CyberheistNews Vol 2, #21



CyberheistNews Vol 2, #20







Editor's Corner



KnowBe4


[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]cybercrime[/caption]

Scam Of The Week: Fake Storage Upgrades



Phishers are now offering fake storage upgrades. This is getting pretty

sophisticated. I suggest you warn your users that this new scam is going

on.







In April 2012, Symantec observed phishing pages that mimicked popular email

services in an attempt to dupe users with attractive storage plans. Customers

were flooded with fake offers of free additional storage space for services

such as email, online photo albums, and documents.







In the first example, the phishing site was titled “Welcome to New [BRAND

NAME] Quota Verification Page”. According to the bogus offer, the additional

storage plan ranged from 20 GB to 1 TB per year, at no extra cost. The

phishing page boasted that the free additional storage plan will help

customers prevent loss of data and the inability to send and receive emails

due to exhausted storage space." Here is the Symantec blog post:


http://www.symantec.com/connect/blogs/phishers-offer-fake-storage-upgrades







And as always, your users really need Internet Security Awareness Training

to make sure they do not fall for criminal tricks like this. You know,

often the attackers go after employees at the house, compromise those

PCs first, and then use the data obtained to attack the office.











KnowBe4










Quotes of the Week









"For to be free is not merely to cast off one's chains, but to live in a

way that respects and enhances the freedom of others."
- Nelson Mandela









“None are more hopelessly enslaved than those who falsely believe they

are free." ”
- Johann Wolfgang von Goethe









Please tell your friends about CyberheistNews! They can subscribe here:


http://www.knowbe4.com/about-us/cyberheist-news/



KnowBe4






Did you know? KnowBe4 Does Vulnerability Scanning!







Whether we like it or not, we are all potential targets if we are connected to the Internet. There is a very good chance that your website is being scanned for vulnerabilities right now by the bad guys, looking for low-hanging fruit that they can use to break in. Better be the one who does that scan first, and fix any holes that cyber criminals might use to penetrate your network. We can help you with that!







Get a Quote Now:


http://www.knowbe4.com/products/vulnerability-scanning/











KnowBe4






How To Land A Cybersecurity Job







Just found an article in NetworkWorld by Carolyn Duffy Marsan that is

very interesting. Here is a snippet: "One specific skill related to cloud

security that's in demand: SAML. The Security Assertion Markup Language

is an emerging standard that allows enterprises to extend their directory,

authentication and identity management systems into cloud-based applications."





"You can learn SAML very quickly, and it's incredibly applicable because

almost all the [Software-as-a-Service] companies support a SAML interface,"

Frymier says. "We've implemented a SAML product in the last year and half

or so. It allows us to create an interface to an LDAP store like Microsoft

Active Directory and in a secure manner expose account information from

Active Directory to SaaS applications. We can do account management

inside our Active Directory and have that immediately reflected in our

SaaS applications." Here is the article:


http://www.networkworld.com/article/2188252/access-control/how-to-land-a-cybersecurity-job.html









KnowBe4






Understanding Security Hype





HP is promoting a white paper about securing virtualized data centers. Some

terms they used looked unfamiliar, so I decided to take a look. Here is the

paragraph where they are used. Turns out these are concepts mostly cooked up

by marketing folks, so don't fall for this kind of hype.







"While there are real challenges to deploying applications securely in a

virtual environment, there is also a fair amount of hype surrounding the

topic. While some of the areas of vulnerability and possible attack scenarios

that have been identified are realistic possibilities, they are not a practical

reality. Many of these potential attacks are not being encountered with any

frequency, or at all. Those being discussed include:







• Hyper-jacking: Attacks targeted at subverting or layering a rogue hypervisor

on a virtual server


• VM Escape: An exploit that enables a hacker to move from within a VM to

the hypervisor


• VM Hopping: An instance in which one VM is able to gain access to another VM


• VM Sprawl: The proliferation of virtualized server workloads








Only the last one is something that is happening regularly, and not a

real security risk but an organizational problem.





KnowBe4






The Average Cyberespionage Attack Goes On For 416 Days







WIRED Mag has a great article by Kim Zetter. It boils down to the fact

that high-level hackers are able to get and stay in your network. And

even if you are able to kick them out, they unleash a spear-phishing

campaign on your users, and they are right back in. Here is a bit of a

shocker: “According to Richard Bejtlich, Chief Security Officer for computer

security firm Mandiant, which has helped Google and many other companies

conduct forensics and clean up their networks after an attack, the average

cyberespionage attack goes on for 416 days, well over a year, before a

company discovers it’s been hacked. That’s actually an improvement over

a few years ago, he says, when it was normal to find attackers had been

in a network two or three years before being discovered.” The solution?

Analyze and segment your network and keep the truly confidential data

completely off any network segment with public access. Expensive, but

effective. Here is the (warmly recommended) article:


http://www.wired.com/threatlevel/2012/05/everyone-hacked/





KnowBe4






Symantec Report Says User Behavior is Root of Most Breaches









Tracy Kitten over at BankInfoSecurity spotted something interesting in

Symantec’s recent Internet Security Threat Report. This is the upshot:

“Which Internet security threats pose the greatest risks to organizations

in 2012 and beyond? Symantec has just released its Internet Security Threat

Report, which reveals some surprising trends. While the number of Internet

vulnerabilities identified and tracked by Symantec dropped 20 percent in

2011, malicious attacks waged against online users jumped 81 percent.







Liam O Murchu, Manager of Operations at Symantec Security Response, says

hackers have altered their methods and modes of attack, relying more on

social media and spear-phishing than they have in the past. Here is the

article with a link to the PDF. Do I need to say anything about Security

Awareness Training? Methinks not:


http://www.bankinfosecurity.com/interviews.php?interviewID=1554&







KnowBe4








Cyberheist 'FAVE' LINKS:







* This Week's Links We Like. Tips, Hints And Fun Stuff.





Super Fave. A compilation of the "world's fastest everything" - from the

world's fastest cup stacker to the world's fastest clapper:


http://www.flixxy.com/worlds-fastest-everything.htm





'Jetman' Yves Rossy soars over Rio de Janeiro's iconic skyline, including

the famous 'Christ the Redeemer' statue:


http://www.flixxy.com/jetman-flies-over-rio-de-janeiro.htm





An incredible scene caught on camera: A polar bear doing a handstand in

the water with seagulls watching on the ice:


http://www.flixxy.com/polar-bear-does-handstand.htm





Neil Degrasse Tyson introduces you to one amazing K-9, who knows over 1,000 words:


http://www.flixxy.com/the-dog-who-knows-1000-words.htm





Who would have thought that a cat and dolphins could get along so well?


http://www.flixxy.com/cat-and-dolphins-playing-together.htm





'Doggles', seatbelt, fur flying in the wind and a big dog smile. It's a

beautiful day!


http://www.flixxy.com/its-a-beautiful-day.htm





Entitled "1944" this 8-minute film was Apple's in-house takeoff of the "1984"

Super Bowl Macintosh ad. The World War II-themed film was used to inspire

Apple's international sales team. Highlights include Steve Jobs as FDR:


http://www.flixxy.com/steve-jobs-plays-fdr-in-apple-macintosh-1944-ad.htm





Here is something cool: The ExoHand from Festo is an exoskeleton that can

be worn like a glove. The fingers can be actively moved and their strength

amplified; the operator's hand movements are registered and transmitted

to the robotic hand in real time. Nifty:


http://www.youtube.com/watch?v=EcTL7Hig8h4




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews