CyberheistNews Vol 2, #28
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]
[/caption]BIG NEWS: Kevin Mitnick Partners With KnowBe4
Late last year the Wall Street Journal wrote an article about social
engineering. They concluded that the end-user was the weak link in IT
security, quoted some experts in the field and talked about possible
solutions. KnowBe4 was mentioned in the article, and so was Kevin Mitnick,
who in the mid-nineties was the Worlds most wanted hacker, and who now
is a successful security consultant and keynote speaker.
I called Kevin and suggested that together we could create world-class
Internet Security Awareness Training. He told me he had wanted to do that
for a long time and Kevin joined KnowBe4 as our Chief Hacking Officer.
Look for some exciting announcements in the near future! Here is a link
to the Blog post with the full Press Release:
http://blog.knowbe4.com/kevin-mitnick-partners-with-knowbe4/
Scam Of The Week: Never check Your Password. Change It!
This is something I suggest you send to all employees.
The last few weeks, it came to light that some major websites were hacked
and millions of passwords were leaked. LinkedIn is only one of them. A
few hours later, a website appeared called LeakedIn, that allowed you
to enter your password, they then encrypted it the way LinkedIn did,
and compared it to the list of stolen passwords. A red light meant that
your password was stolen.
There is something very wrong with checking if your password was leaked.
First of all, who are these LeakedIn people? Could be a social engineering
trick to get your password! Worse, they might be well-meaning but what
about the bad guys compromising their website?
If there is credible news that a website you often visit has been hacked,
and passwords leaked, use your bookmark to go to that website and change
to a strong password or passphrase. And please note, if you get an email
that looks like it is from one of your fave websites, states that you need
to change your password, and has a link to click on, NEVER CLICK THE LINK.
This is very likely a phishing email. Always use your own bookmark or type
in the name of the site in your browsers address bar. That way you are
sure you are on the actual site, instead of a fake. To end off, while you
are at it, if you have used that same password on other sites, go there
and change the password as well.
Yes, I know it is hard to keep track of all these sites and passwords, so
we all tend to use the same password all over the place. That is a major
security no-no. Use a password manager that can generate secure passwords
and automatically logs you in. I have been using lastpass for a few years
and like it a lot.
Quotes of the Week
"Should we fear hackers? Intention is at the heart of this discussion." - Kevin Mitnick
"Companies spend millions of dollars on firewalls and secure access
devices, and it's money wasted because none of these measures address
the weakest link in the security chain: the people who use, administer
and operate computer systems" - Kevin Mitnick
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/about-us/cyberheist-news/
Users Are The Weak Link In IT Security
Youre an IT pro. You know that users are the weak link in IT security. But did you know that almost half of all your network malware infections are caused by social engineering? And that 99% percent of malicious action starts on workstations before they penetrate your servers? Because cyber-attacks are rapidly getting more sophisticated, the frustration level and risk continues to mount for IT Administrators and Security teams. Take the first step now to improve your organizations defenses against cybercrime. Find out what percentage of your users is Phish-prone. Start your Free Simulated Phishing Attack Now:
http://www.knowbe4.com/simulated-phishing-attack/
Double-check That Cashier's Check
The fake cashiers check scam has gotten more sophisticated.
Cathy Bussewitz at the pressdemocrat site reported on this one: "It
usually starts when a seller posts a big-ticket item on Craigslist.
Then comes a text message from an eager buyer. Next comes the cashiers
check, which looks real enough. But the check is written out for more
than the items listed price, so the buyer asks the seller to wire the
difference to a shipping company. This type of scam, involving online
sales, fake cashiers checks, overpayments and requests to wire funds
to far-away shipping companies, is playing out on susceptible victims
in Sonoma County and beyond. Here is the article:
http://www.pressdemocrat.com/article/20120608/ARTICLES/206081028?tc=ar
Survey Says: ACH Fraud Losses Down
Its not all bad news! Tracy Kitten over at BankInfoSecurity reported
on a positive trend. "Banks are doing a better job of staving off losses
linked to incidents of corporate account takeover despite increases in
online-banking attacks, a new survey shows. Its a good sign, and probably
one that reflects investments banks and credit unions have made to improve
fraud detection and prevention. Losses suffered by corporate customers
totaled $490,000 for the first half of 2011, compared with $1.16 million
for all of 2010." Here is the post:
http://www.bankinfosecurity.com/blogs/survey-says-ach-fraud-losses-down-p-1298
Half of Small Businesses Not Concerned About Security Breaches
[INFOGRAPHIC] Shred-It conducted a survey among 1,136 U.S. small business
owners with companies of fewer than 100 employees, and 100 corporate-level
executives who work for companies with a minimum of 500 employees. Its
important to note that the study was conducted in April 2012, a few weeks
before the LinkedIn and eHarmony password hackings came to light.
"About 61% of C-level respondents said they have someone at the company
overseeing data-security issues, while 46% of small business owners said
they do not. Meanwhile, 33% of corporate-level executives said that lost
or stolen data would have a severe impact on the business. About 51% of
small business owners it would not have that much of an impact." Here is
the infographic:
http://mashable.com/2012/06/15/security-breach-infographic/
Stop Phishing Security Breaches
Are you aware that many of the email addresses of your organization are exposed on the Internet and easy to find for cybercriminals? With these addresses they can launch (spear-) phishing attacks on your organization. This type of attack is very hard to defend against, unless your users are highly security awareness trained.
IT Security specialists call it your phishing attack surface. The more of your email addresses that are floating out there, the bigger your attack footprint is, and the higher the risk is. Its often a surprise how many addresses are actually out there.
Find out now which of your email addresses are exposed. The Email Exposure Check (EEC) is a one-time free service. KnowBe4 customers with a Gold package get an EEC sent to them regularly so they can address the issues that are found. An example would be the email address and password of one of your users on a crime site. Fill out the form and we will email you back with the list of exposed addresses. The number is usually higher than you think.
Sign Up For Your Free Email Exposure Check Now
http://www.knowbe4.com/20120228-Primary/
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
This week's virtual vacation! Follow Kevin Kelly on his trip through Taiwan,
China, Singapore, Burma, India, Korea and Indonesia - all in 90 seconds:
http://www.flixxy.com/one-minute-vacation-in-asia.htm
An impressive aerobatics display by jet pilot Michaël Brocard at the
largest air show in Switzerland:
http://www.flixxy.com/jet-aerobatics-switzerland.htm
A visual explanation of how the Internet actually works. Ride with a packet
of data and follow it as it flows from your fingertips, through circuits,
wires, and cables, to a host server, and then back again, all in less than
a second. Fun to send to your employees:
http://www.flixxy.com/how-the-internet-works.htm
Richart Sowa lives on an island that that he made himself, using 100,000
discarded plastic bottles as a floating support structure:
http://www.flixxy.com/eco-friendly-floating-plastic-bottle-island.htm
Can you predict what the dominant new technology will in 75 years? Belgian
visionary Paul Otlet imagined the Internet in 1934!:
http://www.flixxy.com/1934-vision-of-the-internet.htm
Tactical stabbing pen adds handcuff key and other stuff. I got one for
Father's day, w00t:
http://boingboing.net/2012/06/16/tactical-stabbing-pen-adds-han.html
How many hours does it take to make a flamenco guitar? Wow:
http://www.good.is/post/intermission-the-art-of-making-a-flamenco-guitar/
Friesian Horses are known to be beautiful, versatile, athletic, kind,
willing, and are able to do anything:
http://www.flixxy.com/the-beautiful-friesian-horse.htm
Dogs in cars doing what they love to do ... in California:
http://www.flixxy.com/dogs-in-cars-california.htm
Philosophers World Cup by Monty Python, now -that's- a way to play soccer:
http://www.flixxy.com/philosophers-world-cup.htm
