CyberheistNews Vol 2, #7
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]
[/caption]Facebook Malware Scam Of The Week
A "worrying number" of Facebook users are sharing a link to a
malware-laden fake CNN news page reporting the U.S. has attacked Iran
and Saudi Arabia, security firm Sophos said Friday. This is a great
example of employees falling for a social engineering trick. You
could send them an email to warn them against this scam, and prevent
workstations in the office and at the house from getting infected.
More:
http://cwonline.computerworld.com/t/7843830/987374514/550432/0/
Next Version of our Security Awareness Training
1) This week, you will see a wave of Whitney Houston malware coming
through, all trying to capitalize on her death. Think Before You
Click!
2) Miscreants are sending tons of Valentines Day spam, laced
with malicious links. Think Before You Click!
3) Viruses tend to come into end-user's mailboxes between 8 and 9am EST. I told you
three times... Think Before You Click!
Healthcare IT: 97% Increase In Records Breached
Redspin provides IT security assessments, and they released their Breach
Report 2011, Protected Health Information (PHI). The report examines a
total of 385 incidents affecting over 19 million individuals since the
HITECH Act's breach notification rule went into effect in August 2009.
"Information security data breach in healthcare has reached epidemic
proportions - the problem is widespread and accelerating," said Daniel W.
Berger, Redspin's President and CEO. "Incidents have been reported in
nearly all 50 states and the total number of records breached increased
97% in 2011 as compared to 2010."
Redspin's analysis points at unencrypted portable devices and the lack of
sufficient oversight as the main reasons for the increase. Malicious attacks
(theft, hacking, and insider incidents) continue to cause 60% of all breaches,
as these records can be very profitably sold on the cybercrime black
markets, and then used for medical ID theft or Medicare fraud
At the conclusion of the report, Redspin also provides specific
recommendations. One of HIPAA's (many) requirements is Security
Awareness Training, which is a key element to prevent data breaches
like this. A full copy of Redspin's "Breach Report 2011, Protected
Health Information" can be found at:
http://www.redspin.com/resources/whitepapers-datasheets/request_PHI_Breach_Analysis.php
CyberheistPoll: Security Resource Allocation
Here is the first CyberheistPoll. Please take 10 seconds to answer and
next week we will publish the results! Here is the question: "When making
resource allocation decisions for security programs, do you have a
methodology that helps you prioritize your investments based on greatest
risk to the organizations overall business strategy?"
- Yes
- No
- Somewhat, but immature
Take the poll now!:
https://www.surveymonkey.com/s/ResourceAlloc
Quotes of the Week
"Don't wait around for other people to be happy for you. Any happiness
you get you've got to make yourself." - Alice Walker
"Dream as if you'll live forever, live as if you'll die today." - James Dean
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/about-us/cyberheist-news/
What Is Your Email Attack Surface?
Always been curious to find out what percentage of your employees
actually are Phish-prone™?
Did you know that almost half of all network malware infections are
caused by social engineering? Because cyber-attacks are rapidly
getting more sophisticated, the frustration level and risk continues
to mount for IT Administrators.
Take the first step now to improve your organizations defenses against
cybercrime. Fill out the form, and you will be able to start your Free
Simulated Phishing Attack. That allows you to find out what percentage
of your users is Phish-prone. The number is usually much higher than
you think.
You will get immediate access to start the simulated attack. We call it
the 'Phishing Security Test' (PST). Sign Up For Your FREE Simulated
Phishing Attack Now:
http://www.knowbe4.com/simulated-phishing-attack/
E-Mail Viruses Most Likely To Appear In The Morning
"Eight in the morning is a good time to grab some coffee, but not to
check your e-mail. The number of viruses sent out each day peaks between
8 a.m. and 9 a.m. EST, according to the Global Security Report released
by security research firm Trustwave this week. "The number of executables
and viruses sent in the early morning hours increased," reads the
report. "The spike is likely an attempt to catch people as they
check e-mails at the beginning of the day." Warn your users. More
at CNET:
http://news.cnet.com/8301-1023_3-57374422-93/e-mail-viruses-most-likely-to-appear-in-the-morning/
* Valentines Day Scams: For The Love Of Money
Scam artists and cybercriminals are looking to turn romance into
profit now that Valentine's Day is here, possibly taking over your
computer in the process. According to ESET researchers, we can expect
the quest for love to be leveraged as an effective social engineering
ploy to enable the bad guys to infect unsuspecting users with malicious
code. Malware authors, always eager to exploit their victims'
susceptibility and curiosity, see great potential for romantic
hyperlinks that lead, allegedly, to greetings cards, poems, songs
or videos. On the site you can see an early example of such a "card of
love" received in the run-up to Valentines Day, 2012, analyzed by
ESET research team in Latin America:
http://blog.eset.com/2012/02/07/valentines-day-scams-for-the-love-of-money
Example of U.K. Phishing Attack
David Montgomery at Advantage Computers Limited in the U.K. sent us
a recent example of a phishing attack that is going on there right
now. Hackers broke into the TicketWeb site (they are the U.K equivalent
of TicketMaster) and sent a malicious email to all TicketWeb customers,
while spoofing the Ticketweb domain name.
Ticketweb found out about it and sent the following email to all its
customers, but really this is an issue of closing the barn door after
the horse has bolted. Anyone who clicked on the malicious email from
the hackers has likely been the victim of malware being installed on
their PC.
"Urgent Alert: Please Read this Important Message from TicketWeb
Dear TicketWeb Customer,
We have discovered that our TicketWeb UK direct email marketing system
was exposed to unauthorised access. As a result, you may have received
up to four emails on Saturday, February the 11th, from an unauthorised
party with the subject as "Action Required: Update Your PDF Application"
and containing a link to update an Adobe Acrobat PDF application.
Please do not click this link, but delete the email.
We have taken immediate action to close the vulnerability. You can rest
assured that none of your credit card information was vulnerable during
this attack. We sincerely regret any inconvenience this has caused. We
are continuing to investigate this unauthorised access, and will send
you a follow-up email when we have additional information.
Please contact www.ticketweb.co.uk/helpdesk with any questions you may
have. Thank you for your understanding as we continue to resolve this
concern.
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
SUPER FAVE: An abandoned iPhone turns out to be a killer of a deal in
the 4 min short film "Psycho Siri":
http://www.flixxy.com/psycho-siri-short-film.htm
Time-lapse footage from 179 different and beautiful places around the planet.
Best viewed in Full Screen HD:
http://www.flixxy.com/welcome-to-earth-universal-time-lapse.htm
A Rube Goldberg machine, different from any you've ever seen before.
Perfect for Valentines Day:
http://www.flixxy.com/date-night-rube-goldberg-machine.htm
A 3D LED Cube creates a large moving display in three dimensions:
http://www.flixxy.com/3d-led-screen-dance.htm
The iPad keyboard has six hidden keys you don't know about!
http://www.businessinsider.com/the-ipad-keyboard-has-six-hidden-keys-you-dont-know-about-2012-2?
Future Hipsters:
http://www.gizmag.com/greatest-toy-robot-in-the-universe/21424/
Inventor claims this robot is "the greatest toy in the universe,":
http://www.gizmag.com/greatest-toy-robot-in-the-universe/21424/
Formula 1 car on ice and snow on the toughest Grand Prix track in the world,
that's not something you see every day:
http://www.flixxy.com/formula-one-car-on-ice-and-snow.htm
Urban Paragliding. Fantastic flying and beautifully filmed and edited.
Jean-Baptiste Chandelier flies over Lima, Peru, Iquique, Chile and Mont
Dauphin, France:
http://www.flixxy.com/urban-paragliding.htm
The canals of Amsterdam have completely frozen solid for the first time in 15 years, turning the city into one huge skating rink for all to enjoy:
http://www.flixxy.com/ice-skating-on-amsterdams-frozen-canals.htm
