CyberheistNews Vol 9 #9 Wendy’s to Pay $50M in Data Breach Settlement




CyberheistNews Vol 9 #09
Wendy’s to Pay $50M in Data Breach Settlement

Wendy’s has agreed to pay $50 million to settle negligence claims following its 2015-2016 data breach that affected more than 1,000 of the burger chain’s locations.

Payment card data was stolen from victims who purchased food at these locations then used fraudulently at other merchants after malware was installed through a third-party vendor.

The settlement includes attorney's fees and costs. Wendy’s said it would end up paying roughly $27.5 million of its own funds after exhausting insurance, according to the press release.

“With this settlement, we have now reached agreements in principle to resolve all of the outstanding legal matters related to these criminal cyberattacks,” Wendy’s President and CEO Todd Penegor said in the release. “We look forward to putting this behind us so that we can continue to focus on growing the Wendy’s brand.”

Last September, Wendy’s settled a class action lawsuit from customers affected by the breach.

“Point of sale systems are lucrative targets for bad actors,” the Media Trust Digital Security and Operations Manager Mike Bittner told SC Media. “These systems are often outsourced to third parties with weak security postures, and give access to millions of payment card information. When malicious campaigns succeed, bad actors are able to either sell the information on the dark web or commit identity theft themselves.”

Bittner added the fact that Wendy’s has had to settle with financial institutions and consumers shows the growing importance of securing identity and financial information. He explained that consumer privacy laws, both those that have already been enacted as well as those over the horizon, will force business to improve their data protection and privacy capabilities.

Almost always, the bad guys are getting into these large networks with a phishing email as their initial attack vector. Stepping your own users through new-school security awareness training, and insisting your vendors do that too is a must today, Full story:
https://blog.knowbe4.com/wendys-to-pay-50m-in-data-breach-settlement
Kevin Mitnick Demos Brand New Outlook Exchange Exploit

In a webinar last week Kevin Mitnick, KnowBe4's Chief Hacking Officer, shared a shocking demonstration of a recent Outlook Exchange exploit in which delegated access is allowed from any mailbox user in the organization to an account hackers already have under their control. So if a hacker has access to the mailroom mailbox, they can instantly send and receive email from anyone... even the CEO!

This takes CEO fraud to the next level and attacks dangerously easy. Get a sneak peek of the demo here, then watch the full demonstration and find out how to prevent it, plus get other "What Would Kevin Do" tips in the on-demand webinar.

https://blog.knowbe4.com/kevin-mitnick-demos-outlook-exchange-exploit
[March Live Demo] See How You Can Get Audits Done in Half the Time at Half the Cost

You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments is a continuous problem.

We listened! KCM now has Risk and Policy Management modules, transforming KCM into a full SaaS GRC platform.

Join us for a 30-minute live product demonstration of the KCM GRC platform from KnowBe4. See how you can simplify the challenges of managing your compliance requirements and ease your burden when it’s time for risk assessments and audits.
  • [NEW] Simplify risk management with an intuitive interface and simple workflow based on the well-recognized NIST 800-30.
  • Quick implementation with pre-built requirements templates for the most widely used regulations.
  • You can assign responsibility for controls to the users who are responsible for maintaining them.
  • Secure evidence repository and DocuLinks giving you two ways of maintaining audit evidence and documentation.
  • Dashboards with automated reminders to quickly see what tasks have been completed, not met, and past due.
Date/Time: Tuesday, March 5, 2019 at 1:00 pm ET

Save My Spot!
https://event.on24.com/wcc/r/1937744/772CD30DA91C11D5B11693D84A1AFC60
Hackers Take Over Tampa Mayor Bob Buckhorn's Twitter Account and Cause Havoc

From our perspective, this is likely to be a password problem. Either the password was too easy to guess, or the staffer responsible for Buckhorn's account used the same password over multiple social media accounts, and another account was hacked. You can see Kevin Mitnick and yours truly talk about this on TV at Tampa's ABC Action News:
https://www.abcactionnews.com/news/region-hillsborough/tampa-mayor-bob-buckhorns-twitter-account-hacked-weeks-before-mayoral-election-police-say-threats-not-credible

With the enormous amount of data breaches going on, it has become clear that a large percentage of people use the same password on multiple accounts, which is an invitation to disaster.

Are your users putting a big target on your organization's back?

KnowBe4’s new Password Exposure Test (PET) is a complimentary IT security tool that allows you to run an in-depth analysis of your organization’s hidden exposure risk associated with your users.

Identify which users may be putting your organization at risk before the bad guys do

Find My Password Exposure Risk!
https://info.knowbe4.com/password-exposure-test-chn
[March Live Demo] Ridiculously Easy Security Awareness Training and Simulated Phishing

Old-school awareness training does not hack it anymore. Your email filters have an average 10-15% failure rate; you need a strong human firewall as your last line of defense.

Join us for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing. See the latest product features and how easy it is to train and phish your users.
  • NEW Identify and respond to email threats faster. Enhance your incident response efforts with PhishER add-on!
  • Send fully automated simulated phishing attacks, using thousands of customizable templates with unlimited usage.
  • Train your users with access to the world's largest library of awareness training content and automated training campaigns with scheduled reminder emails.
  • Virtual Risk Officer shows you the Risk Score by user, group, and your whole organization.
  • Advanced Reporting on 60+ key awareness training indicators.
  • Active Directory Integration to easily upload user data, eliminating the need to manually manage user changes.
Find out how 23,000+ organizations have mobilized their end-users as their human firewall.

Date/Time: Wednesday, March 13, 2019 at 2:00 pm ET

Save My Spot!
https://event.on24.com/wcc/r/1944050/D203DA714E47E3D2E467B9B8E129869F
Cyber Espionage Warning: The Most Advanced Hacking Groups Are Getting More Ambitious

Once attackers might have needed the latest zero-days to gain access to corporate networks, but now it's spear-phishing emails using social engineering tactics that are most likely to provide attackers with the initial entry they need.

The Top 20 most notorious cyber-espionage operations have increased their activity by a third in recent years - and are looking to conduct more attacks, according to Symantec.

The most advanced hacking groups are becoming bolder when conducting campaigns, with the number of organizations targeted by the biggest campaigns rising by almost a third.

A combination of new groups emerging and threat actors developing successful strategies for breaking into networks has seen the average number of organizations targeted by the most active hacking groups rise from 42 between 2015 and 2017 to an average of 55 in 2018.

The figures detailed in Symantec's annual Internet Security Threat Report suggest that the Top 20 most prolific hacking groups are targeting more organizations as the attackers gain more confidence in their activities.

Groups like Chafer, DragonFly, Gallmaker and others are all conducting highly targeted hacking campaigns as they look to gather intelligence against businesses they think hold valuable information.

The United States named individuals it claims are responsible for conducting cyber attacks: they include citizens of Russia, North Korea, Iran and China. Symantec's report suggests the indictment might disrupt some targeted operations, but it's unlikely that cyber espionage campaigns will be disappearing anytime soon. Continued here, with links:
https://blog.knowbe4.com/cyber-espionage-warning-the-most-advanced-hacking-groups-are-getting-more-ambitious
Going to RSA in San Francisco Next Week? Get your Free Book Signed by Kevin Mitnick at KnowBe4’s Booth# 4624 North

Check out all the activities KnowBe4 will be doing at RSA:

Get Your Free Book Signed by Kevin Mitnick: Drop by KnowBe4’s Booth #4624 North Hall, for the Kevin Mitnick Book Signing! Meet the ‘World’s Most Famous Hacker' and get a signed copy of his latest book.
When: Tuesday, March 5, at 4-6 PM

Enter to Win a $500 Gift Card: Join us to see a demo of the innovative KnowBe4 Security Awareness Training Platform to train and phish your users to be entered for a chance to win a $500 Amazon Gift Card. You’ll also get your light-up "Axe To Grind With Ransomware” swag!

Reserve a Seat: Join Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, during the session “12 Ways to Hack 2FA”, on Friday, March 8th, 9:50am. You'll learn about the good and bad of 2FA, and become a better computer security defender in the process.
https://www.rsaconference.com/events/us19/agenda/sessions/14186-12-Ways-to-Hack-2FA

Did you Register for RSA 2019 yet? Get your Free Expo Plus Pass!

Expo Plus Pass: Receive your complimentary Expo Plus Pass on us by using the code XEU9KNWBE42 when registering on the RSA official website.
https://www.rsaconference.com/events/us19/register

Kevin and I will both be at RSA, so see you there! :-D

Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

Quotes of the Week
"All that was great in the past was ridiculed, condemned, combated, suppressed — only to emerge all the more powerfully, all the more triumphantly from the struggle."
- Nikola Tesla, Inventor (1856 - 1943)

"Life will put barriers in your way. It is up to you to decide whether to create walls or bridges."
- Anonymous



Thanks for reading CyberheistNews
Security News
The NoRelationship Attack Bypasses Office 365 Email Attachment Security

Attackers are bypassing Office 365 email attachment security by editing the relationship files that are included with Office documents, according to Yoav Nathaniel at Avanan.

A relationship file is an XML file that contains a list of essential components in the document, such as font tables, settings, and external links. A number of popular email filters, including Microsoft’s Exchange Online Protection (EOP), only scan the links contained in the relationship file, rather than scanning the entire document.

Attackers can remove the links from a document’s relationship file, but they will still be active in the actual document. Nathaniel compares the relationship file to the index of a book. “Sometimes, key terms might not be included in the index, but they are still in the book,” he says. “In this attack, hackers deleted the external links from the relationship file to bypass link parsers that only read the index rather than the ‘book.’”

When a user opens the document after it’s passed the security scan, the Office application will recreate all the hyperlinks that were deleted from the relationship file, making them clickable again. Full story and links:
https://blog.knowbe4.com/the-norelationship-attack-bypasses-office-365-email-attachment-security
Defined: Hackers "Living Off Your Land"

Researchers at Deep Instinct have identified an ongoing malware campaign that has infected at least 1,200 systems over the past few weeks with a variant of the credential stealer Separ. Separ is a particularly evasive type of malware because it uses “living off the land” tactics. “Living off the land” is the practice of abusing legitimate files and tools, many of which are already installed on the victim’s computer, to carry out malicious behavior.

In this current attack campaign, Separ poses as a phony Adobe program and uses a fake PDF file as the infection vector. When a victim tries to open this file, it will run a series of short scripts that will use password dumping tools to steal credentials and send them back to the attacker.

Deep Instinct’s Threat Intelligence Team Leader Guy Propper notes that, even though the attackers don’t try to hide their actions, Separ is still very effective and hard to spot because it uses legitimate tools.

“Due to the mechanisms used in the attack, and despite the lack of obfuscation or evasion by the attacker, this and similar attacks have been present in the wild for several years,” writes Propper. “This shows that many security solutions have difficulties detecting “Living off the Land” attack scenarios.

Meanwhile, it should also be noted that the attack can be modified easily to evade detection and complicate analysis.” The best defense against this type of malware is to prevent it from getting onto the system in the first place.

In this case, as in most malware infections, Separ is installed by tricking a user into downloading and opening a malicious file. New-school security awareness training can give your employees the knowledge necessary to identify and avoid phishing emails. Deep Instinct has the story:
https://www.deepinstinct.com/2019/02/19/a-new-wave-of-the-separ-info-stealer-is-infecting-organizations-through-living-off-the-land-attack-methods/
Bad Guys Attack Veterans With a Spoofed .Mil Domain Name

The US Marine Corps Forces Cyberspace Command found a malicious website impersonating the Defense Department’s Transition Assistance Program (TAP), according to Kyle Rempfer at Military Times’ Reboot Camp. The site asks visitors to enter personally identifying information and tries to download malware onto their computer. Most of the URL matches the real address of the TAP website. The correct URL, however, ends in a .mil domain, while the spoofed site uses a .com domain.

Rempfer points out that most Defense Department websites end in .mil or .gov, aside from recruitment websites, like goarmy.com. Users should be aware of this when they attempt to visit government sites. He adds that military and civilian employees can use their Common Access Cards to install antivirus programs through the Defense Information Systems Agency.

There are hundreds of top-level domains that can be used by attackers in spoofing attacks. Employees need to know how to find out which domain is used by the legitimate site they’re trying to visit. New-school awareness training can teach your employees how to safely navigate the internet without falling victim to these attacks. Reboot Camp has the story:
https://rebootcamp.militarytimes.com/news/your-air-force/2019/02/13/watch-out-for-fake-dod-websites-like-this/
Effective Security Is Non-Punitive

Companies need to stop blaming employees who fall for scams and instead focus on proper training and security controls, says Chris Taylor at Trend Micro. Taylor cites the case of a Scottish media company, Peebles Media Group, which is currently suing a former employee who fell victim to a business email compromise attack.

Peebles recovered 85K from its bank, but is suing the employee for the remaining 108K.

Taylor says this is a poor approach to the issue, particularly because the employee in question says she never received training to identify scams. “Like many employees, when an email request appears to come from an executive, the recipient is often so focused on appearing responsive, that they do not realize the email is an impersonation,” writes Taylor. “It’s important to make sure your employees are aware of these attacks and can look for signs that the email is a fraud.

Train them not to respond, act open, open an attachment, or click on a link when an email is suspicious or unexpected.” Organizations should ensure that their employees know what to look for when it comes to social engineering attacks. A company that doesn’t train its employees and doesn’t have the proper security controls in place to monitor transactions can’t act blameless when an employee falls for a scam. We could not agree more with Trend Micro:
https://blog.trendmicro.com/dont-blame-employees-who-fall-for-a-bec-scam/
Quick KnowBe4 Update

    • "Hi Stu, I’m definitely a happy camper and love the KB4 platform. Best training we’ve ever implemented. Thanks!" P.B., Network Administrator
    • "Yes, I am a very happy camper. I sincerely appreciate you taking your time to touch base with your customers personally as it lets us know that we are not just a number.

      In switching platforms to KnowBe4, I have received a number of positive statements about the training and KnowBe4 itself. I believe as we move forward with your platform strategy and content, we will be very successful at reducing our exposure and become more aware human firewalls at home and at work.

      You and the other leaders of KnowBe4 have come up with and applied a unique recipe for serving your customer, therefore, guaranteeing a Win-Win situation. This element most definitely provides KnowBe4 with a hard to duplicate strategic advantage over your competitors.
      Thanks, S.N., System Administrator

    • "It’s been a great tool so far and has opened some eyes in our senior leadership. We’re getting great buy-in and I can’t believe I actually enjoy creating training campaigns and our automated tests. I’m also looking forward to exploring the AIDA campaigns in the upcoming months as well. If you ever need a reference I’d be happy to share our story." H.C., Facility Security Lead
New Content Filter In ModStore:
  • Get your users the right training content, specific to their roles and departments. With the new “Targeted Training” filter in the KnowBe4 ModStore, you can easily find and assign training content based on specific roles, regulatory requirements, or industry like Executives, Healthcare staff or Government employees.

    You have the world's largest library of well over 800 security awareness training content items at your fingertips. This new filter is a great way to set up role-based training campaigns within your organization. KnowBe4 continues to help you manage the ongoing problem of social engineering.

    This filter is available now. Try it out!
    https://blog.knowbe4.com/new-targeted-training-filter-in-knowbe4-modstore
A SpiceWorks user asked: Is KnowBe4 any good?
  • "Hey everyone, I am new to this site. Someone suggested I post here regarding KnowBe4. My company is looking to use a third party vendor for security awareness. I reached out to KnowBe4 through their website multiple times a few months ago to have a discussion. Other than their newsletters getting caught in my spam filter, they have been unresponsive. Does anyone have a contact there who is responsive?" Thanks, Dave - Here are the replies:
    https://community.spiceworks.com/topic/2194553-is-knowbe4-any-good?
The 10 Interesting News Items This Week
    1. SC Magazine 30 years in: My, how SC and security have changed:
      https://www.scmagazine.com/home/security-news/30-years-in-my-how-sc-and-security-have-changed/

    2. 8-Character Windows NTLM Passwords Can Be Cracked In Under 2.5 Hours:
      https://it.slashdot.org/story/19/02/15/0459230/8-character-windows-ntlm-passwords-can-be-cracked-in-under-25-hours

    3. Great map for fifty state cyber law info: Breach Notification Law Interactive Map:
      https://www.bakerlaw.com/BreachNotificationLawMap

    4. Margaret Hamilton literally created the term "Software Engineering". The code she wrote successfully put humans on the moon for the first time:
      https://twitter.com/danieljpeter/status/1097162400372060161/video/1

    5. NATO troops got catfished & honeypotted on social media, revealing serious vulnerabilities:
      https://www.militarytimes.com/news/your-military/2019/02/20/nato-troops-got-catfished-honeypotted-and-revealed-how-vulnerable-they-are/

    6. Office 365 Phishing Page Comes with Live Chat Support:
      https://www.bleepingcomputer.com/news/security/office-365-phishing-page-comes-with-live-chat-support/

    7. Ryuk, Exploring the Human Connection:
      https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/ryuk-exploring-the-human-connection/

    8. Forget Phishing and Ransomware. Formjacking is the New Favorite Hack of Cyber Crooks:
      http://fortune.com/2019/02/20/phishing-ransomware-formjacking-hack-hackers/

    9. Chinese and Iranian Hackers Renew Their Attacks on U.S. Companies:
      https://www.nytimes.com/2019/02/18/technology/hackers-chinese-iran-usa.html

    10. Average Ransomware Payment Rose 13% to $6,700 in Q4 2018 from Q3:
      https://businessinsights.bitdefender.com/average-ransomware-payment-rose-13-to-6700-in-q4-2018-from-q3
Prepared in cooperation with the CyberWire research team.
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2019 KnowBe4, Inc. All rights reserved.

Subscribe To Our Blog


Domain Spoof Test Contest




Get the latest about social engineering

Subscribe to CyberheistNews