CyberheistNews Vol 6 #30 Celeb Hacker Who Phished Nude Images Gets Six Months In Prison



CyberHeist News CyberheistNews Vol 6 #30
Celeb Hacker Who Phished Nude Images Gets Six Months In Prison
Stu Sjouwerman

And why are we headlining with this? The guy was a technology n00b.

He social engineered his celebrity victims using simple credential phish emails, an easy cut & paste job in his own words.

Andrew Helton from Oregon pleaded guilty to hacking celebs' emails and stealing explicit images earlier this year. District Judge John A. Kronstadt sentenced him to six months in prison and two years of supervised release.

Between March 2011 and May 2013, Helton used a simple phishing scheme to steal the usernames and passwords of 363 Apple and Google email accounts including those of many celebrities. Once he had access to his victims' email accounts he was able to access all of the contents of their email accounts including 161 sexually explicit or nude images of thirteen of his victims.

Helton's lawyer said his client shouldn't be sent to prison at all. He argued that the defendant only used the most basic phishing technique. Helton sent out emails that looked like they were from Apple and Google, asking the victims to verify their accounts by clicking on a link that led to a fake website.

"There was no expertise involved. All I did was essentially copy and paste," the defendant said, serving as a reminder that security awareness training is a *must* for everyone, not just celebs.

Trust me, you can't trust anyone online. :-)

Scam Of The Week: RNC Attendees Get Hacked Through Fake Wi-Fi Networks

The PR people at Avast decided to have some fun and created a series of fake Wi-Fi networks at various locations around the Republican National Congress in Cleveland.

Avast’s team set up several networks, using names such as "Trump Wifi" or "Google Starbucks," which were designed to look as though they were set up for convention attendees. Upon connecting, trusting a random and unprotected network they found in a public setting, the users unwittingly gave Avast access to spy on their devices.

Over the course of a day, Avast found over a thousand attendees that were completely negligent in their device’s security. Over 60 percent of the users who connected had their identity completely exposed, and slightly less than half of them checked their email or used messenger apps.

So, here is what I suggest you send to employees, friends and family. You're welcome to cut/paste/edit:

A security company decided it would teach people a lesson and set up several fake Wi-Fi access points around the Republican National Convention site in Cleveland last week.

Over the course of a day, more than 1,000 attendees used these open, unprotected Wi-Fi hotspots to check their mail, used smartphone apps, and even played Pokemon while everything they did was looked at by the security researchers. Imagine if they had been bad guys.

You should always watch what Wi-Fi hotspots you connect to, and use a VPN to help keep your sensitive information out of the hands of hackers.


Would be interesting if they did the same thing at the Democrats' convention and compare the results. Read more about Avast's findings in their press release, they have a bunch of stats on who did what. It's not pretty:
https://press.avast.com/en-gb/amidst-charged-cyber-security-dialogue-republican-national-convention-attendees-show-negligent-behavior

At BlackHat USA 2016: A Complimentary Tool For Spear Phishing Twitter

A spear phishing tool to automate the creation of phony tweets - complete with malicious URLs – with messages victims are likely to click on will be released at Black Hat by researchers from ZeroFOX.

Called SNAP_R (for social network automated phisher with reconnaissance), the tool runs through a target Twitter account to gather data on what topics seem to interest the subscriber. Then it writes a tweet loaded up with a link to a site containing malware and sends it. Yikes.

While you are at BlackHat 2016, come visit the KnowBe4 booth 1566, meet Kevin Mitnick between 5-7pm August 3rd and get his lockpick business card.
Business Hall Hours:
Wednesday, August 3 – 10:00-19:00
Thursday, August 4 – 10:00-17:00

Black Hat USA 2016
Mandalay Bay - Las Vegas, NV
July 30 - August 4, 2016
Visit KnowBe4 us booth 1566
https://www.blackhat.com/us-16/

New Symantec Report On Ransomware Statistics

The average ransom demanded by hackers jumped to 679 dollars -- up from 294 dollars -- at the end of 2015. With 31% of global infections, America continues to be the most affected country by ransomware between January 2015 and April 2016, the report noted.

Realizing the potential for higher profits, cyber criminals are increasingly targeting the business space and employees in organizations made up 43% of ransomware victims.

According to Symantec, 2015 was a record year with 100 new ransomware strains discovered, and all but one of the new variants discovered so far in 2016 are crypto-ransomware which is very often impossible to decrypt.

F-Secure "Customer Journey" Of Getting Your Files Back

F-Secure did an evaluation of ransomware infections and how to get your files back if you don't have backups: three out of four ransomware criminal gangs were willing to negotiate the ransom fee. Here are some highlights:

    • Those strains with the most professional user interfaces are not necessarily also those with the best customer service.
    • Crypto-ransomware gangs are usually willing to negotiate the price. Three out of four variants were willing to negotiate, averaging a 29% discount from the original ransom fee.
    • Ransomware deadlines are not necessarily “set in stone.” 100% of the groups contacted granted extensions on the deadlines.

    • One of the groups claimed to be hired by a corporation to hack another corporation – a kid playing a prank, or a sinister new threat vector?

Here is the F-Secure PDF with all the data:
https://fsecureconsumer.files.wordpress.com/2016/07/customer_journey_of_crypto-ransomware_f-secure.pdf

Re: "Wow, the bad guys are moving fast with CEO Fraud"

We sent you a NewsFlash last week with a real-world example of CEO Fraud. Bad guys targeted our new controller just a few weeks after she had started with us by monitoring us on LinkedIn. I was asked if there is a way to block that, apart from stepping all employees through security awareness training and configuring your email server against spoofing. (by the way, here is how you can find out if bad guys can spoof you):
https://info.knowbe4.com/domain-spoof-test-eb

Well, there something you can do in LinkedIn!

If you onboard new staff in high-risk positions like C-level execs, HR or Accounting, you should tell them to turn off "Sharing Profile Edits" in LinkedIn.

That way, anyone who may be following or connected to an employee that maintains a LinkedIn profile, any changes made to their profile will not appear in the LinkedIn wall or main page. This will help thwart anyone watching any of you at your company.

It's a simple switch under LinkedIn Settings/Privacy/Blocking and Hiding. Note: It's not 100% effective, but works most of the time, you may have noticed that LinkedIn is a bit buggy :-)

Warm Regards,
Stu Sjouwerman

Quotes Of The Week

"Give a man an 0day and he'll have access for a day, teach a man to phish and he'll have access for life."- The Grugg on Twitter

"One way to get the most out of life is to look upon it as an adventure."
- William Feather - Author

"Create a smoothly integrated and beautiful solar-roof-with-battery product that just works, empowering the individual as their own utility, and then scale that throughout the world. One ordering experience, one installation, one service contact, one phone app."- Elon Musk


Thanks for reading CyberheistNews


Security News
American Banker Article: Why Are You Spending For Cybersecurity?

It's no surprise that most bank chief information security officers say they are expanding their cybersecurity budgets this year. More interesting is their main motivator.

"Ask bank CISOs why they're stepping up cybersecurity spending, and the most common answer is a familiar refrain: regulators' concerns – 62.5% cited that as their top driver for security spending. Next were protecting servers and databases from hackers (50%), protecting employees and customers from phishing attacks (47.9%), and protecting employees and customers from malware (47.9%)."

Interesting to see where banks spend their budget, because they are in the very front lines against cybercrime. Here is the article:
http://www.americanbanker.com/news/bank-technology/front-lines-of-a-war-bank-cisos-reinforce-budgets-tech-1090264-1.html?

Did You Know? KnowBe4 Now Has A BrightTALK Channel

Everyday thousands of thought leaders are actively sharing their insights, their ideas and their most up-to-date knowledge with professionals all over the globe through the technologies that BrightTALK has created. BrightTALK believes that people learn the most when they hear directly from those who know the subject best.

Here is a fresh 12-minute interview of me at BightTALK, they described it as: "Stu Sjouwerman, CEO of KnowBe4, has seen first-hand the devastating impact of ransomware on healthcare entities. And he knows traditional defenses aren't enough to ward off attackers. What's needed is a whole new approach to user education."

We have uploaded some other videos including a 2-minute ad that you can use to get more IT security budget. It's called: "Training Employees To Make Smarter Security Decisions" Check out our new BrightTALK channel:
https://www.brighttalk.com/channel/14421

How A Healthcare Hacker Is Pressuring Victims To Pay Up

A hacker who claims to have stolen 10 million patient records is extorting victims for money.

Pay up or face your patients' wrath. That’s how one hacker is trying to shake down U.S. healthcare providers after stealing sensitive data about their patients.

TheDarkOverlord claims to have stolen 10 million patient records and is selling them on the black market. In the meantime, the hacker is trying to extort the providers by telling them their patient data won't be sold if they pay a ransom.

InfoArmor has been investigating the breaches and says the stolen data is real. The hacker targeted the healthcare providers’ remote administration channels and may even have siphoned off data from MRI and X-ray machines, the security firm says.

At least one of the healthcare providers so far has refused to give in, TheDarkOverlord said in an interview Friday. To apply pressure, the hacker claims to have called some of its patients to warn them their records will be leaked if the provider doesn't pay up. More at CSO:
http://www.csoonline.com/article/3097274/security/how-a-healthcare-hacker-is-pressuring-victims-to-pay-up.html

Hackers Target Hungry Workers With Booby-Trapped Online Restaurant Menus

Here is an interesting social engineering watering-hole attack. Cybercriminals have infected online menus in selected restaurants in a bid to obtain valuable information about large corporations, a security expert said.

It is known as “watering hole” hacking and involves compromising a website popular with employees, like an restaurant near an office that is targeted.

Chris Furlow is president of risk company Ridge Global and works with companies around the world to help them focus on cyber-risk. He outlined the watering hole threat during a meeting of the World Credit Union Conference in Belfast.

He said: "These folks are thinking very clearly who they would like to target and how they are going to go about doing that." Furlow went on with: "Sometimes, especially near organizations that are targeted, let’s say there is a major corporate office near this restaurant, they may infect the restaurant and when you download the PDF version of the menu it is infected."

“These are the types of threats we are dealing with on a daily basis. They are leveraging this human element of cyber-security, they are carrying out digital deception.”

“Because it really is in the heart of all our organizations, it is the human element. This is about employees or third parties like contractors who are in some way negligent.

“I think that is a tough term in the environment today, negligent, because there are some people who just don’t have the resources or they have not had the training in order to understand what they need to be doing.

“But negligence is a really important term because as you look at the regulatory environment this is something that is advancing very quickly in the 21st century.” More:
http://engagecustomer.com/health-organisations-likely-suffer-data-breaches-ico-figures-show/


Cyberheist 'FAVE' LINKS:
This Week's Links We Like, Tips, Hints And Fun Stuff
    • Since 2010 the USB Rubber Ducky has been a favorite among hackers, penetration testers and IT professionals: YouTube video:
      https://youtu.be/sbKN8FhGnqg




Subscribe To Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews