controlled-aircraft.htm





Billiards trick shots of almost magical quality. I'm not a pool shark but

those curves are perfection!:
http://www.flixxy.com/amazing-pool-player.htm





Amazing underwater footage from the Fiji islands, featuring the most

astonishing and enchanting marine life:
http://www.flixxy.com/amazing-underwater-life-fiji-tonga.htm





These flying robots build a 6-meter high tower. This is cool

technically:
http://vimeo.com/33713231





Casio’s New G-SHOCK Connects To Smartphones, Shows Incoming Calls,

Emails, and SMS. I want one:
http://techcrunch.com/2011/12/30/casio-g-shock-smartphones/





From the Weird Japanese Video Department, here is another one:


https://www.youtube.com/watch?v=NLy4cvRx7Vc





Golden retriever loves guitar music, moving his head in rhythm and

making sad faces whenever the music stops:
http://www.flixxy.com/golden-retriever-loves-guitar-music.htm




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews