CyberheistNews Vol 4, # 21 Make The Bad Guys Pay!



CyberheistNews Vol 4, # 21
KnowBe4
Stu Sjouwerman's New Security Newsletter Don't miss the Fave Links! Case Studies Resources About Us Contact Us
Facebook LinkedIn Blog Twitter YouTube YouTube
 

CyberheistNews Vol 4, 21

Editor's Corner

KnowBe4

Make The Bad Guys Pay!

Sick and tired of being forced into a defensive role? Inoculate your employees -before- they fall for a phishing attack which could have your CEO read in the paper your company had a data breach like eBay.

How can you get back at the bad guys? By making it expensive for them to do their criminal acts. They need to spend money for servers, data pipes and pay criminal contractors too. So let's make them pay and get NO results with their phishing attacks. How?

Send a FREE simulated eBay phishing attack to your users!

Your users are going to receive eBay phishing scams both at the house and in the office. This is a tricky one because everyone -has- to change their password. Apart from consumers, there are now many businesses with eBay accounts, so they too can be social engineered into giving out confidential and potentially very damaging financial information.

HERE IS THE DEAL:

KnowBe4 has a unique, 4-day Limited Time Offer: Until midnight Friday, May 30, you can send a no-charge eBay simulated phishing attack to your users! How it works in 4 easy steps:

   1) Create a free account here:
   http://training.knowbe4.com/signup
   2) Whitelist our email server, simple and easy to do. Here's how:
   http://www.knowbe4.com/resources/frequently-asked-questions/
   3) Upload your users' email addresses, flat file, one line per address.
   4) Click submit and a few minutes later it will be sent. In a couple
   of hours you will know the Phish-prone percentage of your users and
   your highest-risk employees. Fabulous ammo to get more security budget,
   fun to do, AND you get to be proactive for a change!

This is what your users will see:

------------------------------------------------------------------

From: CustomerService@eBay.Compromised.com
Subject: You Need To Change Your eBay Password Immediately

Body:
Recently, hackers penetrated our network and stole 145 million user names and passwords. Yours was one of these. You need to change your eBay password immediately, so that your personal financial information will stay safe. Please click below to do that.

It will only take a minute. Remember to use a Capital letter, a number and a minimum of 12 letters.

Click here to Change your Password now (this is the link)

Sincerely,

eBay Customer Service

------------------------------------------------------------------

A BIT MORE DETAIL:

OK, unless you were on an Internet-free vacation (fat chance); you have heard that eBay managed to lose over 145 million credentials. OUCH, incredible, major eBay FAIL.

Cybercrime works a lot like a business, and they have massive phishing campaigns all set to go for the next major data breach. Just add a logo, change a few lines of code and they are off to the races. However, by now you can simply buy a ready-for-use criminal eBay phishing site. So get ready and strap yourself in.

Trend Micro predicted that in 2014 we would see one or more major security breaches a month, and up to now they are not far off the mark.

There are several pitfalls with a large breach like this: first the data itself will get sold, causing even more identity thefts and compromised machines. Next, the breach will be used by other cyber mafias to social engineer people into going to a fake eBay site, fill out confidential information, and/or infect their systems with Trojans and rootkits, to say nothing of unpatched 0-day vulnerabilities in WinXP.

We have seen this pattern happening over and over again, so this time you get an advanced warning, especially as eBay has made the inexcusable mistake of sending (some of) its users an email WITH A LINK THEY NEED TO CLICK to change their password. How much stupider can eBay be? After all Phishing 101 is to NEVER click on a link in an email, rather go to the site directly in your browser. The bad guys are going to have a field day with this.

There will be phishing attacks claiming to be from eBay, with an urgent request to change your password right away, because "your financial data is at risk". While they have you on their fake site, they will probably also ask for security question questions and possibly credit card or bank account information.

So, until midnight May 30th, the KnowBe4 default simulated phishing attack template will change to the eBay Password Reset template and then switch back. YOU HAVE 4 DAYS TO DO THIS FREE TEST.

PS, for existing KnowBe4 customers, this new template with the subject: "You Need To Change Your eBay Password Immediately." sits in your Current Events templates group. We suggest you run an immediate campaign as well.

Again, let's get proactive for a change and make the bad guys PAY.

It’s never been more critical to put security on the front line to protect the bottom line!

Warm regards, Stu

NBC Plans to Air Snowden Interview

Brian Williams' one-hour interview will air at 10 p.m. on Wednesday, May 28. NBC news anchor Brian Williams has scored the first American television interview with Edward Snowden. Last year, the ex-National Security Agency contractor exposed the extent of secret U.S. government surveillance of Americans and foreigners. Williams traveled this week to Moscow, where Snowden fled to escape prosecution for revealing classified U.S. documents. Snowden hasn't been able to leave Russia since U.S. officials charged him with espionage and revoked his passport. This should be interesting.

Quotes of the Week

"In a time of universal deceit, telling the truth is a revolutionary act." - George Orwell

"Everything has beauty, but not everyone can see." - Confucius - Philosopher

Thanks for reading CyberheistNews! Please forward to your friends. But if you want to unsubscribe,
you can do that right here

Thanks for reading CyberheistNews! Warm Regards, Stu Sjouwerman | Email me: feedback@knowbe4.com
Facebook LinkedIn Blog Twitter YouTube YouTube
KnowBe4

Which Security Awareness Training Has The Best Results?

A new whitepaper from Osterman Research shows which of the 5 types of awareness training has the best results.

Well over 200 organizations were asked questions related to their awareness training, malware infiltration, and if their problems with phishing were worse, the same or getting better. Research showed that an organization's Security Awareness Confidence Score varies significantly depending on the awareness training type they use.

Download this whitepaper and find out which awareness training approach correlates with improvement of the phishing problem:
http://info.knowbe4.com/whitepaper-osterman-14-05-27

KnowBe4

What Is The OS That Hackers Hate The Most?

By Laura DiDio. Thanks to all of you who took the time to participate in ITIC’s 2014-2015 Reliability poll which had several security specific questions.

Eight out of 10 -- 82% -- of the over 600 respondents to ITIC’s 2014-2015 Global Server Hardware and Server OS Reliability survey say security issues negatively impact overall server, operating system and network reliability. Of that figure a 53% majority of those polled say that security vulnerabilities and hacks have a "moderate," "significant" or "crucial impact" on network availability and uptime.

Overall, the latest ITIC survey results showed that organizations are still more reactive than proactive regarding security threats. Some 15% of the over 600 global corporate respondents are extremely lax: some seven percent said that security issues have no impact on their environment while another eight percent indicated that they don’t keep track of whether or not security issues negatively affect the uptime and availability of their networks.

In contrast, 24% of survey participants or one-in-four said security has a "significant" or "crucial" negative impact on network reliability and performance. Still, despite the well documented and high profile hacks into companies like Target, eBay, Google and other big name vendors this year, the survey found that seven-out-of-10 firms – 70% - are generally confident in the security of their hardware, software and applications – until they get hacked.

In response to the question: "Estimate the impact or perceived impact that server OS security has on overall network reliability":

  • 7% of respondents said "No impact, they are separate and distinct"
  • 29% of participants said "minimal impact"
  • 29% said "moderate impact"
  • 12% said "significant impact"
  • 12% said "extremely crucial, server OS and security are intertwined"
  • 8% indicated they don’t keep track of the security impact on reliability

 

The latest 2014 statistics indicate that organizations recognize that the increasing use of Bring Your Own Device (BYOD), remote access and mobility usage heightens corporation’s security risks. The BYOD trend also and places a greater burden on IT departments to track and manage potential vulnerabilities associated with tablet, smart phone and employee-owned desktops and notebooks. This makes the inherent security of server operating systems and business critical servers and server-based apps like databases, even more crucial.

    IBM, Ubuntu and Debian are Most Secure Server Operating Systems

When it comes to the security of specific server operating systems users gave the highest security ratings to IBM’s z/OS and AIX v 7.1 and the Linux open source distributions Debian v 7 and Ubuntu v 12.04 in that order.

Not surprisingly, IBM’s z/OS which runs on Big Blue’s System z Enterprise mainframe received the highest security ratings with 51% of survey respondents calling it "excellent" and 39% giving it a "very good" grade.

Overall, 89% - nearly nine-out-of 10 companies - gave the z/OS operating system the highest marks for security. This is to be expected since mainframe systems are highly engineered for overall bullet-proof reliability/fault tolerance, robust security and performance.

IBM’s AIX v 7.1 also scored very well with 68% of survey respondents giving an "excellent" or "very good" rating followed closely by Debian v 7.x which was rated "excellent" or "very good" by 67% of survey participants and Ubuntu v 12.04 which got the highest grades from 65% of those polled.

The biggest surprise was that both HP and Microsoft’s Windows Server 2012 R2 security ratings tumbled from ITIC’s prior polls. In the current ITIC 2014 reliability survey only 19% of users rated HP’s UX 11i v 3’s security as "excellent," another 19% characterized it as "very good" and 29% rated it "good." Regarding Windows Server: 19% said Excellent; 33% said very good; 22% said good; 15% said satisfactory; 5% said poor and 6% said unsatisfactory.

If anyone would like a copy of the full ITIC 2014-2015 Reliability Survey results please message Laura DiDio directly at: ldidio@itic-corp.com

KnowBe4

Why Security & Profitability Go Hand-In-Hand

It's never been more critical to put security on the front line to protect your company's bottom line.

The threat landscape has evolved tremendously during the past several years, yet many businesses’ priority lists have stayed the same. Business leaders in executive offices are determined to get revenue-generating projects on the market first, and then, usually a year later, they worry about security.

According to Trustwave’s recently released "2014 Security Pressures Report," 79 percent of respondents said they felt pressured in 2013 to roll out IT projects despite concerns that the projects were not security-ready. The survey, which polled more than 800 full-time global IT professionals about the information security pressures they face, revealed that, too often, security is an afterthought in the product development process -- though that’s not necessarily intentional. More at DarkReading:
http://www.darkreading.com/operations/why-security-and-profitability-go-hand-in-hand/a/d-id/1252679?

KnowBe4

Cyberheist 'FAVE' LINKS:

* This Week's Links We Like. Tips, Hints And Fun Stuff.

Why Phishing Scams Keep Working. Recent Dilbert Cartoon:
http://www.dilbert.com/strips/comic/2014-05-19/

And talking about funny cartoons, this one was a instant hit with system admins!
http://blog.knowbe4.com/bid/386493/and-in-this-corner-we-have-dave

Five of the best Red Bull stunts:
http://www.gizmag.com/top-five-red-bull-stunts/32183/?

Ikea's Death Star lamp. Cool! I want one:
http://boingboing.net/2014/05/18/ikeas-death-star-lamp.html

Un-bearably cute! Mama bear saves baby bear from busy highway:
http://www.flixxy.com/mama-bear-saves-the-day.htm?utm_source=4

This cat has heard 'Let It Go' from the Disney movie 'Frozen' too many times and decided to do something about it:
http://www.flixxy.com/cat-turns-off-lights-to-stop-let-it-go-performance.htm?utm_source=4

The Antonov-225 is the world's largest aircraft. A jet so huge - the Wright Brother's first flight could have taken place in the cargo bay!
http://www.flixxy.com/worlds-largest-aircraft-antonov-225-mriya.htm

21 more crazy and scary things the TSA has found on travelers:
http://www.networkworld.com/slideshow/137458/21-more-crazy-and-scary-things-the-tsa-has-found-on-travelers.html?

12-rotor rotary engine potentially capable of 2,400 horsepower in a very compact package, check out this innovative engine:
http://www.motorauthority.com/news/1090552_12-rotor-rotary-engine-potentially-capable-of-space-time-manipulation-video?

Going full speed in the desert up a sand dune with a Toyota truck. Impressive!:
http://www.flixxy.com/racing-up-a-sand-dune-in-a-toyota-truck.htm?utm_source=4

Slept through high school American History? This fabulous GIF shows you the whole thing in less than 2 minutes as an animated timeline:
http://www.ijreview.com/wp-content/uploads/2014/05/US-Map-GIF1.gif?74c692

Flying An R/C Quadcopter Over The Burj Khalifa - The World's Tallest Building:
http://www.flixxy.com/flying-an-rc-quadcopter-over-the-burj-khalifa-the-worlds-tallest-building.htm?utm_source=4

 
KnowBe4
Facebook LinkedIn Blog Twitter YouTube YouTube



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews