CyberheistNews Vol 2, #43
Editor's Corner
Scam Of The Week: Pin-code Trick
Organized crime has taken an old trick and gave it new clothes. You could
forward this to your users and warn them about this. Here is how it goes.
The cybercriminal makes an unsolicited call to the victim, claims they are
from their bank, and urges them their card needs to be replaced because
of fraud.
The scam artist often suggests the person should hang up and call the
bank back to ensure the call is for real, and conveniently provides a
phone number to call. However, by giving a bogus number and staying on
the line, the fraudster continues the scam.
Next, the scammer will ask the victim to key in their Pin code on the
touch-tone phone keypad, and records this. Next, they send a motorcycle
courier to pick up the card, which then goes straight to the scammer
who now has the pin, which is easy to translate back into numbers from
the recorded phone call. It is a known trick in a new form, and it's
organized cybercrime gangs that commit this fraud, usually in big
cities.
Your bank or any other financial institution will never cold-call or email
you and ask you for your login details, card numbers or pin. If anyone
does, hang up the phone or delete the email. Stop - Look - Think!
October is National Cyber Security Awareness Month!
October is National Cyber Security Awareness Month. The theme for National
Cyber Security Awareness Month is, “the Internet is a shared resource and
securing it is our Shared Responsibility.” We all need to do our part to
make the Internet safer and more secure. But what is your part?
Well, that depends on where and how you use the Internet. Governments,
large and small companies, schools, non-profits and individual technology
users should be aware of the vulnerabilities they might experience and
take measures to address them. Additionally, in October we ask everyone
to take some time to educate the people in their orbit about staying safe
online. Much more (ideas how to do that) at the StaySafeOnline.Org site:
http://www.staysafeonline.org/blog/october-is-national-cyber-security-awareness-month/
Please Forward This Newsletter To Your Friends
There are 40,000 people getting CyberheistNews every week, but
we need to get the word out to many more, to protect everyone's
network. Please forward this newsletter to people you know, that can
benefit. Here is the link to subscribe:
http://www.knowbe4.com/cyberheist-news/
Quotes of the Week
"Freedom is never more than one generation away from extinction." - Ronald Reagan
"Conformity is the jailer of freedom and the enemy of growth." - John F. Kennedy
"It has become appallingly obvious that our technology has exceeded our
humanity." - Albert Einstein
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/cyberheist-news/
Get Your Free FULL Copy Of 4-Star E-book 'Cyberheist'
Ben Rothke, an IT security specialist and author, recently reviewed my
book 'Cyberheist' and gave it 4 stars! He ended off with: “At under 200
pages, Cyberheist: The biggest financial threat facing American businesses
since the meltdown of 2008 is not the definitive text or the most
comprehensive one on the topic. But for those looking for a brief
and easy to read overview of the topic, with a lot of real-world
advice, Cyberheist: The biggest financial threat facing American
businesses since the meltdown of 2008 makes for a good read.”
Register Now For Your Free FULL Copy (instant PDF Download)
http://www.knowbe4.com/free-e-book/
Bank Cyberattack: Is Your Money Safe?
Last week several large U.S. banks were attacked, and of course the media
were all over it, making it seem like the whole country has been affected.
Well, what is happening are so-called 'Denial of Service Attacks'. The
attackers have recruited a bunch of their friends and they are all bombarding
the same website with traffic, which makes that website either slow or simply
not available. Yes, annoying but not a disaster.
It's a bit more troublesome than usual though. Normally hacktivists have a
few people activate a botnet, send the attack and that does the trick. This
time, it's not just that. The attackers used a single toolkit in building
the programs that sent mostly junk data over the Internet to the banks'
servers, and it comes from many different places.
Atif Mushtaq, a security researcher for FireEye who monitored the attack
traffic, has said he believes it was generated on hundreds of thousands of
computers, many of which were likely owned by sympathizers of the attackers
recruited through websites and social networks. The attackers probably
used a combination of hacked computers and volunteers.
Only a handful of groups have the sophistication to launch such an attack
against large U.S. banks. If you look at who has the capacity to pull this
off, that's either organized crime, or it is nation-state sponsored. They
throw a LOT of traffic at the banks, but in a case like this which is
basically low-level harassment, the banks need to grin and bear it, upgrade
their capacity to handle these things, and write it off as cost of business.
Your Pad or Mine?
I received the following email today, which alerted me to something
that I more or less knew, but Gartner actually put a hard number on
this. Ouch.
"Many of today's endpoints are neither known nor protected. According to
Gartner, enterprises are only aware of 80 percent of the devices on
their network. Those 20 percent of unknown devices are inside the
perimeter of the network, are unmanaged and provide users with access.
They are small, varied and highly mobile, and they are loaded with
their own applications, can act as WAPs, and often contain outdated
firmware or are jailbroken. Even as the devices are accessing personal
applications on the web, they are also accessing corporate resources
such as e-mail-all from the very same unmanaged devices, which have
not been vetted by the security organization." It's an invitation
for a whitepaper by ForeScout that talks about their NAC:
http://www.itwhitepapers.com/?option=com_categoryreport&task;=viewabstract&pathway;=no&title;=21056&
.xxx Has Launched Porn Search Engine: BLOCK
Here is a reason to get a web filter appliance or create firewall rules
that can block specific domain names. The company behind the .xxx top-level
domain has launched a search engine in an effort to drive more traffic
to .xxx websites and give pornography fans a 'more satisfying search
experience'. Sheesh.
ICM Registry is the owner of the 9-month-old .xxx Top Level Domain, (TLD)
and has opened Search.xxx for business late September 2012. The new search
engine claims to give users a more streamlined searching process, and
states that they will help users from viruses and malware and help guard
their privacy. Yeah, sure.
What they claim is practically impossible. Here are some astounding numbers.
Last year, it was pretty normal for 150,000 new domains to be registered
with generic TLDs alone in a single day. And on average 12 percent of the
total websites contain pornography. Do the math yourself, no search
engine can keep up with cataloging and making sure that all these sites
are malware free.
The search engine has cataloged 21 million Web pages from .xxx sites.
They seem to use McAfee security products to do the scans, which does
not reassure me. In short, that would be pretty much the first domain I
would block with everything in my power as an administrator. Porn websites
have been notorious for infecting users' computers with malware, let alone
the lawsuits you get for sexual harassment if you allow that kind of stuff
in your network. Block the www.search.xxx domain NOW!
Here are some more Internet pornography statistics. It is a tried and true
way to social engineer people to click on links and infect their workstations:
Prevent Email Phishing
Want to stop Phishing Security Breaches? Did you know that many of the
email addresses of your organization are exposed on the Internet and
easy to find for cybercriminals? With these addresses they can launch
spear-phishing attacks on your organization. This type of attack is
very hard to defend against, unless your users are highly ‘security
awareness’ trained. IT Security specialists call it your ‘phishing
attack surface‘. The more of your email addresses that are floating out
there, the bigger your attack footprint is, and the higher the risk is.
Find out now which of your email addresses are exposed with the free
Email Exposure Check (EEC). An example would be the email address and
password of one of your users on a crime site. Fill out the form and
we will email you back with the list of exposed addresses. The number
is usually higher than you think.
Sign Up For Your Free Email Exposure Check Now:
http://www.knowbe4.com/email-exposure-check/
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
Your 5-minute vacation this week: The Great Pyramid of Giza in Egypt -
the tallest man-made structure in the world for over 3,800 years -
viewed from a model helicopter:
http://www.flixxy.com/the-great-pyramid-of-giza-viewed-from-a-model-helicopter.htm
Synchronized flyboarding on water-powered flying surfboards. Cool:
http://www.flixxy.com/synchronized-flyboarding.htm
5-year-old Tsung Tsung from Hong Kong plays the piano like a pro:
http://www.flixxy.com/tsung-tsung-5-year-old-piano-prodigy.htm
Dance troupe Bandaloop performs on and off the vertical wall of a
30-story building with slow-motion elegance:
http://www.flixxy.com/dance-troupe-bandaloop-defies-gravity.htm
A legendary journey on a glamorous train, featuring Daniel Craig and
Bérénice Marlohe from the upcoming new James Bond film "Skyfall":
http://www.flixxy.com/007-the-express.htm
I went to see 'Looper' this weekend, so since Hollywood seems to have
a lot more experience at time travel than anyone else, here is the
cinematic explanation, flux capacitor included!:
http://www.flixxy.com/how-time-travel-works-in-movies.htm
The Brazilian driver who won the "24 Hours of Nürburgring 2010" Augusto
Farfus took his wife Liri on a 'tour' of the Nürburgring circuit in Germany.
A Brazilian friend of mine gives her the prize for most annoying voice. Any
similarities with other husband and wife teams are purely coincidental. LOL:
http://www.flixxy.com/race-car-drivers-wife-gets-thrill-of-her-life.htm
Two Gals, Two Guys, A Boston Sidewalk. Great Sound! Lake Street Dive
Plays "I Want You Back":
http://www.youtube.com/watch?v=6EPwRdVg5Ug
iOS 6 Maps: an explanation from Apple (parody):
http://www.youtube.com/watch?v=ZDnFNUqf3hg
"Somebody That I Used to Know" - Old School Computer Remix (Video). HP
Scanjet 3C as the vocals, Amiga 600 on bass and guitar, hard drives as
drums and cymbal and a microcontroller on the xylophone:
http://www.flixxy.com/somebody-that-i-used-to-know-old-school-computer-remix.htm
