CyberheistNews Vol 3, # 35 Security-Awareness-Training-Newsletter



CyberheistNews Vol 3, # 35
KnowBe4
Stu Sjouwerman's New Security Newsletter Don't miss the Fave Links! Case Studies Resources About Us Contact Us
Facebook LinkedIn Blog Twitter YouTube YouTube
 

CyberheistNews Vol 3, 35

Editor's Corner

KnowBe4

New Cybercrime-as-a-Service: Unethical Pen-testing

I have talked about this a few times before; there is a well-developed $3 Billion underground economy specialized in cybercrime. Here is an example of a "promising" new criminal DIY service that automates a lot of the hard work of hacking into your website. They aim to provide their customers with what they call "private exploitation techniques", capable of compromising practically any Web site.

It's a fully commercial operation. You can get a free demo of some vulnerable websites to see how it works. You pay just 5 bucks to scan a target website, and if that site can be hacked, the price goes to $50. The new service does not use Google, you can just manually type in the target website. You can also get consulting services to help you hack into a target website, with prices starting at $1,000.

Dang, it's a complete criminal supermarket out there with a supply-chain that fully covers the hacking process nuts-to-bolts. (Hat Tip to DDanchev)

Quotes of the Week

"Always listen to experts. They’ll tell you what can’t be done, and why. Then do it." — Robert Anson Heinlein

"Love is that condition where someone else’s happiness is necessary to your own." — Robert Anson Heinlein


Thanks for reading CyberheistNews! But if you want to unsubscribe, you can do that right here



Thanks for reading CyberheistNews! Warm Regards, Stu Sjouwerman | Email me: feedback@knowbe4.com
Facebook LinkedIn Blog Twitter YouTube YouTube
KnowBe4

Whitepaper: Legal Compliance Through Security Awareness Training

KnowBe4 and Micheal R. Overly Esq have published a brand new whitepaper. Mr. Overly is one of the few practicing lawyers who has satisfied the rigorous requirements necessary to obtain the Certified Information System Auditor CISA, Certified Information Privacy Professional CIPP, Certified Information Systems Security Professional CISSP, Information Systems Security Management Professional ISSMP, and Certified Risk and Information System Controls CRISC certifications. He is a partner at Foley & Lardner LLP.

This new whitepaper shows you the common threads in compliance laws and regulations. Did you know that "CIA" means Confidentiality, Integrity, and Availability, and how lawmakers incorporated that language in Infosec regulations?

Are you familiar with the concept of Acting “Reasonably” or taking “Appropriate” or “Necessary” measures? Find out how this can keep you from violating compliance laws or regulations.

Know you are supposed to "scale security measures to reflect the threat"? We have some examples of the Massachusetts Data Security Law and HIPAA to explain what is required. Download this new whitepaper here:
http://info.knowbe4.com/whitepaper-overly-kb4-13-08-20

KnowBe4

5 Ways Employees Are Putting Your Company's Data At Risk

According to data from several recent surveys there are a number of things your employees could be (inadvertently) doing that puts your company's sensitive data and information at risk. A survey done recently by IPSwitch, a developer of FTP software, includes some of the reasons employees are putting sensitive data into places where IT has no control over what happens to it:

1) To circumvent file-size limits prescribed for work email
2) Third-party mail is faster and has fewer restrictions than corporate email tools
3) For use in their next place of employment
4) They find it difficult to connect to work email when outside of the office
5) IT doesn't monitor what they're sending via personal email

More at InfoWorld:
http://www.infoworld.com/d/security/6-ways-employees-are-putting-your-companys-data-risk-224404

KnowBe4

Flash SSD and Storage Deployment Trends Survey

ITIC and KnowBe4 are teaming up to conduct the 2013 - 2014 2012 Flash/SSD and Storage Deployment Trends survey. It polls corporations on their usage and planned usage of Flash/SSDs as well as their overall storage usage and growth trends. It also queries businesses on their annual storage expenditures, annual growth increases in storage capacity as well as their biggest storage priorities and challenges over the next 12 to 24 months.

The survey should take only about 10 minutes to complete. All responses are kept confidential. Anyone who completes the survey and leaves an essay comment is eligible to win a free tablet or a $100 Amazon gift certificate. To be eligible to win the prizes you must leave your Email address along with your comment in the comment box of the last question. No sales people will call you and we never share your information with anyone.

Once the survey results are tabulated we will post an Executive Summary in CyberheistNews. Anyone who completes the survey can also get a complimentary copy of the full Report by Emailing ITIC principal analyst Laura DiDio at: ldidio 'at' itic-corp.com. Tell us what you think! Here’s the link to the survey:
https://www.surveymonkey.com/s/S68YSVJ

KnowBe4

Ex-Soviet Hackers Play Outsized Role In Cyber Crime World

MOSCOW (Reuters) - If you want to hack a phone, order a cyber attack on a competitor's website or buy a Trojan program to steal banking information, look no further than the former Soviet Union.

The breadth and sophistication of services sold on Russian-language websites such as Forum-dot-zloy-dot-bz or Forum-dot-evil offer a small window onto a Russian criminal underground that is costing Western firms billions of dollars in credit card and online banking fraud as well as phishing attempts to lure people into downloading malware or disclosing passwords.

"If you look at the quantity of malware attacks, the leaders are China, Latin America and then Eastern Europe, but in terms of quality then Russia is probably the leader," said Vitaly Kamluk, a cyber security researcher in Moscow." Told ya. The whole article in...wait for it... news.yahoo.com of all things:
http://news.yahoo.com/ex-soviet-hackers-play-outsized-role-cyber-crime-164002438.html/

KnowBe4

41% of Online Fraud Victims Didn’t Recover Lost Money

Kaspersky released its August 2013 Consumer Security Risks Survey, a study they ran this summer. The report shows that 41% of online fraud victims did not recover the money they lost to fraudsters.

If you thought that getting back the money lost in an online fraud scheme was easy, think again. As a consumer, you are insured in theory; meaning money stolen from your online banking and e-payment accounts should be returned by your bank or payment processor.

The problem is that does not always happen. Kaspersky study shows that only 45% of online fraud victims got all their money back, and 14% recovered only part of their lost cash.

Here are some statistics:
- 33% of the victims had money stolen during an e-payment operation;
- 17% during e-banking sessions;
- 13% while shopping online.

There is the kicker: only a measly 12% of online store customers who were scammed got fully compensated. And when you look at banks, it's not much better: only 15% of victims got a full refund.

Many consumers shopping on the Internet think the bank is responsible for paying back money lost during online purchasing. A sizable 42% of consumers think the financial institution should provide free security tools to protect them against cybercriminals.

That's not happening in practice. For the banks it's just a cost of business. It's time to take responsibility and make sure you run your own high-end PC security software, and get trained to not fall for hackers, scammers and cybercrime traps.

“It all creates a perfect storm: cybercriminals smell profits, and redouble their efforts to steal money from users, while users delegate most protection measures to their banks, e-pay services and online stores,” Kaspersky states. Here is the full PDF:
http://media.kaspersky.com/pdf/Kaspersky_Lab_B2C_Summary_2013_final_EN.pdf

KnowBe4

Cyberheist 'FAVE' LINKS:

* This Week's Links We Like. Tips, Hints And Fun Stuff.

Boeing 777 spectacular wake vortex while landing at Birmingham Airport in England on a day of frequent rain showers:
http://www.flixxy.com/boeing-777-spectacular-wake-vortex.htm?utm_source=4

Beachgoers near Kaliningrad on the Baltic Sea got a big surprise when a military hovercraft landed next to them:
http://www.flixxy.com/russian-hovercraft-lands-on-crowded-beach.htm

Giant concrete arrows used to guide airmail pilots across the continent:
http://www.core77.com/blog/transportation/what_are_these_giant_concrete_arrows_across_the_american_landscape_25236.asp?

This infographic is the result of a survey of hackers at blackhat.... interesting!!!
https://s3.amazonaws.com/blog.knowbe4Images/BlogImages/Ethical_Hacking_IG6.pdf

Into photography? This Sony ad from Australia might get a chuckle out of ya mate:
https://www.youtube.com/watch?feature=player_embedded&v=LApO_BDRE8M

An aluminum foil ship floats above ground on sulphur hexafluoride - a gas that is significantly denser than air:
http://www.flixxy.com/ship-floats-on-nothing.htm

Species is no obstacle to these caring animals. They are just doing what needs to be done and not questioning why:
http://www.flixxy.com/animals-who-adopt-other-animals.htm

Hot Dang: 'Vivaldi Tribute' played by Tina S (14 y.o.) on her Vigier Excalibur guitar. ("Presto" is the 3d movement from Antonio Vivaldi's "Summer", from the "Four Seasons".):
http://www.flixxy.com/14-year-old-does-perfect-guitar-cover-of-four-seasons-by-vivaldi.htm

Can cars dance on ice as well as ice skaters - similarly beautiful and in close contact?:
http://www.flixxy.com/cars-vs-skaters-on-ice.htm

It is hard enough to march in formation and play an instrument. But the Dutch Army Bicycle Band does it while riding bicycles!:br> http://www.flixxy.com/the-dutch-army-bicycle-band.htm

 
KnowBe4
Facebook LinkedIn Blog Twitter YouTube YouTube



Subscribe To Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews