CyberheistNews vol 2, #20



CyberheistNews Vol 2, #20







Editor's Corner



KnowBe4


[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]cybercrime[/caption]

Warn Your Users: NY Traffic Ticket Phish



This phish is a classic attempt to get you to avoid a problem, but the

moment you click this link, life will become a lot more painful.

So… Stop. Look. Think before you click!! Here is my recent blog post

with a screenshot of the Phish. Note that this is easily adapted per

state, and blasted as spam, filtered by zip code. Don't fall for it!


http://blog.knowbe4.com/check-out-this-ny-traffic-ticket-phish/















IT Policy: Give The Paper Tiger Claws









System Administrator Mel from Rochester, New York did us all a favor,

he wrote up a good IT Security Policy and then shared it with the community.

He started out with: "What could possibly be more important than having

a secure network? One thing: A Network Security Policy — or, simply, an

IT policy. Every organization from Enterprise to SMB with an IT

infrastructure should have a network security policy, which in simple

terms describes acceptable computer, network and Internet usage as well

as steps to protect network resources and organizational assets.







If that already sounds tedious, stop: Who says security policies have

to be long, detailed and complex? The point of having policies is to

make the target audience aware of the rules and regulations that govern

your organization and ensure end users know the hierarchy of access

permissions. In the end, a good IT policy is a plainly written manual

designed primarily to address a company’s IT needs." Next he was so

kind to share his own IT Policy! Here is the article where you can read

more, and the policy download link over at Spiceworks:


http://community.spiceworks.com/topic/217878-it-policy-give-the-paper-tiger-claws?





50 Malware Delivery Networks











On any given day, an average of 50 malware delivery networks will be in

operation. Your employees need to learn how to not get tricked by these.

KnowBe4 on-demand security awareness training was created for the 21-st

century employee. It addresses both your security needs and your compliance

requirements. "The expense isn't what it costs to train employees. It's

what it costs not to train them. You realize that as you grow."

-- Gary Wilber, CEO of Drug Emporium, Inc.



KnowBe4










Quotes of the Week









"Do not go where the path may lead, go instead where there is no path

and leave a trail."
- Ralph Waldo Emerson.









“A black cat crossing your path signifies that the animal is going

somewhere." ”
- Groucho Marx









Please tell your friends about CyberheistNews! They can subscribe here:


http://www.knowbe4.com/about-us/cyberheist-news/



KnowBe4






Prevent Email Phishing





Want to stop Phishing Security Breaches? Did you know that many of the

email addresses of your organization are exposed on the Internet and easy

to find for cybercriminals? With these addresses they can launch

spear-phishing attacks on your organization. This type of attack is very

hard to defend against, unless your users are highly ‘security awareness’

trained.





IT Security specialists call it your ‘phishing attack surface‘. The more

of your email addresses that are floating out there, the bigger your attack

footprint is, and the higher the risk is. Find out now which of your email

addresses are exposed with the free Email Exposure Check (EEC). An example

would be the email address and password of one of your users on a crime

site. Fill out the form and we will email you back with the list of exposed

addresses. The number is usually higher than you think.





Sign Up For Your Free Email Exposure Check Now


http://www.knowbe4.com/email-exposure-check/











KnowBe4






New 2011 Report on Russian Cybercrime







Group-IB, a leading Russian cybercrime investigation and computer forensics

company and LETA Group subsidiary, this week announced a 28-page report on

the Russian cybercrime market in 2011. Analysts from Group-IB’s computer

forensics lab and its CERT-GIB unit prepared the report. Here are the

highlights:





Russian Cybercrime Doubles: The global cybercrime market was more than

$12.5 billion in 2011. The global Russian speaking component of that

market was more than $4 billion; and the Russian national cybercrime

market was $2.3 billion, essentially doubling last year’s number of

$1.2 billion.







Mafia Professionalizes Russian Cybercrime: Traditional crime syndicates

are beginning to organize the previously disorganized Russian cybercrime

market. In addition, these crime syndicates are beginning to work more

closely together, sharing compromised data, botnets, and cashing schemes.







Online Fraud and Spam Account for More than Half of Russian Cybercrime:

In 2011, the largest type of Russian cybercrime was online fraud at $942

million; followed by spam at $830 million; cybercrime to cybercrime, or

C2C (including services for anonymization and sale of traffic, exploits,

malware, and loaders) at $230 million; and DDoS at $130 million.





Here is the Infographic:


http://group-ib.com/images/media/Group-IB_Cybercrime_Inforgraph_ENG.jpg





And here is the full report in a PDF:


http://group-ib.com/images/media/Group-IB_Report_2011_ENG.pdf





KnowBe4






The Latest Anti-Phishing Working Group Report





Last week, the new APWG Global Phishing Report was released at the

Anti-Phishing Working Group meeting in Prague. This report is published

every six months, detailing how phishers are using domain names, and

related trends and attack vectors. Highlights include:





- Phishers are now using subdomain registration services more than they

are registering regular domain names at domain registrars.


- China’s growing Internet user base is increasingly victimized, and China’s

Taobao.com is now the #1 phishing target in the world.


- Average phishing site uptimes dropped, they did some by-registrar

analysis on a limited set of gTLD domains.








And here is the full report in a PDF:


http://www.apwg.org/reports/APWG_GlobalPhishingSurvey_2H2011.pdf







KnowBe4






Hacking The Hackers: A Counter-Intelligence Operation





Marc Weber Tobias, a contributor to Forbes Magazine wrote a very interesting

article: “One of our security lab team members is an ex-cyberspook who

spent his career in the military doing hacking, crypto, and a lot of

special computer ops for different government agencies. Having the highest

security clearance gave him access to a wide range of attack techniques

and understanding of countermeasures and a unique perception of what I

will refer to as twenty-first century “digital gangs.” He is now employed

by the private sector to protect corporations from global attacks by

infiltrating the digital attackers.” Here is the full article, which

gives executives a better view of the current state of the Wild West Web:




hacking-the-hackers-a-counter-intelligence-operation-against-digital-gangs/">http://www.forbes.com/sites/marcwebertobias/2012/04/26/

hacking-the-hackers-a-counter-intelligence-operation-against-digital-gangs/








KnowBe4








Cyberheist 'FAVE' LINKS:







* This Week's Links We Like. Tips, Hints And Fun Stuff.





Super Fave. It is possible to get out of the gravity well of this little

planet. The best space shuttle launch video I have seen so far - with high

quality audio and 1080p. Best in full screen!:


http://www.flixxy.com/the-best-space-shuttle-launch-video.htm





Here is another mini-vacation. Venice, Italy in one day time-lapse.

Been there, it's just gorgeous. from daybreak to sunset. Enjoy!:


http://www.flixxy.com/venice-in-a-day.htm





Powerful cross-winds have tested the skills of pilots trying to land in

extreme conditions at Bilbao Airport in Northern Spain:


http://www.flixxy.com/planes-landing-in-heavy-winds-at-bilbao-airport.htm





The flight and orbit of NASA's new spacecraft “Orion” that will take humans

far beyond low-Earth orbit:


http://www.flixxy.com/nasa-flight-of-the-orion.htm





Li Li the Golden Retriever guards his owner’s bicycle so well that there

is no need for a bike lock. Also watch the surprise at the end!


http://www.flixxy.com/golden-retriever-guarding-owners-bike-in-china.htm





Did you know that one asteroid may contain more platinum than has ever been

mined on earth?


http://www.flixxy.com/planetary-resources-asteroid-mining.htm





How To Introduce Two Cats To Each Other. A 12-step program for introducing

a new cat to your existing cat:


http://www.flixxy.com/how-to-introduce-two-cats-to-each-other.htm





Want to get the news in real-time with a fave thrown in now and then?

Follow me at Twitter! You can check out my recent news tweets here:


https://twitter.com/#!/stuallard




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews