CyberheistNews vol 2, #7



CyberheistNews Vol 2, #7







Editor's Corner



KnowBe4


[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]cybercrime[/caption]

Facebook Malware Scam Of The Week



A "worrying number" of Facebook users are sharing a link to a

malware-laden fake CNN news page reporting the U.S. has attacked Iran

and Saudi Arabia, security firm Sophos said Friday. This is a great

example of employees falling for a social engineering trick. You

could send them an email to warn them against this scam, and prevent

workstations in the office and at the house from getting infected.

More:


http://cwonline.computerworld.com/t/7843830/987374514/550432/0/







Next Version of our Security Awareness Training



1) This week, you will see a wave of Whitney Houston malware coming

through, all trying to capitalize on her death. Think Before You

Click!


2) Miscreants are sending tons of Valentines Day spam, laced

with malicious links. Think Before You Click!


3) Viruses tend to come into end-user's mailboxes between 8 and 9am EST. I told you

three times... Think Before You Click!







Healthcare IT: 97% Increase In Records Breached









Redspin provides IT security assessments, and they released their Breach

Report 2011, Protected Health Information (PHI). The report examines a

total of 385 incidents affecting over 19 million individuals since the

HITECH Act's breach notification rule went into effect in August 2009.







"Information security data breach in healthcare has reached epidemic

proportions - the problem is widespread and accelerating," said Daniel W.

Berger, Redspin's President and CEO. "Incidents have been reported in

nearly all 50 states and the total number of records breached increased

97% in 2011 as compared to 2010."







Redspin's analysis points at unencrypted portable devices and the lack of

sufficient oversight as the main reasons for the increase. Malicious attacks

(theft, hacking, and insider incidents) continue to cause 60% of all breaches,

as these records can be very profitably sold on the cybercrime black

markets, and then used for medical ID theft or Medicare fraud







At the conclusion of the report, Redspin also provides specific

recommendations. One of HIPAA's (many) requirements is Security

Awareness Training, which is a key element to prevent data breaches

like this. A full copy of Redspin's "Breach Report 2011, Protected

Health Information" can be found at:


http://www.redspin.com/resources/whitepapers-datasheets/request_PHI_Breach_Analysis.php



KnowBe4




CyberheistPoll: Security Resource Allocation









Here is the first CyberheistPoll. Please take 10 seconds to answer and

next week we will publish the results! Here is the question: "When making

resource allocation decisions for security programs, do you have a

methodology that helps you prioritize your investments based on greatest

risk to the organization’s overall business strategy?"







- Yes


- No


- Somewhat, but immature





Take the poll now!:


https://www.surveymonkey.com/s/ResourceAlloc



KnowBe4




Quotes of the Week









"Don't wait around for other people to be happy for you. Any happiness

you get you've got to make yourself."
- Alice Walker







"Dream as if you'll live forever, live as if you'll die today." - James Dean









Please tell your friends about CyberheistNews! They can subscribe here:


http://www.knowbe4.com/about-us/cyberheist-news/





What Is Your Email Attack Surface?







Always been curious to find out what percentage of your employees

actually are Phish-prone™?




Did you know that almost half of all network malware infections are

caused by social engineering? Because cyber-attacks are rapidly

getting more sophisticated, the frustration level and risk continues

to mount for IT Administrators.



Take the first step now to improve your organization’s defenses against

cybercrime. Fill out the form, and you will be able to start your Free

Simulated Phishing Attack. That allows you to find out what percentage

of your users is Phish-prone. The number is usually much higher than

you think.



You will get immediate access to start the simulated attack. We call it

the 'Phishing Security Test' (PST). Sign Up For Your FREE Simulated

Phishing Attack Now:


http://www.knowbe4.com/simulated-phishing-attack/







KnowBe4






E-Mail Viruses Most Likely To Appear In The Morning







"Eight in the morning is a good time to grab some coffee, but not to

check your e-mail. The number of viruses sent out each day peaks between

8 a.m. and 9 a.m. EST, according to the Global Security Report released

by security research firm Trustwave this week. "The number of executables

and viruses sent in the early morning hours increased," reads the

report. "The spike is likely an attempt to catch people as they

check e-mails at the beginning of the day." Warn your users. More

at CNET:


http://news.cnet.com/8301-1023_3-57374422-93/e-mail-viruses-most-likely-to-appear-in-the-morning/





KnowBe4








* Valentine’s Day Scams: For The Love Of Money





Scam artists and cybercriminals are looking to turn romance into

profit now that Valentine's Day is here, possibly taking over your

computer in the process. According to ESET researchers, we can expect

the quest for love to be leveraged as an effective social engineering

ploy to enable the bad guys to infect unsuspecting users with malicious

code. Malware authors, always eager to exploit their victims'

susceptibility and curiosity, see great potential for “romantic”

hyperlinks that lead, allegedly, to greetings cards, poems, songs

or videos. On the site you can see an early example of such a "card of

love" received in the run-up to Valentine’s Day, 2012, analyzed by

ESET research team in Latin America:


http://blog.eset.com/2012/02/07/valentines-day-scams-for-the-love-of-money







KnowBe4






Example of U.K. Phishing Attack





David Montgomery at Advantage Computers Limited in the U.K. sent us

a recent example of a phishing attack that is going on there right

now. Hackers broke into the TicketWeb site (they are the U.K equivalent

of TicketMaster) and sent a malicious email to all TicketWeb customers,

while spoofing the Ticketweb domain name.





Ticketweb found out about it and sent the following email to all its

customers, but really this is an issue of closing the barn door after

the horse has bolted. Anyone who clicked on the malicious email from

the hackers has likely been the victim of malware being installed on

their PC.





"Urgent Alert: Please Read this Important Message from TicketWeb





Dear TicketWeb Customer,





We have discovered that our TicketWeb UK direct email marketing system

was exposed to unauthorised access. As a result, you may have received

up to four emails on Saturday, February the 11th, from an unauthorised

party with the subject as "Action Required: Update Your PDF Application"

and containing a link to update an Adobe Acrobat PDF application.

Please do not click this link, but delete the email.





We have taken immediate action to close the vulnerability. You can rest

assured that none of your credit card information was vulnerable during

this attack. We sincerely regret any inconvenience this has caused. We

are continuing to investigate this unauthorised access, and will send

you a follow-up email when we have additional information.





Please contact www.ticketweb.co.uk/helpdesk with any questions you may

have. Thank you for your understanding as we continue to resolve this

concern.







KnowBe4










Cyberheist 'FAVE' LINKS:







* This Week's Links We Like. Tips, Hints And Fun Stuff.





SUPER FAVE: An abandoned iPhone turns out to be a killer of a deal in

the 4 min short film "Psycho Siri":


http://www.flixxy.com/psycho-siri-short-film.htm





Time-lapse footage from 179 different and beautiful places around the planet.

Best viewed in Full Screen HD:


http://www.flixxy.com/welcome-to-earth-universal-time-lapse.htm





A Rube Goldberg machine, different from any you've ever seen before.

Perfect for Valentine’s Day:
http://www.flixxy.com/date-night-rube-goldberg-machine.htm





A 3D LED Cube creates a large moving display in three dimensions:
http://www.flixxy.com/3d-led-screen-dance.htm





The iPad keyboard has six hidden keys you don't know about!
http://www.businessinsider.com/the-ipad-keyboard-has-six-hidden-keys-you-dont-know-about-2012-2?





Future Hipsters:
http://www.gizmag.com/greatest-toy-robot-in-the-universe/21424/





Inventor claims this robot is "the greatest toy in the universe,":
http://www.gizmag.com/greatest-toy-robot-in-the-universe/21424/





Formula 1 car on ice and snow on the toughest Grand Prix track in the world,

that's not something you see every day:
http://www.flixxy.com/formula-one-car-on-ice-and-snow.htm





“Urban Paragliding”. Fantastic flying and beautifully filmed and edited.

Jean-Baptiste Chandelier flies over Lima, Peru, Iquique, Chile and Mont

Dauphin, France:


http://www.flixxy.com/urban-paragliding.htm





The canals of Amsterdam have completely frozen solid for the first time in 15 years, turning the city into one huge skating rink for all to enjoy:


http://www.flixxy.com/ice-skating-on-amsterdams-frozen-canals.htm




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews