CyberheistNews Vol 2, #48
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]
[/caption]
Scam Of The Week: 'Stolen Election!'
Watch out for a scam wave starting tomorrow: Elections. Apart from
hurricane Sandy scams, with the race being in a dead heat, you can now
expect attacks related to the U.S. elections from tomorrow forward.
Recently in Venezuela, there were successful phishing attacks using
"the election was stolen" as bait.
And as always, the scammers jumped on Hurricane Sandy and started spewing
various spam and phishing attacks promising everything from help with
insurance claims, disaster relief for people and pets, restaurant deals,
gas discount coupons, and even web pages where they can "win" Apple
products.
Watch it with these Apple scams, because they ask for a lot of personal
information, including your cell phone number, which they can use to
initiate premium-rate SMS charges you get billed for. We recommend you
forward this warning to your employees.
To help you keep your users on their toes, KnowBe4 has two new templates
in the 'Current Events' campaign: 1) A Hurricane Sandy related simulated
phishing attack called 'Please Help Cats After Hurricane Sandy', and 2) a
template called '2012 Election Results Rigged By Voting Machines'.
You can send these to your users via the one-time option, and see how
many of them are still somewhat Phish-prone. Takes 60 seconds max.
PS: Keep an eye out for the next issue coming Tuesday: 'The Top 10 Holiday Scams'
Users Paying Attention To Security Policies?
One of the team here at KnowBe4 sent me a blog post that was really
interesting. It was written by Ben Tomhave, Principal Consultant for
LockPath. Here is an extract from his post that some people might find
quite controversial. Here goes:
"The problem is this: [IT] people are once again falling into that rut of
blaming the users for making bad security decisions, all the while having
created, sustained, and grown an enablement culture that drastically
abstracts users from the impact of those decisions...
Plainly put: if the users don’t feel the pain of their bad decisions, then
they have no incentive to make a change. This is basic psychology. It’s
time to quit trying the same old stupid donkey tricks. What we’re doing
has failed, and will continue to fail. The rules of this game mean we
lose – every. single. time. We need to change those rules, and fast.
Specifically, we need to:
- Include security responsibilities in all job descriptions.
- Tie security performance into employee performance reviews.
- Include disciplinary actions for all security incidents."
The full post is at the link below. I would be interested to know
what you think, send me feedback at stus@KnowBe4.com:
http://www.secureconsulting.net/2011/08/eulogizing-stupidity.html
Beware Of The Booster Bag
Beware of the 'Booster Bag'. When travelling, it is always good to keep
a sharp eye on your luggage. Especially when there is a laptop in there
with company data. Take two minutes and prevent a whole lot of lost time
and money. Please forward this to all employees and warn them:
http://www.flixxy.com/beware-of-the-booster-bag.htm
Please Forward This Newsletter To Your Friends
There are 50,000 people getting CyberheistNews every week, but
we need to get the word out to many more, to protect everyone's
network. Please forward this newsletter to people you know, that can
benefit. Here is the link to subscribe:
http://www.knowbe4.com/cyberheist-news/
Quotes of the Week
"Know your enemy and know yourself and you can fight a hundred battles
without disaster." - Sun Tzu
"I always tried to turn every disaster into an opportunity." - John D. Rockefeller
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/cyberheist-news/
Prevent Email Phishing
Want to stop Phishing Security Breaches? Did you know that many of the
email addresses of your organization are exposed on the Internet and
easy to find for cybercriminals? With these addresses they can launch
spear-phishing attacks on your organization. This type of attack is
very hard to defend against, unless your users are highly ‘security
awareness’ trained. IT Security specialists call it your ‘phishing
attack surface‘. The more of your email addresses that are floating out
there, the bigger your attack footprint is, and the higher the risk is.
Find out now which of your email addresses are exposed with the free
Email Exposure Check (EEC). An example would be the email address and
password of one of your users on a crime site. Fill out the form and
we will email you back with the list of exposed addresses. The number
is usually higher than you think.
Sign Up For Your Free Email Exposure Check Now:
http://www.knowbe4.com/email-exposure-check/
Researcher Warns "Zombie Browsers" Are Skyrocketing
Ellen Messmer at Network World covered this one: "Some Web browsers can
be tricked into using so-called "malicious extensions" that can give
hackers the ability to hijack the user's session, spy on webcams, upload
and download files, and in the newer mobile-device area, hack into Google
Android phones.
Zoltan Balazs, IT security consultant at Deloitte Hungary, spoke about the
topic he calls "zombie browsers" during this week's Hacker Halted Conference
in Miami. He said up until a year ago, only 10 of these browser malicious
extensions were known to exist, but this year has seen 49 new ones already.
"It's skyrocketing," Balazs noted, and he faulted the anti-virus vendors
for allegedly not addressing the issue at all. More:
http://www.networkworld.com/article/2161119/smartphones/researcher-warns--zombie-browsers--are-skyrocketing.html
Short History Of Worms, Viruses and Botnets
CSO has a fun and interesting slideshow of the 20 most notorious malware
starting in 1971. The earliest worms and viruses were created for geeky
fun and did little harm - oh, how times have changed. Here are 20 worms,
viruses and botnets that show the evolution of malware, from Creeper to
Flame:
http://www.csoonline.com/slideshow/detail/71899/20-notorious-worms--viruses-and-botnets?
Russian Hacker Gets Outed With Webcam Photos
Like the guys of Mythbusters use to say: "Don't try this at home",
but sometimes it is satisfying to see a hacker exposed by infecting
his own machine, and the tables turned.
The Russian hacker had been attacking the former Soviet Republic's
systems for months. Photos of the alleged cyber-spy were captured after
Georgia security experts set up a honeypot sting, tricking the person
they believed to be the hacker into downloading what spoofed "sensitive
information" before capturing the man's image using his own web cam.
Then, the investigators from the Georgian Computer Emergency Response
Team (CERT) took the highly unusual step of publishing two photos of the
man. This is called 'doxing' in hackerspeak, derived from “Documents” and
in short it is the retrieval and publishing of “Documents” or data on
a person or company, usually their real name, address, phone and more.
You can see the shots on page 22 of this PDF:
http://dea.gov.ge/uploads/CERT%20DOCS/Cyber%20Espionage.pdf
“Horrible Rumor Spreading About You” On Twitter
Recently, cybercriminals have turned to direct messages on Twitter
and spread their malicious links. Earlier, they relied on embarasing
pictures, and now they are using social engineering tricks like
'horrible rumors.' Twitter users get messages like this:
- Hey you hear about the gossip your mentioned in? it started some serious
drama, it fired up a lot of people on [Link];
- A nasty rumor is spreading about you [Link];
- A terrible rumor is spreading about you [Link];
- You see this video of someone taping you? [Link] creep;
- A horrible rumor is spreading about you [Link];
The links all point to phishing websites with malware. Tell your users
to delete these from their DM inbox and warn their followers.
Also, there is a 'User For The Month' scam doing the rounds. It's
from the imaginary 'Twitter Courtesy Patrol' and you are asked to
tweet to number 68398. Don't do it, because if you do, you validate
your cell number to the scammers, making it a target for future
attacks. Make sure to delete these.
Get Your Free Full Copy Of 4-Star E-book 'Cyberheist'
Ben Rothke, an IT security specialist and author, recently reviewed my book 'Cyberheist' and gave it 4 stars! He ended off with:
“At just under 200 pages, Cyberheist: The biggest financial threat facing American businesses since the meltdown of 2008 is not
the definitive text or the most comprehensive one on the topic. But for those looking for a brief and easy to read overview of the
topic, with a lot of real-world advice, Cyberheist makes for a good read.”
Register Now For Your Free FULL Copy (instant PDF Download)
http://www.knowbe4.com/free-e-book/
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
Your 5-minute virtual vacation: Spain! An epic video about the birds of
Spain, edited into a timne-lapse of the bautiful Spanish landscape:
http://www.flixxy.com/the-birds-of-spain.htm
Top Gear, the British television show about cars, is the world's most widely
watched 'factual' television program. Very interesting backgrounder:
http://www.flixxy.com/top-gear-is-by-far-one-of-the-best-shows-on-air.htm
Top Gear's Jeremy and James travel to the North of England to find "The
Worst Car in the History of the World":
http://www.flixxy.com/the-worst-car-in-the-history-of-the-world-top-gear-bbc.htm
Master magician Marc Paul performs the legendary "Berglas" card miracle
on the "Parkinson Show" (BBC). This one is really AMAZING:
http://www.flixxy.com/any-card-at-any-number-the-berglas-effect.htm
"There are 2 kinds of people in this world, those who SWING and those
who don't." (From the weird Japanese department):
http://www.flixxy.com/swing-girls-sing-sing-sing.htm
The professional way to transport and unload paper rolls. These things
are heavy. Simple, easy and fun - the German solution. Check this out!:
http://www.flixxy.com/high-tech-on-wheels.htm
Filmmaker Casey Neistat biked into deserted Lower Manhattan during the height
of Hurricane Sandy to film this (very short) documentary:
http://www.flixxy.com/biking-hurricane-sandy.htm
Helicopter pilot spots a model plane stuck in trees. What he does next makes
one little boy's day:
http://www.flixxy.com/helicopter-pilot-fishes-rc-plane-from-tree.htm
Air New Zealand has enlisted hobbits and elves to urge passengers to fasten
their seatbelts in its latest in-flight safety video:
http://www.flixxy.com/the-airline-of-middle-earth.htm
Sound travels at about 760 miles per hour and going close to that speed can
cause some unusual and very interesting effects:
http://www.flixxy.com/supersonic-flight-and-sonic-booms.htm
