|
Massive 46M Dollar Cyberheist / Pentagon Spear-phished / BlackHat Hot & Scary
Brian Krebs just reported on a massive 46M dollar Cyberheist. Tech firm Ubiquiti Networks Inc. disclosed this week that cyber thieves recently stole 46.7 million dollars using an increasingly common scam in which crooks spoof emails from executives at the victim firm in a bid to initiate unauthorized international wire transfers.
Ubiquiti, a San Jose based maker of networking technology for service providers and enterprises, disclosed the attack in a quarterly financial report filed this week with the U.S. Securities and Exchange Commission. The company said it discovered the fraud on June 5, 2015, and that the incident involved employee impersonation and fraudulent requests from an outside entity targeting the company’s finance department.
“This fraud resulted in transfers of funds aggregating 46.7 million dollars held by a Company subsidiary incorporated in Hong Kong to other overseas accounts held by third parties,” Ubiquiti wrote. “As soon as the Company became aware of this fraudulent activity it initiated contact with its Hong Kong subsidiary’s bank and promptly initiated legal proceedings in various foreign jurisdictions. As a result of these efforts, the Company has recovered 8.1 million dollars of the amounts transferred.”
Known variously as “CEO fraud,” and the “business email compromise,” the swindle that hit Ubiquiti is a sophisticated and increasingly common one targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. In January 2015, the FBI warned that cyber thieves stole nearly 215 million dollars from businesses in the previous 14 months through such scams, which start when crooks spoof or hijack the email accounts of business executives or employees.
In February, con artists made off with 17.2 million dollars from one of Omaha, Nebraska’s oldest companies — The Scoular Co., an employee-owned commodities trader. According to Omaha.com, an executive with the 800-employee company wired the money in installments last summer to a bank in China after receiving emails ordering him to do so.
Ubiquity didn’t disclose precisely how it was scammed, but CEO fraud usually begins with the thieves either phishing an executive and gaining access to that individual’s inbox, or emailing employees from a look-alike domain name that is one or two letters off from the target company’s true domain name. There is more detail and data about this cyberheist at Brian's site: http://krebsonsecurity.com/2015/08/tech-firm-ubiquiti-suffers-46m-cyberheist/
This is exactly the kind of thing that is prevented by effective security awareness training. The bad guys have a back door into your network; your employees. You can spend a large amount of money putting all kinds of security software in place and you should, but it can be all wasted if you don't also train your employees and keep them on their toes with security top of mind. Find out how affordable this is today and be pleasantly surprised: http://info.knowbe4.com/kmsat_get_a_quote_now
|
Pentagon Top Brass Spear-phished
The Pentagon divulged that its computer networks were penetrated by suspected Russian hackers using spear-phishing.
The hackers got into their unclassified email network used by the Joint Chiefs of Staff office with around 4,000 military and civilian employees. The Pentagon shut down the computer network once the attack was detected to stop additional data from leaking out.
The Incident Response team suggested a state-sponsored hacking group, likely Russian, was responsible for the attack because of the level of sophistication. This recent email hack is very similar to the successful hack of the unclassified email system at the White House and State Department last year.
The attack against the network began around July 25 against the Joint Staff, which includes the chairman of the Joint Chiefs of Staff, Gen. Martin Dempsey, and other senior officers. It prompted the Pentagon to shut down the server for the Joint Staff’s roughly 4,200 unclassified email accounts.
The hackers came in through a spear-phishing attack, in which the attacker crafts an email designed to trick the receiver into opening an attachment with a malware payload or clicking on a link to a compromised website. Even if it is an unclassified network, especially at the most senior levels of the Pentagon, emails can be extremely sensitive and offer details into planning, schedules or personnel.
"If you are able to get all that information from three or four individuals’ emails or communication, you have an entire picture of what’s been worked on the classified side,” said Andre McGregor, a former cyber special agent at the Federal Bureau of Investigation who is now director of security at Tanium, a cybersecurity firm.
On Friday, the Pentagon held one-hour courses for Joint Staff employees on the need to be watchful when it comes to email security. The training focused on how to spot phishing emails. "It was an opportunity to inculcate the Joint Staff with best cyber practices, to raise the level of cybersecurity awareness," the defense official said. Hackers tend to be determined individuals who are willing to keep probing until someone becomes complacent, the official added. "Adversaries live by no rules and they have all the time in the world," he said.
"Barn, Horse" anyone? Defenders have to be 100% successful, attackers only need to get through once. That is why creating a "human firewall" is so important and even more important is sending frequent simulated phishing attacks to make sure no employees get complacent. Effective security awareness training helps tremendously with that. Send this WSJ Article to your C-level execs, it's great ammo get get budget: http://www.wsj.com/articles/pentagon-sizing-up-email-hack-of-its-brass-1438989404
|
The Inside Story Of The Biggest Hack In History
It was known inside the InfoSec community, but now more details have been made public through CNN after a BlackHat 2015 presentation:
"Three years ago, the world witnessed the worst hack ever seen. And for the first time, we're now learning new details about the monstrous cyberattack on Saudi Aramco, one of the world's largest oil companies. In a matter of hours, 35,000 computers were partially wiped or totally destroyed. Without a way to pay them, gasoline tank trucks seeking refills had to be turned away. Saudi Aramco's ability to supply 10% of the world's oil was suddenly at risk.
US intelligence officials believe the attackers to be Iranians, and they did not just erase data on 30,000 Aramco computers; they replaced the data with an image of a burning U.S. flag. And one of the most valuable companies on Earth was propelled back into 1970s technology, using typewriters and faxes. When it comes to sheer cost, the recent cyberattacks on Sony Pictures and the American government pale in comparison.
It started sometime in mid-2012. One of the computer technicians on Saudi Aramco's information technology team opened a scam email and clicked on a bad link. That is often how attackers come through; social engineering, using a spear-phishing email with a malicious payload attached or a link to a compromised website that is opened by an employee.
The average person had never heard about Saudi Aramco -- or this hack. But we all felt its mysterious reverberations. Read it here: http://money.cnn.com/2015/08/05/technology/aramco-hack/
|
More BlackHat Hot & Scary
It was another great BlackHat. If you could not make it, here is a roundup of things that I thought were particularly interesting from the (human) perspective we have here at KnowBe4. It's a short blurb of each topic with a link to more detail. Enjoy http://blog.knowbe4.com/blackhat-2015-what-was-hot-and-scary |
Warm Regards, Stu Sjouwerman
|
"Whatever you can do, or dream you can, begin it. Boldness has genius, power and magic in it." - Johann Wolfgang von Goethe - Writer (1749 - 1832)
"If you can't explain it simply, you don't understand it well enough." - Albert Einstein - Physicist (1879 - 1955) |
Thanks for reading CyberheistNews
|
A New Ransomware Hostage Rescue Manual
Get this informative and complete hostage rescue manual on ransomware. The 20-page manual is packed with actionable info you need to prevent infections, and what to do when you are hit with ransomware. You also get a Ransomware Attack Response Checklist and Ransomware Prevention Checklist.
You will learn more about:
- What is Ransomware?
- Am I Infected?
- I’m Infected, Now What?
- Protecting Yourself in the Future
- Resources
Don’t be taken hostage by ransomware. Download now and forward/share to your friends, this is good stuff: http://info.knowbe4.com/ransomware-hostage-rescue-manual-0
Or, read the article in BetaNews first, and then download: http://betanews.com/2015/07/10/how-to-protect-yourself-against-ransomware/
|
This Week's Five Most Popular HackBusters Posts
Ouch! August 2015
SANS are excited to announce the August issue of OUCH! They said: "This month, led by Guest Editor Heather Mahalik, we focus on backups. specifically, what backups are, how they work and how to create the best backup strategy for you. Unfortunately, too many people fail to realize how important backups can be. Just last week, my wife's hard drive crashed and we lost over 45,000 family photos and 15 years of the Spitzner family history.
However, since we were actively backing up the computer with Time Machine, we easily recovered everything. As always, we ask you share OUCH! with your family, friends and coworkers."
English Version (PDF) http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201508_en.pdf
|
This Week's Links We Like. Tips, Hints And Fun Stuff.
- The Invisible Deck is one of my favorite trick decks because the effect is simple and stunning. It blows people’s minds:
http://youtu.be/E3EjAjPY4kw
- The Lexus Hoverboard gets off the ground. For realz:
https://youtu.be/SDn6Z6vfJGs
- This one is a lot easier, but what happened to just walking and burning some calories? WalkCar - the world's smallest electric vehicle:
http://www.flixxy.com/new-portable-transportation-device-the-walkcar.htm?utm_source=4
- Having problems with a major vendor like at&t, Comcast, Time Warner, Verizon, Cox, TMobile, Facebook, Netflix and dozens of others? Downdetector lets you know if it's just you, or if there are widespread outages reported. Very Handy:
https://www.downdetector.com/
- Mathieu Bich performs one of his amazing magic tricks, which even other magicians can't figure out:
http://www.flixxy.com/mathieu-bich-magic.htm?utm_source=4
- Magician Derek Hughes impresses the judges and audience with 'mental telepathy' on America’s Got Talent and moves on to the next round at Radio City Hall:
http://www.flixxy.com/funny-magician-derek-hughes-mental-telepathy-americas-got-talent-2015.htm?utm_source=4
- Tesla's serpentine robotic charger snakes its way into a Model S. Something feels wrong about this. :-)
https://youtu.be/uMM0lRfX6YI
- Swincar tilting 4-wheel-drive "spider car" makes light work of bizarre terrain. This looks like fun:
https://youtu.be/2FbW_kVYcl0
- Some unusual robberies by a number of rather sneaky animals...
http://www.flixxy.com/animal-thieves.htm?utm_source=4
- Check out what Elon Musk just emailed me:
http://blog.knowbe4.com/check-out-what-elon-musk-just-emailed-me
|
|
|
|
|
|
|