CyberheistNews Vol 2, #15
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]
[/caption]Finally Defined: 'Advanced Persistent Threat'
The Wall Street Journal in their April 2, 2012 issue had a lead article where
they defined what an Advanced Persistent Threat (APT) really is.
APT is the new buzzword in the security space, but it's only a label for
something we have known about a long time. An APT is a hacker that has
chosen a target, and works on this one specific target consistently, starting
with research, then with spear-phishing attacks, and combined with zero-day
exploits that antivirus software does not know about. This way they send
an email to their target, it seems to come from a trusted source, the
target opens the attachment, and the PC is infected with a backdoor that
allows the attacker to penetrate the network. The guys at the Wall Street
Journal made a nice graph that illustrates this, which you can see on the
KnowBe4 blog here:
http://blog.knowbe4.com/finally-defined-advanced-persistent-threat/
The whole WSJ article is here, and warmly recommended:
http://online.wsj.com/article/SB10001424052970204603004577269544215115670.html
The whole thing makes it abundantly clear that employees NEED to be given
Internet Security Awareness Training URGENTLY. Ask for a quote how much
this would cost for your organization. Click the 'Get a Quote' button:
http://www.knowbe4.com/products/internet-security-awareness-training/
Quotes of the Week
"Foolproof systems don't take into account the ingenuity of fools" - Gene Brown
"This job would be pretty good if it wasn't for the end users, equipment,
and management." - Daniel Nicholson
"Be yourself; everyone else is already taken." - Oscar Wilde
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/about-us/cyberheist-news/
Stop Phishing Security Breaches
Are you aware that many of the email addresses of your organization are exposed on the Internet and easy to find for cybercriminals? With these addresses they can launch (spear-) phishing attacks on your organization. This type of attack is very hard to defend against, unless your users are highly security awareness trained.
IT Security specialists call it your phishing attack surface. The more of your email addresses that are floating out there, the bigger your attack footprint is, and the higher the risk is. Its often a surprise how many addresses are actually out there.
Find out now which of your email addresses are exposed. The Email Exposure Check (EEC) is a one-time free service. KnowBe4 customers with a Gold package get an EEC sent to them regularly so they can address the issues that are found. An example would be the email address and password of one of your users on a crime site. Fill out the form and we will email you back with the list of exposed addresses. The number is usually higher than you think.
Sign Up For Your Free Email Exposure Check Now
http://www.knowbe4.com/20120228-Primary/
Social Engineering: Hacking The Human Mind
Now even Forbes Magazine gets into what Social Engineering is. They
have a Guest post written by Tomer Teller, who is a security evangelist
and researcher at Check Point Software. This is good to send to management:
"There is a scene in the movie Matchstick Men where the main character,
played by Nicolas Cage, has this exchange with a woman played by the
actress Alison Lohman:
Lohman: "You dont seem like a bad guy."
Cage: "Thats what makes me good at it."
The conversation captures a fundamental truth of all con games, whether
they are played in the digital world or the physical one getting someone
to lower their guard with a clever ruse makes the life of a thief that
much easier. In the vernacular of hackers, this is called social engineering.
Social engineering is about hacking the human mind, something that in many
ways is significantly easier than finding a new software vulnerability
and using it as a gateway into your enterprise. These vulnerabilities,
called zero-days, can cost tens of thousands of dollars in the hacker
underground money that can be saved if someone can be conned into
installing a computer virus on their own machine. After all, there is no
need to go through the effort of picking a lock when you can talk someone
into letting you into their home. Here is the full article:
social-engineering-hacking-the-human-mind/">http://www.forbes.com/sites/ciocentral/2012/03/29/
social-engineering-hacking-the-human-mind/
Oh, and while we are talking about Forbes, they also have an article
about how Law Enforcement cracks your iPhone's security code:
heres-how-law-enforcement-cracks-your-iphones-security-code-video/">http://www.forbes.com/sites/andygreenberg/2012/03/27/
heres-how-law-enforcement-cracks-your-iphones-security-code-video/
Verizon: "Most (96%) 2011 cyberattacks were avoidable".
Despite the fact that cyberattacks are getting increasingly sophisticated,
reality is that hackers employed relatively simple tricks in 96% of data
breaches over 2011, claims a report compiled by Verizon. Their annual report
on data breaches, also revealed that in 79% of the attacks, hackers hit
victims of opportunity rather than companies they targeted. Upshot? If
your defense-in-depth has holes, you will get hacked. Don't overlook
fundamental security precautions.
The conclusions in the Verizon report are based on the investigations into more
than 850 data breaches. The report was compiled with the help of the U.S.
Secret Service and law enforcement agencies in the United Kingdom, The
Netherlands, Ireland and Australia, Verizon said. Here is the report itself:
rp_data-breach-investigations-report-2012_en_xg.pdf">http://www.verizonbusiness.com/resources/reports/
rp_data-breach-investigations-report-2012_en_xg.pdf
The NSA Is Building the Countrys Biggest Spy Center
Under construction by contractors with top-secret clearances, the blandly
named Utah Data Center is being built for the National Security Agency.
A project of immense secrecy, it is the final piece in a complex puzzle
assembled over the past decade. Its purpose: to intercept, decipher, analyze,
and store vast swaths of the worlds communications as they zap down
from satellites and zip through the underground and undersea cables of
international, foreign, and domestic networks. The heavily fortified $2
billion center should be up and running in September 2013. Flowing through
its servers and routers and stored in near-bottomless databases will be
all forms of communication, including the complete contents of private
emails, cell phone calls, and Google searches, as well as all sorts of
personal data trailsparking receipts, travel itineraries, bookstore
purchases, and other digital pocket litter. It is, in some measure,
the realization of the total information awareness program created during
the first term of the Bush administrationan effort that was killed by
Congress in 2003 after it caused an outcry over its potential for invading
Americans privacy. Article in WIRED here:
http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1
New Strategies to Fight Phishing
BankInfo Security summarized the phishing problem for the Financial Industry,
and quotes the security firm RSA that states worldwide, phishing attacks
increased 37 percent from 2010 to 2011. Last year, RSA estimates, one out
of every 300 e-mails included some kind of malicious link or phishing attempt.
RSAs online fraud report, The Year in Phishing, notes that while phishing
attacks are targeting credit unions and community banks less often, attacks
last year on nationwide banks increased 10 percent.
The Core Problem
Why has the financial industry struggled to counter or at least contain
phishing attacks? Because it has failed to address the core problem: human
manipulation. "Its easy for technical people to understand technical issues,"
says online security expert Markus Jakobsson, who has studied phishing.
"But this is psychology, and technical people are not good at that."
Social engineering is the challenge. Addressing human behavior is the
struggle. They provide 5 steps to solve the problem and one of them is
provide education for executives and customers. And Internet Security
Awareness Training is the way to do that! Link to Full Article:
http://blog.knowbe4.com/new-strategies-to-fight-phishing/
Users Are The Weak Link In IT
Our friends at Trend Micro took the time to design an infographic about
that topic, so without further ado, here it is:
http://blog.knowbe4.com/users-are-the-weakest-link-in-it/
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
The amazing NUIverse astronomy application by Dr. David Brown puts the cosmos
at your fingertips like never before. This is an $8,000 tablet that I want!!!
PS: NUIverse: "Natural User Interface" (NUI) + "Universe"
http://www.flixxy.com/nuiverse-astronomy-application.htm
The only April Fools joke I kinda liked. "Is your smartphone keyboard too
cramped? Then the two-button 'Gmail Tap' is for you!"
http://www.flixxy.com/introducing-gmail-tap-1-apr-2012.htm
More April Fools. Now you can search the world in gloriously retro 8-bit
graphics, just like Google would have looked in the early 90s. Try it to
see your house in 8-bit street-view:
http://www.flixxy.com/8-bit-google-maps-1-april-2012.htm
Hedy Lamarr was called the "most beautiful woman in the world" in her day.
But what most don't know is that she had the brains to match her beauty
and that she invented "spread spectrum communications" and "frequency
hopping", the technology behind Wi-Fi. Check out this 'brainy beauty':
http://www.flixxy.com/beauty-and-brains-hedy-lamarr-inventor.htm
Watch this guy in a wingsuit get launched off a cliff by a Mini-Cooper.
Don't try this at home though, it may be spoofed:
http://www.flixxy.com/wingsuit-flyer-towed-by-a-car.htm
The New iPad Opener - quite effective!
http://youtu.be/BgjeCn901Iw
Marco Tempest spins a beautiful story of what magic is, how it entertains
us and how it highlights our humanity - all while working extraordinary
illusions with his hands and an 'augmented reality' machine:
http://www.flixxy.com/magical-tale-with-augmented-reality.htm
How Far Is The Nearest Star? Bill Nye The Science Guy with a solar system
model you can kick around. Fun for the kids:
http://www.flixxy.com/how-far-is-the-nearest-star.htm
10 fun (and safe) ways to pretend to be a hacker. Slideshow at NetworkWorld:
http://www.networkworld.com/slideshow/39466?
Strange gym equipment is being used to help these 1940s women get in shape:
http://www.flixxy.com/slimming-1940-style.htm
A cat, a fox, and a bald eagle get along just splendidly on a porch in
Unalaska, Alaska:
http://www.flixxy.com/a-cat-a-fox-and-a-bald-eagle.htm
We Love You - Iran & Israel. This video went viral, not hard to see why:
http://www.flixxy.com/we-love-you-iran-and-israel.htm
45-foot paper airplane flies:
http://boingboing.net/2012/03/27/45-foot-paper-airplane-flies.html
