|
CyberheistNews Vol 4, 11
Editor's Corner
Lowest Scam Of The Week: "You may have cancer" Phishing Email
I suggest you warn your users about this new low that scammers have reached.
Amy Stevens of the PR group Davies Murphy became part of the story when Eduard Kovacs at SoftPedia picked up on her tweet about a phishing email she just received. If you recently had a blood test (and many of us have)... beware! He started with:
"Cybercriminals have hit a new low. They’re telling users they might have cancer just to trick them into installing a piece of malware on their computers." The email is being send as part of a phishing campaign that uses the excellent reputation of the United Kingdom’s National Institute for Health and Care Excellence (NICE). The malicious notifications carry the subject line "IMPORTANT: blood analysis results" and come from a spoofed email address.
Now, you might think the UK is far away so this does not concern you. Think again. The UK is often used as a test bed by the Russian cyber mafia, and you will see this in the U.S in the near future, if it hasn't already arrived. The phishing emails over here will likely come from a spoofed email at Healthcare.gov, or providers like Blue Cross Blue Shield or Aetna and read something like this:
"We have been sent a sample of your blood analysis for further research. During the complete blood count (CBC) we have revealed that white blood cells is very low, and unfortunately we have a suspicion of a cancer. We suggest you to print out your CBC test results and interpretations in attachment below and visit your family doctor as soon as possible."
The PDF file that’s attached to the emails is not a CBC test result, but a double extension file (it ends with dot pdf dot exe) and will install malware on your workstation. At the time of writing, only 14 of the 50 antivirus products detect the file as being malicious. Remind your users to STOP LOOK THINK before they click! Here is an example how the phish looks but note that U.S. versions will be using other (stolen) branding:
http://blog.knowbe4.com/bid/378743/Scam-Of-The-Week-You-may-have-cancer-phishing-email?
No Antivirus Detects Russian Malware For 8 Years!
Here is a bit of s shocker... Researchers with BAE Systems determined that Russian malware known as Snake dates back as far as 2006, instead of 2011 as initially presented by a German security company G Data.
Germany-based G Data SecurityLabs released a "Red Paper" last week explaining that Snake (also called Uroburos) is a rootkit, composed of two files, that is able to take control of infected machines, execute arbitrary commands, hide system activities, and, ultimately, steal information and capture network traffic.
This apparently is the Russian equivalent of the U.S-Israel StuxNet/Flame malware, and even more adept at hiding itself. Would you believe it that -no- antivirus product prevented, detected and/or removed this for 8 years? It's a scandal, what are you paying hard-won budget dollars for every year?
I'm sorry to say it, but antivirus cannot keep up with more than a million malware variants every week. It's time to do a "180" and instead of keeping the bad guys out, only allow "known-good" to run. It's known as whitelisting and as "Application Control", and it would prevent all those state-sponsored super-nasties to run, let alone your average malware.
Five years from now, everybody will be whitelisting, and scratch their heads asking themselves: "Why didn't we do this 10 years ago"? Here is the G Data whitepaper:
https://public.gdatasoftware.com/Web/Content/INT/Blog/2014/02_2014/documents/GData_Uroburos_RedPaper_EN_v1.pdf
Quotes of the Week
"Tell me and I forget. Teach me and I remember. Involve me and I learn." - Benjamin Franklin
"Energy and persistence conquer all things." - Benjamin Franklin
Thanks for reading CyberheistNews! Please forward to your friends. But if you want to unsubscribe,
you can do that right here
You can read CyberheistNews online at our Blog!:
http://blog.knowbe4.com/bid/378159/CyberheistNews-Vol-4-10-Scam-Of-The-Week-Cell-Phone-Voucher
|
Whitepaper: Legal Compliance Through Security Awareness Training
This new whitepaper from Michael R. Overly, Esq., CISA, CISSP, CIPP, ISSMP, CRISC shows you the common threads in compliance laws and regulations. Did you know that "CIA" means Confidentiality, Integrity, and Availability, and how lawmakers incorporated that language in Infosec regulations? Are you familiar with the concept of Acting "Reasonably" or taking "Appropriate" or "Necessary" measures? Find out how this can keep you from violating compliance laws or regulations.
Know you are supposed to "scale security measures to reflect the threat"? We have some examples of the Massachusetts Data Security Law and HIPAA to explain what is required. Download this new whitepaper here:
http://info.knowbe4.com/whitepaper-overly-kb4-14-03-18
New Phishing Scam Promises Bitcoins
Lily Newman at the Future Tense blog wrote this post for the slate site, after Slate's news editor Chad Lorenz received a new phishing email purportedly from coinbase, who happily informed him he had just received 0.0456703 BTC worth just under thirty bucks.
The bad guys are recycling a very old idea and put some modern lipstick on it. Instead of winning the lottery in Nigeria, you have now been given 30 bucks in Bitcoins. Just sign in to view the transaction and who your mystery benefactor is. Yeah, sure.
Turns out that some other Slate editors received the same targeted attack, so this may very well have been the Syrian Electronic Army trying to take over the Slate site. John OBrien, a spokesperson for Coinbase, wrote in an email that the phishing message had a few warning signs: "[T]here are a few red flags. ‘Hi,’ (not addressed to anyone) and ‘from an external account’ (not from anyone). Additionally the link will not take you to Coinbase.com."
Here are 22 Social Engineering Red Flags (PDF) related to email. Print it out, spread it to as many people as you can, stick it on the wall in everyone's cubicle. STOP LOOK THINK before you click:
https://s3.amazonaws.com/knowbe4.cdn/SocialEngineeringRedFlags.pdf
The Bad Guys Stay Busy - Two More Items
1) They hijacked to story about the missing Malaysian Airlines plane. Cyber criminals are redirecting Facebook users to a malicious website claiming that missing flight MH370, a Boeing 777-200 aircraft has been found in the Bermuda Triangle with its passengers still alive and invites users to click a link to view breaking news video footage.
2) Symantec detected a new advanced Phishing Scam that is targeting Google Docs Users with a complex social engineering trick.
"The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive’s preview feature to get a publicly-accessible URL to include in their messages. This login page will look familiar to many Google users, as it’s used across Google’s services.
"It’s quite common to be prompted with a login page like this when accessing a Google Docs link, and many people may enter their credentials without a second thought." states the blog post published by Symantec. Once the victim clicked on “Sign in”, the user’s credentials are sent to a PHP script on a web server controlled by the attackers and the page redirects the user to a real Google Docs document.
The attackers can use a Google account for further attacks or, as Symantec researchers said, to purchase Android applications and content.
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
Semi Truck Jumps over 100 feet in Australia. Fantastic way to get a serious back injury, but wow...
http://www.youtube.com/watch?v=Fhfj2HQegtA&sns=em
Need to get a quick update about Trending, Most Popular and Recent IT Security News? It's all in one place, over at the new Hackbusters site:
http://www.hackbusters.com/
The Catwall Acrobats 360 degrees transparent wall act was the crowd's favorite at the 37th International Circus Festival In Monte Carlo. FUN:
http://www.flixxy.com/the-catwall-acrobats-monte-carlo-festival.htm
Excellent explanation of the difference between TCP and UDP, what NTP is and how these recent "amplified DDoS" attacks works:
http://www.youtube.com/watch?v=BcDZS7iYNsA&feature=em-uploademail
Audi Traffic Light Assistance. Wouldn't it be great if you never have to stop at a red traffic light? Audi’s car-to-X app tells you what speed to maintain so the next light is green. I want one!
http://www.flixxy.com/audi-traffic-light-assistance.htm?utm_source=4
Dan Rice of Hadouken returns with ‘People Are Awesome 2013', a sequel to his 2011 viral hit. There are some death-defying stunts:
http://www.flixxy.com/people-are-awesome-2013.htm?utm_source=4
A cat by the name of Chamallow (Marshmallow) is a master of escape:
http://www.flixxy.com/feline-escape-artist.htm?utm_source=4
Behind the scenes of Cuba Gooding Jr's 1996 Oscar Speech. Some strong language but interesting to see how they did that almost 20 years ago. NSFW:
http://www.youtube.com/watch?v=wcoD_t4QKsU&sns=em
Riding A Motorcycle While Wearing Google Glass Feels Like You're In A Video Game. Not recommended if you want to arrive home in one piece:
http://youtu.be/NFq0TYgeB_k
From the archives: "Hee-Haw" meets Cirque du Soleil when The Ross Sisters perform their acrobatic dance routine. Wait until you see how they exit the stage at the end!
http://www.flixxy.com/ross-sisters-broadway-rhythm.htm?utm_source=4
Jeremy in a McLaren MP4-12C Spider, James in an Audi R8 Spyder and Richard in a Ferrari 458 Spider race against the Stig in a Jaguar XKR-S convertible. Guess who wins?:
http://www.flixxy.com/supercar-street-race-top-gear.htm?utm_source=4
|
