CyberheistNews Vol 3, # 38

CyberheistNews Vol 3, # 38
Stu Sjouwerman's New Security Newsletter Don't miss the Fave Links! Case Studies Resources About Us Contact Us
Facebook LinkedIn Blog Twitter YouTube YouTube

CyberheistNews Vol 3, 38

Editor's Corner


Scam Of The Week: New Ransomware Uses Child Porn Threat

Getting caught viewing child porn is a huge deal and instantly makes you an outcast in most western countries. Cybercriminals have cooked up a new way to blackmail people out of their money, both inside and outside the office.

The ransomware family is called Revoyem (aka DirtyDecrypt) and uses the worst possible strategy to get people to pay up.

It starts at a porn site that you have landed on, either on purpose or by accident. Then you are redirected by a malicious ad to an actual child porn themed page with very disturbing images. But while you are there, your PC gets infected with the Styx malware dropper which downloads ransomware and your computer gets locked.

The lock screen again shows disturbing images and now accuses you of watching child porn and what the penalties are. However, here comes your friendly ransomware to the rescue. Just pay the fine and you will not be prosecuted. They tell you to use either MoneyPak or PaysafeCard.

The attack is seen in the U.S., Canada and several Western European countries, is translated for each territory and uses the correct government law enforcement agency as a threat. This looks very much like an Eastern European Cybermafia operation.

WHAT TO DO: In an office environment, call the helpdesk and they will treat this as malware and remove it. At the house, call the police and file a complaint. It is likely the Police already know about it. Then take the PC to an expert and get the malware removed.

And stay away from unsafe areas on the Internet like gambling and porn sites!

Email Transmission Error Last Week

You may not have received last week's issue due to an email transmission error. Somehow some of our newsletter got filtered out along the way. That is a known risk with the topics we sometimes cover. Here is last week's issue at our blog, with a "Scam of the Week" that you do not want to miss!

TODAY 1pm ET: Does Infrastructure Matter For Delivering System Security?

I will participate today in the IBM debate: "Are the infrastructure design components key to achieving a level of ultimate security?" It's Tuesday Sept 17, 1pm Eastern and you can watch live from the SmarterComputing blog at:

Quote of the Week

"My interest in life comes from setting myself huge, apparently unachievable challenges and trying to rise above them." - Sir Richard Branson

"The price of freedom is eternal vigilance." - John Philpot Curran

"Freedom is something that dies unless it's used." - Hunter S. Thompson

Note: Links are no longer redirected. You can now hover the links and see exactly where they go.

Thanks for reading CyberheistNews! Please forward to your friends. But if you want to unsubscribe,
you can do that right here

You can read CyberheistNews online at our Blog!:

Thanks for reading CyberheistNews! Warm Regards, Stu Sjouwerman | Email me:
Facebook LinkedIn Blog Twitter YouTube YouTube

Exactly -Which- Employees Are The "Weak Link" In Your IT Security?

Today, your employees are exposed to Advanced Persistent Threats. Trend Micro reported that 91% of successful data breaches started with a spear phishing attack. IT Security specialists call it your 'phishing attack surface'. The more email addresses that are exposed, the bigger your attack footprint is, and the higher the risk. Let's find out. How?

ONE: We run the (free) Email Exposure Check for you. That gives you all the email addresses out there available on the Internet from your own domain. It's often surprising how many addresses can be found and whose.

TWO: You create (again free) an account on our website, upload the addresses found in step ONE, and 5 minutes later they receive a simulated phishing attack! You will immediately know your phishing attack surface, your Phish-prone percentage and your highest risk employees. Fabulous ammo to get more security budget, fun to do and it takes less than 10 minutes. Let's Find Out!


A Firsthand Look At Why User Awareness Training Works

CSO was targeted by a phishing attempt late last week. Luckily all their employees had received effective security awareness training, so they spotted the Red Flags and did not fall victim to the attack.

This is great ammo to send up the flagpole to illustrate why it is so important to spot and not fall for social engineering attacks!:


Medical ID Theft Victims Increasingly Report Phishing As Cause

A recently released survey revealed that medical ID theft victims more and more point to spoofed websites and phishing as the cause of the fraud.

The amount of data breaches related to medical identity theft continues to go up. Many people are fooled by both (spear)-phishing emails and complete scam websites that were built to steal their sensitive data.

The new "2013 Survey on Medical Identity Theft" study shows a 19 percent increase of people who've fallen victim to this type of fraud, making the total a whopping 1.8 million victims in 2013.

According to the survey, an astounding 300,000+ new medical identity theft cases were reported during the 12-month period. The well-respected Ponemon Institute conducted the survey which was sponsored by the Medical Identity Fraud Alliance (MIFA) and data breach prevention firm ID Experts.

This is the fourth time this study was done, and they surveyed close to 800 U.S.-based adults who had reported that they were the victim of medical identity theft, or a close family member was.

The survey spotted a clear correlation between: 1) A massive increase in (spear)-phishing and spoofed websites created by cybercrime and 2) People giving out their confidential medical information. Here is a link to the MIFA survey:


What is Your Computing Safety Index Score?

Microsoft has an interesting website where they allow people to take a short survey to calculate how good they are protecting themselves online. Interestingly enough, this score is going DOWN over time, fewer US Internet users report taking actions to keep themselves safe online.

For 2013, the US Microsoft Computing Safety Index score was 34 out of 100. US Internet users scored an average of 36 in 2012 and 37 in 2011. These declining scores indicate that consumers are taking fewer steps to protect themselves over time.

The key foundational, technical, and behavioral findings include: - Of the five foundational settings, US computer users report using only half (2.6 of 5), though after checking most are better protected than they thought (3.7 of 5).

- On average, US respondents use fewer than one quarter (2.3) of the twelve technical tools for managing online safety.

- Of the seven behaviors to improve online safety, US Internet users are demonstrating fewer over time: 3.2 of 7 in 2011, 2.7 in 2012, and 2.3 in 2013.

Talk about a false sense of security and the need for security awareness training for the home when you know that cybercrime has gone pro the last 5 years. KnowBe4 has a home Internet Security Course available, and I will send you a free key for it if you email me. Read more about it here:

And this is the link to the Redmond survey, you can take one yourself and see how you score. My own "Computing Safety" Index Score was 73 and my "Mobile Safety" Index Score was 85. After the test they show you how to interpret your score. Fun to do and instructive, I needed to up my game on my home PC!


Cyberheist 'FAVE' LINKS:

* This Week's Links We Like. Tips, Hints And Fun Stuff.

Highlights from 'DragonCon,' the largest multi-media, popular culture convention focusing on science fiction, fantasy, gaming, comics, literature, art, music, and film. Watch it twice:

One of the most beautiful and impressive shows by 'The Stars of Beijing's Circus' They start off slow but give these girls some time!:

Which Smartwatch? Samsung Galaxy Gear vs. Sony Smartwatch 2:

Have you ever wondered why the full moon looks bigger on the horizon than high overhead?

It's always guys that do those awesome stunts, right? Not so fast. Girls can do them too!:

Balloonist Jonathan Trappe embarks on his epic journey across the Atlantic:

America's Got Talent 2013 with a fast-paced show filled with amazing pet tricks:

Facebook LinkedIn Blog Twitter YouTube YouTube

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews