.jpg)
Ransomware: Pay Up Or Fight. What Would You Do?
Ask security experts what to do when hit with ransomware -- the sophisticated malware that infects a device or network, uses military-grade encryption to restrict access, and demands payment for the decryption key -- and you'll typically get the same answer: "never pay the ransom." But for many, that's simply not an option. I was interviewed by Network World about the pros and cons of paying crypto-ransom. Read more or leave a comment:
https://www.networkworld.com/article/2896761/security0/ransomware-pay-it-or-fight-it.html?
"Security Awareness Programs Will Continue To Fail Until...
...they get the same emphasis and support as technical controls" This is a quote I just found, tweeted by SANS' Lance Spitzner who runs their Security the Human initiative.
His point nails it. Unless your "human firewall" is treated the same as technical controls are, you are doomed to successful social engineering attacks, infected workstations, penetrated networks, and extremely expensive data breaches.
I'm happy to announce that KnowBe4 has become the world’s most popular integrated Security Awareness Training and Simulated Phishing platform because it give you measurable control over your "human firewall".
Well over 1,000 enterprise accounts are using it, 25% of which are banks and credit unions. Based on Kevin Mitnick’s 30+ year unique first-hand hacking experience, you now have a tool to better manage the urgent IT security problems of social engineering, spear phishing and ransomware attacks. What are banks and credit unions saying about us?
https://www.knowbe4.com/knowbe4-customers-financials/
Scam Of The Week: Phishing For Apple Watch
Last week, Apple had their big Apple Watch release event, and the press is full of news about the models and pricing. Pundits are sprinkling their predictions about features and future sales. But they are not the only ones jumping on the bandwagon.
Cybercriminals are getting in the game. One example is a gang that set up a Twitter account named "Apple Giveaways", and began spamming out messages to random users, telling them they have been "chosen" and urging them to visit the site linked in the message.
The link leads them to an event page on Facebook, which instructs them to join the event, invite a minimum of 100 friends, and claim a free Apple Watch. It also asks them to enter their first and last name including their Facebook handle which allows the bad guys to spam all their friends.
There will inevitably be more phishing scams using the Apple Watch close to the April release so I would send your users something to this extent; feel free to copy and/or edit.
"Scam Alert: With the release of the new Apple Watch, cyber criminals are jumping on the bandwagon and are using email and social media to try to trick you into clicking on links, entering contests, or forward messages to your friends with false promises of a free watch. Don't fall for it. If you are interested in an Apple Watch, do not click on links in emails, do not click on ads or links in Facebook or Twitter, but go to the website yourself. Remember, Think Before You Click!"
For existing KnowBe4 customers, we have a new template in Current Events called "Claim your free apple watch" that we recommend sending to all your end-users to inoculate them against this type of phishing attack.
If you are not a customer yet, find out (at no cost) what your phishing attack surface is. We can scan the entire Internet for any of your email addresses that are out there, that the bad guys can get their hands on. Request your free "Email Exposure Check" now:
https://info.knowbe4.com/free-eec-14-02-04-0
Spear Phishing Attack Nearly Costs FL City $500K
A spear-phishing incident last month at Orange Park City Hall almost got away with $500,000 from the city's bank account. Fortunately it was caught just in time so that a wire transfer that already had been made could be clawed back. Security measures have been installed to prevent future thefts, City Manager Jim Hanson said.
"Orange Park is a small community; $500,000 is a tremendous amount of money for us," Hanson said. "We were very worried about it." Hanson said the FBI is investigating the case out of its Pittsburgh office, and no arrests have been made. That is highly unlikely as these cyberheists are normally pulled by Eastern European mafias.
The heist occurred Feb. 13 when a spear-phishing email with a malicious attachment was sent to all city hall employees. They were social engineered and thought they were being sent a file they needed to see.
Opening the attachment downloaded a banking Trojan and keyboard logger onto the town network that allowed the attackers to find the information related to the the town's Wells Fargo bank account.
"What this particular virus did was to transmit various banking information to the people who created the virus," Hanson said. $491,000 was wired from a general investment account under the town's name to an account at Deutsche Bank. Town hall staff was on the ball, found out what happened in half an hour and took quick action. The money was eventually transferred back in full into the Wells Fargo account.
"One lesson we've learned is that you need to educate your employees never to open an attachment on an email unless you're expecting it, even if you think you know who it's coming from," Hanson said. "It could easily be a virus."
We agree that stepping employees through effective security awareness training is a very good idea to prevent a cyberheist like this. Find out how affordable this is for your organization today.
https://info.knowbe4.com/kmsat_get_a_quote_now
Warm Regards,
Stu Sjouwerman
Quotes of the Week:
"Magic is believing in yourself, if you can do that, you can make anything happen." Johann Wolfgang von Goethe - Author (1749-1832)
"Truth can not be suppressed and always is the ultimate victor." - Yajur Veda (1000 BC)
CEO Fraud Social Engineering Scam On The Rise
Known variously as the “CEO fraud,” or the “business email compromise,” highly sophisticated cyber criminals try to social engineer businesses that work with foreign suppliers. This swindle is increasingly common and targets businesses that regularly perform (foreign) wire transfer payments.
In January 2015, the FBI warned that cyber thieves stole nearly $215 million from businesses in the previous 14 months through such scams, which start when crooks spoof or hijack the email accounts of business executives or employees.
The CEO's email gets spoofed while the CEO is traveling and employees are tasked to transfer large amounts of money out of the country. In February, con artists made off with a whopping $17.2 million from one of Omaha, Nebraska’s oldest companies — The Scoular Co., an employee-owned commodities trader.
According to Omaha.com, an executive with the 800-employee company wired the money in installments last summer to a bank in China after receiving emails ordering him to do so.
Brian Krebs has a great article about this type of cybercrime. It is very important to step employees through effective security awareness training to make sure they do not fall for social engineering attacks like this. And adjust your company security policy to include a rule that when the CEO is on the road, money transfers are ONLY made with the bank calling the CEO and gets specific verbal agreement. I recommend you send this post to your CEO, including this link to Brian's Blog:
https://krebsonsecurity.com/2015/03/spoofing-the-boss-turns-thieves-a-tidy-profit/
Privacy Group Wants To Shut Down "Eavesdropping" Barbie
On Valentine's Day, toy maker Mattel introduced its Wi-Fi, microphone-equipped, interactive Barbie doll which is supposed to recognize speech.
The privacy group discovered that recordings of the children's voices are stored on the doll and transferred to servers at ToyTalk - the startup that developed the so-called "Hello Barbie" doll along with Mattel.
ToyTalk CEO Oren Jacob says the child's replies are recorded, encoded, encrypted and sent to the company's servers, where they're processed by voice-recognition software.
Sure, all it takes is one rogue employee in the toy factory and whatever your child says to its toy is all over the Internet. What could possibly go wrong?
https://www.hackbusters.com/news/stories/286051-privacy-group-wants-to-shut-down-eavesdropping-barbie
New Cryptolocker Ransomware Targets Gamers
A new variant of CryptoLocker which targets gamers has been discovered in the wild. On Thursday, Bromium Labs security researchers revealed the existence of new crypto-ransomware which is targeting gamers by making them pay to unlock what they already own. The malware, which impacts data files for over 20 games, is distributed from a compromised website which redirects visitors to the Angler exploit kit by using a Flash clip. At the time of writing the website has not been revealed, as Bromium Labs researchers have notified the owner but have yet to receive a response. The Wordpress-based website is still serving malware, and it is not known whether the site has fallen prey to a WP exploit. In addition, the URL which hosts the malicious Flash file keeps changing. Instead of a typical iframe redirection, the team says the Flash clip is wrapped in a div tag, potentially in an attempt to avoid detection. more:
https://www.hackbusters.com/news/stories/286086-new-cryptolocker-ransomware-targets-gamers
Cyberheist 'FAVE' LINKS:
This Week's Links We Like. Tips, Hints And Fun Stuff.
LiveLeak - Crazy motorcycle chase through shopping center!
https://m.youtube.com/watch?v=Q2-bxutbIPI
95-year-old man smashes 200M indoor sprint World Record. I hope I will be in that good shape when I'm that old!
https://m.youtube.com/watch?v=iD7D8BY2d1c
Chinese War Swords. Here's some guys having fun hacking through a variety of items and meats. Do you NOT want to be on the receiving end of these weapons. Want till the end. Yikes:
https://www.youtube.com/watch?v=8PQiaurIiDM
