 CyberheistNews Vol 6 #27 |
Intel Thinks "Antivirus Is S#!+" And Dumps
Useless McAfee |
.jpg)
Remember that in a gray past, Intel had an antivirus product called Intel LanDesk Virus Protect? Well, that product got acquired by Symantec in 1998, and Intel must have thought "good riddance".
Apparently Intel's institutional knowledge got lost or was disregarded. Another CEO took the reigns 12 years later and in 2010 surprised everyone by acquiring Symantec's arch-rival McAfee for over 7.6 billion dollars, seemingly expecting a lift from the hot security market.
Well, that only happens when you buy the right product. The plan was to embed cybersecurity functionality on Intel chips but that was never completed. After rebranding McAfee to Intel Security (we all know why!) and six years of disappointing results, the Silicon Valley Business Journal reports that Intel's CEO Brian Krzanich thinks antivirus is S#!+ after all and is planning to sell of that unit.
They quoted the Financial Times saying Intel has been talking to bankers about the future of its cyber security unit in a deal that would be one of the largest in the sector, according to people close to the discussions.
Intel's Krzanich announced plans in April to slash 12,000 jobs as he pushes to refocus the business he took charge of last year. He is concentrating on chips for data centers (cloud) and the Internet of Things and moving away from the long-declining personal computer business.
Graham Cluley commented: "Leave it another 12 years, and who knows if Intel will be tempted to buy into the computer security business again? I guess if they do they'll be hoping it's a case of third time lucky."
Antivirus is getting increasingly useless these days. Ransomware attacks in many cases sail right through all the filters because they rely on social engineering the end-user and contain no malware in either the body or the attachment. The bad guys can easily find the email addresses of your users, called your "phishing attack surface".
Want to see how big your phishing attack surface is? How many of your email addresses can be found by the bad guys on the Internet, and used for a ransomware attack? Get a one-time complimentary Email Exposure Check (EEC) here:
https://www.knowbe4.com/email-exposure-check/
|
Wow, The Bad Guys Are Moving Fast With
CEO Fraud! |
|
Here is an excellent short example, with the "lesson learned" at the end.
KnowBe4 is expanding rapidly, we now have 120 employees and late May we hired a new controller to help out our very busy CFO. Part of the KnowBe4 onboarding is getting through our internal training line-up and then updating your LinkedIn profile, so that happened in the last few weeks.
So guess what, our new controller Camille walks up to me and asks: "Did you need me for anything? Did you send me an email?" I'm looking at her somewhat puzzled and say: "No?" She answers: "In that case I just got spoofed."
My obvious first reaction was that our CISO was sending her a phishing security test, as she is a high-risk employee in Accounting. But rather being safe than sorry, I got interested, walked up to her desk and had a look at the two emails she just received, one at 12:23 pm and the second one at 1:30 pm.
I had a look at the headers. Lo and behold, this was a real CEO Fraud attempt, just a few weeks after she had updated her LinkedIn account. There would have been no other online way to get that information so fast.
The bad guys apparently have this somewhat automated, and get alerts when a new target starts working at a company they are interested in. However, they did not do enough of their homework, apparently they did not bother to find out that KnowBe4's business is training employees to make smarter security decisions.
Obviously we step employees through our own security awareness training, our new Controller did not reply and spotted the CEO Fraud attack right away.
Lesson learned
Make sure that you step high-risk employees in Accounting, HR, C-level execs and anyone that handles confidential information through their awareness training as an *early* part of their onboarding procedure!
Here is the blog post with screen shots. Want to get these posts in your inbox the moment they get published? Subscribe to the KnowBe4 Blog:
https://blog.knowbe4.com/wow-the-bad-guys-are-moving-fast-with-ceo-fraud
|
| IT Pros: Half Of Our CEOs Fall Victim To Phishing Scams |
|
Executive boards need better cyber security training, given half of C-level execs fall victim to phishing attacks, according to research conducted by security firm AlienVault. Their research found that 82% of IT security professionals worry that their high-ranking executives are still vulnerable to phishing scams.
Despite such concerns only 45% provide cyber security training to all their employees including the executive board, while 20% do not conduct any training and instead tackle the fallout of such cyber attacks when they occur, and rely just on their existing filters to protect employees.
Javvad Malik, security advocate at AlienVault, stated: "The challenge that lies here is two-fold:
• Firstly, most phishing scams that target execs are well-crafted and researched. Similar-looking domains are registered and execs are carefully researched.
• Secondly, many execs have personal assistants who manage their day-to-day operations and who are often more susceptible to social engineering techniques."
AlienVault’s research also found that 45 per cent of IT professionals thought it was likely their organization would pay the ransom demands if their network was infected by ransomware, often caused by a successful phishing attack.
This is practically the same result as a recent KnowBe4 study which showed when confronted with a scenario where backups have failed and weeks of work might be lost, 42% would begin with paying the 500 dollar ransom and hope for the best.
Links, more data, and a very relevant Dilbert cartoon here. :-)
https://blog.knowbe4.com/it-pros-half-of-our-ceos-fall-victim-to-phishing-scams
|
| Don’t Miss The July Live Demo: New-School Security Awareness Training |
|
Today, your employees are frequently exposed to sophisticated phishing and ransomware attacks. Old-school security awareness training doesn’t hack it anymore. More than ever, your users are the weak link in your network security.
Join us on Wednesday, July 13, 2016, at 2:00 p.m. (EDT) for a 30-minute live product demonstration of the innovative Kevin Mitnick Security Awareness Training Platform to see the latest features and how easy it is to train and phish your users:
- Send Phishing Security Tests to your users and get your Phish-prone percentage.
- Roll out Training Campaigns for all users (or groups) with automated follow-up emails to “nudge” incomplete users, as well as point-of-failure training auto-enrollment.
- Advanced Reporting to watch your Phish-prone percentage drop, with great ROI.
- NEW EZXploit™ functionality that allows an internal, fully automated "human pentest”.
- NEW USB Drive Test™ allows you to test your user’s reactions to unknown USBs found.
Find out how thousands of organizations have mobilized their end-users as their first line of defense:
Register Now: https://attendee.gotowebinar.com/register/5782005470711644161
|
Warm Regards,
Stu Sjouwerman |
|
|
|
