CyberheistNews Vol 2, #22
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]
[/caption]4 Ways To Phish Your Employees
About once a year I find myself submitting a page to Wikipedia, as I see
something important enough to warrant a write-up that could be useful for
everyone. If you wouldn't mind, go over to Wikipedia, read the article,
please rate it, and forward it to your friends. It will only take a minute.
Thanks very much! Here is the link:
http://en.wikipedia.org/wiki/Phishing_employees
2 New Russian Ransomware Scams - Warn Your Employees
Just in the last week, two new Ransomware scams were found in the wild.
One scam accuses the end-user of copyright violation, as content was
found on the victim's PC and has been moved to an encrypted directory.
To release the encrypted data, and to prevent violating the
law any further, the user must pay US$80 with the PaySafeCard, which is
a card system specialized in prepaid payments. This particular scam is
focused on the U.S. and Europe.
The second ransomware scam locks the PC and asks the user to pay a
fine for allegedly violating several laws as their IP address was
involved in illegal online activity. It's called the "Police Trojan"
because it scared the user with rogue messages that are supposedly
from law enforcement agencies. This bit of malware focuses on the
U.S. and Canada, and the victim is asked to pay a US$100 fine through
Paysafecard. The message shows the logos of supermarkets and chain
stores where Paysafecard vouchers can be bought.
Trend Micro researchers said: "What is becoming crystal clear is that
the same Eastern European criminal gangs who were behind the fake
antivirus boom are now turning to the Police Trojan strategy. We
believe this is a malware landscape change and not a single gang
attacking in a novel way."
The Quotes this Week Relate to Security
"What is our job? To keep your organzation out of the news without
anyone ever knowing it" - @CiscoSecurity
People often represent the weakest link in the security chain and are
chronically responsible for the failure of security systems." Bruce Schneier, Security Expert and Author
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/about-us/cyberheist-news/
Did you know? KnowBe4 Does Vulnerability Scanning!
Whether we like it or not, we are all potential targets if we are connected to the Internet. There is a very good chance that your website is being scanned for vulnerabilities right now by the bad guys, looking for low-hanging fruit that they can use to break in. Better be the one who does that scan first, and fix any holes that cyber criminals might use to penetrate your network. We can help you with that!
Get a Quote Now:
http://www.knowbe4.com/products/vulnerability-scanning/
Gartner Considers Security Awareness Training An Essential Tool
For All Companies
Linda Musthaler at NetworkWorld just wrote an excellent article about
training workers to be cyber safe. One paragraph was especially noteworthy:
In 2012 were already seeing a sharp increase in data breaches caused by
employees who lost or leaked confidential company data, according to
Perry Carpenter, research director at Gartner. Gartner considers a
behavior-change oriented information security awareness and training
program to be an essential tool for all companies, regardless of size.
Without one, serious IT risks may be overlooked. We could not agree more.
Article at NetworkWorld:
http://www.networkworld.com/newsletters/techexec/2012/051112bestpractices.html?/
Energy Companies Being Spear-phished
A Homeland Security Department cyber response team focusing on industrial
control systems has issued a warning to the natural gas pipeline industry
of targeted cyberattacks that have compromised some networks.
According to the Industrial Control Systems Cyber Emergency Response Team
(ICS-CERT), a partner organization of US-CERT, the attacks were discovered
in March and have been going on for at least five months, using well-crafted
spear-phishing e-mails targeting specific individuals.
Various sources provided information to ICS-CERT describing targeted
attempts and intrusions into multiple natural gas pipeline sector
organizations, the public alert states. Analysis of the malware and
artifacts associated with these cyberattacks has positively identified
this activity as related to a single campaign with spear-phishing activity
dating back to as early as December 2011. Source: GCN - Story here:
http://gcn.com/Articles/2012/05/08/Gas-pipeline-spear-phishing-attacks-US-CERT-alert.aspx?Page=1
Letter from Admin to Users
A customer of ours did the Phishing Security Test and wound up with a
25% Phish-prone percentage. He sent this to his users:
To All: Please read completely.
"Recently you received a Phishing email that appeared to be from UPS. In that
email, it said CLICK HERE and also said Urgent. Nowadays, these theft
attempts are getting more professional looking and are a major risk to
the security of our company.
You, the employee are our last line of defense after all of our security
measures that are already in place. There are a few of these fraud emails
that will indeed get to your inbox.
The recent UPS email was a baseline test sent by me to determine what
percentage of our company users actually click on those types of emails.
Dont worry if you are one of the associates that failed this test. It
will not be held against you in any way. I am the only one that knows
who you are. :)
The training that I chose for the entire company is online, brief, and
to the point. It has some test questions which are really not too difficult.
There will also be continued test emails in the future to test whether
the training has worked. Were looking for zero clicks on these types
of fraud emails after training is complete.
If you fall for any of these in the future, additional targeted training
will be suggested. Look for an invite in the next week or so that will
ask you to sign up and take the training. I took it the day before
yesterday and it took me around 20 minutes.
Thanks for helping us keep our network secure by being Aware."
-- Mike
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
Super Fave: A compilation of some of the best jet pilot cockpit footage:
http://www.flixxy.com/amazing-jet-pilots.htm
These Insane Russian Gymnasts Are Probably Not Human. Did not know you can do that with a human body:
http://www.youtube.com/watch?v=g_xW6eQMkns
Do not miss this one! Flash mob in the Copenhagen Metro - Copenhagen
Philharmonic Orchestral playing Peer Gynt:
http://www.flixxy.com/copenhagen-metro-flash-mob.htm
The Volkswagen Hover Concept Car is a pod-like zero-emissions vehicle that
uses electromagnetic road networks to float above the road:
http://www.flixxy.com/volkswagen-levitating-car.htm
Excellent vintage film about the first accurate atomic clock:
http://boingboing.net/2012/05/07/excellent-vintage-film-about-t.html
Robot bird lands on human hand. This is technically very cool:
http://boingboing.net/2012/05/07/robot-bird-lands-on-human-hand.html
Someone opened a CAT CAFE. Check out the pictures:
http://www.reuters.com/news/pictures/slideshow?articleId=USRTR31QSS#a=1
Top IT tools for the iPad. There are some good ones in here for us folks!
http://www.infoworld.com/slideshow/46355/top-it-tools-the-ipad-192723?
Best Of Talking Animals from the BBC Series "Funny Talking Animals -
The Wild Site of Life". Fine British humor:
http://www.flixxy.com/best-of-talking-animals.htm
The Buttered Cat Paradox - toast always falls on the buttered side
and cats always land on their feet. How can we make lemonade here?
http://www.flixxy.com/buttered-cat-paradox.htm
Ashleigh and her dancing dog Pudsey win the Britains Got Talent £500,000
price with an impressive routine set to the "Mission Impossible" theme song.
http://www.flixxy.com/ashleigh-and-pudsey-win-britains-got-talent-final.htm
