CyberheistNews Vol 9 #52
Happy Holidays
We'll be observing the Christmas and New Year holiday season next week, and so your cyberheistnews will arrive later than usual in January, we'll be back to our normal schedule on Thursday January 2nd. See you in 2020, and all our best wishes to you for Christmas, Chanukah, and New Year's Day.
And, as always, I'm repeating the tradition of my same New Year's Wish as a newsletter editor since 1996: "A world without war, crime and insanity, where honest people can flourish, prosper and reach greater heights".
We'll be observing the Christmas and New Year holiday season next week, and so your cyberheistnews will arrive later than usual in January, we'll be back to our normal schedule on Thursday January 2nd. See you in 2020, and all our best wishes to you for Christmas, Chanukah, and New Year's Day.
And, as always, I'm repeating the tradition of my same New Year's Wish as a newsletter editor since 1996: "A world without war, crime and insanity, where honest people can flourish, prosper and reach greater heights".
[Heads-Up] 1000+ Schools Hit by Still Active Ransomware Attack Wave
October was the first month we got some visibility on how the bad guys are now targeting school districts and students across the USA in a wave of new ransomware attacks. This attack is still going on.
A report released by Armor, a global security solutions provider, noted a substantial rise in ransomware attacks against schools (and school districts) since October 2019. “The report identified 11 new U.S. school districts (comprised of 226 schools) that have been hit by ransomware since late October."
Why Ransomware Thieves Target Schools, School Districts, and Municipalities
Ransomware criminals know that school districts and municipalities are often ill-prepared to defend against cyber threats due to their limited budget, IT money that is allocated in the budget is likely to be spent procuring new hardware and software rather than on cybersecurity or security awareness training.
With little cybersecurity budget, the bad guys are aware this is a soft and target-rich sector, with sensitive data that needs to be protected and kids that need to attend school.
“According to Chris Hinkley, Armor’s Head of the Threat Resistance Unit (TRU) research team, schools, and municipalities continue to be very desirable targets for ransomware threat actors because these types of organizations host a lot of important, sensitive data, which is required for communities to function properly.
The cybercriminals also know that often these entities don’t have sufficient cybersecurity protections in place. “The attackers know that the services these organizations provide are critical to their communities, and they also know that schools and municipalities are typically more vulnerable to security attacks because of their limited budgets and lack of IT staff,” said Hinkley.
“This combination can give the threat actors a tremendous advantage over their victims because they know these entities cannot afford to shut down and are often more likely to pay the ransom.”
The report identified “269 publicly announced ransomware victim organizations in the U.S. since January 1, 2019 as well as the status of some of those events. Municipalities continue to lead the victim list at 82, followed closely by school districts and educational institutions at 72, followed by 44 healthcare organizations and 18 Managed Service Providers (MSPs) and Cloud-Based Service Providers.”
In comparison, Armor cites K-12 Cybersecurity Resource Center stats for 2018 that reported K-12 schools experienced 119 cyber incidents in 2018 and attributed a total of 9.76 % (approximately 11 schools) that have been hit by ransomware. Continued at the KnowBe4 Blog:
https://blog.knowbe4.com/1000-schools-hit-by-ransomware-fueled-by-october-attack-wave
October was the first month we got some visibility on how the bad guys are now targeting school districts and students across the USA in a wave of new ransomware attacks. This attack is still going on.
A report released by Armor, a global security solutions provider, noted a substantial rise in ransomware attacks against schools (and school districts) since October 2019. “The report identified 11 new U.S. school districts (comprised of 226 schools) that have been hit by ransomware since late October."
Why Ransomware Thieves Target Schools, School Districts, and Municipalities
Ransomware criminals know that school districts and municipalities are often ill-prepared to defend against cyber threats due to their limited budget, IT money that is allocated in the budget is likely to be spent procuring new hardware and software rather than on cybersecurity or security awareness training.
With little cybersecurity budget, the bad guys are aware this is a soft and target-rich sector, with sensitive data that needs to be protected and kids that need to attend school.
“According to Chris Hinkley, Armor’s Head of the Threat Resistance Unit (TRU) research team, schools, and municipalities continue to be very desirable targets for ransomware threat actors because these types of organizations host a lot of important, sensitive data, which is required for communities to function properly.
The cybercriminals also know that often these entities don’t have sufficient cybersecurity protections in place. “The attackers know that the services these organizations provide are critical to their communities, and they also know that schools and municipalities are typically more vulnerable to security attacks because of their limited budgets and lack of IT staff,” said Hinkley.
“This combination can give the threat actors a tremendous advantage over their victims because they know these entities cannot afford to shut down and are often more likely to pay the ransom.”
The report identified “269 publicly announced ransomware victim organizations in the U.S. since January 1, 2019 as well as the status of some of those events. Municipalities continue to lead the victim list at 82, followed closely by school districts and educational institutions at 72, followed by 44 healthcare organizations and 18 Managed Service Providers (MSPs) and Cloud-Based Service Providers.”
In comparison, Armor cites K-12 Cybersecurity Resource Center stats for 2018 that reported K-12 schools experienced 119 cyber incidents in 2018 and attributed a total of 9.76 % (approximately 11 schools) that have been hit by ransomware. Continued at the KnowBe4 Blog:
https://blog.knowbe4.com/1000-schools-hit-by-ransomware-fueled-by-october-attack-wave
Are Your Users' Passwords…P@ssw0rd? Find out for a Chance to Win a Stormtrooper Helmet
Verizon's Data Breach Report showed that 81% of hacking-related breaches used either stolen and/or weak passwords. Employees are the weakest link in your network security.
KnowBe4's Weak Password Test checks your Active Directory for 10 different types of weak password-related threats and reports any fails so that you can take action. Plus, if you're in the US or Canada, you’ll be entered for a chance to win a Star Wars Stormtrooper Helmet Prop Replica!
This will take you 5 minutes and may give you some insights you never expected!
https://info.knowbe4.com/wpt-sweepstakes-012020
Verizon's Data Breach Report showed that 81% of hacking-related breaches used either stolen and/or weak passwords. Employees are the weakest link in your network security.
KnowBe4's Weak Password Test checks your Active Directory for 10 different types of weak password-related threats and reports any fails so that you can take action. Plus, if you're in the US or Canada, you’ll be entered for a chance to win a Star Wars Stormtrooper Helmet Prop Replica!
This will take you 5 minutes and may give you some insights you never expected!
https://info.knowbe4.com/wpt-sweepstakes-012020
[NEW RISK] The MAZE Ransomware Gang Outs Their Victims on a Public Web Site
In a continuing escalation of its extortion tactics, independent security researcher Brian Krebs reported on Krebsonsecurity.com that the criminals behind the MAZE Ransomware gang just created a publicly viewable web site listing 8 victims and a limited amount of selected data.
MAZE probably hopes that by increasing psychological extortion pressure they will squeeze current victims who are still undecided) to pay up and they are using this club as a potential warning to warn future victims what could result from not paying particularly when data is exposed. Triggering legal and cost ramifications of reporting and mitigating what would be considered a data breach. We discussed this topic in our blog post about REvil last week.
According to Brian, “less than 48 hours ago, the cybercriminals behind the Maze Ransomware strain erected a Web site on the public Internet, and it currently lists the company names and corresponding Web sites for eight victims of their malware that have declined to pay a ransom demand.
Krebs describes the information released publicly so far as “initial date of infection, several stolen Microsoft Office, text and PDF files, the total volume of files allegedly exfiltrated from victims (measured in Gigabytes), as well as the IP addresses and machine names of the servers infected by Maze.“
It's worth noting that the type of information released so far is not very damaging to the victims, but the public web site makes it very clear that they *might* release much more confidential information.
[“Represented here companies dont wish to cooperate with us and trying to hide our successful attack on their resources,” the site explains in broken English. “Wait for their databases and private papers here. Follow the news!”]
“KrebsOnSecurity was able to verify that at least one of the companies listed on the site indeed recently suffered from a Maze ransomware infection that has not yet been reported in the news media.”
While threats to leak data are not new it remains to be seen how effective an extortion tool this turns out to be and whether or not this new "threat experiment" will continue or be copied by other ransomware strains. Link:
https://blog.knowbe4.com/maze-ransomware-crew-outs-victims-on-public-web-site
In a continuing escalation of its extortion tactics, independent security researcher Brian Krebs reported on Krebsonsecurity.com that the criminals behind the MAZE Ransomware gang just created a publicly viewable web site listing 8 victims and a limited amount of selected data.
MAZE probably hopes that by increasing psychological extortion pressure they will squeeze current victims who are still undecided) to pay up and they are using this club as a potential warning to warn future victims what could result from not paying particularly when data is exposed. Triggering legal and cost ramifications of reporting and mitigating what would be considered a data breach. We discussed this topic in our blog post about REvil last week.
According to Brian, “less than 48 hours ago, the cybercriminals behind the Maze Ransomware strain erected a Web site on the public Internet, and it currently lists the company names and corresponding Web sites for eight victims of their malware that have declined to pay a ransom demand.
Krebs describes the information released publicly so far as “initial date of infection, several stolen Microsoft Office, text and PDF files, the total volume of files allegedly exfiltrated from victims (measured in Gigabytes), as well as the IP addresses and machine names of the servers infected by Maze.“
It's worth noting that the type of information released so far is not very damaging to the victims, but the public web site makes it very clear that they *might* release much more confidential information.
[“Represented here companies dont wish to cooperate with us and trying to hide our successful attack on their resources,” the site explains in broken English. “Wait for their databases and private papers here. Follow the news!”]
“KrebsOnSecurity was able to verify that at least one of the companies listed on the site indeed recently suffered from a Maze ransomware infection that has not yet been reported in the news media.”
While threats to leak data are not new it remains to be seen how effective an extortion tool this turns out to be and whether or not this new "threat experiment" will continue or be copied by other ransomware strains. Link:
https://blog.knowbe4.com/maze-ransomware-crew-outs-victims-on-public-web-site
[LIVE DEMO] See Ridiculously Easy Security Awareness Training. New Features!
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us on Wednesday, January 8 @ 2:00 pm (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Check out our new assessment feature and see how easy it is to train and phish your users.
Date/Time: Wednesday, January 8 @ 2:00 pm (ET)
SAVE MY SPOT:
https://event.on24.com/wcc/r/2161522/61EC8675F9195AB5ACDC5B9131474C9C?partnerref=CHN1
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us on Wednesday, January 8 @ 2:00 pm (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Check out our new assessment feature and see how easy it is to train and phish your users.
- NEW Assessments! Find out where your users are in both security knowledge and security culture to help establish baseline security metrics you can improve over time.
- Train your users with access to the world's largest library of awareness training content and automated training campaigns with scheduled reminder emails.
- Send fully automated simulated phishing attacks, using thousands of customizable templates with unlimited usage.
- Virtual Risk Officer shows you the Risk Score by user, group, and your whole organization.
- Advanced Reporting on 60+ key awareness training indicators.
- Active Directory Integration to easily upload user data, eliminating the need to manually manage user changes.
- Identify and respond to email threats faster. Enhance your incident response efforts with the PhishER add-on!
Date/Time: Wednesday, January 8 @ 2:00 pm (ET)
SAVE MY SPOT:
https://event.on24.com/wcc/r/2161522/61EC8675F9195AB5ACDC5B9131474C9C?partnerref=CHN1
How to Manage Insider Threats When Employees Make Fatal Errors or Are Not Trained
Protecting an organization against insider threats is an essential component of any security strategy, but it needs to be handled with sensitivity, according to Peter Draper from Gurucul.
On the CyberWire’s Hacking Humans podcast, Draper explained that many insider threats aren’t malicious—they often involve an employee making a mistake or misunderstanding their role.
Insider threats are classified as any threat arising from within an organization, Draper explained. “It doesn't necessarily mean that it's an inside individual that's doing any nefarious behavior. There are malicious insiders that, for some reason, may believe that the information that's available in the systems is theirs to take.
They may be leaving the company or considering leaving the company. They may have a beef with somebody. There's then the unintentional insider threat, and that is accounts that could be compromised by clicking on a bad link, by being attacked with malware.
They've downloaded something, they've gone somewhere, they've watched a video – all of the usual attack surfaces that's available that could be compromising their account.”
Draper added that with new technology like the cloud, it’s become increasingly difficult to control employee access within organizations. Companies now have very broad attack surfaces, and it’s extremely important to minimize the damage an attacker could cause if a single account is compromised.
“The proliferation of password attacks, stolen credentials, password stuffing where attackers will try and effectively spray the passwords onto any system that they can get access to to see whether or not they can actually gain access because people share accounts, share passwords across multiple systems – it is challenging,” Draper said.
“Making sure people have the right entitlements and the right identity and access to the right resources is where a big portion of enterprise's time is spent.”
In this environment, Draper explained, it’s very difficult to keep track of who has access to which data and privileges, especially as employees shift around in the organization. “What normally happens is users will come into one department,” he said. “They might move to another department. They might get promoted. They might stand in for somebody out during some vacation or something. And each time that happens, they get given more rights....We call those ‘access collectors’ because they keep gaining access and getting more and more.”
Draper believes the solution to this issue has to involve the employees themselves. “We think it's really, really important to involve the users in this,” Draper said. “Whenever you start to talk about insider threat, all the users – and let's be honest, the users are the people that keep your business going and do the things that you need them to do for your business to work.
So, all of those users are critical to what you're trying to achieve as a business. But they are starting to think it's starting to become a ‘them-and-us,’ because they're talking about us being a threat.”
New-school security awareness training can help your organization get a handle on its security posture by helping your employees understand the threats their organization faces. The CyberWire has the story:
https://thecyberwire.com/podcasts/cw-podcasts-hh-2019-12-19.html
Protecting an organization against insider threats is an essential component of any security strategy, but it needs to be handled with sensitivity, according to Peter Draper from Gurucul.
On the CyberWire’s Hacking Humans podcast, Draper explained that many insider threats aren’t malicious—they often involve an employee making a mistake or misunderstanding their role.
Insider threats are classified as any threat arising from within an organization, Draper explained. “It doesn't necessarily mean that it's an inside individual that's doing any nefarious behavior. There are malicious insiders that, for some reason, may believe that the information that's available in the systems is theirs to take.
They may be leaving the company or considering leaving the company. They may have a beef with somebody. There's then the unintentional insider threat, and that is accounts that could be compromised by clicking on a bad link, by being attacked with malware.
They've downloaded something, they've gone somewhere, they've watched a video – all of the usual attack surfaces that's available that could be compromising their account.”
Draper added that with new technology like the cloud, it’s become increasingly difficult to control employee access within organizations. Companies now have very broad attack surfaces, and it’s extremely important to minimize the damage an attacker could cause if a single account is compromised.
“The proliferation of password attacks, stolen credentials, password stuffing where attackers will try and effectively spray the passwords onto any system that they can get access to to see whether or not they can actually gain access because people share accounts, share passwords across multiple systems – it is challenging,” Draper said.
“Making sure people have the right entitlements and the right identity and access to the right resources is where a big portion of enterprise's time is spent.”
In this environment, Draper explained, it’s very difficult to keep track of who has access to which data and privileges, especially as employees shift around in the organization. “What normally happens is users will come into one department,” he said. “They might move to another department. They might get promoted. They might stand in for somebody out during some vacation or something. And each time that happens, they get given more rights....We call those ‘access collectors’ because they keep gaining access and getting more and more.”
Draper believes the solution to this issue has to involve the employees themselves. “We think it's really, really important to involve the users in this,” Draper said. “Whenever you start to talk about insider threat, all the users – and let's be honest, the users are the people that keep your business going and do the things that you need them to do for your business to work.
So, all of those users are critical to what you're trying to achieve as a business. But they are starting to think it's starting to become a ‘them-and-us,’ because they're talking about us being a threat.”
New-school security awareness training can help your organization get a handle on its security posture by helping your employees understand the threats their organization faces. The CyberWire has the story:
https://thecyberwire.com/podcasts/cw-podcasts-hh-2019-12-19.html
[LIVE DEMO] See How You Can Get Audits Done in Half the Time at Half the Cost
You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments and third-party vendor risk is a continuous problem.
We listened! KCM now has Compliance, Risk, Policy and Vendor Risk management modules, transforming KCM into a full SaaS GRC platform!
Join us, Tuesday, January 7 @ 2:00 PM (ET), for a 30-minute live product demonstration of KnowBe4's KCM GRC platform. See how you can simplify the challenges of managing your compliance requirements across your organization and third-party vendors and ease your burden when it's time for risk assessments and audits.
SAVE MY SPOT:
https://event.on24.com/wcc/r/2161517/913D5D0E1A03310F65463DD51B49DC54?partnerref=CHN1
Let's stay safe out there.
https://www.knowbe4.com/phishing-security-test-offer
You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments and third-party vendor risk is a continuous problem.
We listened! KCM now has Compliance, Risk, Policy and Vendor Risk management modules, transforming KCM into a full SaaS GRC platform!
Join us, Tuesday, January 7 @ 2:00 PM (ET), for a 30-minute live product demonstration of KnowBe4's KCM GRC platform. See how you can simplify the challenges of managing your compliance requirements across your organization and third-party vendors and ease your burden when it's time for risk assessments and audits.
- NEW! Demonstrate overall progress and health of your compliance and risk management initiatives with custom reports
- Vet, manage and monitor your third-party vendors' security risk requirements.
- Simplify risk management with an intuitive interface and simple workflow based on the well-recognized NIST 800-30.
- Quick implementation with pre-built requirements templates for the most widely used regulations.
- Secure evidence repository and DocuLinks giving you two ways of maintaining audit evidence and documentation.
- Dashboards with automated reminders to quickly see what tasks have been completed, not met, and past due.
SAVE MY SPOT:
https://event.on24.com/wcc/r/2161517/913D5D0E1A03310F65463DD51B49DC54?partnerref=CHN1
Let's stay safe out there.
Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc
https://www.knowbe4.com/phishing-security-test-offer
Quotes of the Week
"You know the value of every article of merchandise, but if you don't know the value of your own soul, it's all foolishness." - Rumi, Poet (1207 - 1273)
"Go confidently in the direction of your dreams. Live the life you have imagined."
- Henry David Thoreau, Author (1817 - 1862)
Thanks for reading CyberheistNews
"Go confidently in the direction of your dreams. Live the life you have imagined."
- Henry David Thoreau, Author (1817 - 1862)
Thanks for reading CyberheistNews
Security News
This Gullible Financial Advisor Was Fined and Suspended After Falling for a $500K+ BEC Scam
The Financial Industry Regulatory Authority (FINRA) fined and temporarily suspended a financial advisor working for UBS after he was social engineered into transferring $511,870 from a client’s account, according to FinancialAdvisorIQ.
A hacker gained access to the client’s account and asked the advisor, William Darby, to move the money into accounts at third-party banks. Darby allegedly violated UBS’s protocol by making the transfers without first calling the client on the phone and verbally confirming the requests.
Darby was also allegedly tricked into selling the client’s securities, worth $525,826, to fund the transfers. UBS fired Darby and reimbursed the client, and FINRA fined Darby $7,500 for breaching protocol. The reason for his termination was “violated firm disbursements policy by failing to call client to confirm disbursement requests yet instructed support staff to process the disbursements.”
Darby also received a forty-five-day suspension from FINRA, but was allowed to keep his registration as a financial advisor. He’s since landed a job at another firm, and he’ll presumably be more cautious in the future.
It’s worth noting that Darby had worked in the financial services industry for twenty years, ten of which he spent at UBS, so a lack of experience is unlikely to have been the problem. Anyone can fall for a scam, so orgs need to have policies in place to reduce the chances of a scam succeeding.
Of course, as this case demonstrates, security policies are only effective if they’re adhered to. It’s also unwise to think that experienced personnel can’t themselves fall prey to a scammer. We can learn a lot through experience, but sometimes experience can be the mother of illusion, too.
Proper training and education are needed to ensure employees know the importance of following their organization’s security protocols. A healthy sense of suspicion and a solid knowledge of social engineering tactics can complement strong security policies. New-school security awareness training can keep your employees from being tricked by social engineering and prevent them from falling into complacency by teaching them how scammers operate.
FinancialAdvisorIQ has the story:
https://financialadvisoriq.com/c/2600713/299823/fined_after_allegedly_conned_hacker_disburse_client_funds
The Financial Industry Regulatory Authority (FINRA) fined and temporarily suspended a financial advisor working for UBS after he was social engineered into transferring $511,870 from a client’s account, according to FinancialAdvisorIQ.
A hacker gained access to the client’s account and asked the advisor, William Darby, to move the money into accounts at third-party banks. Darby allegedly violated UBS’s protocol by making the transfers without first calling the client on the phone and verbally confirming the requests.
Darby was also allegedly tricked into selling the client’s securities, worth $525,826, to fund the transfers. UBS fired Darby and reimbursed the client, and FINRA fined Darby $7,500 for breaching protocol. The reason for his termination was “violated firm disbursements policy by failing to call client to confirm disbursement requests yet instructed support staff to process the disbursements.”
Darby also received a forty-five-day suspension from FINRA, but was allowed to keep his registration as a financial advisor. He’s since landed a job at another firm, and he’ll presumably be more cautious in the future.
It’s worth noting that Darby had worked in the financial services industry for twenty years, ten of which he spent at UBS, so a lack of experience is unlikely to have been the problem. Anyone can fall for a scam, so orgs need to have policies in place to reduce the chances of a scam succeeding.
Of course, as this case demonstrates, security policies are only effective if they’re adhered to. It’s also unwise to think that experienced personnel can’t themselves fall prey to a scammer. We can learn a lot through experience, but sometimes experience can be the mother of illusion, too.
Proper training and education are needed to ensure employees know the importance of following their organization’s security protocols. A healthy sense of suspicion and a solid knowledge of social engineering tactics can complement strong security policies. New-school security awareness training can keep your employees from being tricked by social engineering and prevent them from falling into complacency by teaching them how scammers operate.
FinancialAdvisorIQ has the story:
https://financialadvisoriq.com/c/2600713/299823/fined_after_allegedly_conned_hacker_disburse_client_funds
Spear Phishing in the Royal Canadian Mint
The Royal Canadian Mint, which produces Canada’s coins, nearly sent an employee’s paycheck to an attacker following a spear phishing attack, CBC News reports. The attacker sent an email to the Mint’s HR department while posing as an employee and requested that the department change the employee’s bank account details. The HR worker who received the email was convinced, and they changed the employee’s direct deposit information.
Fortunately, the bank rejected the payment before it was sent to the scammer, so the employee didn’t lose their paycheck. The scammer did receive the employee’s pay stub, however, which contained some sensitive personal and financial information. The employee later fell victim to identity theft and was affected by fraudulent credit card purchases, although the Mint says there’s no evidence that those incidents are a result of the data that was lost during the payroll spoofing attempt.
While the bank caught the fraudulent payment in this case, Jeff Thomson, a senior RCMP intelligence analyst with the Canadian Anti-Fraud Centre, told CBC News that payroll spoofing scams are increasing.
“Oftentimes it can result in significant losses,” Thomson said. “It typically falls in our top two in terms of dollar loss in the amount of money that the victims can lose.”
Thomson continued, saying it’s tough to hold the scammers accountable because they’re often located in another country. “So the tactics the fraudsters employ certainly make it more difficult to track them down,” he said. “And it’s challenging in investigating when you're crossing jurisdictions.”
These types of attacks depend on ignorance to succeed. If the HR worker had been trained to be on the lookout for payroll diversion attempts, they might have been more careful. The employee was lucky not to lose their paycheck, but they still lost sensitive information through no fault of their own.
Awareness training can teach your employees about the tactics used by scammers so they can recognize these techniques when they encounter them. CBC News has the story:
https://www.cbc.ca/news/politics/mint-spear-phishing-scam-1.5392036
The Royal Canadian Mint, which produces Canada’s coins, nearly sent an employee’s paycheck to an attacker following a spear phishing attack, CBC News reports. The attacker sent an email to the Mint’s HR department while posing as an employee and requested that the department change the employee’s bank account details. The HR worker who received the email was convinced, and they changed the employee’s direct deposit information.
Fortunately, the bank rejected the payment before it was sent to the scammer, so the employee didn’t lose their paycheck. The scammer did receive the employee’s pay stub, however, which contained some sensitive personal and financial information. The employee later fell victim to identity theft and was affected by fraudulent credit card purchases, although the Mint says there’s no evidence that those incidents are a result of the data that was lost during the payroll spoofing attempt.
While the bank caught the fraudulent payment in this case, Jeff Thomson, a senior RCMP intelligence analyst with the Canadian Anti-Fraud Centre, told CBC News that payroll spoofing scams are increasing.
“Oftentimes it can result in significant losses,” Thomson said. “It typically falls in our top two in terms of dollar loss in the amount of money that the victims can lose.”
Thomson continued, saying it’s tough to hold the scammers accountable because they’re often located in another country. “So the tactics the fraudsters employ certainly make it more difficult to track them down,” he said. “And it’s challenging in investigating when you're crossing jurisdictions.”
These types of attacks depend on ignorance to succeed. If the HR worker had been trained to be on the lookout for payroll diversion attempts, they might have been more careful. The employee was lucky not to lose their paycheck, but they still lost sensitive information through no fault of their own.
Awareness training can teach your employees about the tactics used by scammers so they can recognize these techniques when they encounter them. CBC News has the story:
https://www.cbc.ca/news/politics/mint-spear-phishing-scam-1.5392036
Royal Mail Scam: Sorry, You Haven't in Fact Won That iPhone 11 Pro
An SMS phishing scam is targeting people in the UK with fake notifications that appear to come from the Royal Mail postal service, The Sun reports. The messages are personalized, and they address each recipient by their real name, informing them that they’ve been selected to receive a free iPhone 11 Pro. In order to receive their prize, the recipient is asked to enter their address and their debit card details in order to pay the £2 shipping insurance fee. Peter Draper from cybersecurity company Gurucul explained what an attacker could do with this information.
“This is just another version of a phishing scam but using text instead of email,” Draper said. “The goal appears to be information gathering and, without a doubt, to obtain people’s full payment card details. If the recipient provides their card details and CVV, then the bad actor has what they need. They can then use to either spend on the card or, better still, sell the details to multiple bad actors. In the worst case scenario the details can be used to steal an identity and apply for credit, etc.” Continued:
https://blog.knowbe4.com/royal-mail-scam-sorry-you-havent-in-fact-won-that-iphone-11-pro
An SMS phishing scam is targeting people in the UK with fake notifications that appear to come from the Royal Mail postal service, The Sun reports. The messages are personalized, and they address each recipient by their real name, informing them that they’ve been selected to receive a free iPhone 11 Pro. In order to receive their prize, the recipient is asked to enter their address and their debit card details in order to pay the £2 shipping insurance fee. Peter Draper from cybersecurity company Gurucul explained what an attacker could do with this information.
“This is just another version of a phishing scam but using text instead of email,” Draper said. “The goal appears to be information gathering and, without a doubt, to obtain people’s full payment card details. If the recipient provides their card details and CVV, then the bad actor has what they need. They can then use to either spend on the card or, better still, sell the details to multiple bad actors. In the worst case scenario the details can be used to steal an identity and apply for credit, etc.” Continued:
https://blog.knowbe4.com/royal-mail-scam-sorry-you-havent-in-fact-won-that-iphone-11-pro
What KnowBe4 Customers Say
"Good morning Stu, thank you for reaching out, I am very happy with the results so far and the ease of use of the services provided. Everyone I have been involved with from KnowBe4 has been a delight to work with as well. I hope you all have a very Merry Christmas. Thanks!"
- S.J, IT Specialist
New Feature: Custom Reporting Now Available in KCM GRC
Custom Reporting: Effectively report on the status of your compliance and risk management initiatives using KCM’s Custom Reporting feature. Easily create and save reports that provide details on task status, user activities, and the rate of completion across your different scopes and control requirements.
From within each report, you can filter and sort your data based on the criteria most important to you, and even export your reporting data to third-party BI tools. KCM makes it easy for you to demonstrate overall progress and health of your compliance program to your executive team.
The KCM product page has been updated:
https://www.knowbe4.com/products/kcm-grc-platform
The features chart has been updated on the KCM pricing page:
https://www.knowbe4.com/kcm-price-list
"Good morning Stu, thank you for reaching out, I am very happy with the results so far and the ease of use of the services provided. Everyone I have been involved with from KnowBe4 has been a delight to work with as well. I hope you all have a very Merry Christmas. Thanks!"
- S.J, IT Specialist
New Feature: Custom Reporting Now Available in KCM GRC
Custom Reporting: Effectively report on the status of your compliance and risk management initiatives using KCM’s Custom Reporting feature. Easily create and save reports that provide details on task status, user activities, and the rate of completion across your different scopes and control requirements.
From within each report, you can filter and sort your data based on the criteria most important to you, and even export your reporting data to third-party BI tools. KCM makes it easy for you to demonstrate overall progress and health of your compliance program to your executive team.
The KCM product page has been updated:
https://www.knowbe4.com/products/kcm-grc-platform
The features chart has been updated on the KCM pricing page:
https://www.knowbe4.com/kcm-price-list
The 10 Interesting News Items This Week
- 5 Strategies On How To Talk To The Board About Cybersecurity:
https://www.darkreading.com/risk/talking-to-the-board-about-cybersecurity/a/d-id/1336587 - Wawa data breach potentially affected more than 850 locations, CEO says:
https://www.washingtonpost.com/business/2019/12/20/wawa-hit-with-massive-data-breach-potentially-affecting-all-locations-ceo-says/ - Ransomware tops list of healthcare cybersecurity threats in 2019:
https://searchhealthit.techtarget.com/feature/Ransomware-tops-list-of-healthcare-cybersecurity-threats-in-2019 - IBM announces very interesting battery technology breakthrough:
https://www.techrepublic.com/article/ibm-announces-battery-technology-breakthrough/ - Vladimir Putin 'still uses obsolete Windows XP' despite hacking risk. Or Is He Taunting?:
https://www.theguardian.com/world/2019/dec/17/vladimir-putin-still-uses-obsolete-windows-xp-despite-hacking-risk - Senate bill would order DHS to review K-12 cybersecurity:
https://edscoop.com/k12-cybersecurity-act-2019-dhs/ - Over 435K Security Certs Can Be Compromised With Less Than $3,000:
https://www.bleepingcomputer.com/news/security/over-435k-security-certs-can-be-compromised-with-less-than-3-000/ - Cybercriminals Found a Scary New Way of Making Hacked Companies Pay Ransom:
https://www.vice.com/en_us/article/5dmzzd/cybercriminals-found-a-scary-new-way-of-making-hacked-companies-pay-ransom - FBI Warns of Risks Behind Using Free WiFi While Traveling:
https://www.bleepingcomputer.com/news/security/fbi-warns-of-risks-behind-using-free-wifi-while-traveling/ - Cybersecurity Experts Are Leaving the Federal Government. That’s a Problem:
https://www.nytimes.com/2019/12/19/opinion/cybersecurity-departures-government.html
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff
- And here is your Virtual Vacation this week: Hiking The Yosemite Half Dome In Ultra HD:
https://www.youtube.com/watch?v=PdCylcA_c40
- Penn And Teller Fool Us Christmas Edition Featuring Mat Franco:
https://www.flixxy.com/penn-and-teller-fool-us-christmas-edition-featuring-mat-franco.htm?utm_source=4
- People Are Awesome collection of the most awesome 2016 winter sports clips, including snowboarding, skiing, ice skating, parkour, snow kayaking, snow kiting, and more:
https://www.flixxy.com/people-are-awesome-winter-2016-edition.htm?utm_source=4
- From the country that invented fireworks, here is the future of aerial light shows, created by more than 1000 drones:
https://www.flixxy.com/the-most-amazing-drone-holographic-light-show-in-china.htm?utm_source=4
- Paris CDG Night Landing in A380. Check out The City Of Light from above:
https://www.youtube.com/watch?v=s34yWRNs6Ek&feature=youtu.be
- The supersonic Concorde jets have been retired, so the only way to see the majesty of this marvelous airplane is through this 33=foor R/C model:
https://www.flixxy.com/amazing-33-foot-remote-control-concorde.htm?utm_source=4
- Watch Blue Origin's New Shepard Rocket Launch and Land - NS-12 Mission:
https://www.youtube.com/watch?v=_lfiVZY3sL4
- GoPro Snow: Travis Rice's Insane Pillow Line:
https://www.youtube.com/watch?v=xlUVr3rJ59A
- Miss Nigeria’s reaction after hearing Miss Jamaica is the winner of Miss World 2019 is priceless!:
https://www.flixxy.com/miss-nigerias-amazing-reaction-to-miss-jamaicas-miss-world-2019-win.htm?utm_source=4
- [DeepFake] Dirty Harry Starring Arnold Schwarzenegger. This technology is getting good fast:
https://www.youtube.com/watch?v=i42HGtt5fao
- Robotic aquarium: Fish driving a tank on wheels. But I cannot imagine the fish likes this:
https://www.youtube.com/watch?v=BvVzkLWM4Ug&feature=youtu.be - For The Kids: Spy Hippo discovers a Fish Spa! | BBC Earth:
https://www.youtube.com/watch?v=ynrp7W2trzs