CyberheistNews Vol 7 #8 Google: "Office Inbox Receives 6.2X More Phishing Than Your Inbox at Home".

CyberheistNews | KnowBe4

CyberheistNews Vol 7 #08
Google: "Office Inbox Receives 6.2X More Phishing Than Your Inbox at Home".

Google Research analyzed over a billion emails passing through Gmail, and the results were presented last week at the RSA security conference in San Francisco which I visited.

Extremely interesting stats: corporate email addresses are 6.2 times more likely to receive phishing attacks, 4.3X likely to receive malware compared to personal accounts, but 0.4X less likely to receive spam.

This is the first time that results like this have been published but it makes sense to the degree that corporate inboxes tend to contain more valuable information, which can be monetized much more easily.

Are you in real-estate or know someone working in that business? Companies active in real estate were the most targeted with malware compared to businesses working in retail, IT, finance, insurance, and other more financially attractive domains.

However, organizations active in finance, entertainment and IT were the most targeted by phishing as of Q1 2017. It looks like attackers are targeting organizations based on their size, type, sector of operations and country, said Google's Ali Zand.

Here is the whole slideshare presentation. I strongly recommend you step through the whole thing:
Forrester TEI™ Live Webinar: Value of KnowBe4 Goes Beyond ROI

KnowBe4 recently commissioned Forrester to conduct a Total Economic Impact™ (TEI) study, examining the potential Return on Investment (ROI) enterprises might realize by implementing the KnowBe4 Security Awareness Training and Simulated Phishing Platform.

The resulting research paper assesses the performance of the KnowBe4 Platform. How does 127% ROI with a one month payback sound?

Join Stu Sjouwerman, CEO at KnowBe4 along with special guest speakers Nick Hayes, Forrester Analyst, and Reggie Lau, TEI Principal Consultant, to get insights into the detailed findings of the report. At the end of the webinar, you will have a framework to evaluate the ROI of the KnowBe4 Security Awareness Training and Simulated Phishing Platform on your organization, and how you can leverage your end-users as your last line of defense using KnowBe4.

Live Webinar Date: Monday, February 27th at 2:00 PM EST.

Register Now:
7 Urgent Reasons for Creating a Human Firewall

I was at RSA 2017 in San Francisco last week, and apart from meetings with customers, VCs and the Press, I found a large amount of relevant security news. Out of the firehose of RSA data, I distilled the 7 urgent reasons why you need to create your "human firewall" as soon as you possibly can. Employees are your last line of defense and need to become an additional security layer when (not if) attacks make it through all your technical filters.

1. Ransomware heads the list of deadly attacks

SANS' Ed Skoudis said the rise in ransomware was the top threat. “We’ve seen this can bring down a whole network of file servers and we expect many more attacks”. His advice is that companies practice network security “hygiene” and limit permission for network shares to only those jobs that require it. And of course train your users within an inch of their lives.

2. Phishing leads the IRS dirty dozen of scams

The Internal Revenue Service rounded up some of the usual suspects in its annual look at the dirty dozen scams you need to watch out for this year. It should come as no surprise that the IRS saw a big spike in phishing and malware incidents during the 2016 tax season because the agency has been very public about its battle with this scourge.

3. CEO Fraud / W-2 Scams are their close second

Just this month the IRS issued another warning about what it called dangerous, evolving and very early W-2 scams that are targeting a widening swath of corporations, school districts and other public and private concerns. High-risk users in Accounting and HR need to be frequently exposed to simulated attacks using email, phone and text to inoculate them against these attacks.

4. Phone Scams

Your users need to be trained that when they pick up the phone, the person on the other end might be a criminal hacker that tries to manipulate them into getting access to the network. They impersonate "Tech Support" and ask for a password, or pretend to solve technical problems and compromise the workstation.

5. Your Antivirus is getting less and less effective

We all had the nagging suspicion that antivirus is not cutting it anymore, but the new Virus Bulletin numbers confirm your intuition. Virus Bulletin (VB) is the AV industry's premier "insider site", and shows how good/bad endpoint detection rates are, but VB also covers spam filters, and tests them on a regular basis.

Both antivirus (aka endpoint protection) and spam filter tests are published in quadrants graphing the results. What most people do not know, is that participants in this industry all share the same samples, and it's often just a matter of who gets the definition out first, because soon enough everyone else has that malware sample and blocks the hash. The problem? Proactive detection rates have dropped from about 80% down to 67-70% over approx. 9 months.

Now you might think that if AV does not catch it, your spam filter will. Think again. One in 200 emails with malicious attachments makes it through. That puts the potential for malware making it in your users' inbox into the millions… every day. Here is a blog post with the scary numbers:

6. The Internet of Things

Your users need to understand the nature of connectedness. Both consumer and commercial devices are using wireless protocols to connect to each other and the internet, with vendors rushing products to market without proper security features. Your employees need to be trained to change the default passwords and disable remote access. If your organization has anything to do with critical infrastructure, users need to be aware of the risks and do fire drills so they are prepared for any kind of attacks against the IoT.

7. Over-reliance on Web Services

This breaks down in two different flavors. First, shadow-IT where employees completely bypass the IT department and create their own storage and services: an invitation to a host of vulnerabilities and data breaches that IT cannot control. Employees need to be enlightened about the dangers of shadow-IT and understand the risks. Second, web-apps and mobile apps are increasingly vulnerable to attacks while talking to third-party services. There’s no actual certainty that apps are connecting to the expected entity, or if a man-in-the-middle stepped in, stealing data, and possibly returning false information. This is a problem that developers need to solve with industry-strength handshaking and encryption protocols.

I strongly suggest you get a quote for new-school security awareness training for your organization and find out how affordable this is. You simply have got to start training and phishing your users ASAP. If you don't, the bad guys will, because your filters never catch all of it. Get a quote now and you will be pleasantly surprised.

Get A Quote:

Warm Regards,
Stu Sjouwerman

Quotes of the Week
"The gift of fantasy has meant more to me than my talent for absorbing positive knowledge."
- Albert Einstein

"Fantasy is the only canvas large enough for me to paint on." - Terry Brooks

Thanks for reading CyberheistNews
Security News
RSA News Recap

Out of the hundreds of RSA items, here are a few articles I thought might be useful to you, possibly as budget ammo:

Infrastructure under attack: The next ransomware wave
By Fahmida Rashid - InfoWorld - February 14, 2017 *Overview of demo Georgia Institute of Technology about vulnerability of industrial control systems to ransomware attacks:

Cybersecurity alliance promoting intel-sharing seeks to expand
By Michael Kan - IDG News Service - February 14, 2017 *The Cyber Threat Alliance including Fortinet, Palo Alto Networks and Symantec is expanding and looking for new members.

It’s ‘Code Red’ as cyber-security pros gather
By Elizabeth Weise - USA Today - February 13, 2017 *Heightened concern on cybersecurity from nation-state attacks, botnet wipeouts and ransomware.

RSA Conference Panelists Split on Question of Paying Data Ransoms
Rob Lemos - eWEEK - February 13, 2017
*Focus on ransomware, including QA and bitcoin.
Three Quarters of All Ransomware Signed by Russian Speakers

Everyone knows Russian hackers are extremely busy people, but knowing that about 75% of all ransomware is made by Russian-speaking cybercriminals is still surprising.

According to Anton Ivanov, senior malware analyst at Kaspersky Lab, out of the 62 crypto ransomware families discovered by the company's researchers in the past year, 47 were developed by Russian or Russian-speaking people.

"This conclusion is based on our observation of underground forums, command and control infrastructure, and other artefacts which can be found on the web. It is hard to draw strong conclusions on why so many of the ransomware families out there have a Russian origin, but it is safe to say that this is because there are a lot of well-educated and skilled code writers in Russia and its neighboring countries," Kaspersky's analysis reads. More:

How vulnerable is your network against ransomware infections? Find out with KnowBe4’s Ransomware Simulator. RanSim will simulate 10 ransomware infection scenarios and show you if a workstation is vulnerable to infection.
RSA Conference 2017 Attendees Hacked With Rogue Access Points

You wonder... some attendees at the 2017 RSA conference may have been hacked at the show.

Security researchers at Pwnie Express were scanning the conference floor discovered rogue access points (EvilAP attack) that were posing as known and trusted networks.

“Security testing vendor Pwnie Express has been passively scanning the airwaves on the RSA Conference show floor and has found multiple instances of EvilAP attacks.” reads a blog post published by” In an EvilAP attack, a rogue access point uses a Karma attack to trick users into thinking they are connecting to a known access point. Among the access point beacons sent out in the EvilAP attacks were common locations like Starbucks and McDonald’s.”

The pen testers at Pwnie Express confirmed that multiple users connected to a rogue access point and at least two remained connected over the course of more than a day. Hmmm. Awareness training anyone?
Meet a New InfoSec Pro: Watson

IBM Security is well known for its AI-based supercomputer Watson. Now, IBM Security announced Watson for Cyber Security, the industry’s first augmented intelligence technology designed to power cognitive security operations centers (SOCs). It was revealed that over the past year, Watson has been trained on the language of cybersecurity, ingesting over 1 million security documents. Watson can now help security analysts parse thousands of natural language research reports that have never before been accessible to modern security tools.
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | Google | YouTube
Copyright © 2014-2017 KnowBe4, Inc. All rights reserved.

Subscribe To Our Blog

Free Phishing Security Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews