CyberheistNews Vol 2, #54
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu Sjouwerman"]
[/caption]Antivirus Controversy
It's a new year and you'd like to think that your users are getting
smarter about clicking on phishing links and not fall for recycled
tricks by cyber criminals. Unfortunately, there is a new attack this
week that's been used before but people are falling for it in droves.
This is the attack, an email which claims to come from the "Windows
Live Team" and warns Hotmail/MSN users that their account is at risk
of immediate closure after different computers logged into it, and
multiple attempts were made to guess the password.
The email, which has the subject line "CONFIRMATION ALERT RESET (2013)"
and comes from an unofficial-looking @msn.com email address, urges
the user to reply via email with their full name, username, password,
date of birth, and country in order to confirm their identity.
Alert your users about this, and continue to warn them they should
NEVER give login information to ANYONE. You can see the image with
the actual scam email over at the KnowBe4 Blog:
http://blog.knowbe4.com/scam-of-the-week-hotmail-msn/
(Hat Tip to Sophos Naked Security Blog)
Phishing Attacks Up 19% Year Over Year
RSA reported that phishing attacks are up 19% year over year, but did
you know that this translates into 33,000 attacks per month? And that
those attacks actually cause a whopping loss of $700,000,000? It just
takes one click from an employee who has a weak moment to cause untold
damage.
The recent South Carolina data breach was a good example. Millions of
records full of confidential information stolen from the Dept of Revenue,
because of ONE CLICK on a phishing link. It's time to start training
employees within an inch of their life to THINK before they CLICK!
Get them Security Awareness Training by Kevin Mitnick over here:
http://www.knowbe4.com/
GPS Security Hint
Don't use your real home address when you set your 'Home' destination
on your GPS device, because that could make you a victim of burglary as
well as auto theft. Here is the scenario. You are on the road and your
car gets stolen. The first thing they do is drive to your house and rob
that because they know you are not there, having no car! For that 'Home'
destination, just use a location close by instead. Perhaps a neighbor
you don't like? Just Kidding!!
Quotes of the Week
"No man who ever held the office of President would congratulate a friend
on obtaining it." - John Adams
"Few are those who see with their own eyes and feel with their own hearts." - Einstein
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/cyberheist-news/
You can read this newsletter online at the KnowBe4 Blog:
http://blog.knowbe4.com/?p=4102
This Is How Attackers Break Into Your Network
91% of cyberattacks begin with a “spear-phishing” email, research from
security software firm Trend Micro shows. Are -you- vulnerable? Find
out now if your email server is configured correctly, many are not!
KnowBe4 offers you a free 'domain spoof test', which shows if we can
send you an email coming from someone in your own domain. It's quick,
easy and often a shocking discovery. The only thing we do is send an
email from the outside.
Can hackers spoof an email address from your own domain, which is
the first step of an incredibly expensive data breach? Find out now:
http://www.knowbe4.com/domain-spoof-test/
Scam Example: Amazon Marketplace
Josh More, a Senior Security Consultant at RJS smart security was in the
market for a new camera, and was almost scammed when he saw a deal on
Amazon that was only $1,836.73 instead of the normal $3,299.99 for a
Nikon d800. It's a very interesting story, and you can learn something
from this. I am quoting a very small section of his blog post:
"Most scams use a hook to cause a reaction. The idea being that if you
are reacting, they get to control you. If you take the time to stop and
think things through, you take control back and can usually spot the scam.
Common hooks involve Urgency, Uncertainty, Sex, Fear or Anger. In this
case, it's all about Urgency, Uncertainty and Fear. By setting the price
so low, they drive urgency high, as you're afraid that you might miss the
deal. They then compound this by telling me there was an error in the
shipment, trying to make me believe they are incompetent and if I act
quickly, I can take advantage of their error.
The second email hypes the urgency, trying to get me to pay quickly. I
did not reply, but if I had, the next step in a scam like this is to
sweeten the deal if I were to act immediately, often by pretending to
ship my non-existent camera with a bonus item (like a cell phone) overnight
if I give them payment information immediately.
Of course, if I ever did give them my payment information, they'd empty my
checking account and, if they're with a larger attacker group, start using
my account to traffic stolen funds Read more about how they do this and
do not let this happen to you. Here is the full blog post:
http://blog.rjssmartsecurity.com/security-news/internet-theft-and-the-holidays/
12 Security Resolutions for 2013
From Wi-Fi to mobile security, here are 11 things you should commit to
doing this year to keep hackers and malware at bay. Among your typical
New Year's resolutions--lose weight, stop smoking, be happier--you should
consider making some pledges to better secure your digital life. You might
even be healthier if you can prevent the stress of a digital disaster,
like malware wiping out your PC, having your online accounts hacked, or
becoming a victim of identity theft because of a phishing scam or data
theft. With that in mind, here are some security resolutions you should
consider for the New Year. Article at CSOonline:
http://www.csoonline.com/article/725585/12-security-resolutions-for-2013?
InfoWorld Winner: Science Logic EM7
I have read InfoWorld Since 1981 (I started when I was 5! LOL) They
have a yearly contest of best tools and I thought you might want to
take a look at this one. "Network management tools rarely emerge from
the backroom into the limelight, but the Science Logic EM7 system has
earned a place on center stage. An ultra-flexible distributed monitoring
system for voice, video, physical and virtual servers, storage, and
everything else on your network, EM7 also rolls trouble ticketing and
workflow management into a highly scalable and extensible multi-tenant
configuration that gives you the freedom to delegate any portion in
varying degrees of responsibility. After two years of running this
system, we've not found anything it can't manage.
http://www.sciencelogic.com/em7-overview
Deloitte Study Shows 88 Percent Thinks They Are Cyber Threat Safe
Oh my. Deloitte UK did a bunch of interviews with small and medium
organizations which showed that a whopping 88% think they are safe
and will not be attacked from the outside. Talk about a false sense of
security. OUCH. The Infographic is here and worth having a look at,
the numbers are very interesting:
http://blog.knowbe4.com/deloitte-study-shows-88-percent-thinks-they-are-cyber-threat-safe/
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
Audi's self-driving car successfully navigates 156 turns of the 12 mile
Hill Climb course in Pikes Peak, Colorado:
http://www.flixxy.com/autonomous-audi-tts-pikes-peak-self-driving-car.htm
Comic: So...just how vulnerable to a cyber attack are we?:
http://www.scotsman.com/news/uk/cyber-attack-could-defeat-uk-armed-forces-mps-warned-1-2726049
The "DEMO Effect" CES2013: Sony's 4K OLED blue screens during CES presentation:
http://www.youtube.com/watch?v=5LoRiX9NIlA&feature;=youtu.be
BBC News - A look inside the EU's new cybercrime unit:
http://www.bbc.co.uk/news/business-20983013
A dragon is coming. But it's small. Really small. It can multi-task and
doesn't waste power. LOL:
http://www.flixxy.com/this-summer-a-dragon-is-coming.htm
The new Russian 5th generation stealth fighter Sukhoi T-50 on a demonstration
flight at MAKS International Aviation and Space Salon near Moscow, Russia:
http://www.flixxy.com/sukhoi-t-50-stealth-jet-airshow-demonstration.htm
Since he is not very good at giving speeches, Tom Fletcher sings his way
through his wedding speech:
http://www.flixxy.com/groom-sings-wedding-speech.htm
