CyberheistNews Vol 8 #45 [Heads-Up] FIRED: The Two C-level Execs Who Fell Victim to a Massive 21 Million Dollar CEO Fraud

CyberheistNews Vol 8 #45
[Heads-Up] FIRED: The Two C-level Execs Who Fell Victim to a Massive 21 Million Dollar CEO Fraud

Two top-level executives of movie chain Pathé—the Managing Director and the CFO—were fired recently, after it became clear that they fell for a massive CEO Fraud attack that could have been prevented if they only would have spotted the red flags.

In a recent Amsterdam, Holland court decision the details were revealed how this scam went down, and what errors were made along the way.

Thursday, March 8th, the MD of a Dutch movie chain gets an email from the CEO of their holding company: "Did KPMG already call you?" The email was sent from a smartphone. The MD forwards the email to their CFO, but both are puzzled. They decide to email back and ask what the issue is.

The answer is a classic CEO fraud tactic: "We are in a confidential M&A process with a foreign company in Dubai, and any communications can only be done using the personal email address of the CEO. Please transfer the first 900K and this money will be transferred back to you at the end of the month."

An email thread ensues where the MD wants to make sure that the transaction is legit. "No worries", confirms the holding company CEO. Please transfer the first 10% of the acquisition.

Tuesday, March 13th, the second transfer gets made: 2.5 million. The two execs wonder what is going on but decide to comply with the CEO's orders. More transfer requests follow, for higher amounts. Tuesday March 27th the "last payment" gets made. A total of 21 million dollars has been transferred over roughly two weeks, and they get assured: "Yes, we'll now transfer this money back right away". That was the last thing they heard.

Finally their HQ wakes up, grabs the phone, and asks about the transfers: "What is going on? What was the money used for?" The penny drops. The two execs have fallen for a CEO fraud scam and are immediately put on administrative leave, and later fired. Story continued at the KnowBe4 blog, with three complimentary resources you can use to prevent this from happening at your own organization:
Kevin Mitnick Battles the Pesky Password Problem: Red Team vs Blue Team

You don’t want to miss this exclusive webinar on Wednesday!

What really makes a “strong” password? And why are your end-users tortured with them in the first place? How do hackers crack your passwords with ease? And what can/should you do about your authentication methods?

In this unique webinar, you will learn about the recent NIST controversy and related password cracking problems. The “combatants” will be on the one side KnowBe4's Chief Hacking Officer, Kevin Mitnick with decades of first-hand “red-side” penetration testing experience, and on the other side, Roger Grimes, KnowBe4's Data-Driven Defense Evangelist with decades of experience on the blue team.

They will provide an in-the-trenches view of authentication hacking, so that you get some insights about the truth of the effectiveness of passwords, various password management guidelines, and even stronger authentication systems using multiple factors. The referee will be Perry Carpenter, KnowBe4's Chief Evangelist and Strategy Officer.

Can't attend live? No worries — register now and you will receive a link to view the presentation on-demand afterwards.

Seats are limited. Reserve your spot!
Date/Time: Wednesday, November 14, 2018 at 1:00 (ET)
Ransomware and RDP: A Dangerous Combination

A new variant of ransomware, CommonRansom, is asking for RDP access to the victim’s computer in order to decrypt files. CommonRansom is the latest attempt to extend the ransomware attack beyond the simple act of extortion. In this case, upon completing the encryption attack, the ransomware leaves a decryption note as a text file asking for both a Bitcoin ransom, as well as complete admin RDP access to the infected endpoint.

I can appreciate cybercriminals wanting to evolve the ransomware attack; it’s been roughly the same tactic for a few years now. We saw another instance of extending the ransomware attack back in 2016 with Popcorn Time – where victims could decrypt their files by either paying the ransom or helping to infect two other people.

In this case, the inclusion of the RDP request is somewhat timely, as the RDP attack vector is in very high demand and pays top dollar on the dark web. Here are some recommendations to prevent attacks like this:
See the Real-World Simulated Phishing You Need, and the Training Your Users Will Really Love

You’ve always known your users are a serious threat to your network security. They are constantly under attack by the bad guys. You have all your email filters and endpoint security in place, but your users are still clicking on things they shouldn't.

Your organization’s awareness training should be your last layer of defense but you're wondering... Is new-school security awareness training really going to help?
  • How is it better and easier than my in-house training?
  • How real are those "simulated" phishing emails?
  • How am I going to make time to manage a security awareness program?
Get the answers to these common questions and more, see our platform in action! Here is a way to significantly improve your network security, and prevent a few of those 16 fires you are always putting out!
  • See some of the best real-world phishing templates, that are fully customizable
  • Get a look at KnowBe4’s highly engaging training content that your end-users will love
  • Learn more about the new Risk Score for your users, groups and whole organization
  • See how you can get up and running in hours, not weeks
Request your live demo and be pleasantly surprised!
The US Military Just Publicly Dumped Russian Government Malware Online

Usually it’s the Russians that dump its enemies’ files. This week, US Cyber Command (CYBERCOM), a part of the military tasked with hacking and cybersecurity focused missions, started publicly releasing unclassified samples of adversaries’ malware it has discovered.

CYBERCOM says the move is to improve information sharing among the cybersecurity community, but in some ways it could be seen as a signal to those who hack US systems: we may release your tools to the wider world.

"This is intended to be an enduring and ongoing information sharing effort, and it is not focused on any particular adversary," Joseph R. Holstead, acting director of public affairs at CYBERCOM told Motherboard in an email. Here is the full Spy vs Spy Dumpster Dump Story:

Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

PS: I recently wrote an article in Forbes which is great ammo for InfoSec budget:
Quotes of the Week
"Reflect upon your present blessings--of which every man has many--not on your past misfortunes, of which all men have some." - Charles Dickens

"Putin has two modes: humiliate or dominate. Respect isn’t among them" - Condoleezza Rice

Thanks for reading CyberheistNews
Security News
Live Demo: The NEW KCM GRC - Get Your Audits Done in Half the Time

You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments is a continuous problem.

Good news! We are excited to announce the release of the new KCM GRC. We have expanded the existing KCM product with new Risk and Policy Management modules, transforming KCM into a full SaaS GRC platform!

Join us for a first look, Tuesday, November 13th at 1:00 PM (ET), for a 30-minute live product demonstration of the new KCM GRC platform from KnowBe4. See how you can simplify the challenges of managing your compliance requirements and ease the stress when it’s time for risk assessments and audits.
  • Quick implementation with pre-built requirements templates for the most widely used regulations.
  • NEW Simplify risk management with an intuitive interface and simple workflow based on the well-recognized NIST 800-30.
  • You can assign responsibility for controls to the users who are responsible for maintaining them.
  • Secure evidence repository and DocuLinks giving you two ways of maintaining audit evidence and documentation.
  • Dashboards with automated reminders to quickly see what tasks have been completed, not met, and past due.
Save Your Spot!
Date/Time: Tuesday, November 13th at 1:00 PM (ET)
Most Americans Can Be Fooled by Fake Election Emails

The average American cannot reliably distinguish between fake and legitimate election campaign emails, according to a study by Valimail. In the weeks leading up to the US midterm elections, Valimail surveyed 1,079 US adults and found that, on average, respondents could discern the legitimacy of just 4.98 out of 11 emails. Only one respondent correctly categorized all 11 emails.

Individuals over 65 were slightly better at identifying emails correctly than younger respondents, and both Republican and Democrats scored about the same. Notably, respondents were more likely to fall for a fake email if the email purported to come from their preferred political party.

“The results of this survey confirm what nation-states and bad actors have known for years: that email is incredibly vulnerable to impersonation, and is therefore a prime channel for spreading misinformation, malware, and fraud,” said Valimail’s CEO Alexander García-Tobar.

“More concerning is the fact that consumers' trust in their public leaders and political candidates can be so easily abused for financial or political gain, when the tools to combat these types of attacks are readily available.”

All of the fake emails used in this survey contained visible tells that could have been detected by careful observers. Valimail notes, however, that phishing emails are often visually indistinguishable from legitimate ones.

Attackers can also use field-spoofing and lookalike domains to further their deception. While Valimail's study concentrates on election influence operations, there are broader principles in play here that any organization could apply.

Employees need engaging, interactive security awareness training that uses real-world examples to teach them the clues to look for and techniques they can use to verify the authenticity of emails. MarketWatch has the story:

And Valimail's report is here:
Phishing Extortion Campaign Using New, More Effective Methods

Kaspersky Labs researchers have noticed a recent switch in tactics by malicious actor’s intent on conducting blackmail operations.

The primary scare tactic in these phishing operations is to tell the recipient the extortionist has embarrassing or damaging evidence against the target with a demand to pay a set amount in order for the malicious actor to remain quiet.

In the past the attacker would simply hope the threat was enough to entice the payment, but Kaspersky has noted cybercriminals are now doing some extra legwork to make their claim more believable.

“The new wave of emails contained users’ actual personal data (names, passwords, phone numbers), which the scammers used to try to convince victims that they really had the information specified in the message,” the report said.

This indicates the spammers are using a variety of breached databases to draw personal information from to use as evidence that they truly do have some type of damaging information on the target. Additionally, these fraudulent emails are now being sent to a larger audience. Previously, mainly English speaking people were chosen, but starting in September campaigns have been launched against German, Italian, Arabic, and Japanese speakers.

The new methodology may be working as Kaspersky found several bitcoin wallets receiving payments totaling more than $18,000. More:
What KnowBe4 Customers Say

"Things have been great! Topher is top notch and has been very helpful and a great communicator in the startup process. We just recently received our baseline results and are starting to implement our first training campaigns.

The interface is very user friendly and the AD integration has been a dream. We have been receiving very positive results. I'm very pleased with the service you guys have provided and look forward to a long and healthy partnership."
- B.L., Computer Maintenance Technician

"Everything’s going great with the console. I setup a new campaign every 2 weeks or so, and have gone from general phishing campaigns to more targeted ones to show our users how convincing these phishing schemes can be. Honestly, everything’s been going great and we’re very happy with KnowBe4. I’ve also recommended it to other IT professionals. Thanks!"
- W.M., IT Administrator

PS, If you want to see KnowBe4 compared to other products in an objective, legit platform that makes sure the reviews are fully vetted, check Gartner Peer Insights:
KnowBe4 Wants to Know What Keeps You up at Night!

IT Pros today have lots of security concerns such as ransomware, external attacks, data breaches and compliance mandates. Some issues you have locked down tight, while others are making you crazy!

We want to know what aspects of IT security you have covered, and which ones have you worried sick!

In this fast, 5-minute online survey, we want to hear about what issues are of great concern to you and your organization.

Hurry and take the survey now - be one of the first 500 to take the survey and have a chance to win one of several 500-dollar Amazon gift cards! (or equivalent in your local currency)

The 10 Interesting News Items This Week
    1. IBM Watson will be used by NIST to assign CVSS scores to vulnerabilities:

    2. Ransomware could displace data theft as leading cyber risk in Europe:

    3. HSBC Bank fesses up: Hackers made off with folks' personal details:

    4. Phishing Is the Top Reason Behind Australian Data Breaches:

    5. Voting machine manual tells officials to reuse weak passwords:

    6. New research from Kaspersky Lab has revealed that the number of phishing attacks rose by 27.5 per cent to reach over 137m in the third quarter of 2018:

    7. Bruce Schneier: You want real IoT security? Have Uncle Sam start putting boots to butts:

    8. New Spam Botnet Likely Infected 400,000 Devices:

    9. Linux cryptocurrency miners are installing rootkits to hide themselves:

    10. This is how artificial intelligence will become weaponized in future cyberattacks:
Prepared in cooperation with the CyberWire research team.
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2018 KnowBe4, Inc. All rights reserved.

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews