CyberheistNews Vol 2, #45
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]
[/caption]
Scam Of The Week: 'Romney Almost President'
Remember that special events like elections or natural disasters make
the bad guys even more active than normal.
They use these events to social engineer people into clicking on links
they normally would not. Politics is especially charged at the moment,
so the new malicious email campaign that pretends to be from CNN is a
good example. It announces breaking news about Romney, but it leads to
a website with 'blackhole' malware which will infect their workstation.
Be especially wary during and -after- the election, where there will
be allegations that "the election was stolen" and cybercrime will use
election fraud as bait. I'm sure they are working on a campaign right
now that will lie in wait until right after the election. No matter
who wins, they will have phishing email ready to trap you. It just
happened after the Venezuela elections.
The bad guys are getting more crafty by the month; when you visit the
infected website with a hardened PC that is not able to pick up the
infections they want to spread, they resort to a page that looks identical
to the Adobe Flash Player download and tell you to download it, but it's
of course a fake and will install a trojan instead of Flash.
Remind your employees to be especially wary of these types of emails!
Panetta: Cyber Pearl Harbor
Thursday 10/11/2012, Defense Secretary Leon Panetta sent the U.S. another
warning, this time from the Intrepid museum in New York. It’s not the first
time we hear about derailed passenger trains or shut down power grids. As
a matter of fact, CNN reported all the way back in November 7, 1997 the
following: “We’re facing the possibility of an electronic Pearl Harbor,”
Deputy Secretary of Defense John Hamre told a congressional hearing.
“There is going to be an electronic attack on this country some time
in the future.”
After some Googling, it becomes clear that for the last 15 years, successive
Deputy Defense Secretaries have been warning about this very same threat.
But in the meantime, very little has actually been done about it. What
John Hamre predicted is now coming true. Through cyberspace, Iran has been
attacking our banking infrastructure, and some oil and gas companies in
the Middle East in retaliation for increased sanctions imposed by the West.
And let’s not forget Stuxnet, which of course also motivates Iran to make
our lives as miserable as they possibly can. It’s pretty simple to predict
that a more severe cyberattack will happen in the near future, with severe
being defined as more disruptive than a denial of service attack that does
not allow you in your bank’s website for a few hours or days.
Most organizations in the U.S. are woefully unprepared. President Obama
has been threatening with Executive Orders to get our cybersecurity house
in order, knowing full well that the genie is out of the bottle, as he
himself has been using cyberwarfare aggressively.
So, what to do?
We need to start spending a lot more time and money funding both cybersecurity
education and Research & Development. This needs to be done on the same
relative scale as the Manhattan Project. We need a new generation of
cyberwarriors, starting NOW. The very least we could do is give employees
all over the U.S. some high quality security awareness training.
If you are serious about this, email, fax or talk to your Representative and
voice your concern.
Cyberheist! Hackers Steal More Than $450,000 From Burlington City Bank
Helvetica, sans-serif;" align="left" valign="top">
(BURLINGTON, WA) -- "Things are not good these days in the Skagit County town
of Burlington. It appears that someone used a computer to steal $400,000 out
of a city account by simply transferring the money electronically out over
a two day period this week to various personal and business accounts throughout
the United States. The theft was first reported by the Skagit Valley Herald
newspaper which said that Burlington’s finance department reported the theft
Thursday. A posting on the city’s website advised residents who are autopay
customers for their utility bills to take immediate action because their
names and bank accounts may have been compromised." More:
http://www.skyvalleychronicle.com/BREAKING-NEWS/HACKERS-GET-AT-400-000-IN-TOWN-OF-BURLINGTON-S-BANK-ACCOUNT-1145200
Please Forward This Newsletter To Your Friends
There are 40,000 people getting CyberheistNews every week, but
we need to get the word out to many more, to protect everyone's
network. Please forward this newsletter to people you know, that can
benefit. Here is the link to subscribe:
http://www.knowbe4.com/cyberheist-news/
Quotes of the Week
"For it isn't enough to talk about peace. One must believe in it.
It isn't enough to believe in it. One must work for it." - Eleanor Roosevelt
"Peace cannot be achieved through violence, it can only be attained
through understanding." - Ralph Waldo Emerson
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/cyberheist-news/
NEW: Can Bad Guys Impersonate An Executive?
Can the bad guys impersonate one of your co-workers or your executives?
In other words, can your domain be spoofed? KnowBe4 can help you find out
with our new Domain Spoof Test.
This new Domain Spoof Test sheds light on a major potential vulnerability;
email servers not being correctly configured. Bad guys searching for
your organization's publicly available email addresses can find enough
information to attack your employees by impersonating (spoofing) a
co-worker or executive.
We offer a free one-time Domain Spoof Test (DST) that verifies whether a
hacker can disguise a malicious phishing email as a normal message from
someone within your organization, such as a manager or CEO/President. If
this is possible, hackers can easily launch a spear-phishing attack. To
learn more about how this works, and request a free domain spoof test for
your own domain name, click here and fill out the form:
http://www.knowbe4.com/domain-spoof-test/
“People at Skype” Return, Send Out Malicious Password Notifications
Eduard Kovacs at Softpedia reminded us of the following: "Remember the
cybercriminals that sent out fake voicemail notifications signed “The
People at Skype?” They’re back with a similar scheme, this time informing
recipients that their passwords have been successfully changed.
The bogus messages are decently designed but, as always, a typo slipped by,
see the exclamation mark: "Password successfully changed - Your new Skype
password has been set. You can now view your attached call history and
inscturtions(!) how to change your account settings. If the changes described
above are accurate, no further action is needed. If anything doesn't look
right, follow the link below to make changes: Restore password. Talk soon,
The people at Skype "
Unlike the “voicemail” campaign, where victims were lured to a malicious
website connected to threats such as the BlackHole exploit kit or the
infamous ZeuS malware, this time, surprisingly, the links from the email
actually point to skype.com.
However, the file that’s attached to these emails is anything but innocent.
It actually hides a piece of malware that’s identified by Sophos solutions
as Troj/Backdr-HN. Once it makes itself cozy on a computer, the threat
opens a backdoor, giving cybercriminals unrestricted access to the device."
Don't fall for it. Think Before You Click!
Exposing the Money Behind Malware
Our friends at Sophos are holding a webcast I think you might like.
It's Tuesday, October 23, 2012, 11:00 AM PT / 2:00 PM ET.
Today’s cybercriminals are driven by one thing - money. They use many
techniques to sell products, steal login details, install ransomware and
more to monetize their activity. The bad guys must take many steps for
the entire process to work and every step along the way is another
opportunity for us to break the chain. Join Chet Wisniewski, Senior
Security Advisor at Sophos to learn about latest threats and how these
criminals are making money by compromising your computer and data.
He'll discuss:
- How cybercrime works
- The money behind the malware
- The cybercriminals network
- Threat protection strategies
- Register today and be prepared for tomorrow:
https://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F;=1005006&
Prepaid Cards Go Mainstream – Watch For New Scams
Wal-mart and American Express have started a joint venture to sell prepaid
Bluebird cards, stamped with AmEx’s familiar blue and white logo. It will
be sold online and at Wal-mart’s 3,925 stores in the U.S. Prepaid cards
are not debit cards, they are not linked to any account, the card user
just loads cash onto the card, and then uses the card to buy things.
This is an attractive market for Wal-mart, prepaid cards are growing more
than twice as fast as credit- and debit cards. The top 50 prepaid cards
issuers sold $79.9 billion worth of purchases in 2011, up 25% from 2010.
Now, what are the scams you can expect? There are too many to contemplate.
One scheme that is easy to predict is that the bad guys will set up complete
fake websites that look just like the AmEx/Wal-mart one where they sell
the bluebird card online, promote this site with zillions of spam and
tell people they can order cards online with their credit card. When the
victim fills out the form, their credit card information is stolen and
used for fraud. The potential for fraud is only limited by the creativity
of the bad guys who now want to benefit of a main brand moving into the
until now a bit murky prepaid market. Wall Street Journal has much more
about this new announcement:
http://online.wsj.com/article/SB10000872396390444897304578044313831625492.html
Microsoft Security Compliance Manager 3.0 Beta Download Available
Security Compliance Manager 3.0 (SCM 3.0) is now available for download!
SCM 3.0 is a free tool from the Microsoft Solution Accelerators team that
enables you to quickly configure and manage both desktops and servers
using Group Policy and Microsoft System Center Configuration Manager.
In addition to key features from the previous version, SCM 3.0 offers
new Windows Server 2012, Windows 8, and Internet Explorer 10 baselines.
http://blogs.technet.com/b/configurationmgr/archive/2012/10/01/the-microsoft-security-compliance-manager-3-0-beta-is-now-available-for-download.aspx
Prevent Email Phishing
Want to stop Phishing Security Breaches? Did you know that many of the
email addresses of your organization are exposed on the Internet and
easy to find for cybercriminals? With these addresses they can launch
spear-phishing attacks on your organization. This type of attack is
very hard to defend against, unless your users are highly ‘security
awareness’ trained. IT Security specialists call it your ‘phishing
attack surface‘. The more of your email addresses that are floating out
there, the bigger your attack footprint is, and the higher the risk is.
Find out now which of your email addresses are exposed with the free
Email Exposure Check (EEC). An example would be the email address and
password of one of your users on a crime site. Fill out the form and
we will email you back with the list of exposed addresses. The number
is usually higher than you think.
Sign Up For Your Free Email Exposure Check Now:
http://www.knowbe4.com/email-exposure-check/
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
If you missed it this weekend, or if your connection timed out or
was choppy, here is a 14 minute high-def summary of Austrian Felix
Baumgartner who has broken the record for the highest ever skydive by
jumping out of a balloon 128,000ft (24 miles, 39 km) above New Mexico:
http://www.flixxy.com/felix-baumgartner-stratospheric-jump.htm
This week's mini vacation. Ever wondered what it might be like to take
a cruise across the Panama Canal? Here goes!
http://www.flixxy.com/why-is-the-sky-dark-at-night.htm
Take a ride on the Sukhoi Su-25UB jet from the viewpoint of a GoPro
camera mounted on the tip of the wing:
http://www.flixxy.com/ride-on-the-wing-of-a-sukhoi-su-25.htm
The supersonic Concorde is considered to be the most beautiful passenger
aircraft as well as a brilliant example of far-sighted design. This
short was made in 2003, the year that Concorde retired:
http://www.flixxy.com/concorde-27-supersonic-years.htm
Watch the incredible close-up magic of French magician Etienne Pradier:
http://www.flixxy.com/signed-card-in-sealed-bottle-magic-by-etienne-pradier.htm
Fifty-one clever James Bond quotes featuring Sean Connery, George Lazenby,
Roger Moore, Timothy Dalton, Pierce Brosnan and Daniel Craig:
http://www.flixxy.com/51-clever-james-bond-quotes.htm
Classic:500 Years of female portraits morphing. Nominated as “Most
Creative Video” - 2007 YouTube Awards:
http://www.flixxy.com/women-in-art-morphing-hd.htm
Cute animals of the week: The Woodstock Sanctuary recently rescued two dozen
ducks who had been kept in pens their entire lives:
http://www.flixxy.com/rescued-ducks-go-swimming-for-their-first-time.htm
“Can you fix my Windows 95 computer?”: How to troll a tech support
scammer. Very funny but NFSF:
http://tpt.to/a2PZ6hq
Beatles Fan? Replicating John Lennon's "Mr. Kite" poster:
http://boingboing.net/2012/10/09/replicating-john-lennons-m.html
Take a look at how Boeing assembled the 787 Dreamliner for Air India:
http://www.flixxy.com/boeing-787-dreamliner-assembly-in-two-minutes.htm
James May from Top Gear test drives an Ekranoplan (between a hovercrstaft
and an airplane), a mode of transportation developed in the cold war:
http://www.flixxy.com/ekranoplan-ground-effect-vehicle-top-gear.htm
