CyberheistNews Top 2013 Scams Looking at the last 12 months, I compiled the Top 5 biggest scams we reported on and which are still out there preying on your users in 2014. Also, I went back and found the Top 5 blog posts that went viral and which you may have missed. They are all further down! Year End Specials KnowBe4 is expanding about 400% per year and we are playing the game to get into INC.500 but we need a little bit of extra push to get there. It would be awesome if you could help us out. If you have some end-of-year budget left, get a quote for Kevin Mitnick Security Awareness Training, it's the best bang for your budget buck. And, have a very special incentive for you if you can make it happen to get that PO to us before the end of the year. Kevin sent us a limited batch of his famous "lock pick" business card, and orders over $500 will get one of these collectibles if we get your PO in time. And for some very special people we have a signed copy of his book Ghost In the Wires, but these are rare so you have to be quick. So, it would be great if you could send in your order as soon as possible! To expedite things, you can just sign the quote and email it back to us which counts as a valid order. Fill out this form to get your quote emailed back ASAP: Quotes of the Week "The most difficult thing is the decision to act, the rest is merely tenacity." - Emelia Earhart |
Are regular audits taking up too much of your time?
Practically all of KnowBe4 customers need to be compliant with one or more regulations. Over the years they have told us that regular audits are taking up too much of their time, and that careless end-users cause all kinds of problems. You need to satisfy auditors that all controls are in place, but you said you have a lack of time and management support.
To top it all off, you have to produce all the evidence regularly, but the duplication of effort and keeping track of everything in a spreadsheet is a pain. Well, over the last 18 months we have worked hard on a new way to manage this problem, and I am proud to present something that takes the pain out of compliance.
We have developed KnowBe4 Compliance Manager, a Software as a Service or cloud-based application, which consolidates your audit management and regulatory compliance tasks into simple automated workflows which prevent overlap and eliminate gaps.
No more compliance spreadsheet nightmare...
Spreadsheets are inefficient, error prone, costly, and a risk in itself. Save your time, save budget, and decrease complexity associated with first becoming compliant and then maintaining compliance. You can now streamline your audit compliance management with the new KnowBe4 Compliance Manager™ (KCM).
Here is what one of your colleagues said: "This is a valuable tool. We need to improve our compliance, and this makes it easy. Duplication of effort is a pain!" IT Manager, Healthcare - 1,500 users.
Start your New Year with one (compliance) headache less and save yourself a lot of time. Ask for a quote now:
https://www.knowbe4.com/quote_kcm/
CyberheistNews 2013 Top 5 Scams
Number 1: FBI: "Beta Bot" Malware Kills Your Anti-Virus And Steals Data
Here is something to warn your users against. It uses social engineering to make them click on a "windows" popup box. This week, the FBI sent out a warning that a commercial strain of malware known as "Beta Bot" can turn off your antivirus, stops access to the websites of antivirus vendors so that your antivirus program cannot call home for fresh definitions, and steals your user name and password when you log into your financial institutions, e-commerce sites, online payment platforms, and social networks. Here is the link to our blog post with more information and an example of the Windows box users are clicking on:
https://blog.knowbe4.com/bid/336921/FBI-Beta-Bot-malware-kills-your-anti-virus-and-steals-data
Number 2: Walmart Mass Customized Phishing Attack
Wal-Mart took special effort and warned customers of an unusually 'high quality' phishing email that tries to get personal and credit information. Mass customized attacks like this show that malware has reached a high maturity level; the bad guys have gone 'pro'. Walmart stated on their corporate site: "There was a false email sent to a number of people this morning claiming to be from Walmart.com. This email looks like a confirmation of a purchase made on Walmart.com, but is actually a phishing email attempting to gather information. Picture at the KnowBe4 Blog, and warn your users.
https://blog.knowbe4.com/bid/285456/Phishing-Scam-Of-The-Week-Walmart-com
Number 3: Scam Of The Week: 4th Of July
Cybercriminals have a planned marketing agenda just like real companies. They take advantage of current events, catastrophes and holidays to try to trick people into clicking on links. This year they have taken our 4th of July to start a phishing campaign that supposedly sends a patriotic eCard but the email contains a malware payload. If this thing slips through the PC's antivirus and gets opened, it infects the PC with malware that makes it into a zombie. Oh, and while we are at it, there are also 100% criminal 4th of July-themed websites with "Buy Now Specials" which have as their only goal to get the victim's credit card information. Remind your users: Think Before You Click!
Number 4: Scam Of The Week: Google Glass
The Google Glass project has had an enormous amount of free publicity and the upcoming product release has been hyped all over the press. Cyber scammers have jumped on the bandwagon as well, and they count on users googling for these new cool glasses. The scam is a poisoned search result for "free Google glasses" which then leads to a survey scam. That scam is pretty crafty, first it takes the user to a YouTube video which is a ripped off copy of Google's own glasses-ad, and then they get a message that "The glasses is not available for public, but it is possible to get similar glasses for free!" Yup, sure.
The user is then pointed to a page where they can 'get instructions' on how to become a beta tester for Google Project Glass. As always, if it sounds too-good-to-be-true it usually is so warn your users about this. Want to see something fun? This is a video for Google Glass, but self-described "pop culture hacker: Jonathan McIntosh noticed that something was missing from the Google Glass video: the ads. So he took sections of the original glass video and commercialized them. Watch ADmented Reality:
https://www.youtube.com/watch?v=_mRF0rBXIeg&feature=youtu.be
Number 5: Scam Of The Week: Holiday Deals
The 2013 Holiday Season is in full swing. Employees use the web to buy gifts both from the office and at the house. Last week, Black Friday started a month of high-intensity online shopping. Last year, Internet protection company BrandProtect found that almost 3,000 fraudulent Holiday shopping sites were registered, and this year is not any different. These sites use special savings and "killer deals" as bait for phishing emails, and the scams infiltrate mobile apps and social media as well. Warn your users that the excitement of getting an awesome deal before it sells out often makes people throw out common sense and forget security policy. The bad guys count on this. To make sure they don't lose out, users will click on suspicious links without first hovering to see where it goes, and open infected email attachments trying to get a great holiday deal. With Black Friday and CyberMonday stretching out over weeks now, users really need to STOP, LOOK and THINK before they click. Especially when an employee is using a mobile device to do their Holiday shopping this is a problem. Insecure online behavior by employees exposes your network resources and puts your company data to risk. Especially at this time of year, when a deal sounds too good to be true, it very likely is. Warn them, because your users are an essential part of your defense-in-depth.
Super Popular Blog Posts
We went back and looked at the posts that were read way more than any other posts and went viral. Here is the Top 5 for 2013:
Number 1: The Seven Deadly Social Engineering Vices
You may not be aware that there is a scale of seven deadly vices connected to social engineering. The deadliest social engineering attacks are the ones that have the highest success rates, often approaching 100%. What is the secret of these attacks, how come they succeed so well?
https://blog.knowbe4.com/bid/290552/The-Seven-Deadly-Social-Engineering-Vices
Number 2: The Antivirus Industry’s Dirty Little Secret
The Antivirus industry has a dirty little secret that they really don’t want anyone to know. Despite the claims of their marketing departments, their products are not all that effective. Many of them are only protecting against at best 80% or 90% of the threats out there in the wild at any time. Let’s look at that in more detail.
https://blog.knowbe4.com/bid/355390/the-antivirus-industry-s-dirty-little-secret
Number 3: Your AntiVirus Does Not See NSA's Botnet
The revelations are getting wilder by the week. The NSA has its own botnet, they infected more than 50,000 computer networks worldwide with malicious software designed to steal sensitive information. Documents provided by whistleblower Snowden and seen by the Dutch newspaper NRC Handelsblad, prove this.
http://blog.knowbe4.com/bid/353879/Your-AntiVirus-Does-Not-See-NSA-s-Botnet
Number 4: Held For Ransom The CryptoLocker "FBI Virus"
You should alert your users that a particularly effective scam is growing by leaps and bounds recently. It's not new, but it's bursting into mainline cybercrime these last few weeks. The scam takes over the full screen of the PC, stating that the FBI has locked that PC until a fine is paid. The PC may look locked down, but it was a cyber criminal who did that, not the Feds.
https://blog.knowbe4.com/bid/326395/Scam-Of-The-Week-Held-For-Ransom
Number 5: Five Ways Your Employees Can Kill Your Company
Here they are: - 1) Insider threat - 2) Allowing access to a restricted area - 3) Open infected email attachments - 4) Insert infected thumb drives in a workstation - 5) Click on Phishing links. Here is more detail on each and how you can prevent it:
https://blog.knowbe4.com/bid/314569/Five-Ways-Your-Employees-Can-Kill-Your-Company