| |
CyberheistNews Vol 3, 27
Editor's Corner
Scam Of The Week: 4th Of July
Cybercriminals have a planned marketing agenda just like real companies. They take advantage of current events, catastrophes and holidays to try to trick people into clicking on links. This year they have taken our 4th of July to start a phishing campaign that supposedly sends a patriotic eCard but the email contains a malware payload. If this thing slips through the PC's antivirus and gets opened, it infects the PC with malware that makes it into a zombie. Oh, and while we are at it, there are also 100% criminal 4th of July-themed websites with "Buy Now Specials" which have as their only goal to get the victim's credit card information. Remind your users: Think Before You Click!
How To Win The War Against Cybercrime
Price Waterhouse (PwC) and CSO Magazine just released their 2013 State of Cybercrime Survey. It shows that lack of risk awareness means companies are poorly defended. This is their 11th survey and the trends are not good. Reason is that cybercrime is skyrocketing but cyber security budgets are not keeping up and are too low to cope with this new threat. Or are they?
The survey was done over 500 U.S. executives, security experts and others from both public and private sectors. It is true that the bad guys are winning the cybercrime war at the moment. Is it because the good guys have not caught up to this new enemy and because of that, they are not fighting back effectively?
Or perhaps they know very well what the problem is, but have determined that it is a calculated risk and the disruption to the business to fix it would be worse suffer through a successful data breach.
Some proof that awareness lacks is recent research which shows simulated phishing attacks catch 33% of C-level executives who are taking the bait and fall for simple or sophisticated spear phishing attacks.
"There were no significant changes in C-Suite threat awareness, no spikes in spending on cyber-defense, no breakthroughs in the use of technology to combat cybercrime, and no significant change in the ability of organizations to measure the impact of both cybercrimes committed by insiders and those caused by external cyberattacks," the survey reported.
That, according to Dave Burg, PwC Global and US advisory cyber security leader, has been the case for a decade. "(We) have seen virtually no movement by survey respondents in the past 10 years," he said.
"Possibly the most alarming theme that came out of this year's survey results was that U.S. organizations are misjudging the severity of risks they face from cyber-attacks from a financial, reputational, and regulatory perspective," said Bob Bragdon, vice president and publisher, CSO.
Over the last five years, cybercrime has gone pro. This is now a 3 Billion dollar industry, with a well-developed underground economy which has full-blown escrow services that allow criminals to do buy and sell illegal services and stolen data.
A survey like this sometimes makes for great ammo to get more security budget, but only if you can present a good business case showing your C-level execs a solution to that risk which is less disruptive and less expensive to the organization than suffering a data breach.
IT Security company Trend Micro's recent research showed that 91% of successful data breaches started with a spear-phishing email. This type of social engineering attack can only be repelled by high quality security awareness training for all employees from the Board down to the mail room. Did you know that security awareness training has great ROI and give you an enormous bang for your budget? Check out:
http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/
Did You Know?
"On average, every three minutes, organizations encounter one malware event that successfully evaded traditional, signature-based defenses." --FireEye Advanced Threat Report 2H 2012
"Email is still the most commonly used channel for corporate communications. As a result, it has become a conduit of targeted attacks and a potential source of data loss." -- Peter Firstbrook, Gartner "Email Security Focus Shifts to Address the Risks of Targeted Attacks and Data Loss", 2013
"200,000 unique new malware samples being produced on an industrial scale every day, which is practically impossible for any signature-based AV software system to cope with." -David Emm, Kaspersky Labs UK, 2013
Quotes of the Week
"The thousands of criminals I have seen in 40 years of law enforcement have had one thing in common: Every single one was a liar." - J. Edgar Hoover
"Life and liberty can be as much endangered from illegal methods used to convict those thought to be criminals as from the actual criminals themselves." - Earl Warren
Thanks for reading CyberheistNews! But if you want to unsubscribe, you can do that right here
|
Can Your Domain Be Spoofed? Find Out Now:
 91% of successful data breaches began with a “spear-phishing” email, research from security software firm Trend Micro shows. Are -you- vulnerable? Find out now if your email server is configured correctly, many are not!
KnowBe4 offers you a free 'Domain Spoof Test', which shows if outsiders can send you an email coming from someone within your own domain. It's quick, easy and often a shocking discovery. The single thing we do is just send one email from the outside directly to you, but we spoof someone in your own domain.
Can hackers send all your employees an email 'from your CEO'? Find out now:
http://info.knowbe4.com/130416domainspooftest-1-0
It's BlackHat Soon!
Black Hat USA is the show that sets the benchmark for all other security conferences. As Black Hat returns for its 16th year to Las Vegas, they bring together the brightest in the world for six days of learning, networking, and skill building. Join them for four intense days of Training and two jam-packed days of Briefings.
Noteworthy is their Arsenal section where they describe a host of hacking tools that are fascinating to inspect, and check out the briefing by Kevin McNamee, who shows how to build an Android SpyPhone service that that can be injected into any application. The presentation will feature a live demonstration of how phones can be tracked and operated from a Web based command and control server and a demonstration of how to inject the SpyPhone service into any Android application.
The presentation will also cover the APIs used to track the phone's location, intercept phone calls and SMS messages, extract e-mail and contact lists, and activate the camera and microphone without being detected. Wow.
https://www.blackhat.com/us-13/briefings.html#McNamee
How Much Is Your Gmail Worth?
Brian Krebs reports on a new tool called Cloudsweeper from researchers at the University of Illinois at Chicago which scans your inbox and presents how many accounts connected to that address an attacker could seize if they gained access to your Gmail. I just did that for kicks and my account would be sold for 23 bucks on the black market. Interesting article and a link to the tool as well!
http://krebsonsecurity.com/2013/06/how-much-is-your-gmail-worth/
The Meaning of the Digits on Your Credit Card
This is a short and quite interesting article that shows the sequence of the numbers on your card and which number means what if you do not know what they mean. For instance, did you know that the very last number is a checksum? Here goes - takes 3 minutes:
http://brokensecrets.com/2011/02/07/the-meaning-of-the-digits-on-your-credit-card/
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
A compilation of awesome people doing awesome things. There are some really cool ones hidden in between more mundane tricks.
http://www.flixxy.com/people-are-awesome-2013-new-version.htm
This is a pretty innovative one-wheel e-bike called RYNO. Cool!:
http://www.youtube.com/watch?v=Z1YoCfm7nxU
See those Hitler videos, where he gets outraged about something? At this site you can make your own Hitler video. It's a riot:
http://downfall.jfedor.org/
Time-Squished Photos Turn Random Moments Into Patterns. Very interesting:
http://www.wired.com/rawfile/2013/06/pelle-cass-selected-people/
Did not know that was possible! A $4.99 radioactivity counter app for IOS and Android that uses the camera sensor to pick up ionizing radiation. It gets interesting at the 13 minute mark:
http://www.rdklein.de/html/radioa_videos.html
Hubspot Blog Post: "8 of the Most Uplifting Commercials of All Time":
https://blog.hubspot.com/marketing/most-uplifting-commercials-of-all-time#sm.0000rma5cfn40eycrw315vq68czpm
Cats and aquarium fish exist together peacefully in many homes. But once in a while there is a surprise....
http://www.flixxy.com/cat-and-fish.htm
Making a rocket out of a tea bag and other amazing science stunts for kids by Richard Wiseman:
http://www.flixxy.com/cat-and-fish.htm
An artist has created an apparently gravity-defying house in a street in East London. Visitors are able to climb at what appears to be daring heights and angles:
http://www.flixxy.com/house-in-london-is-a-3d-illusion.htm
|
|
