CyberheistNews Vol 3, 36
Editor's Corner
Hourly Cost of Security Downtime Survey
KnowBe4 and ITIC’s joint 2013-2014 Hourly Cost of Security Downtime Survey is live! The survey polls organizations on the cost of hourly downtime associated with security outages as well as the biggest security-related challenges and issues in your network environment. When you complete this survey, you will be able to enter our sweepstakes for a chance to win a $500 Amazon.com Gift Card, and there are more prizes as well. Please tell us what you think! Deadline is 09/20/2013. The survey should take only about 5 minutes to complete. All responses are confidential. As always, anyone who completes the survey AND leaves an essay comment is eligible to win one of three (3) additional prizes. First prize for the best essay comment is a $200 Amazon gift certificate; second prize is a $150 Amazon gift certificate and the third prize is a $100 Amazon gift certificate. To be eligible to win the prizes you must leave your Email address along with your comment in the comment box of the last question. [No sales people will call you and we never share your information with anyone]. Once the survey results are tabulated we will post an Executive Summary in the Cyberheist Newsletter and on the ITIC Website: www.itic-corp.com. Anyone who completes the survey is eligible to receive a complimentary copy of the full Report when it’s published. All you have to do is Email me at: stus at knowbe4.com or Laura DiDio: ldidio at itic-corp.com Here’s the link to the survey: https://www.surveymonkey.com/s/DowntimeCosts (yes there is a redirect via our hubspot marketing partner but this is a safe link to click on.) Thanks in advance for your participation! And as an additional thank-you, there is an INCREDIBLE FAVE with INCREDIBLY lucky people that escape with their lives further down. But first please take 5 minutes and do the survey? Highly appreciated: https://www.surveymonkey.com/s/DowntimeCosts
Quote of the Week
"Clothes make the man. Naked people have little or no influence on society" - Mark Twain Thanks for reading CyberheistNews! But if you want to unsubscribe, you can do that right here
|
Can Your Domain Be Spoofed? Find Out Now:
91% of successful data breaches began with a “spear-phishing” email, research from security software firm Trend Micro shows. Are -you- vulnerable? Find out now if your email server is configured correctly, many are not!
KnowBe4 offers you a free 'Domain Spoof Test', which shows if outsiders can send you an email coming from someone within your own domain. It's quick, easy and often a shocking discovery. The single thing we do is just send one email from the outside directly to you, but we spoof someone in your own domain.
Can hackers send all your employees an email 'from your CEO'? Find out now: http://info.knowbe4.com/130416domainspooftest-1-0
This Could Happen To You...
A spear-phishing attack, one of the most common and oldest cyber tricks in the book, enabled hackers to hijack and modify the DNS records for several domains on Tuesday, including The New York Times, Twitter and the Huffington Post U.K. on Tuesday.
The intruders responsible for last week's incidents actually compromised a reseller account that had access to the IT systems of Australian registrar, Melbourne IT. An employee for one of the resellers responded to a spear phishing attack, which allowed the hackers to steal their account login credentials. Time for some effective security awareness training methinks!
Bruce Tonkin, chief technology officer with Melbourne IT, told SCMagazine.com on Wednesday that he would not reveal the identity of the reseller or the details of the phishing email, but he admitted to being surprised by how authentic the email appeared and explained that he “could see how people could be caught by it,” even “people in the IT industry.” Full article at SC Magazine: http://www.scmagazine.com/phishing-email-grants-hackers-access-to-dns-records-of-major-websites/article/309274/
Cybercrime Automates Fake ID's For Spear-phishing
Today it was reported through several sources that a new Cybercrime-as-a-Service option is available: creation of fake scanned passports, ID cards, driver's licenses and fake scanned utility bills from various companies, that can help attackers bypass the identity verification processes used by banks, online service providers and payment processors, according to researchers from Russian cybercrime investigations firm Group-IB.
Using image manipulation software to change the photo, name and other details on a scanned ID is obviously not a new practice, but services that automate the whole process and produce high-quality results are new on the "cybercrime supermarket".
The service has templates for passports, ID cards and driver's licenses for the U.S., Canada, Russia, the U.K., Germany, the Netherlands and other European Union countries. It also has templates for bank statements, credit cards -- front and back -- and utility bills from banks and utility companies operating in those countries. Scans of U.S. passports are the most expensive product and cost US$11 each. Other scanned documents are priced at $7.99 or $9.99 each.
You can imagine how easy spear-phishing attacks get when you can support your fraudulent request supported with a fake ID. Security Awareness Training is definitely a must for people that deal with this kind of thing regularly.
Sysadmin Security Fail: Snowden Spoofed NSA Officials’ Logins
NSA's internal IT security allowed Snowden to pull off a classic insider attack on the agency. An investigation found that Snowden had spoofed the identities of several upper-level NSA officials and logged into NSAnet, the agency's intranet—giving him access to data far beyond the needs of a lowly system administrator. Epic FAIL on the NSA policy and procedures: http://arstechnica.com/information-technology/2013/08/sysadmin-security-fail-nsa-finds-snowden-hijacked-officials-logins//
New Study Finds Americans Willingly Open Malicious Emails
Steve Ragan over at CSO reported something shocking related to social engineering:
"A recent study shows that 30 percent of Americans will open emails, even when they know the message is malicious. These types of stats are an attacker's dream, but are they realistic?
In a study conducted by TNS Global for Halon, an email security service, 30 percent of those surveyed admitted they would open an email, even if they were aware that it contained a virus or was otherwise suspicious. To be fair, the study only included 1,000 adults within the U.S., so this isn't a national index by any means.
Of those surveyed, one in eleven admitted to infecting their system after they opened a malicious email attachment. Given the fact that email is still an easy way for attackers to gain access to the network, often via social engineering (phishing/spear phishing), the survey's results are somewhat alarming.
The reasons given for accessing the messages are telling: For women, the survey results marked messages containing invites from social networks as the most alluring, while men were tempted by messages with the time-tested suggestions of money, power, and sex. More often than not, the malicious messages claimed to be from banking institutions (15.9 percent), social media sites like Facebook or Twitter (15.2 percent), and online payment services, like PayPal (12.8 percent)". Full Story: http://www.csoonline.com/article/738869/social-engineering-study-finds-americans-willingly-open-malicious-emails?
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
WOW!! A compilation of some incredible lucky or alert people - pedestrians, drivers, motorcyclists, golfers, skiers, pilots and animals. Incredible: http://www.flixxy.com/the-luckiest-people-compilation-hd.htm
An excellent tutorial from the 1930's on the principles and development of the 'differential gear'- an essential part of your car. Very cool: http://www.flixxy.com/how-your-cars-differential-gear-works-best-tutorial.htm
For their 3rd annual Annual Supercar Showdown, Motor Trend lines up 12 of the best new performance cars to see who will be the quarter-mile king. W00T! http://www.flixxy.com/3rd-annual-supercar-showdown-2013-motor-trend.htm
A Miniature "Tail Assisted" Running and Jumping Robot over at Mich State U: http://www.youtube.com/watch?v=oEnQQJC5Lxc#t=132
And from Terminator department, here -is- a robot that walks like a human. It's called the HRP 4 Humanoid Robot - check out the balance this thing has! http://youtu.be/Z-tTmXfUzlQ
What Europe looked like 8200 years ago: http://lovescience.pl/wp-content/uploads/2013/08/europa_iceage.jpg
Nifty: Micro Aerial Vehicle Laboratory at the TU Delft faculty of Aerospace Engineering, has created the world's smallest autopilot. Video at the end: http://www.gizmag.com/tu-delft-worlds-smallest-autopilot/28845/
The Best Map Ever Made of America’s Racial Segregation. Fascinating: http://www.wired.com/design/2013/08/how-segregated-is-your-city-this-eye-opening-map-shows-you/?mbid=social11222104
Why climb a pesky ladder up to your tree house when you can just ride your bike up to the top?: http://www.flixxy.com/bicycle-powered-tree-house-elevator.htm
|