CyberheistNews Vol 2, #35
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]
[/caption]
KnowBe4 Makes InfoWorld Headline
This is a pretty big deal. Security Awareness Training does not usually
make front-page news at InfoWorld. Peter Bruzzese, InfoWorld’s 'Enterprise
Windows' columnist interviewed me last week about our partnership with
Kevin Mitnick. He had stepped through our Kevin Mitnick Security Awareness
Training and asked me how it was to cooperate with a world-famous ex-hacker.
The interview came out great and I think you are going to enjoy reading it
over at InfoWorld. The article is called ‘Ex-hacker spills secrets of
fighting social engineering’. Link Here!:
http://www.infoworld.com/d/microsoft-windows/ex-hacker-spills-secrets-of-fighting-social-engineering-199040?page=0,0
Quotes of the Week
"No matter how hard the past, you can always begin again." - Buddha
"Unfortunately most people only realize backing up is a good idea once
they've got nothing left to back up." - Chris Boyd
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/about-us/cyberheist-news/
Released! Kevin Mitnick Security Awareness Training
Traditional once-a-year Security Awareness Training doesn’t hack it
anymore. Today, employees are frequently exposed to sophisticated
phishing attacks, and your users are now the weak link in your
network security. They need to be trained by an expert, and after
the training stay on their toes, keeping security top of mind.
Click on the orange 'Get A Quote' button and find out how affordable
this is!
http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/
Busy? Just take 90 seconds and watch this brand new video about the
new Kevin Mitnick Security Awareness Training . You'll be glad you did:
http://www.knowbe4.com/video-kevin-mitnick-security-awareness-training/
Cyber Attacks on Small Organizations Double
New data from Symantec's new June 2012 Intelligence report shows that
cyber attacks aimed at smaller organizations (250 or less employees)
have significantly increased during the past six months. This number
corresponds to anecdotal evidence from other sources that small business
is suffering six-figure losses from sophisticated cyberheists.
The Symantec reports shows that attacks against small businesses doubled
in the first six months of 2012 compared to the second half of 2011,
and that 36 percent of all targeted attacks (58 per day) during the
last six months were directed at businesses with 250 or fewer employees.
That figure was 18 percent at the end of Dec. 2011. (Hat Tip to Brian Krebs):
http://www.symantec.com/about/news/release/article.jsp?prid=20120710_01
Never Use The Same Password Twice - Here's Why
We all know Dropbox, they confirmed a security breach which exposed
Dropbox customer data, but there is a twist to this one. Dropbox users
in Europe suddenly started receiving spam from online casinos. How
did the spammers get these email addresses? They were in a document
that was stolen from the Dropbox account of one of the Dropbox' employees.
The hacker got in because of a different attack on another website; the
dropbox employee used the same password for both accounts. BZZZZZZ - Fail!
Dropbox says it plans to introduce two-factor authentication in the
coming weeks, but did not offer any more information beyond that.
This is a great example for your security awareness program why it is
not a good idea to reuse passwords across multiple systems, especially
on your corporate machines. Password vaults like LastPass are effective
and cheap.
Apple 'Social Engineered' – Allows access to iCloud
Former Gizmodo reporter Mat Honan was hacked hard. He found out that an
AppleCare technician fell victim to a social engineering attack and
allowed access to the wrong account: his. That error allowed Honan’s
personal email and Twitter accounts to be hacked, as well as the Gizmodo
blog official feed.
The hacker wiped Honan’s iPad, iPhone and MacBook, and locked him out of
his email accounts. Then started further mayhem by spamming the Gizmodo
Twitter feed. Honan currently works for Wired, and thought initially
the hackers ‘bruteforced’ his password, but that turned out to be not
the case. Forbes contributor Adrian Kingsley-Hughes posted more details
about this August 5th and faulted Apple for allowing iCloud access to
the wrong person.
This is exactly the reason that Kevin Mitnick and I wrote a brand new
security awareness training course from scratch, to help organizations
inoculate their employees against these types of attacks. This is the
story that Mat Honan wrote about it. Note that if he had used Gmail's
2-factor authentication this would never have happened:
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/
ID Theft May Cost IRS $21B Over Next Five Years
ComputerWorld reported: "The dead can't speak for themselves. But they
can apparently file U.S. tax returns. A new audit of the Internal Revenue
Service (IRS) has found the agency paid refunds to criminals who filed
false tax returns, in some cases on behalf of people who had died, according
to the Treasury Inspector General for Tax Administration (TIGTA), which
is part of the U.S. Treasury.
The IRS stands to lose as much as US$21 billion in revenue over the next
five years due to identity theft, according to TIGTA's audit, dated July
19 but publicized on Thursday. TIGTA noted that the IRS did not agree with
the $21 billion figure, but wrote that the figure does include estimated
savings from new fraud control filters. Without new controls, TIGTA
estimated losses of $26 billion.
Part of problem is that the IRS is not gathering enough data about fraud
trends, such as how a return was filed, income information from W-2 forms,
the amount of refunds and where those refunds were sent, TIGTA said.
"We found that $8.1 million in potentially fraudulent tax refunds involved
tax returns filed from one of five addresses," the audit said. More:
http://www.computerworld.com/s/article/9229939/ID_theft_may_cost_IRS_21B_over_next_five_years?
More Than Half Of Top 20 Fortune 500 Firms Infected With Gameover Zeus Botnet
The Gameover Zeus botnet is now the biggest financial fraud botnet
around, and it’s run by a single cybercrime group out of Eastern Europe,
according to new research. Brett Stone-Gross, senior security researcher
with Dell Secureworks, has been closely monitoring the botnet since late
April, with his team “crawling” the peer-to-peer botnet to determine
its size and scope, and counted some 678,205 infected bots. He published
his overall findings on the inner workings of the botnet last week during
Black Hat USA. “There’s one group behind it,” Stone-Gross says. “And it’s
the largest financial botnet out there. Note that the vast majority of
these infections are caused by social engineering, and that security
awareness training is an essential part of defense against this. Here is
the link at the darkreading site.
attacks-breaches/240004672/more-than-half-of-top-20-fortune-500-firms-
infected-with-gameover-zeus-botnet.html">http://www.darkreading.com/vulnerability-management/167901026/security/
attacks-breaches/240004672/more-than-half-of-top-20-fortune-500-firms-
infected-with-gameover-zeus-botnet.html
Need To Delete A BotNet From 532 Workstations and 32 Servers?
Do It In 10 Minutes.
An end-user clicked on a phishing link and a worm infected his whole
network. How do you get rid of it?
1) Find out what the name is of the executable.
2) Create a Policy and tell it: a) Delete executable b)
Block it from running.
3) Assign the policy to all infected servers and
workstations.
Voila! 10 minutes later the malware is deleted and blocked
from even starting up. The product to use? InstantRevert! Real-time
compliance bought to you by KnowBe4. Learn more about it here:
http://www.knowbe4.com/products/instantrevert/
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
A selection of some of the most awesome and amazing video clips featuring
cars, golfers, kite surfers, a kangaroo, baby polar bears, dolphins,
fireworks and more!
http://www.flixxy.com/awesome-and-amazing-2012.htm?utm_source=4
This week's Mini virtual vacation! Take a tour of Paris, the 'City of Light',
with this beautiful 'Walk-Lapse' video by Mayeul Akpovi::
http://www.flixxy.com/a-walk-lapse-through-paris.htm?utm_source=4
Ramesh Raskar and his team at MIT have invented a camera that can photograph
light itself in slow motion. These are 11 very interesting minutes:
http://www.flixxy.com/a-camera-that-captures-one-trillion-images-per-second.htm
A camera crew captures Great White Sharks jumping out of the water in
stunning slow motion HD:
http://www.flixxy.com/slow-motion-shark-attack-1080p-hd.htm
Into watches? The new Pebble E-Paper Watch for iPhone and Android is
pretty cool:
http://getpebble.com/
Monster mecha with smile-controlled gatling guns makes public debut:
http://youtu.be/2iZ0WuNvHr8
Know what the PING command is? Then check out this screen, just happened
on Monday. And you think YOU have latency issues!
https://twitter.com/ErrataRob/status/232366477683081216/photo/1/large
The first car ever that can drive on land, on water and underwater:
http://www.flixxy.com/worlds-first-underwater-car-rinspeed-squba.htm?utm_source=4
Experience a marvelous birds-eye view of some of the most beautiful scenery
in America:
http://www.flixxy.com/flying-over-america.htm?utm_source=4
Cute animal of the week Fave. Jesse, the Jack Russell Terrier, is back and
he’s got a brand new useful set of skills to show off:
http://www.flixxy.com/useful-dog-tricks-3.htm?utm_source=4
