CyberheistNews Vol 11 #26
[Eye Opener] Almost All LinkedIn User’s Data Has Been Scraped and Is up for Sale on the Dark Web
700 Million LinkedIn user’s personal details were posted for sale earlier this month, putting 92% of their userbase at risk of social engineering and spear phishing attacks.
Hacker TomLiner put up a post last week on the dark web offering 700 Million LinkedIn records. Listed as a “GOD User”, no doubt TomLiner is active and well-known in that online community.
The data includes a number of details about each user, including:
According to LinkedIn, this isn’t technically a breach, since no private information was stolen. Instead, they claim it’s an aggregate of the 500 million records stolen in April and other sites.
Even so, just knowing that cyber criminals can arm themselves with some impactful details familiar to the potential victim, you should be looking for ways to empower users to know when they’re being targeted. Security Awareness Training is one of the most effective ways, as it opens your user’s eyes to how the bad guys try to trick them, teaching them to stay on their toes with security top of mind – even when emails appear legitimate.
Blog post with screen shots and links:
https://blog.knowbe4.com/almost-all-linkedin-users-data-has-been-scraped-and-is-up-for-sale-on-the-dark-web
700 Million LinkedIn user’s personal details were posted for sale earlier this month, putting 92% of their userbase at risk of social engineering and spear phishing attacks.
Hacker TomLiner put up a post last week on the dark web offering 700 Million LinkedIn records. Listed as a “GOD User”, no doubt TomLiner is active and well-known in that online community.
The data includes a number of details about each user, including:
- Email addresses
- Full names
- Phone numbers
- Physical addresses
- Geolocation records
- LinkedIn username and profile URL
- Personal and professional experience/background
- Genders
- Other social media account usernames
According to LinkedIn, this isn’t technically a breach, since no private information was stolen. Instead, they claim it’s an aggregate of the 500 million records stolen in April and other sites.
Even so, just knowing that cyber criminals can arm themselves with some impactful details familiar to the potential victim, you should be looking for ways to empower users to know when they’re being targeted. Security Awareness Training is one of the most effective ways, as it opens your user’s eyes to how the bad guys try to trick them, teaching them to stay on their toes with security top of mind – even when emails appear legitimate.
Blog post with screen shots and links:
https://blog.knowbe4.com/almost-all-linkedin-users-data-has-been-scraped-and-is-up-for-sale-on-the-dark-web
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us THIS WEEK, Thursday, July 8 @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at new features and see how easy it is to train and phish your users.
Date/Time: THIS WEEK, Thursday, July 8 @ 2:00 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/3286254/12D6C8F373C83EA522925D9001A54B3F?partnerref=CHN2
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us THIS WEEK, Thursday, July 8 @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at new features and see how easy it is to train and phish your users.
- NEW! AI-Driven phishing and training recommendations based on your users' phishing and training history.
- NEW! Brandable Content feature gives you the option to add branded custom content to select training modules.
- NEW! Security Awareness Proficiency Assessment Benchmarks let you compare your organization’s proficiency scores with other companies in your industry.
- Did You Know? You can upload your own SCORM training modules into your account for home workers.
- Active Directory Integration to easily upload user data, eliminating the need to manually manage user changes.
Date/Time: THIS WEEK, Thursday, July 8 @ 2:00 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/3286254/12D6C8F373C83EA522925D9001A54B3F?partnerref=CHN2
Yet Another Disk Image File Format Spotted in the Wild Used To Deliver Malware
Disguised as an invoice, cyber criminals use a Windows-supported disk image to obfuscate malware from email gateways and security scanners. The question is how viable will it be?
The bad guys are in constant need to find ways to evolve their art as the good guys improve their security solutions to respond to current attack methods. Historically, we’ve seen a number of image files used including virtual hard disks and ZIP files, as well as .ISO, .IMG, and .DAA files.
But, as security solutions get wise and use AI to simply determine “has this user EVER received an image file???” to flag an email, the cybercriminal needs to look for a new format. According to a recent article from security vendor Trustwave, they’ve spotted a WIM (Windows Imaging Format) file disguised as an invoice or consignment note in the wild.
The WIM format is one developed by Microsoft. The WIM file contains a single executable – the Agent Tesla malware. Because Windows 10 and above support this filetype, it’s possible that it can be directly opened by the recipient.
This one seems a little out there, as the user experience to detonate this malware involves first extracting the WIM file’s contents (and “extracting” is a very foreign concept to most users). So, it seems the bad guys are relying on the recipients ignorance to simply click the affirmative buttons blindly to install the malware.
Users can easily be educated about such tactics using continual security awareness training that keeps them updated on the latest types of scams, phishing methods, and more.
Blog post with screenshot and links:
https://blog.knowbe4.com/yet-another-disk-image-file-format-spotted-in-the-wild-used-to-deliver-malware
Disguised as an invoice, cyber criminals use a Windows-supported disk image to obfuscate malware from email gateways and security scanners. The question is how viable will it be?
The bad guys are in constant need to find ways to evolve their art as the good guys improve their security solutions to respond to current attack methods. Historically, we’ve seen a number of image files used including virtual hard disks and ZIP files, as well as .ISO, .IMG, and .DAA files.
But, as security solutions get wise and use AI to simply determine “has this user EVER received an image file???” to flag an email, the cybercriminal needs to look for a new format. According to a recent article from security vendor Trustwave, they’ve spotted a WIM (Windows Imaging Format) file disguised as an invoice or consignment note in the wild.
The WIM format is one developed by Microsoft. The WIM file contains a single executable – the Agent Tesla malware. Because Windows 10 and above support this filetype, it’s possible that it can be directly opened by the recipient.
This one seems a little out there, as the user experience to detonate this malware involves first extracting the WIM file’s contents (and “extracting” is a very foreign concept to most users). So, it seems the bad guys are relying on the recipients ignorance to simply click the affirmative buttons blindly to install the malware.
Users can easily be educated about such tactics using continual security awareness training that keeps them updated on the latest types of scams, phishing methods, and more.
Blog post with screenshot and links:
https://blog.knowbe4.com/yet-another-disk-image-file-format-spotted-in-the-wild-used-to-deliver-malware
See How You Can Get Audits Done in Half the Time, Half the Cost and Half the Stress
You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments and third-party vendor risk is a continuous problem.
KCM GRC is a SaaS-based platform that includes Compliance, Risk, Policy and Vendor Risk Management modules. KCM was developed to save you the maximum amount of time getting GRC done.
Join us THIS WEEK, Thursday, July 8 @ 1:00 PM (ET), for a 30-minute live product demo of KnowBe4's KCM GRC platform. Plus, get a look at new compliance management features we've added to make managing your compliance projects even easier!
Save My Spot!
https://event.on24.com/wcc/r/3286345/9F427CBDE5C69AB7CEEFBD2E475B65AB?partnerref=CHN2
You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments and third-party vendor risk is a continuous problem.
KCM GRC is a SaaS-based platform that includes Compliance, Risk, Policy and Vendor Risk Management modules. KCM was developed to save you the maximum amount of time getting GRC done.
Join us THIS WEEK, Thursday, July 8 @ 1:00 PM (ET), for a 30-minute live product demo of KnowBe4's KCM GRC platform. Plus, get a look at new compliance management features we've added to make managing your compliance projects even easier!
- NEW! Control guidance feature provides in-platform suggestions to help you create controls to meet your specific scopes and requirements.
- Vet, manage and monitor your third-party vendors' security risk requirements.
- Simplify risk management with an intuitive interface and simple workflow based on the well-recognized NIST 800-30.
- Quick implementation with pre-built requirements templates for the most widely used regulations.
- Dashboards with automated reminders to quickly see what tasks have been completed, not met, and past due.
Save My Spot!
https://event.on24.com/wcc/r/3286345/9F427CBDE5C69AB7CEEFBD2E475B65AB?partnerref=CHN2
The Biggest Bitcoin Heist Ever: A Whopping 3.6 Billion Dollars
I'm not sure why this is not all over the press. Bloomberg picked up on this though. A pair of South African brothers have vanished, along with Bitcoin worth $3.6 billion from their cryptocurrency investment platform.
They said on June 23rd: "A Cape Town law firm hired by investors says they can’t locate the brothers and has reported the matter to the Hawks, an elite unit of the national police force. It’s also told crypto exchanges across the globe should any attempt be made to convert the digital coins."
It's an unbelievable story. Bitcoin Buyer Beware:
https://blog.knowbe4.com/eye-opener-the-biggest-bitcoin-heist-ever-a-whopping-3.6-billion-dollars
I'm not sure why this is not all over the press. Bloomberg picked up on this though. A pair of South African brothers have vanished, along with Bitcoin worth $3.6 billion from their cryptocurrency investment platform.
They said on June 23rd: "A Cape Town law firm hired by investors says they can’t locate the brothers and has reported the matter to the Hawks, an elite unit of the national police force. It’s also told crypto exchanges across the globe should any attempt be made to convert the digital coins."
It's an unbelievable story. Bitcoin Buyer Beware:
https://blog.knowbe4.com/eye-opener-the-biggest-bitcoin-heist-ever-a-whopping-3.6-billion-dollars
Implement DMARC the Right Way To Keep Phishing Attacks Out of Your Inbox
DMARC, SPF, and DKIM are global anti-domain-spoofing standards, which can significantly cut down on phishing attacks. Implemented correctly they allow you to monitor email traffic, quarantine suspicious emails, and reject unauthorized emails. But less than 30% of organizations are actually using them. And even fewer are using them correctly.
In this webinar, Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, will teach you how to enable DMARC, SPF, DKIM the right way. You’ll also discover six reasons why phishing still might get through to your inbox and what you can do to maximize your defenses.
You’ll learn:
Date/Time: Thursday, July 15 @ 2:00 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/3300702/A03B43AB615A0916A642C191C039ECBC?partnerref=CHN
Let's stay safe out there.
DMARC, SPF, and DKIM are global anti-domain-spoofing standards, which can significantly cut down on phishing attacks. Implemented correctly they allow you to monitor email traffic, quarantine suspicious emails, and reject unauthorized emails. But less than 30% of organizations are actually using them. And even fewer are using them correctly.
In this webinar, Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, will teach you how to enable DMARC, SPF, DKIM the right way. You’ll also discover six reasons why phishing still might get through to your inbox and what you can do to maximize your defenses.
You’ll learn:
- How to enable DMARC, SPF, and DKIM
- How to best configure DMARC and other defenses to prevent phishing attacks
- What common configuration mistakes organizations make
- Why a strong human firewall is your best last line of defense
Date/Time: Thursday, July 15 @ 2:00 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/3300702/A03B43AB615A0916A642C191C039ECBC?partnerref=CHN
Let's stay safe out there.
Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc
- NSA, Partners Release Cybersecurity Advisory on Russian Brute Force Global Cyber Attack:
https://www.nsa.gov/news-features/press-room/Article/2677750/nsa-partners-release-cybersecurity-advisory-on-brute-force-global-cyber-campaign/ - Important Kaseya Notice! Turn VSA Off. Now. Ransomware. Updated:
https://blog.knowbe4.com/important-kaseya-notice-turn-vsa-off.-now.-ransomware
Quotes of the Week
"Everything we hear is an opinion, not a fact. Everything we see is a perspective, not the truth."
- Marcus Aurelius - Roman Emperor (121 -180 AD)
"Nothing is easier than self-deceit. For what each man wishes, that he also believes to be true."
- Demosthenes - Statesman (384 - 322 BC)
Thanks for reading CyberheistNews
- Marcus Aurelius - Roman Emperor (121 -180 AD)
"Nothing is easier than self-deceit. For what each man wishes, that he also believes to be true."
- Demosthenes - Statesman (384 - 322 BC)
Thanks for reading CyberheistNews
Security News
Misconfigured Cloud Database Increases Risk of Social Engineering
DreamHost, a major website hosting provider, exposed 814 million user account records in an unsecured database, researchers at Website Planet have found. The data exposed included a wealth of information about WordPress accounts that used DreamHost’s services, such as “WordPress login location URL, first and last names, email addresses, usernames, roles (admin, editor, registered user, etc.),” and other information.
DreamHost quickly secured the database after being notified, but Website Planet warns users to be on the lookout for spear phishing attacks.
“The danger of these emails being exposed would be for cyber criminals to launch a targeted attack based on the domain, account, or other information that only the hosting provider or website admin would know,” the researchers write.
“We saw records that listed how many administrative accounts or users were associated and listed them all with timestamps of when they were added. DreamHost has a good reputation of protecting their customers from domain hijacking or domain theft and offers domain privacy for free. This exposure appears to contain only information connected to their DreamPress managed WordPress users and not their hosting or domain customers.”
The researchers add that while the database didn’t expose passwords, it still made it much easier for potential attackers to launch social engineering attacks. “The way the records were structured they identified the URL or website domain name and the user’s role such as: admin, editor, subscriber, etc.,” the researchers write.
“This information would provide a clear picture of the hierarchy and who may be the best potential phishing or social engineering target based on their roles. The danger of having even partial administrative credentials exposed is that it removes half of the work required to access an account.
Once a cyber criminal has the username, email address, and location of the WordPress admin dashboard, the only thing left is to get the password. Social Engineering is the easiest way to build a position of trust and try multiple methods to trick the victim to provide their password.” New-school security awareness training can enable your employees to thwart targeted social engineering attacks.
Continued in Blog:
https://blog.knowbe4.com/misconfigured-cloud-database-increases-risk-of-social-engineering
DreamHost, a major website hosting provider, exposed 814 million user account records in an unsecured database, researchers at Website Planet have found. The data exposed included a wealth of information about WordPress accounts that used DreamHost’s services, such as “WordPress login location URL, first and last names, email addresses, usernames, roles (admin, editor, registered user, etc.),” and other information.
DreamHost quickly secured the database after being notified, but Website Planet warns users to be on the lookout for spear phishing attacks.
“The danger of these emails being exposed would be for cyber criminals to launch a targeted attack based on the domain, account, or other information that only the hosting provider or website admin would know,” the researchers write.
“We saw records that listed how many administrative accounts or users were associated and listed them all with timestamps of when they were added. DreamHost has a good reputation of protecting their customers from domain hijacking or domain theft and offers domain privacy for free. This exposure appears to contain only information connected to their DreamPress managed WordPress users and not their hosting or domain customers.”
The researchers add that while the database didn’t expose passwords, it still made it much easier for potential attackers to launch social engineering attacks. “The way the records were structured they identified the URL or website domain name and the user’s role such as: admin, editor, subscriber, etc.,” the researchers write.
“This information would provide a clear picture of the hierarchy and who may be the best potential phishing or social engineering target based on their roles. The danger of having even partial administrative credentials exposed is that it removes half of the work required to access an account.
Once a cyber criminal has the username, email address, and location of the WordPress admin dashboard, the only thing left is to get the password. Social Engineering is the easiest way to build a position of trust and try multiple methods to trick the victim to provide their password.” New-school security awareness training can enable your employees to thwart targeted social engineering attacks.
Continued in Blog:
https://blog.knowbe4.com/misconfigured-cloud-database-increases-risk-of-social-engineering
Become a Certified Security Awareness and Culture Professional (SACP)™
In today’s evolving cybersecurity landscape, the skills of security awareness professionals are increasingly viewed as crucial to protecting organizational information assets from human error.
Be a leader in the security awareness and culture profession. Earn H Layer’s Security Awareness and Culture Professional (SACP)™ credential and demonstrate your competency to design and lead security awareness programs that build a sustained security-awareness culture.
The Security Awareness and Culture Professional (SACP)™ credential is the only independent, vendor-neutral certification designed specifically for the newest in-demand job roles in security awareness.
Don't miss the $40.00 discount on the SACP Certification Application through July 31, 2021. Use Coupon Code SACPlaunch21 at checkout to take advantage of this special savings.
Learn more about the SACP Exam or download the SACP Candidate Information Bulletin.
Don't wait. Apply today and become one of the first professionals to earn your SACP Certification.
https://www.thehlayer.com/about-exam/
In today’s evolving cybersecurity landscape, the skills of security awareness professionals are increasingly viewed as crucial to protecting organizational information assets from human error.
Be a leader in the security awareness and culture profession. Earn H Layer’s Security Awareness and Culture Professional (SACP)™ credential and demonstrate your competency to design and lead security awareness programs that build a sustained security-awareness culture.
The Security Awareness and Culture Professional (SACP)™ credential is the only independent, vendor-neutral certification designed specifically for the newest in-demand job roles in security awareness.
Don't miss the $40.00 discount on the SACP Certification Application through July 31, 2021. Use Coupon Code SACPlaunch21 at checkout to take advantage of this special savings.
Learn more about the SACP Exam or download the SACP Candidate Information Bulletin.
Don't wait. Apply today and become one of the first professionals to earn your SACP Certification.
https://www.thehlayer.com/about-exam/
What KnowBe4 Customers Say
"Thank you for hiring great folks like ToddL. We have been very pleased with the support provided by ToddL and wanted you to know how much we appreciate quality support! Thank you."
- P.A., Systems Analyst
"We are happy campers. So far the product has done everything we could have hoped for. Our phishing scores are dropping and overall, the organization seems to be more security conscious. The support from Rachel R. has been stellar and we were able to get it all configured quickly. Thank you from Colorado!"
- B.S., Director IT
"Thank you for hiring great folks like ToddL. We have been very pleased with the support provided by ToddL and wanted you to know how much we appreciate quality support! Thank you."
- P.A., Systems Analyst
"We are happy campers. So far the product has done everything we could have hoped for. Our phishing scores are dropping and overall, the organization seems to be more security conscious. The support from Rachel R. has been stellar and we were able to get it all configured quickly. Thank you from Colorado!"
- B.S., Director IT
The 10 Interesting News Items This Week
- SolarWinds hackers had months-long access to Denmark's central bank:
https://www.bleepingcomputer.com/news/security/russian-hackers-had-months-long-access-to-denmarks-central-bank/ - Bitcoin cyber attacks surge 200%:
https://itbrief.com.au/story/bitcoin-cyber-attacks-surge-200 - Four states propose laws to ban ransomware payments:
https://www.csoonline.com/article/3622888/four-states-propose-laws-to-ban-ransomware-payments.html - KnowBe4's Security Awareness Training Series "The Inside Man" New Season Three Wins Two Prestigious Awards:
https://finance.yahoo.com/news/knowbe4s-security-awareness-training-series-120000509.html - New House Bill Aims to Drive Americans' Security Awareness:
https://beta.darkreading.com/attacks-breaches/new-house-bills-aims-to-drive-americans-security-awareness - Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground:
https://threatpost.com/data-700m-linkedin-users-cyber-underground/167362/ - Survey finds massive gap in awareness of cyberattacks:
https://www.zdnet.com/article/survey-finds-massive-gap-in-awareness-of-cyberattacks/ - DoubleVPN servers, logs, and account info seized by law enforcement:
https://www.bleepingcomputer.com/news/security/doublevpn-servers-logs-and-account-info-seized-by-law-enforcement/ - “Heads Are Spinning In Insurance Business” amid dramatic escalation of ransomware:
https://www.insurancebusinessmag.com/ca/news/cyber/heads-are-spinning-amid-dramatic-escalation-of-ransomware-259499.aspx - Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments:
https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/1/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff
- Your Virtual Vaca - A Day at the Beach circa 1899. AI Enhanced Film in 4k 60 fps:
https://www.youtube.com/watch?v=9Mi9YNITDjs - Going Plaid! Randy Pobst's Winning 2012 Run at Pikes Peak. 12 minutes of PURE SPEED. Full Screen & Buckle up!:
https://www.youtube.com/watch?v=YzSHOw-ilMA&t=290s - SUPER FAVE. Spot is thrilled to be part of the Hyundai Motor Group! The pack is celebrating with a dance to BTS's "IONIQ, I'm On It.":
https://www.youtube.com/watch?v=7atZfX85nd4 - AirCar Flying Car Completes First Ever Inter-City Flight:
https://www.flixxy.com/aircar-flying-car-completes-first-ever-inter-city-flight.htm?utm_source=4 - Lea Kyle's Stunning Quick-Change Act - America's Got Talent 2021:
https://www.flixxy.com/lea-kyles-stunning-quick-change-act-americas-got-talent-2021.htm?utm_source=4 - Some of the most unbelievable moments caught on camera:
https://www.flixxy.com/unbelievable-moments-caught-on-camera.htm?utm_source=4 - Extreme Slackline Stunts - Ultimate Compilation":
https://www.youtube.com/watch?v=8IVeDKVjLx0 - The ingenious “J-Tool” Reaches Inside To Open Doors:
https://www.youtube.com/watch?v=1ciqsCJD3f0 - Now HERE is something exciting! GoPro Awards: MTB bikes in an Olympic Bobsled Track:
https://www.youtube.com/watch?v=c455FDt5S2M - Search for Life: NASA JPL Explores Martian-Like Caves with a pack of SPOT robots:
https://www.youtube.com/watch?v=qTW-dbZr4U8 - BBC Earth - Cities That Are Saving The Planet:
https://www.youtube.com/watch?v=pEx6XeBh1yE - "World's fastest electric motorcycle" uses radical big hole technology:
https://newatlas.com/motorcycles/wmc-2wd-electric-motorcycle-v-air/ - GoPro: Backlit Surfing Barrels with Joel Scott:
https://www.youtube.com/watch?v=klkBFe5T2xc - For Da Kids #1 - Watch "Tiger meow":
https://www.youtube.com/watch?v=664FAPX33hY - For Da Kids #2 - Giving A Hissing Feral Kitten A Bath And This Happens:
https://www.youtube.com/watch?v=Zk5bGqOhMHI - For Da Kids #3 - This horse really loves Native American Flute:
https://www.youtube.com/watch?v=KZPlz8buvJo - For Da Kids #4 - The Heart-Melting True Story Of Wojtek, The Soldier Bear:
https://www.youtube.com/watch?v=twr38iHXYVw