CyberheistNews Vol 2, #49
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]
[/caption]Scam Of The Week: Apple Invoices
As predicted, holiday scams are at an all-time high. Here is the
best example: fake Apple invoices being sent in high volume that claim
you have been charged for a large purchase from Apple. If you click
on these, they lead to the Blackhole exploit kit that drains your bank
account. There are some other innovative attacks doing the rounds too:
1) FDIC spamvertising with 'Your activity is discontinued', tricking
users into believing that their ability to send Domestic Wire Transfers
is disabled;
2) Twitter attacks getting more subtle, where you first need to open the
mentioned account to get the payload;
3) Tsunami spam that 'warns' users and tells them to click on a link
to see the video;
4) More Twitter scams that they are going to start charging for their
up to now free service.
Tell your employees to stay safe out there!
The Huge Damage That ONE Click Can Cause
In August 2012, yet not reported until October, -one- malicious email
opened by an employee of the South Carolina Department of Revue caused
a massive cyberattack – theft of 3.8 million tax returns, Social Security
numbers of 1.9 million people, access to data on 699,900 business tax
returns and 3.3 million bank accounts. Attacks like this could have been
be prevented by training employees not to fall for attacks by hackers
using phishing emails.
An international hacker sent a few South Carolina Department of Revenue
employees a phishing email. Unfortunately, one employee unknowingly clicked
on the link. From that one click, the cybercriminal was able to steal
the employee's user name and password. For weeks after, the cybercriminal
started copying large amounts of information and transferring them onto
zip files that were transferred outside of the system.
A friend of mine sent me this: "Send someone a 'phish' and he may be in
big trouble – teach someone to avoid 'phishing' and he’ll be a happy surfer
for a lifetime." You can add being a "safe surfer" to that as well, so
you should really consider stepping all your users through our Kevin
Mitnick Security Awareness Training:
http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/
Quotes of the Week
"When everything seems to be going against you, remember that the
airplane takes off against the wind, not with it." - Henry Ford
"The greatest enemy of knowledge is not ignorance but the illusion
of knowledge." - Stephen Hawking
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/cyberheist-news/
Prevent Email Phishing
Want to stop Phishing Security Breaches? Did you know that many of the
email addresses of your organization are exposed on the Internet and
easy to find for cybercriminals? With these addresses they can launch
spear-phishing attacks on your organization. This type of attack is
very hard to defend against, unless your users are highly ‘security
awareness’ trained. IT Security specialists call it your ‘phishing
attack surface‘. The more of your email addresses that are floating out
there, the bigger your attack footprint is, and the higher the risk is.
Find out now which of your email addresses are exposed with the free
Email Exposure Check (EEC). An example would be the email address and
password of one of your users on a crime site. Fill out the form and
we will email you back with the list of exposed addresses. The number
is usually higher than you think.
Sign Up For Your Free Email Exposure Check Now:
http://www.knowbe4.com/email-exposure-check/
With No Policies In Place, How Can Staff Be Blamed?
Chris Pirillo of Lockergnome fame found this one, it's from the U.K
but I think it's pretty much the same here in the U.S. "It is something
that I would never have thought possible. Something that defies logic.
A story yesterday on PC Advisor states that 52% of companies surveyed
in the U.K. have no guidelines for security in place.
It reminds me of a few places where I’ve been called in to do some
work, and after assessing the trouble as something from an errant
employee’s unknowing exploits, I’ve been told that the staff was trusted,
so nothing they did could have been their fault.
In most cases, rather than assault the logic of their assessment, it was
better to simply get to work on the problems, and know that I’d be back
again, over time. AVG, the security company, states a few things in the
article, a few of them quite alarming in this day of multiple threats,
and super-slim profits for many smaller businesses. More:
http://www.lockergnome.com/uncategorized/2010/11/20/with-no-policies-in-place-how-can-staff-be-blamed/
Cybersecurity Bill Demise Means Executive Order Instead
Get ready for some reading. The demise of the Cyber Security Act of
2012 (CSA) clears the way for President Obama to issue an executive
order (EO) implementing at least some of the major elements of the
bill. And some political observers say that has been Senate Majority
Leader Harry Reid's endgame since the bill failed the first time in
August. Taylor Armerding over at the CSO website has some good insights:
http://www.csoonline.com/article/721979/demise-of-cybersecurity-bill-means-executive-order-on-the-way?
MoneyGram Fined $100 Million for Wire Fraud
Brian Krebs was right all along. Cybercriminals have been using
Moneygram for years to transfer cash out of the country: "A week ago
Friday, the U.S. Justice Department announced that MoneyGram International
had agreed to pay a $100 million fine and admit to criminally aiding and
abetting wire fraud and failing to maintain an effective anti-money
laundering program. Loyal readers of this blog no doubt recognize the
crucial role that MoneyGram and its competitors play in the siphoning of
millions of dollars annually from hacked small- to mid-sized business, but
incredibly this settlement appears to be unrelated to these cyberheists.":
http://krebsonsecurity.com/2012/11/moneygram-fined-100-million-for-wire-fraud/
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
In the city of Tarragona, Spain, "castellers" gather every two years
to see who can build the highest, most intricate human castles:
http://www.flixxy.com/human-towers-in-spain.htm
This truck doesn't need a bridge:
http://www.flixxy.com/this-truck-doesnt-need-a-bridge.htm
Watch what happens when you 'upgrade' a tractor with a Volvo 240 Turbo engine:
http://www.flixxy.com/swedish-turbo-tractor.htm
The Best Tech Ad I’ve Seen Lately:
http://samuelstern.wordpress.com/2012/11/25/the-best-tech-ad-ive-seen-lately/
The oldest working electronic computer runs a program:
http://www.flixxy.com/oldest-working-electronic-computer-runs-a-program.htm
A pigeon takes its encrypted message to the grave. Interesting:
http://www.gchq.gov.uk/Press/Pages/Pigeon-takes-secret-message-to-the-grave.aspx
This Disney Research robot can juggle, and play catch:
http://youtu.be/83eGcht7IiI
The “apartment of the future” offers four times the rooms within the
confines of a typical one-bedroom apartment:
http://www.flixxy.com/the-apartment-of-the-future.htm?utm_source=4
Shipping Container Homes - Cargo Container Houses:
http://www.thedailygreen.com/green-homes/latest/shipping-container-homes-460309
Hack attack: Protecting your privacy in the online world. This is a short NBC
video you could send to your users. It gives some good hints to stay safe:
http://video.today.msnbc.msn.com/today/49947719/#49947719
Like Sci-Fi? Battlestar Galactica Fan? It's back as a web-only series and
a movie next year. w00t!
http://www.wired.com/underwire/2012/11/battlestar-galactica-blood-chrome/
