CyberheistNews Vol 2, #24
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]
[/caption]New Cyberweapon 'Flame': CIA and Mossad Coproduction
'Flame', the most sophisticated piece of malware to date, was discovered
by the International Telecommunication Union (ITU) and Kaspersky Lab.
This code is more complex and has more features than any known cyberweapon
and is many times larger than Stuxnet which was a compact 500K. This monster
is 20 Megabyte and has downloadable modules that can be turned on and off.
The most remarkable thing is that it remained undiscovered for two years,
which is an eternity in the antivirus world. Flame is cyber espionage code
that steals data such as computer display contents, stored files, victim
contact info and audio conversations. But wait, this Swiss army knife of
malware can also sniff network traffic, take screenshots and intercept
a keyboard. 'Flame' turns on bluetooth and tries to connect with and
steal data from bluetooth devices close to it. It redefines the concept
of cyberwar and cyber espionage, and Stuxnet, Duqu and Flame are now
three cases where the antivirus industry has failed.
This malware is different from Stuxnet and its offspring Duqu, but it
matches up with the Middle East attack area and the software
vulnerabilities it uses. 'Flame' was named after one of its modules,
and is still stealing data as you read this. Removal tools are slowly
coming available, and Iran seems to have one by now. Wired had by far
the best write-up of this, and shows a map of the area where 'Flame'
has infected computers.
Most of the articles cautiously claim this is nation-sponsored but I
will go one step further. Stuxnet and Duqu are obviously U.S. and
Israel driven, probably DOD and NSA on the U.S side. 'Flame' though,
has CIA and Mossad written all over it. Probably a project that ran
in tandem with Stuxnet and Duqu, as they had access to the same
vulnerabilities, but written and executed by the real spy agencies.
It will probably take decades before the truth comes out, but this
is my best guess. Here is the wired article:
http://www.wired.com/threatlevel/2012/05/flame/
And this is an interview with Kevin Mitnick on CNN Monday May 29th:
http://edition.cnn.com/video/#/video/tech/2012/05/29/intv-cyber-war-flame-mitnick.cnn?iref=allsearch
Quotes of the Week
"We have learned in recent years to translate almost all of political
life in terms of conspiracy. And the spy novel, as never before, really,
has come into its own." - John Le Carre
"It is only the enlightened ruler and the wise general who will use the
highest intelligence of the army for the purposes of spying, and thereby
they achieve great results." - Sun Tzu, The Art of War
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/about-us/cyberheist-news/
Did you know? KnowBe4 Does Vulnerability Scanning!
Whether we like it or not, we are all potential targets if we are connected to the Internet. There is a very good chance that your website is being scanned for vulnerabilities right now by the bad guys, looking for low-hanging fruit that they can use to break in. Better be the one who does that scan first, and fix any holes that cyber criminals might use to penetrate your network. We can help you with that!
Get a Quote Now:
http://www.knowbe4.com/products/vulnerability-scanning/
Ten Years Of Windows Malware
Ed Bott wrote a truly excellent article over at ZDNet where he describes
the history of Windows Malware, which shows on the very first slide that
most malware is installed via social engineering or by using exploits that
target vulnerabilities which have already been patched. Check it out:
ten-years-of-windows-malware-and-microsofts-security-response/6363569?">http://www.zdnet.com/photos/
ten-years-of-windows-malware-and-microsofts-security-response/6363569?
Safety Tips For Mobile Devices
Aware of the StopThinkConnect.org site? They have a good page you should
send to all employees about mobile devices: "Today's mobile devices are
as powerful and connected as any PC or laptop. Take the same precautions
on your mobile device as you do on your computer with regard to messaging
and online safety. The first step is STOP. THINK. CONNECT. Here are all
the tips. Very useful:
http://stopthinkconnect.org/tips-and-advice/safety-for-mobile-devices/
No Time To Document Your IT Environment?
With Markdown PRO you can write beautiful documentation, notes, essays,
term papers all by using plain text to tag your formatting such as bold,
italic, lists and others. Need a heading? Add # before your text; need
to make a text italic? Add * around your *text*. Using the plain text
formatting, it is really easy and fast to type. You will never have to
take your hands off the keyboard, so you can focus on writing. Markdown
PRO provides live preview of beautifully formatted text using one of
the provided templates. See the results as you type! Check it out:
http://markdownpro.com
VIDEO The Top 5 Online Security Traps And How To Avoid Them
GFI is one of the few antivirus vendors that understands the importance
of prevention and end-user training. They produced this useful video that
in two minutes illustrates the top 5 online security traps. Worth watching
and sending to your employees. Here is the video:
http://www.gfi.com/blog/top-5-online-security-traps-and-how-to-avoid-them/
Banks Warned Of Sophisticated New Online Scam
Antone Gonsalves at NetworkWorld got this story first. Here is how the
scam works, so do not fall for it. You can recognize it by the grammar
and spelling mistakes.
“The cyber-criminals are taking advantage of the text messaging German
banks use to authenticate an online transaction. When a person transfers
funds, the bank first sends a transaction authorization number (TAN) to
the customer’s mobile phone. That number has to be typed into a web form
before the transfer is completed. U.S. banks use similar authentication
for some transactions.
When a victim logs into his banks’ site, the malware displays a screen
saying the bank is performing a security check and asks that at a TAN
be punched into a form on the page. Behind the scene, the Trojan checks
the victim’s accounts for the one with the most money and then requests
a TAN from the bank, so the money can be transferred to the hackers’
account”. Here is the full story:
http://www.networkworld.com/article/2188762/lan-wan/banks-warned-of-sophisticated-new-online-scam.html
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
How close can five wingsuit flyers come to two gliders cruising at 180
km/h 4,000 meters above the ground? A spectacular performance high in
the skies above Austria well worthy of any James Bond film:
http://www.flixxy.com/five-wingsuit-flyers-and-two-sailplanes-in-tight-formation.htm
Gary Connery leapt 2,400ft from a helicopter with a "wing suit" and
landed safely on a pile of cardboard boxes. Another wing suit flyer
followed him and recorded this incredible footage with his helmet cam:
http://www.flixxy.com/first-skydiver-to-land-without-parachute.htm
The best motorcycle "save". I would have fallen off 5 times:
http://www.flixxy.com/greatest-motorcycle-save.htm
You know the latest Lamborghini's name is Aventador, right? Here is
how they got that name! LOL:
http://hooniverse.com/2012/05/26/hooniverse-weekend-edition-brief-naming-the-latest-lamborghini/
This might take you some time, but... here are the 35 Greatest Star Wars
Tributes of All Time. w00t!
http://www.wired.com/underwire/2012/05/35-star-wars-pop-culture-tributes/
Creative Dad Takes Crazy Photos Of Daughters. Really creative:
http://www.boredpanda.com/creative-kids-photography-jason-lee/
While filming for Planet Earth Live in Africa, BBC cameramen had to put
up with the shenanigans of the wildlife itself:
http://www.flixxy.com/magic-meerkat-moments.htm
Derek's "Amateur" Rockets Fly to 120,000+ Feet. This is just cool:
http://tv.slashdot.org/video/?embed=MxdDhwMzo5TFz1ucCbcI3G14604wY2-F
Director Steve Moore has finally posted "Redux Riding Hood", a Disney
short, which was nominated for an Academy Award in 1997, but has rarely
been seen. Voices: Mia Farrow (Mrs Wolf), Michael Richards [aka. Kramer]
(The Wolf), June Foray (Grandma), Fabio (The Wodsman) and Adam West
(Leonard Fox):
http://www.flixxy.com/little-red-riding-hood-revisited.htm
