CyberheistNews Vol 3, 26



CyberheistNews Vol 3, # 26
KnowBe4
Stu Sjouwerman's New Security Newsletter Don't miss the Fave Links! Case Studies Resources About Us Contact Us
Facebook LinkedIn Blog Twitter YouTube YouTube
 

CyberheistNews Vol 3, 26

Editor's Corner

KnowBe4

"Train Or Feel The Pain"

More users than ever are experiencing phishing attack attempts. Researchers at Kaspersky Lab have documented a drastic increase in the number of web users who have been "subjected" to phishing attacks over the past year, according to a new report.

The Moscow-headquartered security firm found that 37.3 million people faced the prospect of being phished in 2012 to present day, a whopping 87 percent increase over the same period between 2011 and 2012. In its "The Evolution of Phishing Attacks" study; Kaspersky Lab studied threats faced by roughly 50 million customers running its security products.

The Main Findings:

* In 2012-2013, 37.3 million users around the world were subjected to phishing attacks — up 87% from 2011-2012
* Most often, phishing attacks targeted users in Russia, the US, India, Vietnam and the UK
* Phishing attacks were most frequently launched from the US, the UK, Germany, Russia and India
* Yahoo!, Google, Facebook and Amazon are top targets of malicious users. Online game services, online payment systems, and the websites of banks and other credit and financial organizations are also common targets
* Over 20% of all attacks targeted banks and other credit and financial organizations
* The number of distinct sources of attacks in 2012 and 2013 increased 3.3 times
* More than one-half (56.1%) of all identified sources of phishing attacks were located in just 10 countries
* In 2012-2013, 102,100 Internet users around the world were subjected to phishing attacks every day. This is double the amount of intended victims over the previous period
* More than 50% of the total number of individual targets (921 names out of 1,739 in the KSN database) were fake copies of the websites of banks and other credit and financial organizations
* Phishing has some local accents: phisher targets are different from country to country, depending on the popularity of local online resources.

And that is why "Train Or Feel The Pain" is so relevant these days. You -have- to train all employees from the Board down to the mail room to not fall for social engineering tricks. Here is the Kaspersky PDF: http://media.kaspersky.com/pdf/Kaspersky_Lab_KSN_report_The_Evolution_of_Phishing_Attacks_2011-2013.pdf

Quotes of the Week

"Procrastination is like a credit card: it's a lot of fun until you get the bill." - Christopher Parker

"Procrastination is opportunity's assassin." - Victor Kiam


Thanks for reading CyberheistNews! But if you want to unsubscribe, you can do that right here

Thanks for reading CyberheistNews! Warm Regards, Stu Sjouwerman | Email me: feedback@knowbe4.com
Facebook LinkedIn Blog Twitter YouTube YouTube
KnowBe4

NEW: 'Attack' Your Own Users

Since the survey shows that users indeed are a pain in your neck, here is something you can do that is both useful and a bit of fun. Over here at KnowBe4, we call it the one-two punch.

ONE: We run the (free) Email Exposure Check for you. That gives you all the email addresses out there available on the Internet from your own domain. It's often surprising how many addresses can be found and whose.
TWO: You create (again free) an account on our website, upload the addresses found in step ONE, and 5 minutes later they receive a simulated phishing attack! You will immediately know your phishing attack surface and the Phish-prone percentage of the highest risk employees. Fabulous ammo to get more security budget and fun to do!

Sign Up For Your Free Email Exposure Check To Start With:
http://info.knowbe4.com/free-email-exposure-check-0-1-2-0-1-1-0-1-0

KnowBe4

Out In The Wild: Android RansomWare

Symantec has discovered an early version of ransomware for a mobile device that is an indication cybercriminals are planning to target smartphone users with this lucrative form of malware.

The bogus antivirus software, dubbed Fakedefender, is the first ransomware Symantec has found for a mobile device. The Android-targeting malware was found early this month hidden in a variety of apps available in online stores aimed at English speakers in several countries, including the U.S.

The software was not seen on Google's official Android store, Google Play. The ransomware has been downloaded only hundreds of time, so the level of infection is very low, said Vikram Thakur, principal researcher for Symantec Security Response. However, given the immaturity of the malware, it's unlikely the creators, believed to be of Russian origin, were looking for wide distribution.

The upshot? "Think Before You Click" expands to "Think Before You Tap", so remind your users! More at the CSO site:
http://www.csoonline.com/article/735297/android-ransomware-marks-profitable-new-era-for-cybercriminals?

KnowBe4

System Administrator Appreciation Day Is Coming Soon!

I wanted to make sure everyone was aware of an important, upcoming holiday. No, it is not the 4th of July (although that is almost here, too)... it's System Administrator Appreciation Day! This is a holiday that started back in July 2000 and is celebrated the last Friday in July. This year it will happen on July 26, 2013 so mark it on your calendar.

KnowBe4

Hardening the HumanOS

Our friends at SANS had some fun with a new PDF written for techies like us. Here is a snippet from the Executive Summary:

"To secure the HumanOS, you have to first understand its vulnerabilities. Just like any other operating system, people have vulnerabilities that can be exploited. However, instead of vulnerabilities in code, such as buffer overflows or SQL injection, the HumanOS has insecure behaviors. People already know how to read email, use mobile devices, create passwords or post on social networking sites.

What they do not know is how to perform these daily actions securely. To secure the HumanOS, your goal is to make them aware of these risks and ultimately change their behaviors. To accomplish this, your organization needs an effective security awareness program designed from the ground up to change behavior."

We agree that you can only change behavior by constant and active updates all year round. But you have to start by "patching the HumanOS" all in one go and get -all- attack vectors addressed during onboarding, and then keep them on their toes with regular simulated phishing attacks. This is what we do at KnowBe4 with the Kevin Mitnick Security Awareness Training. Here is the SANS PDF and have a good chuckle:
http://www.securingthehuman.org/media/resources/planning/STH-HardeningHumanOS.pdf

And while we are talking SANS, they just came out with their ULTIMATE SANS Pen Test Poster, which is pretty awesome. Three months in the making, this poster is chock full of tips, tricks, ideas, tools, resources, references, practice environments, and much much more, all focused on helping penetration testers and related security professionals excel in their work:
http://pen-testing.sans.org/blog/pen-testing/2013/06/20/announcing-the-ultimate-sans-pen-test-poster

KnowBe4

Cyberheist 'FAVE' LINKS:

* This Week's Links We Like. Tips, Hints And Fun Stuff.

Super FAVE: Danny MacAskill takes a new approach to cycling in his new riding film 'Imaginate' (wait for the blooper reel at the end):
http://www.flixxy.com/imaginate-riding-film-by-danny-macaskill.htm

Luc Bergeron (Zapatou) does it again - this time with a fifth installment of Best Of Web - a compilation from 187 videos, many of which can be found on Flixxy.com. Awesome. Watch it three times:
http://www.flixxy.com/best-of-web-5-hd-by-zapatou.htm

Deloitte supported the creation of a short film to illustrate the complex topic of cyber security and help organizations understand the huge impact a cyber attack could have. This 6-minute short is very, very well done:
http://www.deloitte.com/view/en_GB/uk/services/audit/enterprise-risk-services/aaeeeb6f047b3310VgnVCM2000001b56f00aRCRD.htm

This is actually a very funny ad: The Dell Tablet vs. The iPad:
http://www.youtube.com/watch?v=-UGxKX6IU1U&feature=youtu.be

Supercats - a compilation of cats doing all sorts of funny and amazing things to the music of 'Jump' by Van Halen.
http://www.flixxy.com/super-cats.htm

More cats! Cats can be so funny. A compilation of cat video clips with cats being cats:
http://www.flixxy.com/thats-why-we-love-cats.htm

Russia's Sukhoi has rocked the 50th Paris Air Show at Le Bourget with the premiere of its super-maneuverable cutting-edge Su-35 jet:
http://www.flixxy.com/sukhoi-su-35-rocks-paris-air-show.htm

10 Moments That Will Restore Your Faith In Humanity:
http://www.youtube.com/watch?v=0F5lbMrCj80&feature=youtu.be

What surprises the Dalai Lama most about people?
https://twitter.com/alo_oficial/status/347758899320983552/photo/1

And to end off some humor from the U.K. A funny 40-second sketch about a hitchhiker by Irish comedian and TV personality Dave Allen:
http://www.flixxy.com/dave-allen-comedy-sketch.htm

 
KnowBe4
Facebook LinkedIn Blog Twitter YouTube YouTube



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews