Return-Path: <1921889-407-1022@be6.maropost.com> Delivered-To: edward@transocean.com Received: from vps.transocean.com by vps.transocean.com (Dovecot) with LMTP id wczYDYzfR1nmYAAAInt2oQ for ; Mon, 19 Jun 2017 07:28:28 -0700 Return-path: <1921889-407-1022@be6.maropost.com> Envelope-to: edward@transocean.com Delivery-date: Mon, 19 Jun 2017 07:28:28 -0700 Received: from mta7170.mp2200.com ([162.247.117.170]:22002) by vps.transocean.com with esmtp (Exim 4.89) (envelope-from <1921889-407-1022@be6.maropost.com>) id 1dMxes-0006Wi-EC for edward@transocean.com; Mon, 19 Jun 2017 07:28:27 -0700 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=default; d=knowbe4.com; t=1497882482; l=1; h=from:subject:date:to; bh=nR4OLZRZ0GUjrRPiikCTwjFrqv567Fsl8w66LhE1mcQ=; b=v5WMxiDZw1XI0IMm1t79AVF4wMGE9gQy9oEejjtbl+EZ3EYsD2GL4x/EhwNp9vAKDSp862 UhrlCEIldFGOvj6hkFMWZHTMUmf/SFLWpTJjNVSTiXJWlgvojwdlLT/+ryKWalx1jXi3pn rW2VZHIffrwKarBZHXWG9oI0fwqfi7o= Received: from [<1921889-407-1022@be6.maropost.com>] ([<1921889-407-1022@be6.maropost.com>] helo=) by 771423-mailer7 (envelope-from 1921889-407-1022@be6.maropost.com) (Jetsend MTA 0.0.1 with ESMTP; Mon Jun 19 10:03:07 EDT 2017 Date: Mon, 19 Jun 2017 10:03:00 -0400 From: CyberheistNews Reply-To: feedback@knowbe4.com To: edward@transocean.com Message-ID: Subject: [ALERT] New Fileless, Code-Injecting Ransomware Bypasses Antivirus Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5947d994bdc70_1d8973227a4912882c5"; charset=UTF-8 Content-Transfer-Encoding: 7bit List-Unsubscribe: X-CampaignID: 407 X-Campaign-ID: 407 X-ContactID: 1921889 X-AccountID: 1022 X-Binding: 162.247.117.170 X-DkimDomain: knowbe4.com X-DkimSelector: default X-Feedback-ID: 407:Maropost X-Spam-Status: No, score=1.5 X-Spam-Score: 15 X-Spam-Bar: + X-Ham-Report: Spam detection software, running on the system "vps.transocean.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: If you are having trouble viewing this email, click here. http://newsletter.knowbe4.com/a/1022/preview/407/1921889/5644631b1ac95c6dce4f16ec83e117d74d05bb7b This email was sent to &lt;b&gt;edward@transocean.com&lt;/b&gt; by &lt;b&gt;feedback@knowbe4.com&lt;/b&gt; Manage Subscriptions http://newsletter.knowbe4.com/a/1022/unsubscribe/407/1921889/5644631b1ac95c6dce4f16ec83e117d74d05bb7b 33 N Garden Ave, Suite 1200 Clearwater, FL 33755 USA Report Spam http://newsletter.knowbe4.com/a/1022/report_spam/407/1921889/5644631b1ac95c6dce4f16ec83e117d74d05bb7b [...] Content analysis details: (1.5 points, 3.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: knowbe4.com] 0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror) -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.0 HTML_MESSAGE BODY: HTML included in message 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% [score: 0.5000] 0.8 MPART_ALT_DIFF BODY: HTML and text parts are different 0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted Colors in HTML 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines 0.0 LOTS_OF_MONEY Huge... sums of money X-Spam-Flag: NO ----==_mimepart_5947d994bdc70_1d8973227a4912882c5 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit If you are having trouble viewing this email, click here. http://newsletter.knowbe4.com/a/1022/preview/407/1921889/5644631b1ac95c6dce4f16ec83e117d74d05bb7b This email was sent to &lt;b&gt;edward@transocean.com&lt;/b&gt; by &lt;b&gt;feedback@knowbe4.com&lt;/b&gt; Manage Subscriptions http://newsletter.knowbe4.com/a/1022/unsubscribe/407/1921889/5644631b1ac95c6dce4f16ec83e117d74d05bb7b 33 N Garden Ave, Suite 1200 Clearwater, FL 33755 USA Report Spam http://newsletter.knowbe4.com/a/1022/report_spam/407/1921889/5644631b1ac95c6dce4f16ec83e117d74d05bb7b ----==_mimepart_5947d994bdc70_1d8973227a4912882c5 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable [ALERT] New Fileless, Code-Injecting Ransomware Bypasses Ant= ivirus
3D""
If you are having trouble viewing this email, click here.
=
Email not displaying?
View = Knowbe4 Blog
CyberheistNews Vol 7 #25 =C2=A0 | =C2=A0 Ju= ne 19th., 2017


Security researchers have discovered a new fileless ransomware in the wil= d, which injects malicious code into a legitimate system process (svchost= .exe) on a targeted system and then self-destructs itself in order to eva= de detection by antivirus.

The nasty has been called SOREBRECT and unlike more generic "spray-and-pr= ay" ransomware, it has been designed to specifically target enterprise sy= stems in various industries.

SOREBRECT also takes pains to delete the infected system=E2=80=99s event = logs and other artifacts that can provide forensic information such as fi= les executed on the system, including their timestamps. These deletions d= eter analysis and prevent SOREBRECT=E2=80=99s activities from being trace= d.

This malicious code, after it has taken control of the machine, uses Micr= osoft=E2=80=99s Sysinternals PsExec command-line utility to encrypt files= . I am sure that Mark Russinovich is not happy about this!

Why PsExec?

=E2=80=9CPsExec can enable attackers to run remotely executed commands, i= nstead of providing and using an entire interactive login session, or man= ually transferring the malware into a remote machine, like in RDPs,=E2=80= =9D Trend Micro says.

SOREBRECT Also Encrypts Network Shares

SOREBRECT also scans the local network for other connected computers with= open shares and locks files available on them as well. =E2=80=9CIf the s= hare has been set up such that anyone connected to it has read-and-write = access to it, the share will also be encrypted,=E2=80=9D researchers say.=

In addition, SOREBRECT uses the Tor network protocol in an attempt to ano= nymize its communication with its command-and-control (C&C) server, j= ust like almost every other malware.

SOREBRECT Ransomware Spreads Worldwide

According to Trend Micro, SOREBRECT was initially targeting Middle Easter= n countries like Kuwait and Lebanon, but from last month, this threat has= started infecting people in Canada, China, Croatia, Italy, Japan, Mexico= , Russia, Taiwan, and the U.S.

This is not the first time when researchers have come across Fileless mal= ware. Two months ago, Cisco's Talos researchers discovered a DNSMessenger= attack that was completely fileless and used DNS TXT messaging capabilit= ies to compromise systems.

In February, Kaspersky researchers also discovered fileless malware that = resided solely in the memory of the compromised computers, which was foun= d targeting banks, telecommunication companies, and government organizati= ons in 40 countries.

Fileless malware is much harder to detect by antivirus than malware that = first lies down a file on disk, and then does its dirty work. Kaspersky s= aid: ""Unfortunately the use of common tools combined with different tric= ks makes detection very hard. In fact, detection of this attack would be = possible in RAM, network and registry only."

What to Do About It

Below the best practices for securing your systems and network against SO= REBRECT suggested by TrendMicro.
  • Restrict user write permissions
  • Limit privilege for PsExec
  • Back up files
  • Keep the system and network updated
  • Deploy multi-layered security mechani= sms
  • Foster a cybersecurity-aware workf= orce.
Trend Micro advised: "User education and = awareness helps improve everyone=E2=80=99s security posture. Like other m= alware, ransomware=E2=80=99s points of entry is typically through email a= nd malicious downloads or domains. Organizations should conduct regular t= raining to ensure that employees have a solid understanding of company se= curity policy, procedure, and best practices."

We could not agree more. You need defense-in-depth and a human firewall a= s your last line of defense. Here is a free job-aid for your employees. I= t's a single page with the 22 Social Engineering Red Flags. They can prin= t it and pin it to their wall. This is a link to a PDF that is hosted at = HubSpot, where our website lives:
https://cdn2.hubspot.net/hubfs/241394/Knowbe4-May2015-PDF/SocialEngineeri= ngRedFlags.pdf?
Mike Mimoso at Kaspersky's Threatpost blog= raised the theory that the ransomware wasn=E2=80=99t contained properly = and spread before it was meant to be unleashed.

Malware expert Jake Williams, @MalwareJake on Twitter and founder of Rend= ition InfoSec, said there are =E2=80=9Cmind-blowing mistakes=E2=80=9D in = the ransomware code after an analysis of both the malware and the leaked = NSA EternalBlue exploit used to spread the attack.

For starters, the developers used only three Bitcoin addresses for remitt= ance which is by itself amateur hour. However, it's not amateurs behind t= he WannaCry attack. North Korea is unique among APTs in that the hackers = fund themselves and their country through network exploitation and theft.=

A Washington Post report cites an internal NSA assessment that connects, = with =E2=80=9Cmoderate confidence,=E2=80=9D the North Korean government=E2= =80=99s Reconnaissance General Bureau to WannaCry.

Williams contends that the developers behind WannaCry failed to properly = contain it and the EternalBlue exploit before it was ready to be fully de= ployed. =E2=80=9CThe killswitch domain by itself=E2=80=94having a way to = turn this off=E2=80=94I totally understand.

It makes perfect sense to want to have that there,=E2=80=9D Williams said= . =E2=80=9CBut if you=E2=80=99re going to do that, the killswitch wouldn=E2= =80=99t simply accept a 200 status code, basically a success that yes we = connected to the domain. This is version 0.0 and never intended to be in = the wild. I=E2=80=99m 100 percent sure of that.=E2=80=9D

So it=E2=80=99s likely this escaped a test environment hopping from an un= patched test machine to the public internet, and eventually more than 200= ,000 computers and servers in 150-plus countries.

=E2=80=9CThey failed to contain it,=E2=80=9D Williams said. =E2=80=9CWhen= you build something like this, it=E2=80=99s like carrying around Ebola. = Pushing Ebola out isn=E2=80=99t hard, it=E2=80=99s harder to keep somethi= ng like that contained. Full blog post here:
https://blog.knowbe4.com/did-wannacry-ransomware-escape-north-korean-cont= ainment


I was at the Gartner Security & Risk M= anagement Summit at National Harbor, in DC this week. One of the keynotes= was by CIA Director George Brennan, who was sworn in as director of the = Central Intelligence Agency on March 8, 2013. As director, he managed int= elligence collection, analysis, covert action, counterintelligence and li= aison relationships with foreign intelligence services.

Before becoming director, Brennan served at the White House for four year= s as assistant to the President for Homeland Security and Counterterroris= m and helped coordinate the U.S. government=E2=80=99s approach to homelan= d security, including its policies for responding to terrorism, cyberatta= cks, natural disasters and pandemics.

Brennan discussed the role of private-public partnerships and the evolvin= g nature of cyber threats and options for protecting mission-critical cap= abilities as well as our privacy, national security and future prosperity= . The presentation covered a lot of ground, and I wanted to highlight jus= t a few items.

"Russia's Intelligence Agencies Not Bound by Law"

First, he explained the cyber threats coming out of Russia, China, Iran a= nd North Korea: "It's a constant barrage of these spear phishing attacks.= I think you have all heard about Russia's capabilities over the past yea= r or so, increasingly sophisticated, increasingly capable, and also their= intelligence security services are not really bound by law and limits of= the law that US agencies are rightly limited by."

"It=E2=80=99s going to take a 9/11 in the cyber realm"

Brennan is urging Americans to encourage federal lawmakers to push forwar= d cybersecurity-focused legislation, regulations and other rules so that = the U.S. is better prepared in cyberspace. =E2=80=9CYou all need to conti= nue to put the pressure on your elected representatives in Congress to ta= ke this matter seriously,=E2=80=9D Brennan said.

=E2=80=9CPeople frequently say it=E2=80=99s going to take a 9/11 in the c= yber realm in order for us as a country to be able to come to terms and d= eal more effectively with cyber challenges. A lot of work needs to be don= e in the halls of Congress, as well as in the executive branch, in order = to allow the government to deal with the challenges of the 21st century,=E2= =80=9D he said.

=E2=80=9CThe next Pearl Harbor will be cyber,=E2=80=9D

An example of this is Sen. Angus King (I-Maine) who is sponsoring federal= legislation that would require utilities to have manual-control capabili= ties. =E2=80=9CThe next Pearl Harbor will be cyber,=E2=80=9D he said. =E2= =80=9CIt=E2=80=99s a cheap way to attack. No bombers or submarines needed= .=E2=80=9D U.S. officials say it is possible that malware, including Blac= kEnergy, still lurks in American utility networks. There is no federal re= quirement that it be rooted out. Much more needs to be done.

There is something that can be done about this now

The vast majority of these attacks start with phishing emails. KnowBe4's = integrated training and phishing platform allows you to send fully simula= ted phishing emails so you can see which users answer the emails and/or c= lick on links in them or open infected attachments. If you have a Platinu= m subscription you can even send them "vishing" attacks straight to the p= hone on their desk.
See a demo: https://info.knowbe4.com/kmsat-request-a-demo
The CyberWire wrote: Pitches: Innovation f= rom Young Companies

The Pitch Panel was the Cyber Investing Summit's fast round of innovation= pitches, moderated by Allegis's Bob Ackerman and Wells Fargo's Rich Baic= h.

The pitches were interactive conversations as much as they were the sort = of high-concept company introductions familiar from, for example, Shark T= ank.

KnowBe4 and the Creation of the Human Firewall

CyberWire reported: "Stu Sjouwerman, CEO of KnowBe4, presented his compan= y's approach to creating what he called "the human firewall," effective t= raining to protect employees against social engineering attacks. This is = the sort of approach Kevin Mitnick, KnowBe4's Chief Hacking Officer, had = earlier called "inoculation."

Ackerman asked an obvious question about training. How do you make it sti= ck? Do you shame employees with their results. Sjouwerman thought that wa= s exactly the wrong use of training: "No--that's no way to a security cul= ture," and training is effective if and only if it leads to the formation= of a healthy security culture.

Begin by establishing a baseline graph of employee susceptibility to soci= al engineering. If the training is effectively conducted, you see over ti= me the success of phishing go down." More at:
https://thecyberwire.com/events/2017-cyber-investing-summit/pitches-innov= ation-from-young-companies.html#sthash.caJcK539.dpuf

And here is a video of yours truly at the New York Stock Exchange during = the Pitch Panel:
https://info.knowbe4.com/hubfs/Q&A.mp4
CyberheistNews is the world's largest e-zi= ne for IT professionals about social engineering and security awareness t= raining, it is published by KnowBe4 Inc, arrives in your inbox once a wee= k and looks at IT security from the human side. KnowBe4 has partnered wit= h Kevin Mitnick to create new school Security Awareness Training combined= with regular simulated phishing attacks.

In CyberheistNews we aim to help you keep your network safe with importan= t news, hints, and tips so that you are aware of the latest social engine= ering scams and can do something about it.

KnowBe4 lives 100% in the cloud, we use SalesForce as our CRM and via hoo= vers.com we licensed your address. Consider this your sample issue. You c= an unsubscribe at any time (a few lines below), and you will stop receivi= ng any and all further email.

Warm Regards,
Stu Sjouwerman

Quotes of the Week
"The greater danger for most of us lies = not in setting our aim too high and falling short; but in setting our aim= too low, and achieving our mark." - Michelangelo - Sculptor, Painter= ,
Architect, Poet and Engineer (1475 - 1564)

"When it is obvious that the goals cannot be reached, don't adjust the= goals, adjust the action steps."
- Confucius
=C2=A0

Thanks for reading CyberheistNews
But if you want to unsubscribe, you can do that right here

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-7-25-alert-new-fileless-code-= injecting-ransomware-bypasses-antivirus
Security News
Southern Or= egon University Lost $1.9 Million Due to CEO Fraud

Mail Tribune reported that Southern Oregon University is just the latest = victim of CEO fraud (which the FBI calls Business Email Compromise or BEC= ) after hackers used social engineering to trick university employees int= o transferring money into one of the bad guys-controlled bank accounts.
University officials announced on Wednesday that in late April, they wire= d $1.9 million to what they thought was Andersen Construction, a contract= or they had hired to construct a pavilion and student recreation center. = However, the construction company reported three days later that they nev= er received their payment.

A recent FBI Public Service Announcement about fraudsters targeting unive= rsities and their students appears to have been issued due to the SOU cas= e.

The FBI PSA explains how many universities are frequently engaged in larg= e construction projects that require regular and very large electronic pa= yments. If criminals can identify which construction companies are involv= ed (which is normally very easy), it's a matter of sending spear phishing= emails that use social engineering and spoofed emails to target individu= als responsible for making payments.

The FBI describes in further detail how this type of BEC happens: =
  • The scammer, posing as an established = vendor, sends an e-mail to the university=E2=80=99s accounting office wit= h bank account changes to be used for future payments.
  • Typically, it is an individual purport= ing to be from a construction company with which the university has an ex= isting business relationship.
  • The scammer often spoofs the actual e-= mail address of the company with a similar domain. For example, if the ac= tual domain is abcbuilders.com, the scammer might register and use abcbui= lders.net to send the e-mail.
  • The university sends their next paymen= t to the scammer=E2=80=99s bank account, and the money is often unrecover= able by the time the university realizes they have been the victim of fra= ud.
Southern Oregon University spokesman Joe M= osley couldn't share specifics as to exactly how SOU fell prey to the fra= ud. The university says there is a process in place for vendors to change= their bank account numbers.

=E2=80=9CWe received a briefing by FBI that there have been 78 different = attacks at institutions and some of those were universities,=E2=80=9D sai= d Mosley. =E2=80=9CWe=E2=80=99re not alone.=E2=80=9D

That couldn't be more true. Last year, CEO fraud was a $5.3 billion busin= ess according to data reported to the FBI. No industry is immune to falli= ng into cybercriminals' crosshairs. Firms like Leoni AG, a cable manufact= urer and FACC AF, an aerospace company are among thousands of victims of = the crime in 2016.

SOU is cooperating with the FBI in their ongoing investigation. Stepping = high-risk employees like HR and Accounting through new-school security aw= areness training prevents disasters like this.
ICO Less Likely to Issue Fines for Data Breaches If They Show Sta= ff Training

The UK's Information Commissioner's Office has said that in the event of = a data breach it would be less likely to issue a monetary penalty to char= ities which had taken =E2=80=9Creasonable steps=E2=80=9D to prevent it, i= ncluding staff training. This may very well also be true in America in th= e near future.

When asked whether the Information Commissioner would be more likely to f= ine organisations who could not show evidence that at least 80 per cent o= f its staff were trained in data protection, a spokeswoman for the ICO sa= id it would take =E2=80=9Cfull account of the facts=E2=80=9D in any inves= tigation.

=E2=80=9CIn deciding whether it is appropriate to impose a monetary penal= ty and in determining the amount of that penalty, the commissioner will t= ake full account of the facts of the contravention and of any representat= ions made to her,=E2=80=9D said the ICO spokeswoman.

=E2=80=9CThat includes whether or not =E2=80=98reasonable steps=E2=80=99,= such as staff training, were taken to prevent the contravention.=E2=80=9D=

The comment came after Civil Society News learnt that organisations in th= e charity sector have been briefed that the ICO would be more likely to f= ine an organisation in the event of a data breach if it could not show th= at at least 80 per cent of its staff had been given specific data protect= ion training.

'Would make no difference for serious breaches'

Tim Turner, a data protection trainer and consultant, told Civil Society = News that this has been the case for a while, even if it=E2=80=99s not be= en made public by the ICO. He said however, if the data breach in questio= n is serious enough, the amount of trained staff =E2=80=9Cmay make no dif= ference=E2=80=9D.

=E2=80=9CIf there is another obvious breach =E2=80=93 like a lack of encr= yption, or poor or absent procedures - it may make no difference," he sai= d. "But having trained the large bulk of staff is part of building a case= that it was an unavoidable accident, where someone makes a mistake.=E2=80= =9D

Anjelica Finnegan, policy and research manager at Charity Finance Group, = said the ICO has not made clear what it considers these =E2=80=9Creasonab= le steps=E2=80=9D to be, and called on the ICO to ensure that any judgeme= nt =E2=80=9Ctake that charity=E2=80=99s individual situation into account= =E2=80=9D.

=E2=80=9CThe statement issued by the ICO makes clear that the Commissione= r wants evidence that organisations are doing what they can to protect th= e personal data that they store. What has not been made clear is how the = ICO will determine what constitutes reasonable steps, or what they consid= er training to be.

=E2=80=9CIt is important, that the Information Commissioner does not go i= nto investigate a data breach with an unrealistic expectation of what the= y would see as sufficient training for staff.

=E2=80=9CThe ICO must ensure that any judgement on a data breach within a= charity takes the charity's individual situation into account - this inc= ludes the charity's income and resources, including the number of paid st= aff and volunteers." Full article:
https://www.civilsociety.co.uk/news/ico-less-likely-to-issue-fines-for-da= ta-breaches-if-organisation-s-can-evidence-staff-training.html
Top UK University Under 'Ransomware' Cyber-Attack

The university describes it as a "ransomware" attack, such as last month'= s cyber-attack which threatened NHS computer systems.

The attack was continuing on Thursday morning, with access to online netw= orks being restricted. The university has warned staff and students of th= e risk of data loss and "very substantial disruption".

University College London (UCL) is a "centre of excellence in cyber-secur= ity research", a status awarded by the GCHQ intelligence and monitoring s= ervice.

The central London university, ranked last week in the world's top 10, sa= ys that a "widespread ransomware attack" began on Wednesday, using so-cal= led "phishing" emails, with links that would download destructive softwar= e.
http://www.bbc.com/news/education-40288548#
Cybersecurity Spend: ROI Is the Wrong Metric

Rick Howard, CSO wrote at CSOonline: "Think about what your network defen= ders do throughout the day, every day, in the course of getting their job= s done. Can you describe it in one sentence? How would you characterize t= he thousands of tasks that the InfoSec team fields every day?

For the past few years, my role at Palo Alto Networks has included travel= ing around the world to talk with board members and C-level executives, a= nd it=E2=80=99s been a fascinating educational experience. Our conversati= ons mostly revolve around cybersecurity strategy, and what I=E2=80=99ve l= earned is that everybody has a different take on how to defend an organiz= ation against cyber adversaries.

One question that inevitably comes up is: =E2=80=9CHow much money should = I spend on security?=E2=80=9D In an attempt to benchmark and evaluate the= ir own spend, some will ask, =E2=80=9CWhat are other organizations like m= ine spending?=E2=80=9D Others want to know how to calculate the return on= investment (ROI) for their security spend.

These questions are common, but they indicate a fundamental misunderstand= ing about how to evaluate the efficacy of a cybersecurity program, and a = misguided approach to resourcing for them. Rather than focus on ROI, I ad= vise executives and board members to focus on network defender first prin= ciples." More:
http://www.csoonline.com/article/3200270/network-security/cybersecurity-s= pend-roi-is-the-wrong-metric.html
Make Cyber Security Personal for Employees, Says CISO

Howard Solomon at ITWorld Canada wrote: "With people arguably the weakest= point in an organization=E2=80=99s cyber defenses, security awareness tr= aining is a hot topic for CISOs.

But what=E2=80=99s the most effective security awareness strategy: The ca= rrot or the stick?

At TMX Group. which runs the Toronto Stock Exchange and the TSX Venture E= xchange, the answer is a subtle carrot.

=E2=80=9CMy overall goal is to make security personal,=E2=80=9D CISO Bobb= y Singh told the RiskSec Toronto conference this week. =E2=80=9CThe inten= tion is to get users to understand how to protect corporate data as they = protect their financial data in their personal life.=E2=80=9D

While the organization looks for security champions outside the IT depart= ment, does phishing simulations four times a year =E2=80=93 having one-on= -one meetings with offenders who repeatedly click on bad links in the tes= ts =E2=80=93 and occasional =E2=80=98lunch and learn=E2=80=99 sessions, t= he focus of awareness training has shifted.

=E2=80=9CInstead of talking to users about protecting corporate data we=E2= =80=99re talking about how to protect their financial data =E2=80=93 what= multifactor authentication looks like, how it should be done, how do you= know what your kids are talking about on SnapChat =E2=80=A6 and we=E2=80= =99re hoping that while doing the personal stuff the transition of behavi= or will come into the corporate side.=E2=80=9D

But, he admitted, =E2=80=9Cat the end of the day some of the behavior get= s changed [only] when you have a risk/reward model attached to certain be= haviors.=E2=80=9D
http://www.itworldcanada.com/article/make-cyber-security-personal-for-emp= loyees-says-ciso/394046

NOTE: Phishing your employees only 4 times a year does not work. You need= to send them at the very least once a month, twice is even a little bett= er.
Other Interesting News Items This Week

Ulster University Also Suffered Ransomware Outage This Week:
https://www.infosecurity-magazine.com/news/ulster-university-also-suffere= d/

Jaff Ransomware Decryption Tool Released =E2=80=93 Don't Pay, Unlock File= s for Free:
http://thehackernews.com/2017/06/jaff-ransomware-decryption-tool.html
=
Compromised websites redirecting tech support scam hosted on numeric doma= ins:
https://www.grahamcluley.com/compromised-websites-redirecting-tech-suppor= t-scam-hosted-on-numeric-domains/

Texas is the Top Target for Ransomware:
https://www.infosecurity-magazine.com/news/texas-is-the-top-target-for/
CIA reportedly hacked Wi-Fi routers for years:
https://www.cnet.com/news/cia-reportedly-hacked-wi-fi-routers-for-years-w= ikileaks/

Here are the May new training modules released, with an indication on the= subscription levels which give access to these modules:
https://blog.knowbe4.com/knowbe4-may-2017-new-training-modules-released <= /span>
Cyberheist 'Fave' Links=
This Week's= Links We Like, Tips, Hints and Fun Stuff
  • French Magician Dazzles At America's G= ot Talent 2017:
    http://www.flixxy.com/french-magician-dazzles-at-americas-got-talent-201= 7.htm?utm_source=3D4

  • People Are Awesome 2017 | Best of the = Week:
    http://www.flixxy.com/people-are-awesome-2017-best-of-the-week-episode-2= 1.htm?utm_source=3D4

  • Fun with Dawgs!
    http://www.flixxy.com/pompeyo-family-dogs-entertain-at-americas-got-tale= nt-2017.htm?utm_source=3D4

  • Shemika Charles - the undisputed Queen= of Limbo - is a two-time Guinness World Record holder for Limbo Dancing:=
    http://www.flixxy.com/limbo-queen-shemika-charles-amazes-at-americas-got= -talent-2017.htm?utm_source=3D4

  • Ransomware - Anatomy of an Attack. Thi= s is a good Cisco ad about social engineering:
    https://youtu.be/4gR562GW7TI

  • Coldplay - Adventure of a Lifetime (Of= ficial Video) The monkey CGI is awesome!
    https://www.youtube.com/watch?v=3DQtXby3twMmI

  • French pilot Bruno Vezzoli successfull= y crossed the English Channel aboard a flying car aptly named 'Pegasus' -= a winged horse in Greek mythology.
    http://www.flixxy.com/french-pilot-bruno-vezzoli-crosses-english-channel= -in-a-flying-car.htm?utm_source=3D4
Twitter | LinkedIn | Google | YouTube
Copyright =C2=A9 2014-2017 KnowBe4, Inc. All rights reserved.<= /div>
=C2=A0
=C2=A0
=C2=A0 This email was sent= to edward@transocean.com by feedback@knowbe4.com

33 N Garden Ave, Suite 1200 Clearwater, FL 33755 USA
=C2=A0 		=C2=A0
----==_mimepart_5947d994bdc70_1d8973227a4912882c5--