CyberheistNews Vol 2, #29
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]
[/caption]15 Social Media Scams
Not just -one- Scam of the week, but a whopping 15! From Facebook
phishing lures to Twitter and Tumblr hoaxes, here are 15 scams to
watch out for on social networking sites. CSO online took the time
to put this slide show together and it’s worth checking out, there
are some good scams you need to be aware of. Slide Show Here, and
worth sharing with your employees:
http://www.csoonline.com/article/2130476/data-protection/15-social-media-scams.html
A Closer Look: Email-Based Malware Attacks
The excellent cybercrime journalist Brian Krebs has done it again.
Great blog post that explains how small- and mid-size businesses lose
hundreds of thousands of dollars in cyberheists. He started out with:
“Nearly every time I write about a small- to mid-sized business that
has lost hundreds of thousands of dollars after falling victim to a
malicious software attack, readers want to know how the perpetrators
broke through the victim organization’s defenses, and which type of
malware paved the way. Normally, victim companies don’t know or
disclose that information, so to get a better idea, I’ve put together
a profile of the top email-based malware attacks for each day over
the past month.” Here is link to his blog post, and check out the
antivirus detection rate percentage of fresh attacks he discovered.
Ouch:
http://krebsonsecurity.com/2012/06/a-closer-look-recent-email- based-malware-attacks/
Quotes of the Week
"The first and worst of all frauds is to cheat one’s self. All sin
is easy after that" - Pearl Bailey
"I would prefer even to fail with honor than to win by cheating" - Sophocles
"Disillusion is a natural stage that follows the holding of an illusion." - Susan Shaughnessy
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/about-us/cyberheist-news/
Users Are The Weak Link In IT Security
You’re an IT pro. You know that users are the weak link in IT security. But did you know that almost half of all your network malware infections are caused by social engineering? And that 99% percent of malicious action starts on workstations before they penetrate your servers? Because cyber-attacks are rapidly getting more sophisticated, the frustration level and risk continues to mount for IT Administrators and Security teams. Take the first step now to improve your organization’s defenses against cybercrime. Find out what percentage of your users is Phish-prone. Start your Free Simulated Phishing Attack Now:
http://www.knowbe4.com/simulated-phishing-attack/
Why Pill Pushing Spam Pays Off
Brian Krebs is on a roll. Here is why pill pushing spam pays off:
“Consumer demand for cheap prescription drugs sold through
spam-advertised Web sites shows no sign of abating, according to a
new analysis of bookkeeping records maintained by three of the
world’s largest rogue pharmacy operations. Researchers at the
University of California, San Diego, the International Computer
Science Institute and George Mason University examined caches of
data showing the day-to-day finances of GlavMed, SpamIt, and
Rx-Promotion, shadowy affiliate programs that over a four-year
period processed more than $170 million worth of orders from
customers seeking cheaper, more accessible and more discretely
available drugs. The result is is perhaps the most detailed analysis
yet of the business case for the malicious software and spam
epidemics that persist to this day. Here is link to his blog post
with an interesting 5-year graph:
http://krebsonsecurity.com/2012/06/pharmaleaks-rogue-pharmacy-economics-101/
Need To Protect A Critical Machine?
This is the intro of a blog post I wrote Sunday June 24, 2012,
and there are some graphs related to this story you can see at
my blog:
http://blog.knowbe4.com
"First of all, I have no dog in this fight, and no product to sell you.
But I have seen the antivirus industry from the inside out, and I have
paid a lot of attention to the Virusbulletin website for a long time.
Recently, a few things have made me realize that it’s time to turn
things upside down. You can no longer protect against the bad, Stuxnet
and Flame bear witness to this fact; the AV industry did not detect
these for years. The graph on the left shows the good executables
compared to the bad (malware) executables in 2002. Now, let’s look
10 years later. Malware writers have fast-forwarded a few generations
ahead, and automated generating malware. The next graph shows the
situation now. As you can see it is high time for the proverbial
paradigm shift." Click for the graphs:
whitelisting-not-antivirus/">http://blog.knowbe4.com/need-to-protect-a-critial-machine-use-
whitelisting-not-antivirus/
Powerful New System Admin Tool: InstantRevert
KnowBe4 has released a powerful new system admin tool: InstantRevert.
It’s for experienced System Admins that understand scripting and know
what applications they want to protect on the workstation, server or
in the cloud. Call it the Porsche Turbo of system admin tools. Why?
There is an incredible amount of power under the hood, and you -do-
need to know what you are doing!
We have given it the tagline ‘Real-time Compliance’ because with
InstantRevert you are able to determine your policy for an ideal
configuration – call it a 100% compliant state for either a workstation
or a (cloud based) server – and if assets covered by your policy
change, InstantRevert will immediately revert back to your specified
compliant configuration.
Yes, you read that right. You can protect files, registry entries,
processes and services, and if anything changes that shouldn’t,
InstantRevert will change it back immediately. From the system admin
perspective, let’s have a look at your immediate benefits: 1) Dramatic
reduction in help-desk tickets, 2) Significantly improved security,
3) Massive IT Operations time savings, 4) Audit time and costs reduced
50% or more.
Now, you are required to be compliant with your industry regulation,
internal security policies, or both. A major problem though is that
machines continually drift out of compliance (users, updates, etc).
Non-compliance on endpoints and servers is both costly and risky;
hackers exploit vulnerabilities in your network, and failing an audit
may cause regulatory trouble. You can be compliant in real-time
with InstantRevert! Here is the One Minute Video:
http://www.knowbe4.com/video-instantrevert/
Now that you understand what this powerful new tool can do for you,
download your full-function 5-machine eval here:
http://www.knowbe4.com/products/instantrevert/
Stop Phishing Security Breaches
Are you aware that many of the email addresses of your organization are exposed on the Internet and easy to find for cybercriminals? With these addresses they can launch (spear-) phishing attacks on your organization. This type of attack is very hard to defend against, unless your users are highly ‘security awareness’ trained.
IT Security specialists call it your ‘phishing attack surface‘. The more of your email addresses that are floating out there, the bigger your attack footprint is, and the higher the risk is. It’s often a surprise how many addresses are actually out there.
Find out now which of your email addresses are exposed. The Email Exposure Check (EEC) is a one-time free service. KnowBe4 customers with a Gold package get an EEC sent to them regularly so they can address the issues that are found. An example would be the email address and password of one of your users on a crime site. Fill out the form and we will email you back with the list of exposed addresses. The number is usually higher than you think.
Sign Up For Your Free Email Exposure Check Now
http://www.knowbe4.com/20120228-Primary/
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
Matt Harding is back with a new "Where In The World is Matt?" - 2012 edition:
http://www.flixxy.com/where-in-the-world-is-matt-2012.htm
Sixteen Spitfires flying in formation and then breaking off for some tail
chasing. Awesome sight and sound:
http://www.flixxy.com/16-spitfires-flying-together.htm
Magician Vitaliy Luzkar (24) - the winner of "Ukraine's Got Talent" 2011 Final:
http://www.flixxy.com/the-magic-of-vitaliy-luzkar-ukraine-got-talent-winner.htm
Easter Island Mystery Solved? Watch how the mysterious statues may very
well have 'walked' into place:
http://www.flixxy.com/archaeologists-walk-an-easter-island-statue-across-the-ground.htm
The Drop" by Perrier - a work of cinematic brilliance. When everything is
melting on Earth, a gorgeous heroine is sent into space to refresh the world::
http://www.flixxy.com/perrier-presents-the-drop-a-work-of-cinematic-brilliance.htm
A BMW M5 replicating a bullet being shot out of the barrel and penetrating
objects in super-slow motion:
http://www.flixxy.com/bmw-m5-recreates-shooting-apple-in-super-slow-motion.htm
Watch Formula 1 legend David Coulthard catch a golf ball flying through the air
using a 2012 Mercedes-Benz SLS AMG Roadster:
http://www.flixxy.com/golf-ball-vs-mercedes-benz-sls-amg-roadster.htm
Craig Jones proposed to his girlfriend Allison in style at New York City's
Bryant Park:
http://www.flixxy.com/flash-band-marriage-proposal-nyc.htm
Spectacular footage of a Kiwirail train attempting to plow a route through
"Arthur's Pass" New Zealand:
http://www.flixxy.com/train-plowing-through-deep-snow-in-new-zealand.htm
