CyberheistNews Vol 2, #4
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"][/caption]
Wow, a $6.7 Million Cyberheist...
It happened the first three days of January, with the
offices closed for the New Year Holiday. Cybercriminals
used stolen login details for just two people: a teller
and a call center agent. With those credentials they
transferred around $6.7 Million out of Postbank accounts to
their own accounts that were opened earlier toward the end of
last year. The thieves were able to take record amounts from
ATMs, because the stolen credentials allowed much larger than
normal withdrawals. Ouch.
This was a well-planned, professional cyberheist by a
syndicate that knew what they were doing and were skilled
enough to stay under the radar for quite a long time.
Obviously, there are pointed questions in a case like this:
1) How did they get the credentials? Social engineering?
2) Password policies available but not practiced?
3) How come low-level employees have such high privileges?
If they hire the right forensics team, they might find
out how it happened, but it is likely that the cybercriminals
are going to get away with this heist. Another lesson that
shows us we need to have our defense-in-depth tested on a
regular basis, before the bad guys 'do it for us'. So, even
though your industry might not have government regulation that
requires you to do this for compliance: 1) Schedule regular
penetration testing, 2) Give all staff security awareness
training. By the way, we can do both for you at very competitive
prices, so call us toll free at 855-KNOWBE4 (566-9234)
Here is the story in the South African Times. Don't let this
happen to you (takes about 30 sec. to load):
http://www.timeslive.co.za/local/2012/01/15/it-was-a-happy-new-year-s-day-for-gang-who-pulled-off...r42m-postbank-heist
Real-Time Cyber Crime
I report via Twitter when hacks occur, from dozens of different
sources. If you want to know what goes on real-time, and get a Fave
Link thrown in now and then, follow me on twitter: @stuallard
Quotes of the Week
"I'm a big fan of dreams. Unfortunately, dreams are our first casualty
in life - people seem to give them up, quicker than anything, for a
'reality." - Kevin Costner
"Although it's easy to forget sometimes, a share is not a lottery
ticket...it's part-ownership of a business." - Peter Lynch
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/about-us/cyberheist-news/
"We Discovered A Serious Human Vulnerability"
"I'm a system administrator and we regularly get user's workstations
infected with malware. Then Microsoft reported that 45% of the infections
are caused by the users being 'social engineered', so we decided to test it
out for ourselves."
"First we did the Email Exposure Check. Out of our 197 users, 87 email
addresses were found on the Internet. Then we did the Phishing Security
Test, and sent these 87 a relatively simple simulated phishing attack,
that could have been sent by any bad guy."
"We were shocked to see that our spam filters and antivirus did not
catch the phishing email, and that 24 of these 87 clicked on the link.
We discovered a serious human vulnerability." -- P.H. System Admin
Find out for yourself how big this human security hole is in your
organization. Fill out this form, you will get the results for free:
http://www.knowbe4.com/eec/
The Koobface Malware Gang - Exposed!
Finally, you can have a look at the criminals behind the malware.
I found a great blog by security company Sophos that shows all the
ugly detail. Very interesting reading. They start off with this:
"On 17 January 2012, The New York Times revealed that Facebook plans to
name five men as being involved in the Koobface gang. As a result of
the announcement, we have decided to publish the following research,
which explains how we uncovered the same names." Here is the story:
http://nakedsecurity.sophos.com/koobface/
Now There Is 'Search' For The Criminal Ecosystem
Brian Krebs on his blog revealed 'MegaSearch' which aims to index
fraud site wares.
A new service in the cyber underground aims to be the Google search of
underground Web sites, connecting buyers to a vast sea of shops that
offer an array of dodgy goods and services, from stolen credit card
numbers to identity information and anonymity tools.
A glut of stolen card data has spawned dozens of stores that sell
the information. The trouble is that each store requires users to create
accounts and sign in before they can search for cards.
Enter MegaSearch.cc, which aims to let fraudsters discover which fraud
shops hold the cards they're looking for, without having to first create
accounts at each shop. This underground search engine aggregates data
about compromised payment cards, and points searchers to various fraud
shops selling them. More:
http://krebsonsecurity.com/2012/01/megasearch-aims-to-index-fraud-site-wares/
Symantec Backtracks, Admits Own Network Hacked
Uh oh. That's the 'crown jewels' that were stolen! Symantec backed away
from earlier statements regarding the theft of source code of some of
its flagship security products, now admitting that its own network
was compromised, but a few years ago.
In a statement provided to the Reuters news service, the security software
giant acknowledged that hackers had broken into its network when they stole
source code of some of the company's software. More at ComputerWorld:
http://www.computerworld.com/s/article/9223495/
Symantec_backtracks_admits_own_network_hacked?
A Fresh Cyberheist In Salem County
"SALEM Computer hackers have broken in and stolen approximately $19,000
by way of an illegal wire transfer from a Salem County bank account that
held over $13 million in funds. The illegal transaction happened in
mid-December and as of late last week Salem County Chief Finance Officer
Douglas C. Wright said the county has yet to recoup the money that was
stolen. Wright said the county is working with law enforcement officials,
who believe the county system was attacked by a computer virus called
a Zeus Bot. According to online data from Prevx Security, the virus
that helped hackers get access to Salem Countys account has allegedly
compromised over 74,000 accounts of such companies as the Bank of
America, NASA, Monster.com, ABC, Oracle, Play.com, Cisco, Amazon and
BusinessWeek." More:
http://www.nj.com/salem/index.ssf/2012/01/computer_hackers_tap_into_sale.html
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
Super Fave: Amazing magic performance at the Consumer Electronics Show
2012 in Las Vegas:
http://www.flixxy.com/magic-at-ces.htm
Diary: The difference between men and women. Quite funny:
http://i.imgur.com/9H13E.jpg
"The Day The LOLcats Died" - a protest song against legislation that would
destroy the Internet to the tune of American Pie':
http://www.flixxy.com/the-day-the-lol-cats-died.htm
Motorcyclist grabs tail of a double-decker airplane flying "inverted":
http://www.flixxy.com/inverted-airplane-tail-grab.htm
"Hello" by Lionel Ritchie re-created with movie clips:
http://www.flixxy.com/hello.htm
Crows are smart and like to have fun. Like sledding!
http://www.flixxy.com/snowboarding-crow.htm
A canine chorus barks the Imperial March tune. It seems that people at
Volkswagen thought everyone would love another Star Wars themed ad.
They were right!
http://www.flixxy.com/vw-the-bark-side.htm
For the nerds among us that grew up with slide rules instead of
calculators. Blast from the past:
http://sliderulemuseum.com/
An Indian motorbike can hold 6 people, 2 dogs and lots of luggage:
http://www.flixxy.com/6-man-indian-bike-6-people-2-dogs-and-lots-of-luggage.htm
Rail bridge replacement in Reading, England, filmed by 3 time lapse cameras:
http://www.flixxy.com/rail-bridge-replacement-timelapse.htm