CyberheistNews Vol 2, #20
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"][/caption]
Warn Your Users: NY Traffic Ticket Phish
This phish is a classic attempt to get you to avoid a problem, but the
moment you click this link, life will become a lot more painful.
So Stop. Look. Think before you click!! Here is my recent blog post
with a screenshot of the Phish. Note that this is easily adapted per
state, and blasted as spam, filtered by zip code. Don't fall for it!
http://blog.knowbe4.com/check-out-this-ny-traffic-ticket-phish/
IT Policy: Give The Paper Tiger Claws
System Administrator Mel from Rochester, New York did us all a favor,
he wrote up a good IT Security Policy and then shared it with the community.
He started out with: "What could possibly be more important than having
a secure network? One thing: A Network Security Policy or, simply, an
IT policy. Every organization from Enterprise to SMB with an IT
infrastructure should have a network security policy, which in simple
terms describes acceptable computer, network and Internet usage as well
as steps to protect network resources and organizational assets.
If that already sounds tedious, stop: Who says security policies have
to be long, detailed and complex? The point of having policies is to
make the target audience aware of the rules and regulations that govern
your organization and ensure end users know the hierarchy of access
permissions. In the end, a good IT policy is a plainly written manual
designed primarily to address a companys IT needs." Next he was so
kind to share his own IT Policy! Here is the article where you can read
more, and the policy download link over at Spiceworks:
http://community.spiceworks.com/topic/217878-it-policy-give-the-paper-tiger-claws?
50 Malware Delivery Networks
On any given day, an average of 50 malware delivery networks will be in
operation. Your employees need to learn how to not get tricked by these.
KnowBe4 on-demand security awareness training was created for the 21-st
century employee. It addresses both your security needs and your compliance
requirements. "The expense isn't what it costs to train employees. It's
what it costs not to train them. You realize that as you grow."
-- Gary Wilber, CEO of Drug Emporium, Inc.
Quotes of the Week
"Do not go where the path may lead, go instead where there is no path
and leave a trail." - Ralph Waldo Emerson.
A black cat crossing your path signifies that the animal is going
somewhere." - Groucho Marx
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/about-us/cyberheist-news/
Prevent Email Phishing
Want to stop Phishing Security Breaches? Did you know that many of the
email addresses of your organization are exposed on the Internet and easy
to find for cybercriminals? With these addresses they can launch
spear-phishing attacks on your organization. This type of attack is very
hard to defend against, unless your users are highly security awareness
trained.
IT Security specialists call it your phishing attack surface. The more
of your email addresses that are floating out there, the bigger your attack
footprint is, and the higher the risk is. Find out now which of your email
addresses are exposed with the free Email Exposure Check (EEC). An example
would be the email address and password of one of your users on a crime
site. Fill out the form and we will email you back with the list of exposed
addresses. The number is usually higher than you think.
Sign Up For Your Free Email Exposure Check Now
http://www.knowbe4.com/email-exposure-check/
New 2011 Report on Russian Cybercrime
Group-IB, a leading Russian cybercrime investigation and computer forensics
company and LETA Group subsidiary, this week announced a 28-page report on
the Russian cybercrime market in 2011. Analysts from Group-IBs computer
forensics lab and its CERT-GIB unit prepared the report. Here are the
highlights:
Russian Cybercrime Doubles: The global cybercrime market was more than
$12.5 billion in 2011. The global Russian speaking component of that
market was more than $4 billion; and the Russian national cybercrime
market was $2.3 billion, essentially doubling last years number of
$1.2 billion.
Mafia Professionalizes Russian Cybercrime: Traditional crime syndicates
are beginning to organize the previously disorganized Russian cybercrime
market. In addition, these crime syndicates are beginning to work more
closely together, sharing compromised data, botnets, and cashing schemes.
Online Fraud and Spam Account for More than Half of Russian Cybercrime:
In 2011, the largest type of Russian cybercrime was online fraud at $942
million; followed by spam at $830 million; cybercrime to cybercrime, or
C2C (including services for anonymization and sale of traffic, exploits,
malware, and loaders) at $230 million; and DDoS at $130 million.
Here is the Infographic:
http://group-ib.com/images/media/Group-IB_Cybercrime_Inforgraph_ENG.jpg
And here is the full report in a PDF:
http://group-ib.com/images/media/Group-IB_Report_2011_ENG.pdf
The Latest Anti-Phishing Working Group Report
Last week, the new APWG Global Phishing Report was released at the
Anti-Phishing Working Group meeting in Prague. This report is published
every six months, detailing how phishers are using domain names, and
related trends and attack vectors. Highlights include:
- Phishers are now using subdomain registration services more than they
are registering regular domain names at domain registrars.
- Chinas growing Internet user base is increasingly victimized, and Chinas
Taobao.com is now the #1 phishing target in the world.
- Average phishing site uptimes dropped, they did some by-registrar
analysis on a limited set of gTLD domains.
And here is the full report in a PDF:
http://www.apwg.org/reports/APWG_GlobalPhishingSurvey_2H2011.pdf
Hacking The Hackers: A Counter-Intelligence Operation
Marc Weber Tobias, a contributor to Forbes Magazine wrote a very interesting
article: One of our security lab team members is an ex-cyberspook who
spent his career in the military doing hacking, crypto, and a lot of
special computer ops for different government agencies. Having the highest
security clearance gave him access to a wide range of attack techniques
and understanding of countermeasures and a unique perception of what I
will refer to as twenty-first century digital gangs. He is now employed
by the private sector to protect corporations from global attacks by
infiltrating the digital attackers. Here is the full article, which
gives executives a better view of the current state of the Wild West Web:
hacking-the-hackers-a-counter-intelligence-operation-against-digital-gangs/">http://www.forbes.com/sites/marcwebertobias/2012/04/26/
hacking-the-hackers-a-counter-intelligence-operation-against-digital-gangs/
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
Super Fave. It is possible to get out of the gravity well of this little
planet. The best space shuttle launch video I have seen so far - with high
quality audio and 1080p. Best in full screen!:
http://www.flixxy.com/the-best-space-shuttle-launch-video.htm
Here is another mini-vacation. Venice, Italy in one day time-lapse.
Been there, it's just gorgeous. from daybreak to sunset. Enjoy!:
http://www.flixxy.com/venice-in-a-day.htm
Powerful cross-winds have tested the skills of pilots trying to land in
extreme conditions at Bilbao Airport in Northern Spain:
http://www.flixxy.com/planes-landing-in-heavy-winds-at-bilbao-airport.htm
The flight and orbit of NASA's new spacecraft Orion that will take humans
far beyond low-Earth orbit:
http://www.flixxy.com/nasa-flight-of-the-orion.htm
Li Li the Golden Retriever guards his owners bicycle so well that there
is no need for a bike lock. Also watch the surprise at the end!
http://www.flixxy.com/golden-retriever-guarding-owners-bike-in-china.htm
Did you know that one asteroid may contain more platinum than has ever been
mined on earth?
http://www.flixxy.com/planetary-resources-asteroid-mining.htm
How To Introduce Two Cats To Each Other. A 12-step program for introducing
a new cat to your existing cat:
http://www.flixxy.com/how-to-introduce-two-cats-to-each-other.htm
Want to get the news in real-time with a fave thrown in now and then?
Follow me at Twitter! You can check out my recent news tweets here:
https://twitter.com/#!/stuallard