CyberheistNews Vol 2, #26
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]
[/caption]Stuxnet, Duqu, Flame: What Is The Risk For You?
The cyberweapon genie is out of the bottle, and the U.S. is engaged
in a cyberwar. Now it becomes clear why the Government has been trying
to get private industry to agree to certain cybersecurity standards.
They are basically like an "arsonist calling for a better fire code",
as per Jason Healey, director of the Cyber Statecraft Initiative at
the Atlantic Council.
June 2012 it was revealed that the White House decided to wage cyberwar
against Iran starting with the Bush Administration and continued in
an intensified form by the Obama Administration. President Obama was,
and I assume still is, personally involved with the details of the
attacks on the Iranian Natanz uranium enrichment facility. In David E.
Sangers book Confront and Conceal: Obamas Secret Wars and Surprising
Use of American Power this has been spelled out for the first time.
Michael D. Hayden, the former chief of the CIA, said: This is the first
attack of a major nature in which a cyberattack was used to effect
physical destruction you cant help but describe it as an attack on
critical infrastructure. He continued with: Somebody has crossed the
Rubicon in one sense at least, its August 1945, the month that
the world saw the first capabilities of a new weapon, dropped over
Hiroshima. The big difference is that the cyberweapons that were created
by the U.S. Administrations are weapons of precise destructions, not
mass destruction, but Hayden does make a good point, in the hands
of cybercriminals it easily can become a weapon of mass destruction.
The U.S. Administration obviously wanted to keep this under wraps
as long as possible, and even when it was discovered, hoped it would
be unattributable. So much for that. The idea was if they could
damage Irans uranium enrichment capabilities, it would not be
necessary for Israel to bomb Natanz, and potentially spark a war
in the Middle East with disastrous consequences for oil prices.
I understand all that. But now you have highly powerful cyberweapons
in the hands of every somewhat capable hacker. Compare that to the
limited nuclear proliferation we have today and you see that this
genie is impossible to put back in the bottle.
Now, what risks are we talking here? Well, there is a spectrum of
cyberthreats that you can see in a gradient scale from nuisance to
catastrophic. Spam is a nuisance, your economic infrastructure shut
down and utilities destroyed sets you back 50 years as a country.
No, the sky is not falling. But bad guys are now having their hands
on some mighty powerful malcode that could be used to penetrate your
organization. How to protect yourself?
ABC News investigative producer Lee Ferran argues that "human
carelessness" is more responsible for cyberthreats than technical
advances: "no matter how sophisticated the attack or how capable
the defenses, the weakest link in cybersecurity is often the human
at the keyboard." He just wrote an article called 'Bigger Than Flame,
Stronger Than Stuxnet: Why Idiot Humans Are Best Cyber Weapon.'
And I think he is right. How did the U.S. and Israel get Stuxnet into
Natanz? With a bit of simple social engineering: the humble thumbdrive
carried it in. All your employees need to be trained against social
engineering attacks. And our new Internet Security Awareness Training
is just the ticket to get there.
Compliance Part Of Your Responsibilities?
In that case I have a 2-minute survey for you, because I need your
input regarding the price for some brand new compliance software
we are releasing. Could you do me a real big favor and check out
the webpage for InstantRevert, and then fill out the survey? There
is a deadline, the survey closes Friday June 15!:
http://www.knowbe4.com/products/instantrevert/
When you complete this survey, you will be able to enter our sweepstakes
for a chance to win a $100 Amazon.com Gift Card!:
https://www.surveymonkey.com/s/InstantRevertPrice
If you would do this for me, I'd be very grateful. Thanks so much !!!
PS, If you can spare another 64 seconds, see the InstantRevert
1-minute video and tell me if you like it?
Quotes of the Week
"Some great people are leaders and others are more lucky, in the
right place at the right time. I'd put myself in the latter category.
But I'd never call myself a normal designer of anything." - Steve Wozniak
"Bottom line is, I didn't return to Apple to make a fortune. I've
been very lucky in my life and already have one. When I was 25, my
net worth was $100 million or so. I decided then that I wasn't going
to let it ruin my life. There's no way you could ever spend it all,
and I don't view wealth as something that validates my intelligence." - Steve Jobs
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/about-us/cyberheist-news/
Users Are The Weak Link In IT Security
Youre an IT pro. You know that users are the weak link in IT security. But did you know that almost half of all your network malware infections are caused by social engineering? And that 99% percent of malicious action starts on workstations before they penetrate your servers? Because cyber-attacks are rapidly getting more sophisticated, the frustration level and risk continues to mount for IT Administrators and Security teams. Take the first step now to improve your organizations defenses against cybercrime. Find out what percentage of your users is Phish-prone. Start your Free Simulated Phishing Attack Now:
http://www.knowbe4.com/simulated-phishing-attack/
Retelling a Password Nightmare in the Wake of LinkedIn
Alan Shimel has a great story: "My password nightmare happened about
6 or 7 years ago. I had just returned home from a trip to the Black Hat
conference in Las Vegas. I received a call early in the morning from
one of the parents on my son's Little League team that I coached. They
said that they had just received an "interesting" email from my email
account that had some Yiddish/Hebrew words in the subject line and
contained some really vile, disgusting pornographic images. They didn't
think the email was in character for me (thank goodness for that) and
wanted to let me know. I said thank you and set out to look into it.
More:
http://www.networkworld.com/community/blog/linked-password-leak-cautionary-tale?
Why Antivirus Companies Failed To Catch Flame And Stuxnet
Arstechnica picked up the blog post of F-Secures Chief Research Officer:
Antivirus outfits were out of their own league. Mikko Hypponen is the
Chief Research Officer of F-Secure. He has been working with computer
security for over 20 years and has fought the biggest virus outbreaks
in the net, including Loveletter, Blaster, Conficker and Stuxnet. His
TED Talk on computer security has been seen by almost a million people
and has been translated to over 35 languages. Here is his post:
http://arstechnica.com/security/2012/06/why-antivirus-companies-like-mine-failed-to-catch-flame-and-stuxnet/
Google To Warn Users Of State-Sponsored Hacking
The Guardian reported that Google will warn users of state-sponsored
hacking: "Search giant says it will alert Gmail users about targeted
attacks, in move that could aid human rights campaigners. The move is
significant as Googles web services are used by millions of journalists
and human rights campaigners across the world. It comes just weeks
after Russian opposition bloggers claimed they were targeted by
Kremlin-sponsored attackers in the runup to Vladimir Putins re-election
in May." The only question I have is how does Google really -know- this
is state-sponsored? Link to article:
http://www.guardian.co.uk/technology/2012/jun/06/google-state-sponsored-hacking?
Stop Phishing Security Breaches
Are you aware that many of the email addresses of your organization are exposed on the Internet and easy to find for cybercriminals? With these addresses they can launch (spear-) phishing attacks on your organization. This type of attack is very hard to defend against, unless your users are highly security awareness trained.
IT Security specialists call it your phishing attack surface. The more of your email addresses that are floating out there, the bigger your attack footprint is, and the higher the risk is. Its often a surprise how many addresses are actually out there.
Find out now which of your email addresses are exposed. The Email Exposure Check (EEC) is a one-time free service. KnowBe4 customers with a Gold package get an EEC sent to them regularly so they can address the issues that are found. An example would be the email address and password of one of your users on a crime site. Fill out the form and we will email you back with the list of exposed addresses. The number is usually higher than you think.
Sign Up For Your Free Email Exposure Check Now
http://www.knowbe4.com/20120228-Primary/
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
Russian Dolls, an amazing magic act by Ivan and Liubov Necheporenko
winner of the World Championship of Illusionists. You think you know
how he does it, and then...
http://www.flixxy.com/necheporenko-russian-dolls-magic.htm
Spectacular footage of a Kiwirail train attempting to plow a route
through "Arthur's Pass" New Zealand:
http://www.flixxy.com/train-plowing-through-deep-snow-in-new-zealand.htm
The amazing "Blue Eagles" helicopter aerobatic team performing
back-flips, loops, rolls and other aerobatic maneuvers:
http://www.flixxy.com/blue-eagles-helicopter-aerobatics-team.htm
What are the actual odds you are going to die from a shark attack?
This and many more interesting facts at the bookofodds website:
http://www.bookofodds.com/content/view/full/252163
Spanish furniture maker OHEA has introduced the worlds first automated
bed that makes itself:
http://www.flixxy.com/smart-bed-makes-itself.htm
People are awesome and they come from all corners of the world.:
http://www.flixxy.com/discovering-the-world-of-talent.htm
An iceberg in Southern Argentina flips over with a huge roar while a
catamaran passes by:
http://www.flixxy.com/iceberg-flips-over-off-coast-of-argentina.htm
Meanwhile, in China ... a couple of guys transport a pole:
http://www.flixxy.com/chinese-pole-transport.htm
And here is this week's 5-minute virtual vacation. Join surfer Kelia Moniz
on a longboard session at beautiful Waikiki Beach:
http://www.flixxy.com/kelia-moniz-surfing-at-waikiki-beach.htm
The "Nissan DeltaWing" can race competitively with half the horsepower,
half the drag and half the weight of a typical racing car:
http://www.flixxy.com/nissan-deltawing-le-mans.htm
Last but not least. Think BIG: The Mars One Project plans to establish
human settlement on Mars by 2023. It's a one-way trip:
http://www.flixxy.com/the-mars-one-project.htm
