CyberheistNews Vol 3, 39

CyberheistNews Vol 3, # 39
Stu Sjouwerman's New Security Newsletter Don't miss the Fave Links! Case Studies Resources About Us Contact Us
Facebook LinkedIn Blog Twitter YouTube YouTube

CyberheistNews Vol 3, 39

Editor's Corner


FBI: "Beta Bot" Malware Kills Your Anti-Virus And Steals Data

Here is something to warn your users against. It uses social engineering to make them click on a "windows" popup box.

This week, the FBI sent out a warning that a commercial strain of malware known as "Beta Bot" can turn off your antivirus, stops access to the websites of antivirus vendors so that your antivirus program cannot call home for fresh definitions, and steals your user name and password when you log into your financial institutions, e-commerce sites, online payment platforms, and social networks.

The Beta Box malware masks itself as the "User Account Control" message box, but when you click on this box, it will infect your computer. If the above pop-up message or a similar prompt appears on your computer and you did not ask for it, or are not making changes to your system's configuration, do not authorize this fake "Windows Command Processor" to make any changes.

Beta Bot is commercial malware, meaning it was made by cyber criminals to be sold to other cyber criminals who can then use it to steal your personal information. It also means the quality is very high, and it's hard to get rid of when your PC gets infected. So have another look at the screenshot above, as it is much easier to prevent this infection than cure it which will likely require a call to the helpdesk and lost production time, or a trip to your computer retailer so they can fix it.  The best way to get rid of this popup is to press ALT-F4 to make it go away.  You can also click on the red X at the top right, but do not click on the Yes or No at the right bottom.

Debate: Does Infrastructure Matter For System Security?

I participated last Tuesday in the IBM debate: "Are the infrastructure design components key to achieving a level of ultimate security?" You can watch the recording at the spreecast website:

Quote of the Week

"And in the end it's not the years in your life that count. It's the life in your years" - Abraham Lincoln

"The best thing about the future is that it comes only one day at a time." - Abraham Lincoln

Note: Links are no longer redirected. You can now hover the links and see exactly where they go.

Thanks for reading CyberheistNews! Please forward to your friends. But if you want to unsubscribe,
you can do that right here

Thanks for reading CyberheistNews! Warm Regards, Stu Sjouwerman | Email me:
Facebook LinkedIn Blog Twitter YouTube YouTube

Exactly -Which- Employees Are The "Weak Link" In Your IT Security?

Today, your employees are exposed to Advanced Persistent Threats. Trend Micro reported that 91% of successful data breaches started with a spear phishing attack. IT Security specialists call it your 'phishing attack surface'. The more email addresses that are exposed, the bigger your attack footprint is, and the higher the risk. Let's find out. How?

ONE: We run the (free) Email Exposure Check for you. That gives you all the email addresses out there available on the Internet from your own domain. It's often surprising how many addresses can be found and whose.

TWO: You create (again free) an account on our website, upload the addresses found in step ONE, and 5 minutes later they receive a simulated phishing attack! You will immediately know your phishing attack surface, your Phish-prone percentage and your highest risk employees. Fabulous ammo to get more security budget, fun to do and it takes less than 10 minutes. Let's Find Out!


50% Admit Their Security Awareness Training Program Is Broken

Steve Ragan over at CSO Magazine wrote: "A new study on user risk shows that employers are willingly conducting user awareness training, but only half of them follow-up with additional tests to gauge such training's effectiveness.

"As network defenses grow stronger, and the gaps within those various layers of protection shrink, criminals are looking towards the soft targets, including employees, contractors, and customers, in order to launch an attack. Such knowledge isn't a secret, this is why user awareness training exists; it helps mitigate the risk associated with soft target attacks, including phishing and social engineering.

According to the 2013 Verizon Data Breach Investigations Report, 29 percent of the attacks referenced by Verizon could be traced back to social tactics, such as phone calls, email, and social media (e.g. Facebook, LinkedIn, or Twitter). This type of data is often what drives awareness programs, and why companies spend money in order to teach employees how to spot phishing scams and how to limit their exposure online.

However, teaching without testing opens a rather large gap in the overall usefulness of such programs. In a recent study published by Rapid7, based on responses from IT professionals representing more than 550 organizations, it was revealed that 66 percent of those firms conduct user awareness training, but only 33 percent of them actually follow that training with tests to measure effectiveness.

So in Rapid7's survey, the real story is that 50 percent of those surveyed admitted to having broken awareness programs. Going back to Verizon's data, phishing accounted for at least 22 percent of all the reported incidents documented in the report. At the same time, the research points out that even the most targeted and malicious attacks an organization faces often rely on relatively simple techniques such as this to get started.

When it comes to making a dent in socially-based attacks, the organization needs to have awareness programs that teach and test, alongside common technical controls, such as email filtering and endpoint protections."

And that is exactly why we built KnowBe4 with its Kevin Mitnick Security Awareness Training. We train and test, test, test the whole year through.


Security Architecture Skills In High Demand

Security is at the forefront of every CIO's mind. The relentless waves of news stories detailing major corporations that have been hacked grow larger each week. To battle the onslaught of cyber-terrorists and script kiddies, you need a solid security architecture. That doesn’t happen by accident.

"Companies are fearful. It's not getting better. Companies are seeing that they are closer than ever before to dangerous breaches. Security needs to be properly architected because it cost a lot of money," says Foote.

IT security professionals with these skills earn a premium of between 14-18 percent of base salary, according to Foote Partners. These skills have also seen a considerable 23.1 percent increase in value/demand over the last twelve months. Average salary: $115,000. Full slideshow here:


The Latest Anti Phishing Workgroup Report

The APWG came out with their September 2013 report and there is a lot of valuable data in there. They reveal how phishers perpetrated their attacks. The bad guys are trying new tricks and take advantage of new resources.

Major findings in this report include:
1. Vulnerable hosting providers are inadvertently contributing to phishing. Mass compromises led to 27 percent of all phishing attacks.
2. Phishing continues to explode in China, where the expanding middle class is using e-commerce more often.
3. The number of phishing targets (brands) is up, indicating that e-criminals are spending time looking for new opportunities.
4. Phishers continue to take advantage of inattentive or indifferent domain name registrars, registries, and subdomain resellers. The number of top-level registries is poised to quintuple over the next two years.
5. The average and median uptimes of phishing attacks are climbing.

Here is the whole report:


Cyberheist 'FAVE' LINKS:

* This Week's Links We Like. Tips, Hints And Fun Stuff.

MIT astrophysicist Professor Walter Lewin demonstrates the bizarre behavior of a spinning bicycle wheel. Fascinating video:

And while we are talking science, this is pretty amazing: 'A Capella Science' performs a brilliant cover of 'Bohemian Rhapsody'. This guy has too much time on his hands though!:

Dutch cyclist Sebastiaan Bowier pedalled his way into the record books, hitting more than 83 mph (133 km/h) as he sped through the Nevada desert:

An eagle carrying a small video camera shows us what it's like to fly over 'La Mer De Glace' in Chamonix, France:

Cats and dogs enjoy trying to fit into small spaces. Super Cute:

Giving Is The Best Communication. The story of a man unexpectedly rewarded for the good deeds he performed without expecting anything in return:

Half of the U.S. lives in these 146 of the total of 3,144 counties - is yours one of them? Here is the very interesting map:

Facebook LinkedIn Blog Twitter YouTube YouTube


Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews