Return-Path: <1921889-447-1022@be6.maropost.com> Delivered-To: edward@transocean.com Received: from vps.transocean.com by vps.transocean.com (Dovecot) with LMTP id 2Zi7KMEGdlnUFAAAInt2oQ for ; Mon, 24 Jul 2017 07:40:01 -0700 Return-path: <1921889-447-1022@be6.maropost.com> Envelope-to: edward@transocean.com Delivery-date: Mon, 24 Jul 2017 07:40:01 -0700 Received: from mta7166.mp2200.com ([162.247.117.166]:48875) by vps.transocean.com with esmtp (Exim 4.89) (envelope-from <1921889-447-1022@be6.maropost.com>) id 1dZeWL-0001PF-R4 for edward@transocean.com; Mon, 24 Jul 2017 07:40:01 -0700 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=default; d=knowbe4.com; t=1500907180; l=1; h=from:subject:date:to; bh=nR4OLZRZ0GUjrRPiikCTwjFrqv567Fsl8w66LhE1mcQ=; b=wegDAK4BEZ3JuafgzHI2XrPSep/RCIufrwINkwLM1+Lww62YPt+ouvbTJ3bWtbtzrcv0aK lsoHoYevsQ8Q6IfXCjH3uiofI/nQzedlfCfNOwUEdpeiXfLsWrEqj8+nrjYhLZRpg5XIng JfZBIlWP6eDre3/e9/OikR7+/Gc/FKA= Received: from [<1921889-447-1022@be6.maropost.com>] ([<1921889-447-1022@be6.maropost.com>] helo=) by 649893-mailer3 (envelope-from 1921889-447-1022@be6.maropost.com) (Jetsend MTA 0.0.1 with ESMTP; Mon Jul 24 10:17:08 EDT 2017 Date: Mon, 24 Jul 2017 10:17:05 -0400 From: CyberheistNews Reply-To: feedback@knowbe4.com To: edward@transocean.com Message-ID: Subject: CEO Fraud Attacks Were Far More Lucrative Than Ransomware Over the Past 3 Years Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_59760161b8cae_5c2f363837085605382"; charset=UTF-8 Content-Transfer-Encoding: 7bit List-Unsubscribe: X-CampaignID: 447 X-Campaign-ID: 447 X-ContactID: 1921889 X-AccountID: 1022 X-Binding: 162.247.117.166 X-DkimDomain: knowbe4.com X-DkimSelector: default X-Feedback-ID: 447:Maropost X-Spam-Status: No, score=-2.0 X-Spam-Score: -19 X-Spam-Bar: -- X-Ham-Report: Spam detection software, running on the system "vps.transocean.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: If you are having trouble viewing this email, click here. http://newsletter.knowbe4.com/a/1022/preview/447/1921889/e93212e0ed3f8d76a204d97f70526983ea57886e This email was sent to &lt;b&gt;edward@transocean.com&lt;/b&gt; by &lt;b&gt;feedback@knowbe4.com&lt;/b&gt; Manage Subscriptions http://newsletter.knowbe4.com/a/1022/unsubscribe/447/1921889/e93212e0ed3f8d76a204d97f70526983ea57886e 33 N Garden Ave, Suite 1200 Clearwater, FL 33755 USA Report Spam http://newsletter.knowbe4.com/a/1022/report_spam/447/1921889/e93212e0ed3f8d76a204d97f70526983ea57886e [...] Content analysis details: (-2.0 points, 3.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: sandiegouniontribune.com] 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different -0.0 SPF_PASS SPF: sender matches SPF record 0.0 T_SPF_HELO_TEMPERROR SPF: test of HELO record failed (temperror) 0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted Colors in HTML -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0019] 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information X-Spam-Flag: NO ----==_mimepart_59760161b8cae_5c2f363837085605382 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit If you are having trouble viewing this email, click here. http://newsletter.knowbe4.com/a/1022/preview/447/1921889/e93212e0ed3f8d76a204d97f70526983ea57886e This email was sent to &lt;b&gt;edward@transocean.com&lt;/b&gt; by &lt;b&gt;feedback@knowbe4.com&lt;/b&gt; Manage Subscriptions http://newsletter.knowbe4.com/a/1022/unsubscribe/447/1921889/e93212e0ed3f8d76a204d97f70526983ea57886e 33 N Garden Ave, Suite 1200 Clearwater, FL 33755 USA Report Spam http://newsletter.knowbe4.com/a/1022/report_spam/447/1921889/e93212e0ed3f8d76a204d97f70526983ea57886e ----==_mimepart_59760161b8cae_5c2f363837085605382 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable CEO Fraud Attacks Were Far More Lucrative Than Ransomware Ov= er the Past 3 Years
3D""
If you are having trouble viewing this email, click here.
=
Email not displaying?
View = Knowbe4 Blog
CyberheistNews Vol 7 #29 =C2=A0 | =C2=A0 Ju= ly 24th., 2017

Cisco's midyear report released this week showed that CEO fraud netted cy= bercrime five times more money than ransomware over the last three years.=

The surprising highlight of Cisco's ninety-page report was that cybercrim= e made 5.3 billion from CEO fraud attacks--called business email compromi= se (BEC) by the FBI--compared with a "mere" 1 billion for ransomware over= a three-year stretch.

Organized Eastern European cybercrime is more and more taking the "time i= s money" approach, in this case billions, says Steve Martino, Cisco's chi= ef information security officer. "What we are looking at is the continual= commercialization of cyberattacks," Martino says, pointing out that is a= major theme in the report.

Ransomware takes time to develop and extensively test before any net Bitc= oin comes into the wallet, compared to doing a quick bit of research on L= inkedIn and crafting a spoofed spear-phishing attack. CEO fraud simply is= faster to pull off. Moreover, your run-of-the-mill spray-and-pray ransom= ware attacks are often lower-dollar numbers.

Schooling Users on CEO Fraud and Ransomware

Cisco's Martino says targeted cybersecurity education for employees can h= elp prevent users from falling for CEO fraud and ransomware attacks. The = finance department could especially benefit from security training on phi= shing campaigns, so when the bogus email comes across the transit of the = CEO asking for a funds transfer it can be detected, Martino says.

Regular software patching also is crucial. When spam laden malware hits o= r ransomware attacks similar to WannaCry surfaces, the impact can be mini= mized. "People focus on new technology, but forget about patching and mai= ntaining the infrastructure," Martino observed.

And a balanced defensive and offensive posture, with not just firewalls a= nd antivirus but also including measures to hunt down possible attacks th= rough data collection and analysis, he adds.

Spyware Makes a Comeback

Cisco found that in the first half of this year, attackers altered their = methods of delivering, hiding, and evading their malicious packages and t= echniques.

Fileless malware is popping up, which lives in memory and disappears when= a device reboots, according to the report. As a result, it makes detecti= on and the ability to investigate it more difficult.

Additionally, attackers are also making use of anonymized and decentraliz= ed infrastructures, such as Tor proxy services, to hide command and contr= ol activities.

Meanwhile, three families of spyware ran rampant, with Hola, RelevantKnow= ledge, and DNSChanger/DNS Unlocker affecting more than 20% of the 300 com= panies in the sample for the report.

Ironically, many organizations underestimate or virtually dismiss spyware= . "Spyware is being disguised as adware and adware, unlike spyware, does = not create damages for a company," says Franc Artes, Cisco's Security Bus= iness Group architect. He adds that attackers are injecting spyware and o= ther forms of malware into adware, since adware is a low priority for sec= urity teams.

=E2=80=98Destruction of Service=E2=80=99 Attack Threat

The report also highlights the dangers of Destruction of Service (DeOS) a= ttacks, epitomized by the likes of WannaCry and NotPetya which were both = much more destructive than traditional ransomware. These types of attacks= , Cisco says, have the strength to eliminate organizations=E2=80=99 data = backups and leave them unable to recover.

Cost of Downtime Not Calculated

The one thing that was not taken into account related to ransomware was t= he amount of damage caused by downtime, having workstations and servers n= ot up & running. If you calculate that in, ransomware is probably as = damaging as CEO fraud, or even more.
Heads-up. There is a new social engineerin= g attack currently being tested in Europe, and that means we will see it = in America in the near future.

The bad guys are using malicious WhatsApp ads, which offer a 250 dollar c= oupon for a well-known retailer, in exchange for a short survey. The invi= te looks like it comes from a friend on WhatsApp. A similar strain instal= ls a malware on the phone, which looks like a software update, but steals= all the contacts, phone numbers and email addresses - and if they can fi= nd any, passwords and banking credentials.

There are different ways to monetize all this phishing data, and it looks= like the bad guys have got that down too, from selling the stolen creden= tials to using the malware to go viral to all the contacts on the phone.<= br>
The large retailers have reported hundreds of these attacks to Europe's f= ederal Cyber Crime Unit.

Warn your users to not click on dodgy WhatsApp special coupon offers.
A global survey over 400 C-suite execs by = the management consulting firm A.T. Kearney showed that cybersecurity (43= percent) is the top operational challenge they faced.

Also, a whopping 85 percent of C-suite executives agree that cyberattacks= will become more frequent and more costly. Here are five survey take-awa= ys. Posted at the KnowBe4 Blog:
https://blog.knowbe4.com/43-of-c-suite-execs-name-cybersecurity-as-no.-1-= operational-challenge
It's been a "Ransomware Horror Show=E2=80=9D= . If you've been in the IT trenches over the past year, you've probably n= oticed that announcements of new ransomware strains are accelerating and = there is no end in sight.

Join us for this 30-minute live webinar =E2=80=9CTop 5 Strategies to Prev= ent Ransomware=E2=80=9D, on Tuesday, July 25th at 2:00 pm EDT. Erich Kron= , CISSP, Security Awareness Advocate at KnowBe4 will look at scary featur= es of new ransomware strains and give you 5 strategies you can implement = now to help you prevent ransomware.

Erich will cover:
  • The new scary Ransomware trends out i= n the wild
  • How to eliminate or reduce damage fro= m ransomware
  • How to fortify your last line of defe= nse=E2=80=94your end users
Date/Time: Tuesday, July 25, 2017, at = 2:00 pm EDT. Register Now:
https://attendee.gotowebinar.com/register/2525090409700004353
1) DarkReading has a very handy article wr= itten by Black Hat Staff, with important event information, including bad= ge pick-up hours, scheduling updates, special programs, and more.

Make sure to follow @BlackHatEvents on Twitter and tweet using the hashta= gs #BHUSA and #BlackHat to join the conversation and stay up-to-date. Dow= nload the official Black Hat USA mobile app to customize your event sched= ule
http://www.darkreading.com/black-hat/black-hat-usa-2017---know-before-you= -go/d/d-id/1329420

2) While you are there, stop by KnowBe4=E2=80=99s Booth #1848 for Kevin M= itnick=E2=80=99s Book Signing. Meet the =E2=80=98World=E2=80=99s Most Fam= ous Hacker=E2=80=99 and get a signed copy of his new book: Wednesday, Jul= y 26, 5-7pm at KnowBe4=E2=80=99s Booth 1848 while they last.

3) What to expect at Black Hat: Security hype and reality. Look for machi= ne learning, automation, orchestration, integration and threat intelligen= ce to dominate the Black Hat security conference:
http://www.csoonline.com/article/3209972/security/anticipating-black-hat-= hype-and-reality.html#tk.twt_cso

Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc.

Quotes of the Week
"One way to get the most out of life is = to look upon it as an adventure." - William Feather

"The very basic core of a man's living spirit is his passion for adven= ture." - Christopher McCandless
=C2=A0

Thanks for reading CyberheistNews
But if you want to unsubscribe, you can do that right here

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-7-29-ceo-fraud-attacks-were-f= ar-more-lucrative-than-ransomware-over-the-past-3-years
Security News
Evil Corp Hires Criminal Hackers for Highly Targeted Ransomware I= nfections

The Register just wrote about the difference between your run-of-the-mill= spray-and-pray ransomware infections, and highly targeted manual deploym= ent attacks like the SamSam or Samas attacks that have hit hospitals rece= ntly, locking all machines and demand exorbitant ransoms. The attacks are= targeted against banking and infrastructure firms worldwide.

Criminal hackers penetrating the network usually start with a spear phish= ing attack, and then laterally move through the network to get the lay of= the land and then locking all machines at the same time with a shock-and= -awe effect. More, and 10 things to do about it at the KnowBe4 Blog:
https://blog.knowbe4.com/evil-corp-hires-criminal-hackers-for-highly-targ= eted-ransomware-infections
Data Breaches Are up 29 Percent Over Last Year

Data breaches are running 29 percent above last year, according to a repo= rt released by the Identity Theft Resource Center and CyberScout. Hacking= was the leading cause of data breaches nationwide, more than 790 so far = this year.

More than 12 million records have been exposed, although two-thirds of da= ta breach notifications or public notices did not report the number of re= cords compromised. =E2=80=9COnly 33 percent of data breaches reported thi= s year have made the number of records exposed publicly available,=E2=80=9D= said Karen A. Barney, director of research and publications at Identity = Theft Resource Center, an increase of 13 percent over 2016 mid-year numbe= rs.

More than half of all beaches this year have occurred in business, follow= ed by health care and medical. Breaches in the medical and health-care in= dustry are most likely to include the number of records involved. More th= an 80 percent of breaches in 2017 that were reported to Health & Huma= n Services included the number of records.

Read about the new report at the San Diego Union Tribune:
http://www.sandiegouniontribune.com/news/data-watch/sd-me-g-data-breaches= -20170619-story.html
Ransomware Attack on KQED TV, Radio Station Wiped out Pre-Recorde= d Segments

KQED, a TV and radio station in San Francisco, is an example that shows h= ow badly any organization can suffer when ransomware hits their network. = KQED has been trying to recover from the damages of a massive ransomware = attack for more than a month.

The San Francisco Chronicle reported that the station received a massive = ransomware attack on June 15. The attack was so severe that it has been =E2= =80=9Cbombed back to 20 years ago, technology-wise=E2=80=9D as per the an= alysis of one KQED=E2=80=99s senior editor Queena Kim.

During the attack, the station=E2=80=99s computer systems=E2=80=99 hard d= rives got locked, station=E2=80=99s internal email server went offline an= d pre-recorded segments were totally wiped out. For over 12 hours the onl= ine broadcast of the station remained offline, and official Wi-Fi connect= ion also went offline for many days. More at the KnowBe4 blog:
https://blog.knowbe4.com/ransomware-attack-on-kqed-tv-radio-station-wiped= -out-pre-recorded-segments
What It=E2=80=99s Like When Pro Phishers Assail Your Inbox=

Lily Hay Newman wrote in WIRED: "ON A TYPICAL morning I have about 30 new= emails in my personal inbox, and 40 in my work account. You know how it = is.

I archive what I don't want, scan part of a newsletter, click through to = a coworker's Google Doc, and click "track my package" more often than I'd= like to admit. It's all pretty standard stuff.

These days, though, I face my inboxes with grim determination. Because fo= r about five weeks this spring I was under attack by a team of hackers fr= om the company PhishMe whose goal was to ... phish me.

I had given company CTO Aaron Higbee my personal and professional email a= ddresses, and full permission to trick me into clicking on a malicious li= nk, downloading a nasty attachment, or visiting a bogus site where my per= sonal information could be compromised.

If you think that might instill a certain depth of paranoia, you're absol= utely right. Every email from my doctor could be fake. Every shared album= of vacation photos, a trap. I knew that they were coming for me. I just = didn't know when or how."

Excellent article. Do I wish it would have been KnowBe4 instead? Sure. Bu= t the message is just as valid for any of the three leading companies in = this space, whether PhishMe, KnowBe4 or Wombat. This is something you *ha= ve* to do, because your users are your last line of defense:
https://www.wired.com/story/phishing-attempts-email-inbox/
Putin=E2=80=99s Hackers Now Under Attack=E2=80=94From Microsoft

Techcrunch observed: "The Daily Beast details how, in 2016, Microsoft=E2=80= =99s legal team sued Fancy Bear (also known by many other aliases) for re= serving domain names that violated Microsoft trademarks.

Apparently, in the course of claiming generic domains for its operations,= Fancy Bear often selected domains that riff off of Microsoft products an= d services, inadvertently opening the door to the lawsuit.

While you can=E2=80=99t exactly drag an amorphous, faceless hacking group= into court, the lawsuit served one key purpose: it hijacked some of Fanc= y Bear=E2=80=99s servers. In the last year, Microsoft has taken over at l= east 70 different Fancy Bear domains, many of which served as =E2=80=9Cco= mmand-and-control=E2=80=9D points so the hackers could communicate with t= he malware they installed on targeted computers.

When a domain flips over into Microsoft=E2=80=99s hands, the company can = use it to observe and map Fancy Bear=E2=80=99s server network, which comm= unicates with the Microsoft domains. The result is that the company can i= ndirectly disrupt and observe aspects of a suspected foreign intelligence= operation =E2=80=94 a pretty clever trick for a tech company to pull off= in its spare time:"
http://www.thedailybeast.com/microsoft-pushes-to-take-over-russian-spies-= network
How Weak Ar= e Your User=E2=80=99s Passwords?

Are your user=E2=80=99s passwords=E2=80=A6P@ssw0rd? Verizon's recent Data= Breach Report showed that 81% of hacking-related breaches used either st= olen and/or weak passwords. Employees are the weakest link in your networ= k security, using weak passwords and falling for phishing and social engi= neering attacks.

KnowBe4=E2=80=99s complimentary Weak Password Test (WPT) checks your Acti= ve Directory for several different types of weak password related threats= .

WPT gives you a quick look at the effectiveness of your password policies= and any fails so that you can take action. This tests against 10 types o= f weak password related threats for example; Weak, Duplicate, Empty, Neve= r Expires, plus 6 more.

Here's how Weak Password Test works:
  • Reports on the accounts that are affec= ted
  • Tests against 10 types of weak passwor= d related threats
  • Does not show/report on the actual pas= swords of accounts
  • Just download the install and run it
  • Results in a few minutes!
This will take you 5 minutes and may give = you some insights you never expected!
https://info.knowbe4.com/weak-password-test-chn
Interesting News Items This Week

Dow Jones Leaks Personal Info of 2.2 Million Customers:
https://www.infosecurity-magazine.com/news/dow-jones-leaks-personal-info/=

How do SMEs fight off cyber-attacks?:
http://www.itsecurityguru.org/2017/07/18/smes-fight-off-cyber-attacks/
Here is a really good one =E2=80=A6 bad news for students however Newcast= le University Stung by Sophisticated Phishing Site:
https://www.infosecurity-magazine.com/news/newcastle-uni-stung-by/

Every organization is only one click away from a potential compromise: https://www.helpnetsecurity.com/2017/07/21/insider-attack-damage/

Where are the fixes to the botched Outlook security patches?:
http://www.computerworld.com/article/3209710/microsoft-windows/where-are-= the-fixes-to-the-botched-outlook-security-patches.html
Cyberheist 'Fave' Links=
This Week's= Links We Like, Tips, Hints and Fun Stuff
  • This is the best video ever. 14 second= s on Twitter. You will watch this twice, guaranteed:
    https://twitter.com/lad/status/888146633267007488?s=3D09

  • Here is something new: Your Automated = Security Awareness Program Builder (ASAP).
    This is the ASAP video: https://vimeo.com/226490343
    And this is the link to register and get your custom awareness program i= mmediately:
    https://info.knowbe4.com/asap-chn

  • Ransomware - Anatomy of an Attack. Goo= d video by Cisco
    https://www.youtube.com/watch?v=3D4gR562GW7TI

  • Blind magician Richard Turner successf= ully fools Penn & Teller with his unbelievable card tricks:
    http://www.flixxy.com/blind-card-mechanic-fools-penn-and-teller.htm?utm_= source=3D4

  • Why do you text and drive? This one st= arts out funny, but then... Great PSA!:
    https://m.youtube.com/watch?v=3DlRYv_2JRCT0&feature=3Dyoutu.be

  • British entrepreneur invents, builds a= nd files patent for Iron Man-like flight suit. I want one!:
    https://www.youtube.com/watch?v=3DiZ05iAuIAlc

  • World's Fastest Money Counter:
    http://www.flixxy.com/worlds-fastest-money-counter.htm?utm_source=3D4

  • Magician and card thrower Rick Smith s= hows off his incredible card throwing tricks with the guys from Dude Perf= ect:
    http://www.flixxy.com/amazing-card-throwing-tricks.htm?utm_source=3D7

  • Old NASA computers and space probe dat= a tapes found in dead engineer's basement:
    http://boingboing.net/2017/07/21/old-nasa-computers-and-space-p.html

  • Watch two Teslas totally smoke a sport= bike and try not to smirk. Full disclosure, I drive a Tesla Model S P85D= : :-D
    http://bgr.com/2017/07/21/tesla-vs-motorbike-drag-race-humiliation/

  • When Top Gear Tried it's Best to Stop = Tesla and Elon Musk:
    https://www.youtube.com/watch?v=3DQErBQWUQyEI&feature=3Dyoutu.be

  • Technical Backgrounder Here's How Elec= tric Cars Produce Instant Maximum Torque:
    http://www.popularmechanics.com/cars/hybrid-electric/a27394/how-electric= -cars-produce-instant-torque/
Twitter | LinkedIn | Google | YouTube
Copyright =C2=A9 2014-2017 KnowBe4, Inc. All rights reserved.<= /div>
=C2=A0
=C2=A0
=C2=A0 This email was sent= to edward@transocean.com by feedback@knowbe4.com

33 N Garden Ave, Suite 1200 Clearwater, FL 33755 USA
=C2=A0 		=C2=A0
----==_mimepart_59760161b8cae_5c2f363837085605382--