CyberheistNews Vol 2, #17
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]
[/caption]Scam Of The Week: "Help My Cousin"
We all get them, a friend or a family member asks us to help out and
click on a YouTube link, and increase the hits for that video. It will
help them: raise funds / pass an exam / help the needy / fill in the blank.
However, this is a fantastic way to social engineer anyone, using their
natural tendency to want to help people. The link provided could be
spoofed, or very similar to YouTube and dupe people into clicking the
link. Here is an example of such a possible scam email, but there are a
thousand variants of it. So Stop, Look, Think before you click!
"I have a favor to ask for my 1st cousin Amy. She and some of her pre-med
class mates have created a YouTube video as an assignment for her Cardiology
Final. They used real information, and they taped a fictional newscast with
a Charlie's Angels flavor. The athlete in it is her boyfriend. The number
of hits is going to determine their grade. I would really appreciate it
if you could just *hit* the video (you don't need to watch it)."
-- Link to YouTube here --
If this would be a malicious link, one click is enough to infect that PC.
Spend One Minute And Look At These Graphs!
After a year of helping our customers train their employees against social
engineering, we decided to go back, look at the actual numbers over those
12 months, and show you a few case studies that clearly show the sequence of:
1) The initial Phishing Security Test (PST) that shows the baseline Phish-prone
percentage,
2) Stepping all employees through our Internet Security Awareness Training, and
3) Follow up with regular PSTs that continue to keep them on their toes. All
graphs start out high on the left (baseline), and drop dramatically over time.
Under each case study is the type of organization, number of employees, the
number of PST’s that were sent to these employees, and which Phishing Campaign
templates were used to send to the users.
Spend ONE minute and look at these graphs, it's visible proof the KnowBe4
system works:
http://www.knowbe4.com/visible-proof-the-knowbe4-system-works/
Let us know if you want to know how much this is for your own employees,
we can get you a quote back by email in less than a day.
http://www.knowbe4.com/get-a-quote-isat/
Quotes of the Week
It was the great American baseball player / philosopher, Yogi Berra who said:
- “When you come to a fork in the road, take it.”
- “Always go to other people’s funerals, otherwise they won’t come to yours.”
- “It’s like déjà vu all over again.”
- “The future ain’t what it used to be.”
We love you Yogi.
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/about-us/cyberheist-news/
Stop Phishing Security Breaches
Are you aware that many of the email addresses of your organization are exposed on the Internet and easy to find for cybercriminals? With these addresses they can launch (spear-) phishing attacks on your organization. This type of attack is very hard to defend against, unless your users are highly ‘security awareness’ trained.
IT Security specialists call it your ‘phishing attack surface‘. The more of your email addresses that are floating out there, the bigger your attack footprint is, and the higher the risk is. It’s often a surprise how many addresses are actually out there.
Find out now which of your email addresses are exposed. The Email Exposure Check (EEC) is a one-time free service. KnowBe4 customers with a Gold package get an EEC sent to them regularly so they can address the issues that are found. An example would be the email address and password of one of your users on a crime site. Fill out the form and we will email you back with the list of exposed addresses. The number is usually higher than you think.
Sign Up For Your Free Email Exposure Check Now
http://www.knowbe4.com/20120228-Primary/
If You Do The Cyber Crime, Expect To Do The Time
Roger Grimes at InfoWorld observes something encouraging..."Every public
speaker and writer likes a good catchphrase or refrain that will grab the
audience's attention. One of mine: Whenever you read that a superhacker
has been arrested, it's never the superhacker. Even when we know who the
superhackers are, we can't arrest them. They operate with near impunity.
Why stop if you can never be caught?
"For two decades, my pet rant was true -- but the tide has turned. These
days, some of the biggest fish are being arrested. My friend Brian Krebs
from Krebs on Security has long been documenting the rise and, at last,
the fall of Russian cyber criminal enterprises." Full article:
http://www.infoworld.com/d/security/if-you-do-the-cyber-crime-expect-do-the-time-190042?
Remove Hidden Data And Personal Information By Inspecting Documents
This is a good hint for your users from the Microsoft website: "If you
plan to share an electronic copy of a Microsoft Word document with clients
or colleagues, it is a good idea to review the document for hidden data
or personal information that might be stored in the document itself or
in the document properties (metadata). Because this hidden information
can reveal details about your organization or about the document itself
that you might not want to share publicly, you might want to remove this
hidden information before you share the document with other people. This
article describes how the Document Inspector feature in Word can help you
find and remove hidden data and personal information in your documents."
information-by-inspecting-documents-HA010354329.aspx">http://office.microsoft.com/en-us/word-help/remove-hidden-data-and-personal-
information-by-inspecting-documents-HA010354329.aspx
AV Vendor claims 600,000 Infected Macs in Botnet
The CSO website reported: “A Mac trojan horse spotted by security analysts
since last year has infected more than 600,000 Apple computers, says
Dr. Web, a Russian antivirus vendor. Apple only patched the vulnerability
this week, around a month after hackers began spreading the BackDoor.Flashback.39
trojan, with most infected Macs located in the United States and Canada.”
Now this -is- an antivirus vendor, and it’s their job to make the
environment seem as dangerous as possible so they can sell their wares,
but still. Even if it’s half or one quarter, that still means the Mac OS
is now large enough to be a target, and that Mac users -also- need to
get their Internet Security Awareness Training like everyone else!
99 Percent Of Malicious Action Starts On Workstations
Roger Grimes made this remark on InfoWorld when he commented on the 2012
Verizon Data Breach Investigations Report that was released last week.
What he said was: "You should enable event log monitoring on all managed
workstations and servers. Don't make the mistake of only monitoring servers
-- 99 percent of the malicious action begins on a regular end-user's
workstation before it spreads to the servers holding the data. Often,
by the time attackers reach the servers, they are operating with an
elevated end-user's credentials, and event log monitoring becomes much
tougher." This is a warmly recommended article called: "What to monitor
to stop hacker and malware attacks":
http://www.infoworld.com/article/2619761/security/what-to-monitor-to-stop-hacker-and-malware-attacks.html
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
Awesome compilation of 183 different viral video clips in 4 minutes.
Watch in Full Screen and HD. Put your seatbelt on!
http://www.flixxy.com/best-of-the-web-compilation-2012-hd.htm
The PAL-V 'Personal Air and Land Vehicle' is a two seat hybrid car and
gyroplane made in Holland. Now you can leave home and fly-drive to almost
any destination. I want one! Really:
http://www.flixxy.com/pal-v-flying-car.htm
Cool, weird and unusual security gear. The unusual security stuff for sale
at the recent GovSec Conference in Washington, D.C. Slideshow at networkworld:
http://www.networkworld.com/slideshow/39823?
Google X labs confirms augmented reality glasses project with video demo,
but look at this from the perspective of that friend being spoofed, and the
meeting is a robbery instead. Even more opportunity for social engineering:
http://www.gizmag.com/google-x-augmented-reality/22072/
Rita Hayworth and her co-stars are dancing to "Stayin' Alive" in this
brilliantly edited compilation from her most popular movies:
http://www.flixxy.com/rita-hayworth-dancing-to-stayin-alive.htm
Chris Hadnagy gave a speech at RSA entitled, “Human Hacking Exposed:
6 Preventative Tips That Can Save Your Company.” Worth watching (17:25)
http://youtu.be/p40fZFAUz6U
The jumper has a parachute on and holds on to the wing for dear life,
while the pilot does a 1G roll. Woo HOO !
http://www.flixxy.com/aircraft-rolls-with-a-man-on-the-wing.htm
Amazingly simple glider launched by foot power is able to land on short
fields and runways. Made in Switzerland. Very cool!
http://www.flixxy.com/foot-launched-glider.htm
Take a mini-vacation on a busy day and enjoy this stunning video: Japan in
8 minutes! Best in full screen and as high definition as you can:
http://www.flixxy.com/japan-in-8-minutes.htm
James Cameron and a team of Titanic experts work out in a new computer generated animation how the Titanic sank and reached the ocean floor:
http://www.flixxy.com/new-cgi-of-how-titanic-sank.htm
Top Gear's Jeremy Clarkson takes the BMW Isetta "bubble car" for a spin - only to get caught out by its unusual design:
http://www.flixxy.com/bmw-bubble-trouble-top-gear.htm
