|
CyberheistNews Vol 3, 24
Editor's Corner
POLL: "YOU are in IT. Is it OK what the NSA is doing?"
A new Washington Post-Pew Research Center poll asked Americans if they consider the NSA's practice of obtaining telephone calls and email through secret court orders "acceptable." As the Post's exploration of the poll results notes, some people said the government should be allowed to go even further than it actually is. As you are probably aware, the NSA whistle-blower is 29-year old IT pro Ed Snowdon.
It's my opinion that most people do not really understand the issue and I think it would be very interesting to see what IT professionals answer when they are asked the same questions. I will broadly announce the survey results in a few days, perhaps even a press release. I am asking the very same questions as the Post survey, with one exception where question 5 clarifies the amount of data being monitored.
It's just 6 multiple choice questions and should take less than 2 minutes. Thanks so much for taking the time, this should be interesting !! Here is the link:
https://www.surveymonkey.com/s/NSA_OK
Citadel Botnet 'Shutdown' Makes Cybercrime Worse
It was all over the news. The Citadel botnet responsible for stealing more than 500 million dollars out of bank accounts from both individuals and organizations worldwide has been largely shut down or so it seems if you read the breathless press. Citadel is a smarter and more sophisticated cousin of the Zeus Trojan.
Citadel is an example as Crime-as-a-Service and has been sold since 2012 in do-it-yourself crime kits that cost $2,400 or more. The malware itself is installed on workstations using social engineering. End-users were tricked with phishing and spear-phishing into clicking on links which infected their workstations.
The Press Release said that Redmond aligned with the FBI and authorities in 80 other countries to take down one of the world’s biggest cyber crime rings. Microsoft said its Digital Crimes Unit Wednesday took down at least 1,000 of an estimated 1,400 Citadel Botnets, which infected as many as five million PCs around the world and targeted on major banks.
Now, I agree that it’s about freaking time these gangsters were shut down, but there is quite some collateral damage with all this hoopla. Let's have a look at what Microsoft actually did. They identified about 1,400 botnets and disturbed them by pointing the infected machines to a server operated by Redmond instead of the Command & Control servers controlled by the bad guys.
This is not new, technically this is called 'sinkholing', and it's been around for a long time. Simply put, you redirect the traffic generated by the Trojan on an infected PC to the good guys, who then warn the owner so they can clean the machine.
It so happens that a lot of security researchers had created their own sinkhole domains and a good chunk of these Citadel botnets had already been sinkholed when Microsoft seized both the domains of the bad guys but also the domains of the security researchers. Nearly a 1,000 domain names out of the approximately 4,000 domain names seized by Microsoft had already been sinkholed by security researchers!
The problem is that sinkholing is just a game of whack-a-mole. Takedowns like this trigger countermeasures by the bad guys who simply respond by using a peer-to-peer architecture instead of command & control servers making it much harder to take them down.
Cybercrime cannot be stopped with takedowns; as a matter of fact takedowns make cybercrime worse. You need legislation in Eastern Europe, and sufficient resources for law enforcement to take down the bad actors themselves.
(Hat Tip to Abuse.ch)
PS, We have a new infographic you might like, explains Spear-phishing in terms that everyone can understand:
http://www.knowbe4.com/infographic/
PPS: And here is a new fun little quiz you can send to your users: "How Phish-prone Are You?"
http://www.knowbe4.com/how-phish-prone-are-you/
Quotes of the Week
"Time is a created thing. To say ‘I don’t have time’ is to say ‘I don’t want to.’" – Lao Tzu
"You will never ‘find’ time for anything. If you want time, you must make it." – Charles Bruxton
"The future has already arrived. It’s just not evenly distributed yet." – William Gibson
Thanks for reading CyberheistNews! But if you want to unsubscribe, you can do that right here
|
NEW: 'Attack' Your Own Users
 Since the survey shows that users indeed are a pain in your neck, here is something you can do that is both useful and a bit of fun. Over here at KnowBe4, we call it the one-two punch.
ONE: We run the (free) Email Exposure Check for you. That gives you all the email addresses out there available on the Internet from your own domain. It's often surprising how many addresses can be found and whose.
TWO: You create (again free) an account on our website, upload the addresses found in step ONE, and 5 minutes later they receive a simulated phishing attack! You will immediately know your phishing attack surface and the Phish-prone percentage of the highest risk employees. Fabulous ammo to get more security budget and fun to do!
Sign Up For Your Free Email Exposure Check Now:
http://info.knowbe4.com/free-email-exposure-check-0-1-2-0-1-1-0-0
46 Percent Of Hospital’s Hacked Money Gone For Good
Chelan County Treasurer David Griffiths says Leavenworth's hospital district stands to recover less than half the $1 million stolen in an online banking theft.
About $415,000 has been recovered with the cooperation of banks where the money was fraudulently transferred probably to Russia. Griffiths told The Wenatchee World another $479,000 is gone. It was taken in April by hackers who cracked the account for the public hospital district that runs Cascade Medical Center. It is suspected that the hospital's machines were infected with keylogger malware through spear-phishing attacks. This could have been prevented by training employees. More at WenatcheeWorld News:
http://www.wenatcheeworld.com/news/2013/jun/03/at-least-40-percent-of-hospitals-hacked-money/
Android Antivirus Products A Big Flop, Researchers Say
Bob Brown at NetworkWorld reported on something a bit concerning. "Android smartphones and tablets are under attack, and the most popular tools developed to protect them are easily circumvented, according to new research from Northwestern University and the University of North Carolina.
The researchers created technology called DroidChamelon that can be used to perform common obfuscation techniques (simple switches in a virus' binary code or file name, for instance) to blow by security products. Here is more, with a link to the research paper with all the details. Yikes.
http://www.networkworld.com/article/2167030/smartphones/android-antivirus-products-a-big-flop--researchers-say.html
Spear-phishing Espionage Malware: NetTraveler
Researchers at Kaspersky Labs discovered another(!) probably state-sponsored malware known as NetTraveler. NetTraveler gains a foothold in targeted organizations through spear-phishing campaigns and exploits a pair of known vulnerabilities in Microsoft Word. These vulnerabilities were patched in 2010 and 2012. The malware logs keystrokes, and grabs file system listings, Office and PDF documents.
It has infiltrated more than 350 companies in 40 countries over the past eight years. Those behind the malware targeted a variety of organizations, including energy industry, scientific research facilities, universities, governments, military contractors, and social activists. NetTraveler has seen a burst of activity in the last three years, but there are indications that it has been around in some form since 2004. And it was never found by any antivirus company, you wonder what else if out there.
More recently, NetTraveler has been stealing intellectual property in the areas of space exploration, nanotechnology, nuclear power, and energy production. If you look at the targets, so me this sounds like China is behind all this. All employees need security awareness training. Badly! (Arstechnica has a pretty graph with all the attacks.):
http://arstechnica.com/security/2013/06/espionage-malware-infects-raft-of-governments-industries-around-the-world/
See how Kevin Mitnick steals a workstation password using malware hidden in a Word File in less than 2 minutes:
http://www.knowbe4.com/video-mitnick/
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
In Great Britain, a remote-controlled helicopter has delivered two pepperoni pizzas. Hey I'll have one!:
http://www.flixxy.com/pizza-delivery-by-rc-helicopter.htm
San Francisco to Los Angeles in as little as 30 minutes. How does Elon Musk's Hyperloop work? Long and technical, but interesting!:
http://www.gizmag.com/how-does-elon-musk-hyperloop-work/27757/
An ergonomically designed computer workstation for the long hours spent in front of computer monitors. Would -you-like one?:
http://www.flixxy.com/ergonomic-computer-chair-emperor-1510.htm
A confident and experienced Ukrainian pilot takes his home-made helicopter for a spin. This is pretty cool:
http://www.flixxy.com/homemade-helicopter-flight-test.htm
The space probe 'Mars Express' by the European Space Agency has created the first three-dimensional map of our neighboring planet:
http://www.flixxy.com/mars-in-3d.htm
Sandwich shop workers Richard and Adam Johnson received a standing ovation for their rendition of 'The Impossible Dream' at Britain’s Got Talent:
http://www.flixxy.com/the-johnson-brothers-sing-the-impossible-dream-at-britains-got-talent.htm
"It's Not About the Nail". (PS: If you are a girl, this works both ways:)
http://vimeo.com/66753575
This robot is programmed to anticipate human motion. Pretty interesting. Add all robot technology we now have and it's 'Terminator here we come':
http://www.youtube.com/watch?v=xaa_wEkCvG0&feature=youtu.be
Last but not least, this blog post is immensely popular: "The Seven Deadly Social Engineering Vices" - send it to your friends!
http://blog.knowbe4.com/bid/290552/The-Seven-Deadly-Social-Engineering-Vices
|
