CyberheistNews vol2, #30

CyberheistNews Vol 2, #30

Editor's Corner


[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]cybercrime[/caption]

Scam Of The Week: Payroll Phish

The nakedsecurity blog over at Sophos highlighted a new phishing scam

that would be good to alert your employees about. The bad guys are

pretending to be payroll processing company ADP. There are two variants

of this phishing scam. They wrote: "One is simply a plain text message

with the subject "ADP Funding Notification – Debit Draft" instructing

you to click a link to view your transaction report."

"The second is more professional looking and suggests to a human resource

specialists that ADP is upgrading its security processes and you need

to login and be trained on the new procedures.”

I would not be surprised if the bad guys did some homework and checked

on job sites for companies that are looking for HR people with ADP

experience, or scanned LinkedIn for the same and did a spear-phishing

attack where they also included ‘’ so that the net would

be as wide as possible.

“The links in all of the messages we have received redirect to

compromised websites that attempt to load malicious JavaScript that

has all of the telltale signs of the Blackhole exploit kit. Don’t

click links in email folks. It’s 2012 and we have been saying this

for over 10 years now. Think before you click.” If you want to see

a screenshot of this phishing attack, see the KnowBe4 Blog here:

Kevin Mitnick Security Awareness Training Success Stories

You heard it here first! KnowBe4's very successful Internet Security

Awareness Training now has been released in a new Version 2. We

rebranded it, as the last 8 months we have been working with Kevin to

release a killer new training that covers many new attack vectors.

This big news will hit the press wires on July 9th, but CyberheistNews

subscribers are are getting a sneak peak.

Here are some user quotes from employees of a mid-size defense

contractor that were the first to complete the training.

“Never want to open an email again. Yikes!”

“Nice training learned a lot! Was not aware that it was that bad.“

“Interesting training. Thanks for making this available.”

“I got a lot of good information from the training this morning. I know

a lot of folks who could benefit from this training that are not

employees (wife, kids, church secretary, friends, etc., etc.). So my

question, is it possible to buy viewings of this for non-employees

somehow? Thanks so much!”

“This was a real eye opener. Can I have my wife take this training as well?”

“I need a total scrub down after watching that video – can you say “paranoid”!”

“Best training we’ve had yet. Hopefully it will make us smarter.”

“I went through this training and it was incredibly helpful to me.

Thanks for taking the time to do this. Is there a way I can provide

this to my children?“

Here is the page to the new Kevin Mitnick Internet Security Awareness



Quotes of the Week

"There's so much bad in the best of us and so much good in the worst of us,

it ill behooves us to talk about the rest of us"
- author unknown

"You cannot depend on your eyes when your imagination is out of focus" - Mark Twain

"The hottest places in hell are reserved for those who in times of

moral crisis preserve their neutrality"
- Dante

Please tell your friends about CyberheistNews! They can subscribe here:


Users Are The Weak Link In IT Security

You’re an IT pro. You know that users are the weak link in IT security. But did you know that almost half of all your network malware infections are caused by social engineering? And that 99% percent of malicious action starts on workstations before they penetrate your servers? Because cyber-attacks are rapidly getting more sophisticated, the frustration level and risk continues to mount for IT Administrators and Security teams. Take the first step now to improve your organization’s defenses against cybercrime. Find out what percentage of your users is Phish-prone. Start your Free Simulated Phishing Attack Now:


Malware Metastasizes

A few days ago I wrote about a 60 million Euro cyberheist. I have been

digging into this a bit more, as it’s the most advanced attack yet.

Cybercrime is not revolutionary, it clearly builds upon itself in an

evolutionary process. Well, malware has metastasized and moved up into

the cloud.

Up to now, malware lived on the PC itself in its entirety. All the code

was run locally on the workstation, and it communicated only with the

mothership to send stolen data, whether that be keystrokes, files,

credit card numbers or any other confidential data.

But now, the bad guys have upped the game and rewrote their malware

architecture from the ground up. It’s almost like they took a page

from the antivirus playbook and cut down their own bloatware to a

small, lightweight agent (that the bad guys can hide easily), with

the real processing being done on a server in the cloud.

So how this works is as follows. The attacks start off with a phishing

email, usually pretending to be from the victim’s bank and social

engineering them to change their account password which is not that

hard. Next, in early versions, the Zeus or SpyEye trojans would be

downloaded to the workstation. No more, only a tiny bit of malware

is put on the workstation and now the actual attack is coming from

the cloud. Yikes.

When the victim logs into their bank site, the malware uses web-inject

code to throw up a page that looks just like the victims bank web page.

But what happens behind the scenes and invisible to the victim is that

the malware server starts transferring money from the victim’s account

to the criminal’s account, with all the work being done on the criminal’s

cloud server that usually sits at an Internet Service Provider which

is owned by the criminal network.

And quite a bit of work is being done. The attack takes the log-in

from the PC and redirects it to the server in real-time and does all

the transactions in the bank account. It can even circumvent two-factor

authentications where the victim has a card they need to swipe to get

into the account. Double yikes.

The malware on the workstation is relatively small, simple and does

not need to be updated for the next attack, as the updates can happen

on the server side. This makes the attack more agile and scalable.

Once that new, lightweight malware agent infects the user’s workstation,

that machine can be used for a multitude of criminal activities.

Note that all this still begins with a phishing attack which makes

it all the more important that end-users urgently need to be getting

comprehensive Security Awareness Training:


KnowBe4 Philosophy

We are welcoming many friends of Kevin Mitnick, so I decided to

tell you a bit about our background. Here is KnowBe4's philosophy:

We are happy to go against the grain.

We’re not a massive developer that turns out bloatware year after year.

We don’t work with only the bottom line in mind.

We don’t sell top down and force our solutions down everyone’s throat.

We don’t develop code based on yesterday’s problems.

And we feel fine with all that.

We’re a team free of thinking techies, who look at IT security issues a little differently.

Where other IT security companies may value profits, we value, well…security.

When the competition tries to keep things locked up, we want it to be community-based.

We write security software for admins by admins.

We are not in the pocket of any of the large players.

We answer to no one but IT admins in the trenches.

Our company Operating System is: “Do it right the first time, do it fast, and have fun while you do it”.

We work like that, because we think it’s the only way to go.

We believe in smarts over money.

We believe that only with community you can effectively secure your domains.

We believe that as IT Admins we need to hang together, because if we don’t we will hang alone.

And we feel strong about challenging the status quo, we put admins front and center in the fight against cybercrime.

So, it boils down, we believe in you.

We believe that the world’s best security products can only be made with admins who give a bit of their time, talents, energy and support to defending our mutual domains.

And with this cause in mind, we believe that together we can continue to create innovative security tools for the benefit of your organization and the security of your network.

We are committed to serve the greater good. We are KnowBe4. We’re not just a different kind of security company, we are a security company that together with you, makes a difference.


Bank Settles With California Cyberheist Victim

Finally, a positive outcome in a cyberheist lawsuit.

Brian Krebs reported that Professional Business Bank settled with

Village View Escrow Inc, a California cyberheist victim.

A California escrow firm that sued its bank last year after losing

nearly $400,000 in a 2010 cyberheist has secured a settlement that

covers the loss and the company’s attorneys fees. The settlement is

notable because such cases typically favor the banks, and litigating

them is often prohibitively expensive for small-to mid-sized businesses

victimized by these crimes. Here is link to his blog post.:


Stop Phishing Security Breaches

Are you aware that many of the email addresses of your organization are exposed on the Internet and easy to find for cybercriminals? With these addresses they can launch (spear-) phishing attacks on your organization. This type of attack is very hard to defend against, unless your users are highly ‘security awareness’ trained.

IT Security specialists call it your ‘phishing attack surface‘. The more of your email addresses that are floating out there, the bigger your attack footprint is, and the higher the risk is. It’s often a surprise how many addresses are actually out there.

Find out now which of your email addresses are exposed. The Email Exposure Check (EEC) is a one-time free service. KnowBe4 customers with a Gold package get an EEC sent to them regularly so they can address the issues that are found. An example would be the email address and password of one of your users on a crime site. Fill out the form and we will email you back with the list of exposed addresses. The number is usually higher than you think.

Sign Up For Your Free Email Exposure Check Now


Cyberheist 'FAVE' LINKS:

* This Week's Links We Like. Tips, Hints And Fun Stuff.

This week we found another mini-vacation for you: Europe! A great time-lapse

from a trip to Vilnius, London, Amsterdam, Paris, Stockholm, Copenhagen,

Helsinki, Riga, Crete, Santorin, Milan, and Cinque Terre. Gorgeous:

Check out the new Princeton Artificial Intelligence, which starts to

get pretty darn convincing, wonder if Alan Turing would have approved:

“The Future Is Ours” - A tribute to the individuals and companies pushing

us forward:

Polar bear cubs play and wrestle in the snow while their mother keeps

a close eye on them from the den:

Love is in the air when Libero launches their Spring Collection 2012:

On a hot summer day, graduates from St Petersburg, Russia come together

for a song and dance in the river. Flash Mob the Russian way!

The world's tallest and longest zip line is also the fastest. It has a

top speed of 100 mph and is located in Sun City, South Africa:

I knew it would come to this. The Walkstation is the fully integrated

combination of an electric height-adjustable worksurface with an exclusively

engineered, low speed commercial grade treadmill. See it at Steelcase:

Google plots the 20-year evolution of web. Pretty cool !!

Brrzzzt! How to (sort of) shock people like Emperor Palpatine:

Incredible Time-Lapse Video Shows Creation of Giant Higgs Boson Mural:

Useful website for the summer months: Blackout tracker tells you where

the electric grid is down:

Subscribe To Our Blog

Ransomware Has Gone Nuclear Webinar

Get the latest about social engineering

Subscribe to CyberheistNews