CyberheistNews vol2, #52



CyberheistNews Vol 2, #49







Editor's Corner



KnowBe4


[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]cybercrime[/caption]

Scam Of The Week: "You Accessed Illegal Content"





There is a significant uptick in a ransomware attack that declares

a law enforcement agency has determined that a computer with the

victim's IP address has accessed child pornography and other illegal

content.







Moreover, this scam uses the good name of the Internet Crime Complaint

Center (IC3) to lure the victim to a drive-by download website, which

in turn installs the ransomware on the victim's computer, and tries

to extort money.







As you well know, cyber criminals use social engineering to make people

click on links to 'prevent a negative consequence'. To trick users to

click this latest version of the malware claims that the victim's computer

activity is being recorded using audio, video, and other devices.







We strongly recommend you warn your users about this one, as they can

be hit both in the office and at the house. Download and send it this

PDF all employees. It's a free service from KnowBe4 and lists the 22

Social Engineering Red Flags that they need to watch out for:


https://s3.amazonaws.com/knowbe4.cdn/SocialEngineeringRedFlags.pdf









$345,000 Cyberheist Settles After Three Year Dispute









Patco Consulting was one of the first companies to seek protection via

the courts after more than half a million dollars was stolen out of their

bank via an account takeover by eastern European cyber criminals. It has

finally settled and the bank is paying back the still missing funds. It was

caused by an employee clicking on a phishing link, and has cost Patco an

incredible amount of lost time due to the initial lawsuit and the following

appeal. I have followed this story since it began, and I do not wish this

on my worst enemy. They finally got their lost money back, but you can

never pay back the thousands of hours of lost time, legal wrangling and

worries. And to think that all this could have been prevented with security

awareness training for their employees. Here is the story in ComputerWorld:


http://www.computerworld.com/s/article/9234054/Construction_company_bank_settle_dispute_over_345_000_cyber_heist?









Quotes of the Week









"Good judgment comes from experience. Experience comes from bad judgment." — Mulla Nasrudin







"If you can do something about a situation, why worry? And if you can't

do something about a situation, why worry?"
— Dali Lama











Please tell your friends about CyberheistNews! They can subscribe here:


http://www.knowbe4.com/cyberheist-news/







You can read this newsletter online at the KnowBe4 Blog:


http://blog.knowbe4.com/cyberheistnews-vol2-52/



KnowBe4




Phishing Security Test






Stop Phishing Security Breaches





Are you aware that many of the email addresses of your organization are exposed on the Internet and easy to find for cybercriminals?

With these addresses they can launch (spear-) phishing attacks on your organization. This type of attack is very hard to defend against,

unless your users are highly ‘security awareness’ trained.





IT Security specialists call it your ‘phishing attack surface‘. The more of your email addresses that are floating out there,

the bigger your attack footprint is, and the higher the risk is. It’s often a surprise how many addresses are actually out there.





Find out now which of your email addresses are exposed. The Email Exposure Check (EEC) is a one-time free service. KnowBe4 customers with a Gold package get an EEC sent to them regularly so they can address the issues that are found. An example would be the email address and password of one of your users on a crime site. Fill out the form and we will email you back with the list of exposed addresses. The number is usually higher than you think.





Sign Up For Your Free Email Exposure Check Now:


http://www.knowbe4.com/email-exposure-check/







KnowBe4






Spear Phishing Remains Preferred Point of Entry in Attacks







Excellent post in the Kaspersky blog. "Nine times out of 10, attackers

walk into an organization right through the front door of its Exchange

Server, crafting convincing email messages purportedly from a trusted

source that either trick the victim into opening an infected attachment

or visiting a website where credentials are stolen, or malware is

surreptitiously installed on the visitor’s machine. In any event, the

first wave of the targeted attack kicks off from a lowly email." More:


http://threatpost.com/en_us/blogs/spear-phishing-remains-preferred-point-entry-targeted-persistent-attacks-113012







KnowBe4








Social Engineering Defense Contractors on LinkedIn and Facebook







Jordan Harbinger, expert in interpersonal dynamics and social engineering,

gives a great keynote at DerbyCon event, highlighting the methods it

takes to elicit confidential information from people with top secret

level security clearance. There are some very important lessons to

be learned here, because he is using the pretext of being a recruiter

and we all deal with these people now and then. Moreover, the article is a riot. Warmly recommended:


http://privacy-pc.com/articles/social-engineering-defense-contractors-on-linkedin-and-facebook.html







KnowBe4








Amazing To See A Four-year-old Exploit Increase







Antone Gonsalves at CSO reported that "Antivirus vendors are warning

customers of a spreading malware that can infect computers through a

well-known bug in the Windows AutoRun software used to automatically

launch programs on a DVD or USB device.





The significant increase in infection is curious because Windows 7 and

Windows 8 PCs will not launch autorun.inf files, and Microsoft has

released two patches for older systems. Therefore, security experts

believe infections are happening through a combination of unpatched

computers, shared folders and files and social media.





Someone inserting a USB drive or memory stick carrying the malware can

infect unpatched PCs. On other systems, an infection can occur once the

malware travels to a network share and someone clicks on an infected

file or folder. Trend Micro reported that malware was also spreading

on Facebook.





Other vendors tracking the malware include McAfee, Symantec and Sophos.

While it is interesting that cybercriminals are still exploiting a

four-year-old AutoRun bug, Sophos says most corporate PCs are being

infected through network sharing.





Clicking the malware on Facebook would certainly open a quick path to a

shared folder on a corporate network, said Chester Wisniewski, a senior

security adviser for Sophos. More:


http://www.csoonline.com/article/722724/security-firms-warn-of-spreading-windows-autorun-malware?







KnowBe4








Cyberheist 'FAVE' LINKS:







* This Week's Links We Like. Tips, Hints And Fun Stuff.





Here is your 5-minute Virtual Vacation: beautiful footage of Alaska in

areas that have never been rafted before:


http://www.flixxy.com/alaska-is-beautiful.htm





Light Emitting Dudes takes a team of freerunners, geared up from head to toe

with LED lights, and sets them loose on the streets of Bangkok at night:


http://www.flixxy.com/light-emitting-dudes-led-freerunning.htm





Anamorphic illusions trick your mind into seeing a 3D object that is actually

flat as paper. Wow this is a cool one:


http://www.flixxy.com/amazing-anamorphic-illusions-flat-paper-looks-3d.htm





A very athletic bunch of boys and gals got together and filmed some very

cool dance lifts!


http://www.flixxy.com/acrobatic-dance-compilation.htm





Cheetahs are the fastest runners on the planet. National Geographic documented

these amazing cats in a way that’s never been done before:


http://www.flixxy.com/the-worlds-fastest-runner-in-slow-motion?utm_source=4





Rolling HyTAQ robot avoids obstacles by taking to the air:


http://youtu.be/KbtkpYIbuCw





The Russian Aerobatic Team performs at the air show celebrating "100 Years of

the Russian Air Force":


http://www.flixxy.com/the-russian-aerobatic-team.htm





French comedy musical group Zic Zazou plays "Love Is A Rebellious Bird" from

the opera Carmen on unusual instruments:


http://www.flixxy.com/french-garage-band-plays-carmen.htm





Classic Holiday Video: The coolest video of dogs decorating a Christmas tree:


http://www.flixxy.com/dogs-christmas-tree-decoration.htm


Topics: Cybercrime



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews