Return-Path: <1921889-409-1022@be2.maropost.com> Delivered-To: edward@transocean.com Received: from vps.transocean.com by vps.transocean.com (Dovecot) with LMTP id +d82Lc4YUVkEdwAAInt2oQ for ; Mon, 26 Jun 2017 07:23:10 -0700 Return-path: <1921889-409-1022@be2.maropost.com> Envelope-to: edward@transocean.com Delivery-date: Mon, 26 Jun 2017 07:23:10 -0700 Received: from mta7155.mp2200.com ([162.247.117.155]:31057) by vps.transocean.com with esmtp (Exim 4.89) (envelope-from <1921889-409-1022@be2.maropost.com>) id 1dPUul-0007wl-L7 for edward@transocean.com; Mon, 26 Jun 2017 07:23:10 -0700 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=default; d=knowbe4.com; t=1498486975; l=1; h=from:subject:date:to; bh=nR4OLZRZ0GUjrRPiikCTwjFrqv567Fsl8w66LhE1mcQ=; b=xeaX9ecDgUiEfdINmy2/eSZ2lnzz97qwY6/7EFnnrEqMsQqxINc6qubvr+mjWRsX9pF+lN nqn+vaYea1xXYs+Q3thVJEXVBAaABewGReDGllSMQ1bELXHrW+7JJ2Li60tPQjd9PfMmMF xBnMmJ3YKrW/vJT7cdEOntQnXdfDr6M= Received: from [<1921889-409-1022@be2.maropost.com>] ([<1921889-409-1022@be2.maropost.com>] helo=) by 649892-mailer2 (envelope-from 1921889-409-1022@be2.maropost.com) (Jetsend MTA 0.0.1 with ESMTP; Mon Jun 26 10:17:50 EDT 2017 Date: Mon, 26 Jun 2017 10:17:48 -0400 From: CyberheistNews Reply-To: feedback@knowbe4.com To: edward@transocean.com Message-ID: <27be5140-3ca8-0135-4887-1402ec83b870@knowbe4.com> Subject: [HEADS UP] Ransomware Now Hits Linux - Web Hosting Provider Pays a Million Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_5951178c72fc8_9793460689c50544533"; charset=UTF-8 Content-Transfer-Encoding: 7bit List-Unsubscribe: X-CampaignID: 409 X-Campaign-ID: 409 X-ContactID: 1921889 X-AccountID: 1022 X-Binding: 162.247.117.155 X-DkimDomain: knowbe4.com X-DkimSelector: default X-Feedback-ID: 409:Maropost X-Spam-Status: No, score=0.7 X-Spam-Score: 7 X-Spam-Bar: / X-Ham-Report: Spam detection software, running on the system "vps.transocean.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: If you are having trouble viewing this email, click here. http://newsletter.knowbe4.com/a/1022/preview/409/1921889/fcf0c948031e0d7454ea5efc04d03e89cf35678d This email was sent to &lt;b&gt;edward@transocean.com&lt;/b&gt; by &lt;b&gt;feedback@knowbe4.com&lt;/b&gt; Manage Subscriptions http://newsletter.knowbe4.com/a/1022/unsubscribe/409/1921889/fcf0c948031e0d7454ea5efc04d03e89cf35678d 33 N Garden Ave, Suite 1200 Clearwater, FL 33755 USA Report Spam http://newsletter.knowbe4.com/a/1022/report_spam/409/1921889/fcf0c948031e0d7454ea5efc04d03e89cf35678d [...] Content analysis details: (0.7 points, 3.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: googleapis.com] 0.0 T_SPF_HELO_TEMPERROR SPF: test of HELO record failed (temperror) 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different -0.0 SPF_PASS SPF: sender matches SPF record 0.0 HTML_MESSAGE BODY: HTML included in message 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% [score: 0.5000] 0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted Colors in HTML -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines 0.0 LOTS_OF_MONEY Huge... sums of money X-Spam-Flag: NO ----==_mimepart_5951178c72fc8_9793460689c50544533 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit If you are having trouble viewing this email, click here. http://newsletter.knowbe4.com/a/1022/preview/409/1921889/fcf0c948031e0d7454ea5efc04d03e89cf35678d This email was sent to &lt;b&gt;edward@transocean.com&lt;/b&gt; by &lt;b&gt;feedback@knowbe4.com&lt;/b&gt; Manage Subscriptions http://newsletter.knowbe4.com/a/1022/unsubscribe/409/1921889/fcf0c948031e0d7454ea5efc04d03e89cf35678d 33 N Garden Ave, Suite 1200 Clearwater, FL 33755 USA Report Spam http://newsletter.knowbe4.com/a/1022/report_spam/409/1921889/fcf0c948031e0d7454ea5efc04d03e89cf35678d ----==_mimepart_5951178c72fc8_9793460689c50544533 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable [HEADS UP] Ransomware Now Hits Linux - Web Hosting Provider = Pays a Million
3D""
If you are having trouble viewing this email, click here.
=
Email not displaying?
View = Knowbe4 Blog
CyberheistNews Vol 7 #26 =C2=A0 | =C2=A0 Ju= ne 26th., 2017
=

South Korean web hosting company Nayana agreed to pay a whopping 1 millio= n in Bitcoin after a ransomware attack hit their 153 Linux servers.

The attack took place June 10 and resulted in over 3,400 business website= s the company hosts being encrypted. According to the Nayana=E2=80=99s in= itial announcement, the attacker demanded 550 Bitcoins to decrypt the inf= ected files. Following a few days of negotiations, they lowered the ranso= m demand to 397.6 Bitcoins (around a Mil at the time but the rates are vo= latile).

Trend Micro revealed that the ransomware used in this attack was Erebus, = a piece of malware that was initially spotted in September 2016 and which= was already seen in Windows attacks earlier this year, when it had a Use= r Account Control bypass feature.

Bad guys now have ported the Erebus ransomware to Linux and are using it = to target vulnerable servers. Nayana=E2=80=99s website was running on Lin= ux kernel 2.6.24.2, and old version compiled back in 2008, and is vulnera= ble to a great deal of exploits that could provide attackers with root ac= cess to the server, such as DIRTY COW, Trend Micro noted.

TIME TO CHECK YOUR LINUX KERNELS

Nayana don't just need to patch their systems, they need to get all of th= eir servers upgraded to newer versions of whatever Linux distro they use,= and then properly secure those upgraded systems. With 153 servers, they'= re going to have to take their entire service offline for weeks (maybe lo= nger) in order to get that done. More technical detail at the KnowBe4 Blo= g:
https://blog.knowbe4.com/web-hosting-provider-pays-1-million-to-ransomwar= e-attackers
Recently, Microsoft claimed that no known = ransomware could penetrate the new Win10 Creators Update.

Presenting new anti-ransomware protection features added in Win 10 CU, Ro= bert Lefferts, Director of Program Management, Windows Enterprise and Sec= urity, said that no Windows 10 customer was affected by the recent WannaC= ry ransomware outbreak that took place in mid-May and no currently known = ransomware strain can infect Windows 10.

ZDNet decided to not listen, but look for themselves. They hired a pro ha= cker and wanted to see if such a bold claim would hold up.

Spoiler alert: It didn't. Story at the KnowBe4 Blog:
https://blog.knowbe4.com/windows-10-stops-ransomware-cold-not-so-fast
And victims aren't reporting ransomware at= tacks...

Online extortion, tech support scams and phishing attacks that spoof the = boss (CEO Fraud) were among the most damaging and expensive scams accordi= ng to new figures from the FBI's Internet Crime Complaint Center (IC3).
The IC3 report released Thursday identifies some of the most prevalent an= d insidious forms of cybercrime today, but the total financial losses tie= d to each crime type also show that victims do not report these crimes to= law enforcement very much.

Note that the FBI calls CEO fraud "Business Email Compromise" and comment= ed: "Business Email Compromise (BEC) is defined as a sophisticated scam t= argeting businesses working with foreign suppliers and/or businesses who = regularly perform wire transfer payments. The Email Account Compromise (E= AC) component of BEC targets individuals who perform wire transfer paymen= ts.

"The techniques used in both the BEC and EAC scams have become increasing= ly similar, prompting the IC3 to begin tracking these scams as a single c= rime type in 2017. The scam is carried out when a subject compromises leg= itimate business email accounts through social engineering or computer in= trusion techniques to conduct unauthorized transfers of funds."

People Only Report 15% of Ransomware Attacks

Writing for Bleepingcomputer.com =E2=80=94 a great tech support forum run= by our friend Larry Abrams =E2=80=94 Catalin Cimpanu observes that the F= BI=E2=80=99s ransomware numbers =E2=80=9Care ridiculously small compared = to what happens in the real world, where ransomware is one of today=E2=80= =99s most prevalent cyber-threats.=E2=80=9D

=E2=80=9CThe only explanation is that people are paying ransoms, restorin= g from backups, or reinstalling PCs without filing a complaint with autho= rities,=E2=80=9D Cimpanu writes.

Real Cost of Cyber Fraud Closer to 9 billion Dollars

Since roughly 15 percent of the nation=E2=80=99s fraud victims report the= ir crimes to law enforcement, for 2016, 298,728 complaints were received,= with a total victim loss of 1.33 billion dollars. Intrepid investigative= cybercrime reporter Brian Krebs noted: "If that 15 percent estimate is c= lose to accurate, that means the real cost of cyber fraud for Americans l= ast year was probably closer to 9 billion dollars.

Applying that same 15 percent rule, that brings the likely actual losses = from CEO fraud schemes to around 2.4 billion dollars last year."

Bonus Report. You Can Now See This for Your Own State

For instance, take Florida where KnowBe4 is located. The FBI reported it = lost 29,560,665 dollars to BEC just last year, but using the 15% rule it'= s most likely a whopping 190 million dollars, and that is just one state.= This is the link where you can see the numbers for your state, which is = useful if you are going for IT security budget approval and need numbers = that are real and close to home.

Links, pictures and download your complimentary CEO Fraud Prevention Manu= al PDF here:
https://blog.knowbe4.com/fbi-extortion-and-ceo-fraud-are-the-top-online-f= raud-complaints
Did you know that one of the first things = hackers try is to see if they can spoof the email address of someone in y= our own domain? Now they can launch a "CEO fraud" spear phishing attack o= n your organization.

KnowBe4 can help you find out if this is the case with our complimentary = Domain Spoof Test and enter you to win an awesome Stormtrooper Helmet Pro= p Replica at the same time.

Also, EVERYONE in the US/Canada will receive a real Kevin Mitnick collect= ible stainless steel lock-pick business card!

To enter just go here fill out the form, it's quick, easy and often a sho= cking discovery... 82% of email servers are not configured correctly. Is = yours?
https://info.knowbe4.com/dst-sweepstakes-062017
On-Demand W= ebinar: Best Practices and Future Direction of Security Awareness Trainin= g

While reported numbers fluctuate from industry study to industry study, t= hey all agree on one thing: cybercriminals are successfully and consisten= tly exploiting human nature to accomplish their goals. Prudent security l= eaders know that security awareness and training is key to strengthening = their =E2=80=98human firewall=E2=80=99 =E2=80=93 but they often don=E2=80= =99t know where to start.

In this webinar =E2=80=9CBest Practices and Future Direction of Securi= ty Awareness Training=E2=80=9D, Perry Carpenter, Chief Evangelist and= Strategy Officer at KnowBe4 and former Gartner Research Analyst in charg= e of the awareness training magic quadrant, discusses emerging industry t= rends and provides the actionable information you need to train your last= line of defense, your employees.

Perry will cover these topics:
  • Practical security awareness and behav= ior management tips
  • Outlining how and where tools are help= ful
  • Emerging industry trends
  • How to create a =E2=80=9Chuman firewal= l=E2=80=9D
Watch Now: https://info.knowbe4.com/webina= r-best-practices-future-direction
According to the NY Daily News, State Supr= eme Court Justice Lori Sattler was in the process of selling her apartmen= t and buying another, when she received an email that seemed like it was = coming from her lawyer.

The =E2=80=9Clawyer=E2=80=9D instructed her to send the money =E2=80=93 a= little over 1 million dollars =E2=80=93 to an account with the Commerce = Bank of China, and she did.

It is not known if the scammers managed to compromise Sattler's account, = the lawyer=E2=80=99s email account or if they created a spoofed one, but = it's highly likely that one of the two people involved was pwned =E2=80=93= how else would the bad guys know how to send such a timely and convincin= g spear-phishing email?

Emails From Fake Realtors Are Skyrocketing

Our customers send us "phishy" emails through our complimentary Phish Ale= rt button, we get thousands per day. These real-estate-themed phishing at= tacks usually come from spoofed addresses like Keller Williams, Remax and= so on.

You have to remember that most Realtors use their personal email accounts= to conduct business. Their email signature will have their company email= address listed but they are always sending and receiving from either the= ir ISP provided email account or from Hotmail, Yahoo, and Gmail. This is = not very secure, but is very convenient when you are on the road most of = your day.

Here is a recent scenario. A fake email comes in and it is a PDF file tha= t will pertain to a current real estate transaction, and you know the rea= ltors email account is hacked. It even goes so far where a realtor had th= eir account hacked and after every closing in that office, the closer wou= ld receive an email with different wiring instructions. The bad guy had g= otten into the realtors email account and knew when every one of their cl= osings were taking place.

I suggest you send employees, friends and family an email about this Scam= of the Week, you're welcome to copy/paste/edit:

"There is an epidemic of real-estate related phishing scams going on. = Bad guys silently take over the email address of a home buyer or their re= altor / lawyer, and right at the moment that a large amount of money need= s to get wired for closing, they send a fake email with a different bank = account that the bad guys control.

Always, always, always pick up the phone before you make a large transfer= and get confirmation about the correct bank account that the wire goes t= o. This is true for the house, but also the office."

Obviously, an end-user who was trained to spot social engineering red fla= gs like this would think twice before they wire money to an unknown accou= nt.

Let's stay safe out there.
=C2=A0

Warm Regards,
Stu Sjouwerman

Two Albert Einstein Quotes of = the Week
"Whoever is careless with the truth in s= mall matters cannot be trusted with important matters."

"Education is what remains after one has forgotten what one has learne= d in school."
=C2=A0

Thanks for reading CyberheistNews
But if you want to unsubscribe, you can do that right here

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-7-26-heads-up-ransomware-now-= hits-linux-web-hosting-provider-pays-a-million
Security News
Why So Many Top Hackers Hail from Russia

Brian Krebs wrote: "Conventional wisdom says one reason so many hackers s= eem to hail from Russia and parts of the former Soviet Union is that thes= e countries have traditionally placed a much greater emphasis than educat= ional institutions in the West on teaching information technology in midd= le and high schools, and yet they lack a Silicon Valley-like pipeline to = help talented IT experts channel their skills into high-paying jobs.

His post examines the first part of that assumption by examining a breadt= h of open-source data.

The supply side of that conventional wisdom seems to be supported by an a= nalysis of educational data from both the U.S. and Russia, which indicate= s there are several stark and important differences between how American = students are taught and tested on IT subjects versus their counterparts i= n Eastern Europe. Here is the whole post and also the comments at the end= which are interesting:
https://krebsonsecurity.com/2017/06/why-so-many-top-hackers-hail-from-rus= sia/
Ukraine Was Russia's Test-Lab for CyberWar

The quintessential cyberwar scenario has come to life in the Ukraine. Twi= ce. On separate occasions, invisible saboteurs turned off the electricity= to hundreds of thousands of people. The blackouts were part of a digital= blitzkrieg that has pummeled Ukraine for the past three years-a sustaine= d cyberassault.

How an Entire Nation Became Russia's Test Lab for Cyberwar:
https://www.wired.com/story/russian-hackers-attack-ukraine/
=
Global Cyber Alliance: "Few U.S. Hospitals Secure Their Email Aga= inst Phishing"

Shaun Waterman at the quite useful CyberScoop site wrote: "Fewer than one= -third of the largest 98 public and private hospitals in the United State= s secure their email against phishing and spamming, according to data rel= eased Thursday.

The Global Cyber Alliance said that of the 50 largest public hospitals, o= nly six employed Domain-based Message Authentication, Reporting and Confo= rmance, or DMARC =E2=80=94 an email authentication policy and reporting p= rotocol developed a decade ago, originally by PayPal. Of the 48 biggest f= or-profit hospitals, only 22 used DMARC. Full story at the KnowBe4 Blog:<= br> https://blog.knowbe4.com/global-cyber-alliance-few-u.s.-hospitals-secure-= their-email-against-phishing
Security Awareness Training Can Lower Your Cyberinsurance Premium=

New-school security awareness training might even pay for itself from Day= 1!

How? Call your cybersecurity insurance carrier or agent and specifically = ask if you get a discount on the premium if you step all employees throug= h awareness training. There could be significant savings and it may even = fully pay for the training.

KnowBe4 advises both prospects and existing customers to inquire with the= ir cyber insurance company about a reduced premium or discount for having= our training in place. Frequently this works, and the compliance modules= and physical security parts in the Diamond pricing level also get them a= discount.

One cyber insurance carrier told us: "Thanks for your inquiry, and questi= on earlier on whether we can offer a discounted premium on cyber insuranc= e for having security awareness training in place. Yes, having training i= n place for employees certainly helps lower the cyber insurance premium."=

Get a quote to begin with, so you know how surprisingly affordable this i= s:
https://info.knowbe4.com/kmsat_get_a_quote_now-chn
New Insider Threat Training Regulations Take Effect for Defense C= ontractors

I was quoted in FedScoop: "And, according to Stu Sjouwerman, CEO of secur= ity awareness training outfit KnowBe4, this regulation is also a response= to the popular and increasing focus on human vulnerability in breaches.<= br>
=E2=80=9CThe last few years, it has become blindingly clear that the bad = guys are not even bothering trying to find software vulnerabilities,=E2=80= =9D Sjouwerman said, =E2=80=9Cand have gone after the end-user with socia= l engineering.=E2=80=9D" Full article:
https://www.fedscoop.com/threat-awareness-training-regulations-for-defens= e-contractors/
A Whole Slew of Interesting News Items This Week

Hardening the Workforce: Developing Cyber Defenses:
http://www.bankinfosecurity.com/interviews/hardening-workforce-developing= -cyber-defenses-i-3623

Vaping, e-Cigarettes Can Be Used to Hack Computers:
https://www.infosecurity-magazine.com/news/vaping-e-cigarettes-hack-compu= ters/

Honda factory struck by same WannaCry ransomware that caused global chaos= :
https://www.infosecurity-magazine.com/news/honda-forced-to-shut-plant-aft= er/

Girl Scouts to Offer Cybersecurity Badges:
https://www.infosecurity-magazine.com/news/girl-scouts-to-offer-cybersecu= rity/

Microsoft admits to disabling third-party antivirus code if Win 10 doesn'= t like it:
http://www.theregister.co.uk/2017/06/20/microsoft_disabling_thirdparty_an= tivirus/

F-Secure Labs Shares the Top Companies Spoofed in Spam in 2017:
http://www.informationsecuritybuzz.com/news/f-secure-labs-shares-top-comp= anies-spoofed-spam-2017/

Russian hackers selling login credentials of UK politicians, diplomats: http://www.theregister.co.uk/2017/06/23/russian_hackers_trade_login_crede= ntials/

New Mac Malware Spotted on the Dark Web:
https://darkwebnews.com/dark-web/new-mac-malware-spotted-dark-web/

KPMG: Cybersecurity Has Reached a 'Tipping Point' from Tech to CEO Busine= ss Issue:
http://www.darkreading.com/careers-and-people/kpmg-cybersecurity-has-reac= hed-a-tipping-point-from-tech-to-ceo-business-issue/a/d-id/1329179

Study: Employers aware of cybersecurity threats but not proactive enough:=
http://www.hrdive.com/news/study-employers-aware-of-cybersecurity-threats= -but-not-proactive-enough/445484/

Wikileaks: The CIA can remotely hack into computers that aren=E2=80=99t e= ven connected to the internet:
https://qz.com/1013361/wikileaks-the-cia-can-remotely-hack-into-computers= -that-arent-even-connected-to-the-internet/

How Hollywood Got Hacked: Studio at Center of Netflix Leak Breaks Silence= (EXCLUSIVE)
http://variety.com/2017/digital/features/netflix-orange-is-the-new-black-= leak-dark-overlord-larson-studios-1202471400/

Alert: There are too many cybersecurity alerts:
https://www.americanbanker.com/news/alert-there-are-too-many-cybersecurit= y-alerts
Cyberheist 'Fave' Links=
This Week's= Links We Like, Tips, Hints and Fun Stuff
  • People Are Awesome 2017 - Best Of The = Week - Episode 27
    http://www.flixxy.com/people-are-awesome-2017-best-of-the-week-episode-2= 7.htm?utm_source=3D4

  • One of the TOP Penn & Teller: Busi= ness Magician Kostya Kimlat fools them with his amazing and incredible ca= rd trick. Penn gets extremely jealous:
    http://www.flixxy.com/magician-kostya-kimlat-makes-penn-angry.htm?utm_so= urce=3D4

  • Ukrainian dance troupe 'Light Balance'= light up the stage and earn the Golden Buzzer at America's Got Talent 20= 17. These guys are very creative:
    http://www.flixxy.com/ukrainian-dance-troupe-light-balance-americas-got-= talent-2017.htm?utm_source=3D4

  • Chaser, the super smart Border Collie,= demonstrates her amazing ability to understand the names of 1,022 differ= ent toys:
    http://www.flixxy.com/worlds-smartest-dog-understands-1022-words.htm?utm= _source=3D4

  • Swedish DIY Hobbyist Builds Personal F= lying Machine For 10,000 Dollars. I want one!
    http://www.flixxy.com/swedish-diy-hobbyist-builds-personal-flying-machin= e-for-10000-dollars.htm?utm_source=3D4

  • How to spot an ATM scam: 10+ Insane AT= M Scams That You Wouldn=E2=80=99t Even Notice:
    http://www.boredpanda.com/how-to-spot-atm-scam/

  • From the archives: Trouble with people= ? Watch this: Validation - Short Film (15 min) about the magic of looking= for the best in people. This movie has played at 34 film festivals world= wide and won 17 awards. Great for a break:
    http://www.flixxy.com/validation-short-film.htm?utm_source=3D4
  • For the kids. Check out what this seag= ull steals from the world's laziest cat:
    http://www.flixxy.com/seagull-and-cat.htm?utm_source=3D4

  • How does a Tesla Model S electric car = work? This is technically accurate and interesting:
    https://www.youtube.com/watch?v=3D3SAxXUIre28&feature=3Dyoutu.be&= ;app=3Ddesktop

  • A Domino can knock down another 1.5 ti= mes its size. 29 Dominoes could knock down the Empire State Building:
    = http://www.flixxy.com/the-domino-effect-how-little-things-can-make-a-big= -difference.htm?utm_source=3D4
Twitter | LinkedIn | Google | YouTube
Copyright =C2=A9 2014-2017 KnowBe4, Inc. All rights reserved.<= /div>
=C2=A0
=C2=A0
=C2=A0 This email was sent= to edward@transocean.com by feedback@knowbe4.com

33 N Garden Ave, Suite 1200 Clearwater, FL 33755 USA
=C2=A0 		=C2=A0
----==_mimepart_5951178c72fc8_9793460689c50544533--