CyberheistNews vol 2, #19



CyberheistNews Vol 2, #19







Editor's Corner



KnowBe4


[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]cybercrime[/caption]

Scam Of The Week: 'The Evil Unsub'



An ordinary piece of spam slips through the filters, and you see a

gorgeous sandy beach with palm trees. It's an enticing ad for a

vacation to a tropical island, basically a big picture with just one

button that allows you to learn more. You click on that button and

you wind up on the legitimate website of the travel agency that

sells the vacation package. So what's the angle? The poison comes

in when you click the unsub button, which installs a nasty Trojan

that hides itself really well. You think you do the right thing

and unsub from the spam, but remember, ANYTHING you click on in

the wrong email is a potential way to get infected with malware!







This is why we have so much success with our continued Phishing

Security Tests. Here are some real-life 12-month results of our

training. Spend ONE minute and look at these graphs!


http://www.knowbe4.com/visible-proof-the-knowbe4-system-works/









Six Steps To Successful Security Awareness Training









If you would schedule an event to teach people about Internet Security,

and make it optional to attend, only about 5% of your entire office

population will show up. And guess what, those 5% are probably the

people that need it least.







Here are the six elements of a successful Internet Security Awareness

Training Program







1) Formulate, and make easily available a written Security Policy. Each

employee needs to read the document and sign it as an acknowledgment

they understand the policy and will apply it.


2) Give all employees a mandatory (online) Security Awareness Course,

with a clearly stated deadline. It is highly recommended to explain to

them in some detail why this is necessary.


3) Make this Security Awareness Course part of the onboarding process

of each new employee.


4) Keep all employees on their toes with security top of mind, by

continued testing. Sending a simulated phishing attack once a week is

extremely effective to keep them alert.


5) Never publicly identify an employee that fails a simulated attack, let

their supervisor or HR take this up privately. Give a quarterly prize

for the three employees with the lowest ‘fail-rate’.


6) If you use posters, stickers and or screensavers, change the pictures

or messages monthly. After a few weeks people simple don’t ‘see’ them

anymore. It’s more effective to send them regular ‘Security Hints & Tips’

via email.












KnowBe4










Quotes of the Week









"Always bear in mind that your own resolution to succeed is more important

than any other."
- Abraham Lincoln







“Success is a lousy teacher. It seduces smart people into thinking they

can't lose.”
- Bill Gates









Please tell your friends about CyberheistNews! They can subscribe here:


http://www.knowbe4.com/about-us/cyberheist-news/



KnowBe4






Prevent Email Phishing





Want to stop Phishing Security Breaches? Did you know that many of the

email addresses of your organization are exposed on the Internet and easy

to find for cybercriminals? With these addresses they can launch

spear-phishing attacks on your organization. This type of attack is very

hard to defend against, unless your users are highly ‘security awareness’

trained.





IT Security specialists call it your ‘phishing attack surface‘. The more

of your email addresses that are floating out there, the bigger your attack

footprint is, and the higher the risk is. Find out now which of your email

addresses are exposed with the free Email Exposure Check (EEC). An example

would be the email address and password of one of your users on a crime

site. Fill out the form and we will email you back with the list of exposed

addresses. The number is usually higher than you think.





Sign Up For Your Free Email Exposure Check Now


http://www.knowbe4.com/email-exposure-check/











KnowBe4






Video: How A Crimepack Works







Cybercriminals are as organized and industrious as any legitimate

business. Case in point: exploit kits, also known as crimepacks, which

bad guys can purchase and which make infecting computers with malware

as simple as point and click. The software, often available for purchase

for only a few hundred dollars, also gives the criminal comprehensive,

real-time information about the machines it has impacted.







With an exploit kit, criminals can “get new malware, infect web sites,

build business intelligence and manage an overall malicious campaign,”

according to James Lyne, director of technology strategy for security

firm Sophos. Here is the video:


http://www.csoonline.com/article/704055/video-how-a-crimepack-works?











KnowBe4






8 Dirty Secrets Of The IT Security Industry





Bill Brenner at CSO Magazine is quoting IBM ISS Security Strategist

Joshua Corman who has been on a crusade with his 8 Dirty Secrets

campaign. Dirty Secret #5 rang oh so true:"





Dirty Secret 5: There is more to risk than weak software





Corman said the lion's share of the security market is focused on software

vulnerabilities. But software represents only one of the three ways to

be compromised, the other two being weak configurations and people.

Unfortunately, he said, the latter two are far more dangerous risks

than the big bad software security flaw of the week.





"While we need to find and patch vulnerabilities, we also must understand

an organization is only as strong as its weakest link. More attention

needs to be paid in mitigating the other two ways beyond software,"

Corman said. Read here about the other seven dirty little secrets:




8-dirty-secrets-of-the-it-security-industry?page=1">http://www.csoonline.com/article/499815/

8-dirty-secrets-of-the-it-security-industry?page=1






And obviously Internet Security Awareness Training is part and parcel

of strengthening your weakest link: users.





KnowBe4






Spoiler Alert: Your TV will be hacked





"Last week you may have read a headline that blared "100 million TVs will

be Web-connected by 2016." Regular readers of this blog know I'm always

on the lookout for new threats, so the question naturally arises: Will

Internet TVs will be hacked as successfully as previous generations of

digital devices? Of course they will!" Read Roger Grimes' article at

InfoWorld here:




http://www.infoworld.com/d/security/spoiler-alert-your-tv-will-be-hacked-191013








KnowBe4






Fake Skype Encryption







You don't like Big Brother snooping, and looking into your Skype

conversations. Could be you are discussing highly confidential

product features or legal strategy. Another possibility is that you

live in a country where repression of free Internet communication

is the norm (Syria, Iran, China to name a few). In either case you

are looking to encrypt your Skype sessions. You might be tempted

to Google for software that does that. Careful, as there is now

malware that purports to provide encryption for Skype, but in reality

it's the DarkComet V3.3 malware. Moreover, Skype actually uses

AES encryption, and here is their FAQ describing how that works

and what is covered by their encryption:


https://support.skype.com/en-us/faq/FA31/Does-Skype-use-encryption?





KnowBe4






Large Twitter Spam Campaign





According to security researchers at Kaspersky, during the last few days,

a large spam campaign on Twitter directed users to infected/malicious

websites that exploited vulnerabilities in browser plug-ins to infect

their computers with rogue antivirus programs. Kaspersky's researchers

counted 4,148 tweets containing malicious links being sent from 540

compromised Twitter accounts. "Our analysis is just a snapshot at a

given time, and is lower than reality," said Kaspersky Lab senior malware

researcher Nicolas Brulez in their blog. The spam tweets contained

messages like "online virus check," "proven anti-virus," "excellent

anti-virus," and links to websites with .TK and .SU domain names. More:




New_Spam_campaign_on_Twitter_Leads_to_Rogue_AV">http://www.securelist.com/en/blog/208193477/

New_Spam_campaign_on_Twitter_Leads_to_Rogue_AV








KnowBe4








Cyberheist 'FAVE' LINKS:







* This Week's Links We Like. Tips, Hints And Fun Stuff.





SUPER FAVE: Ever wanted to take out those bad guys in a more permanent way? This crazy Russian

just built the tool for that. A quad rotor with a machine gun strapped to its belly. Check

out how this thing compensates for recoil !!


http://youtu.be/SNPJMk2fgJU





A new time-lapse video from the ISS gives you the “best view in the solar

system” of our home planet:


http://www.flixxy.com/the-best-view-in-the-solar-system.htm





Mark Dumas is the only man in the world who can swim with a polar bear:


http://www.flixxy.com/the-only-man-in-the-world-who-can-swim-with-a-polar-bear.htm





14-year-old Jake Foushee has become an Internet sensation with his

amazing movie trailer voice:


http://www.flixxy.com/14-year-old-has-amazing-movie-trailer-voice.htm





The NASA space shuttle Discovery took a spectacular last ride around

Washington DC this week on its way to the final stop at the Smithsonian:


http://www.networkworld.com/slideshow/42665





Evacuated Tube Transport could take you from New York to LA in 45 minutes:


http://www.flixxy.com/evacuated-tube-transport-around-the-world-in-6-hours.htm





Robot readable world on Vimeo shows us how life is through the eyes of machines:


http://vimeo.com/36239715





Wessley Cavalcante doesn't need an alarm clock - he has a cat named Boo.

Hilarious:


http://www.flixxy.com/cat-alarm-clock.htm





Inspired by "Where the Hell is Matt", Steve Kamb decided to self-fund a

16-country 120,000 mile 18-month adventure trip around the world. Fun!:


http://www.flixxy.com/exercising-around-the-world.htm





Frustrated by how long it takes for Windows to fully load after you've logged

in? So is just about every other Windows user on the planet. Now you can do

something about it with this new product called Soluto:


http://www.pcworld.com/downloads/file/fid,153446-order,4/description.html





One of these things is not like the others. Did you see it right away?


http://www.flixxy.com/one-of-these-things-is-not-like-the-others.htm





Sh*t I.T. Security Guys Say. Not Quite Safe For Work:


http://www.youtube.com/watch?feature=player_embedded&v;=GYbNNJklCFQ





A compilation of 104 fun wedding dances from around the world edited to

the song 'Losing My Religion' by R.E.M.


http://www.flixxy.com/wedding-dance-compilation.htm




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews