Return-Path: <1921889-451-1022@be1.maropost.com> Delivered-To: edward@transocean.com Received: from vps.transocean.com by vps.transocean.com (Dovecot) with LMTP id OYjXEgemgFm2JgAAInt2oQ for ; Tue, 01 Aug 2017 09:02:15 -0700 Return-path: <1921889-451-1022@be1.maropost.com> Envelope-to: edward@transocean.com Delivery-date: Tue, 01 Aug 2017 09:02:15 -0700 Received: from mta7168.mp2200.com ([162.247.117.168]:59023) by vps.transocean.com with esmtp (Exim 4.89) (envelope-from <1921889-451-1022@be1.maropost.com>) id 1dcZcN-0002e8-Pk for edward@transocean.com; Tue, 01 Aug 2017 09:02:15 -0700 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; s=default; d=knowbe4.com; t=1501603318; l=1; h=from:subject:date:to; bh=nR4OLZRZ0GUjrRPiikCTwjFrqv567Fsl8w66LhE1mcQ=; b=z7s01va9Sg774fbNKnLo/crM8IQ18PJTYhIFy3XAAsvwKhN5OnMpvx8B1VV7juS5Bk+4ah StpjXvWetacrKPG0l0gXDOI9B2z9TxqoBYPCKVM1GZ9wigyRMNoCpAURoEpFK6srSbCQP9 EV0sVfS1UfnST+KxxetFdxji1xJsl+s= Received: from [<1921889-451-1022@be1.maropost.com>] ([<1921889-451-1022@be1.maropost.com>] helo=) by 771426-mailer10 (envelope-from 1921889-451-1022@be1.maropost.com) (Jetsend MTA 0.0.1 with ESMTP; Tue Aug 1 10:17:42 EDT 2017 Date: Tue, 01 Aug 2017 10:17:40 -0400 From: CyberheistNews Reply-To: feedback@knowbe4.com To: edward@transocean.com Message-ID: <1a0d9090-58f2-0135-48ea-1402ec83b870@knowbe4.com> Subject: Scary New Social Engineering Attack Turns Off Your Power Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="--==_mimepart_59808d84c852f_5c1b6bb0480149130333"; charset=UTF-8 Content-Transfer-Encoding: 7bit List-Unsubscribe: X-CampaignID: 451 X-Campaign-ID: 451 X-ContactID: 1921889 X-AccountID: 1022 X-Binding: 162.247.117.168 X-DkimDomain: knowbe4.com X-DkimSelector: default X-Feedback-ID: 451:Maropost X-Spam-Status: No, score=0.2 X-Spam-Score: 2 X-Spam-Bar: / X-Ham-Report: Spam detection software, running on the system "vps.transocean.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: This email was sent to &lt;b&gt;edward@transocean.com&lt;/b&gt; by &lt;b&gt;feedback@knowbe4.com&lt;/b&gt; Manage Subscriptions http://newsletter.knowbe4.com/a/1022/unsubscribe/451/1921889/d2488d8742ad81b4373075a47d52292f213a6b5f 33 N Garden Ave, Suite 1200 Clearwater, FL 33755 USA Report Spam http://newsletter.knowbe4.com/a/1022/report_spam/451/1921889/d2488d8742ad81b4373075a47d52292f213a6b5f [...] Content analysis details: (0.2 points, 3.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: wired.com] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record 0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror) 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different -0.5 BAYES_05 BODY: Bayes spam probability is 1 to 5% [score: 0.0231] 0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted Colors in HTML 0.8 MPART_ALT_DIFF BODY: HTML and text parts are different 0.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines X-Spam-Flag: NO ----==_mimepart_59808d84c852f_5c1b6bb0480149130333 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit This email was sent to &lt;b&gt;edward@transocean.com&lt;/b&gt; by &lt;b&gt;feedback@knowbe4.com&lt;/b&gt; Manage Subscriptions http://newsletter.knowbe4.com/a/1022/unsubscribe/451/1921889/d2488d8742ad81b4373075a47d52292f213a6b5f 33 N Garden Ave, Suite 1200 Clearwater, FL 33755 USA Report Spam http://newsletter.knowbe4.com/a/1022/report_spam/451/1921889/d2488d8742ad81b4373075a47d52292f213a6b5f ----==_mimepart_59808d84c852f_5c1b6bb0480149130333 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Scary New Social Engineering Attack Turns Off Your Power</ti= tle> </head> <body> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http= ://www.w3.org/TR/REC-html40/loose.dtd"> <html><body><table cellpadding=3D"0" cellspacing=3D"0" width=3D"100%"> <tr><td> <img height=3D"1" width=3D"1" alt=3D"" style=3D"display:block;" src=3D"ht= tp://newsletter.knowbe4.com/a/1022/open/451/1921889/d2488d8742ad81b437307= 5a47d52292f213a6b5f"> </td></tr> <tr><td> <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DUTF-8">= <title>
Email not displaying?
View = Knowbe4 Blog
CyberheistNews Vol 7 #30 =C2=A0 | =C2=A0 Au= g 1st., 2017


OK, better get thinking about generators and 1,000 gallon drums of fuel t= o keep your data center up & running (which you should have done anyw= ay for your disaster recovery plans...)

A new attack vector that bypasses all your software defenses has been dis= covered by Israeli cybersecurity company Cyberint. At the moment the bad = guys are targeting US and UK energy companies which could cause power cut= s and even cost lives, but this tactic could be used against anyone.

Here is how it plays out. A "honey-doc" masquerades as a resume attached = to a harmless email. Both email and attachment are totally clean and cont= ain no malicious code whatsoever. That's what makes them undetectable to = any kind of incoming email filter.

However, the Word doc *is* weaponized with a template reference that, whe= n the document is loaded, connects to the attacker=E2=80=99s server via S= erver Message Block and downloads a Word template which has an extremely = well-hidden malicious payload.

The connection to the SMB server also provides the attacker with the vict= im=E2=80=99s credentials, which can then be used to acquire sensitive inf= ormation and/or infiltrate the network and/or control systems used by the= targeted employee.

The campaign appears to have started in May, and as it is targeted at inf= rastructure control systems of US and UK energy companies, it's not too h= ard to guess who is behind it.

The problem is that once this type of attack is out there in the wild (re= member StuxNet?) all kinds of bad guys get their hands on it. To protect = against this type of attack, you want to step your employees through new-= school security awareness training so that they do not fall for social en= gineering tactics like this.

Start with a no-charge Phishing Security Test and find out what percentag= e of your users will click an email that seems to come from IT@yourdomain= .com. Start here:
https://info.knowbe4.com/phishing-security-test-chn
If you could not make it, it was fun, but = a zoo, and Def Con was crowded with a rumored 30,000 attendees. It certai= nly felt like it! Here are some highlights, and more to come when I get b= ack in the office:
  • The Black Hat Keynote:
    https://youtu.be/EC4EC5fcPL0

  • I was interviewed by Dark Reading abo= ut social engineering. Scroll to 2:25:00:
    https://youtu.be/pSlgo3kNNsQ

  • Black Hat USA 2017 Attendee Survey Re= sults. They released their third annual research report entitled, "Portra= it of an Imminent Cyber Threat." The report is based on survey responses = from nearly 600 Black Hat USA attendees. This year=E2=80=99s research exp= lores issues on a national scale and raises concerns about potential thre= ats to the U.S=E2=80=99s critical infrastructure, tools available for nat= ion state attacks, WikiLeaks and more. You can download your copy here: https://www.blackhat.com/docs/us-17/2017-Black-Hat-Attendee-Survey.pdf <= /span>

  • Black Hat presentation: Clever New To= ol Shuts Down Ransomware Before It's Too Late:
    https://www.wired.com/story/shieldfs-ransomware-protection-tool/     =

  • Black Hat presentation: Active Direct= ory Botnet sets up C&C infrastructure inside infected networks, while= bypassing defenses. Techniques exploiting legitimate capabilities & = controls. Scary!:
    https://www.scmagazine.com/active-directory-botnet-sets-up-cc-infrastruc= ture-inside-infected-networks-while-bypassing-defenses/article/677864/

  • The winners of the PWNIE awards were = announced and CSO wrote about them:
    http://www.csoonline.com/article/3211592/security/winners-of-the-2017-pw= nie-awards.html
Today, your employees are frequently expos= ed to sophisticated phishing and ransomware attacks. Old-school security = awareness training doesn=E2=80=99t hack it anymore. More than ever, your = users are the weak link in your network security.

Join us on Wednesday, August 9, 2017, at 2:00 p.m. (EDT) for a 30-= minute live product demonstration of KnowBe4=E2=80=99s Security Awareness= Training and Simulated Phishing Platform to see the latest features and = how easy it is to train and phish your users:
  • NEW, Customized Automated Security Aw= areness Program creates a fully mature training program in just a few min= utes!
  • Social Engineering Indicators patent-= pending technology, turns every simulated phishing email into a tool IT c= an use to instantly train employees.
  • Access to the world's largest library= of awareness training content through our innovative Module Store.
  • Send Simulated Phishing tests to your= users during specified business hours with "Reply-To Tracking" that show= s you which users fall for spoofed emails and what they answer to the bad= guys.
  • Reporting to watch your Phish-prone p= ercentage drop, with great ROI.
Find out how 12,000+ organizations have m= obilized their end-users as their last line of defense.

Register Now: https://register.gotowebinar.com/register/55459029498066557= 47
Cybersecurity Ventures continuously looks = at new companies for inclusion in the Cybersecurity 500, by soliciting fe= edback from CISOs, IT security practitioners and service providers, and r= esearching hundreds of cybersecurity events and news sources, and Cyberse= curity Ventures has released its Cybersecurity 500 List for Q2 2017.

root9B and Herjavec Group remained number one and two, respectively, from= the Q1 cybersecurity listing, but after that, there was a lot of movemen= t in the top 10. Raytheon, for instance, moved into the number three posi= tion thanks to a historic cybersecurity deal valued at nearly $1 billion = over five years with the U.S. Department of Homeland Security. IBM and Ci= sco both returned to the top 10 after hovering just outside that plateau = in February. And KnowBe4 made a huge jump from number 38 in Q1 to six in = Q2.

How do companies make significant moves, both up and down, in only a few = months?

=E2=80=9CWe look at companies in a few different contexts,=E2=80=9D expla= ined Steve Morgan, founder and editor-in-chief at the Cybersecurity 500. = =E2=80=9CWe are always evaluating revenue growth and market execution. Bu= t then we are also looking at what are the biggest challenges and which c= ompanies are doing what to help solve them.=E2=80=9D

Take IBM as an example. =E2=80=9CIt may not be that obvious,=E2=80=9D Mor= gan said, =E2=80=9Cbut they are throwing a lot of weight behind supportin= g cybersecurity education at the high school level - which ties directly = to the workforce shortage our industry is grappling with.=E2=80=9D

Morgan emphasized the importance of security awareness training. Spending= for security education is expected to reach $10 billion by 2027. =E2=80=9C= Security awareness has evolved from training employees to a discipline th= at is just as complicated and important as any other in our field,=E2=80=9D= he stated, and this played a role in KnowBe4=E2=80=99s jump in the ranki= ngs.

KnowBe4 was very surprising, moving up so much, Morgan admitted. =E2=80=9C= While the security awareness market is growing very quickly, it is an est= ablished space with dozens of companies who have been in it for years and= quite a few new market entrants,=E2=80=9D he added. =E2=80=9CKnowBe4 kee= p doubling revenues and getting as big as they are - I couldn't have expe= cted that they'd grow so much again over the past year. But, given they a= re in one of the biggest growth markets and have such a visible officer (= Kevin Mitnick, Chief Hacking Officer), it makes sense.=E2=80=9D More:
= http://www.itbusinessedge.com/articles/surprising-moves-in-cybersecurity-= 500-list-for-q2.html

Let's stay safe out there.

Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc.

Quotes of the Week
"If you don't want anyone to know, don't= do it." - Chinese Proverb

"Risk comes from not knowing what you're doing." - Warren Buffett =
=C2=A0

Thanks for reading CyberheistNews
But if you want to unsubscribe, you can do that right here

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-7-30-scary-new-social-enginee= ring-attack-turns-off-your-power
Security News
The Lazy Habits of Phishing Attackers

Ransomware as a service (RaaS) has been around for a while. But it has ty= pically been found on the dark web. In recent months, its creators have g= rown more brazen about promoting it on the open web, and that has the pot= ential to change everything. Few RaaS kits exemplify this the way Philade= lphia does.

At Black Hat 2017, Sophos released an in-depth report on the subject, Ran= somware as a Service (RaaS): Deconstructing Philadelphia, written by Dork= a Palotay, a threat researcher based in SophosLabs=E2=80=99 Budapest, Hun= gary, office. It delves into the inner mechanics of a ransomware kit anyo= ne can buy for $400. Once purchased, the bad guys can hijack and hold com= puter data for ransom in exchange for payment. More:
https://nakedsecurity.sophos.com/2017/07/25/ransomware-as-a-service-how-t= he-bad-guys-marketed-philadelphia/
This Is What Happens When You Reply to Spam Email. FUN
=
Suspicious emails: unclaimed insurance bonds, diamond-encrusted safe depo= sit boxes, close friends marooned in a foreign country. They pop up in ou= r inboxes, and standard procedure is to delete on sight. But what happens= when you reply? Follow along as writer and comedian James Veitch narrate= s a hilarious, weeks-long exchange with a spammer who offered to cut him = in on a hot deal. FUN! But do not try this at home...
https://www.ted.com/talks/james_veitch_this_is_what_happens_when_you_repl= y_to_spam_email
Top 10 Twitter Accounts to Track the Latest Phishing Scams=

TechInsurance wrote; "Once we get hip to one phishing scam, a new one pop= s up. As a busy IT consultant, you can't spend all day researching the la= test phishing attacks. Fortunately, there is an easy way to keep track of= the new phishing scams tormenting your clients =E2=80=93 Twitter!

We combed through Twitter to find some of the most reputable =E2=80=93 an= d frequent =E2=80=93 tweeters who regularly post about phishing scams and= other cyber security issues. If you follow these 10 Twitter accounts, yo= u should be among the first to know about the latest cyber threats." I wa= s their No.1 -- Pretty nice..
http://www.techinsurance.com/blog/cyber-risk/top-10-twitter-accounts-to-t= rack-the-latest-phishing-scams/
NIST Cybersecurity Framework (CSF) Sprint 2017 Workshop Findings<= /span>

Chris Hoover at RSA wrote: "To shape their Cybersecurity Framework (CSF),= NIST convenes a series of workshops open to any industry practitioners, = vendors, or academics who wish to attend.

I recently returned from the 2017 NIST CSF Workshop at their headquarters= in Gaithersburg, MD. For those interested in the NIST CSF but were unabl= e to attend, I will quickly run through the highlights. The exciting thin= g about these workshops that makes them different from any other framewor= k or guidance is the feedback from the audience gets translated in very h= igh fidelity into the next version of the CSF.

In addition to a recent round of public review, feedback from the 2017 wo= rkshop will be incorporated into CSF version 1.1 later this year. Keeping= this in mind, the feedback captured below is a sneak-peek into what the = finalized NIST CSF 1.1 might look like.

The bullets are a mixture of comments and recommendations from the confer= ence attendees for each topic. These comments are very high level, but yo= u can access recordings of many of the sessions here. If I were a betting= person, I would expect to see most of these items incorporated into the = NIST CSF roadmap and for many to be in the final version of NIST CSF 1.1.= Here is the article:
https://blogs.rsa.com/nist-csf-spring-2017-workshop-findings/

I like this because the NIST CSF Framework is getting so much attention. = Not only is it a Presidential Order but it is going to be more precise. W= e help you and make it easy to build and document these NIST controls (an= d any other) using the KnowBe4 Compliance Manager (KCM). Your audit shows= your compliance in half the time and at half the cost. Get a demo of KCM= and see for yourself:
https://www.knowbe4.com/products/compliance-manager-software
Get Your Cu= stomized Automated Security Awareness Program, ASAP!

Many IT pros don=E2=80=99t exactly know where to start when it comes to c= reating a security awareness program that will work for their organizatio= n.

We=E2=80=99ve taken away all the guesswork with our Free Automated Securi= ty Awareness Program builder (ASAP). ASAP is a revolutionary new tool for= IT professionals, which builds a customized Security Awareness Program f= or your organization that will show you the steps needed to create a full= y mature training program in just a few minutes!

The program is complete with actionable tasks, helpful tips, courseware s= uggestions and a management calendar. You also have the ability to export= the full program as a detailed or executive summary version in PDF forma= t. This is great ammo to help you get budget and reporting to management.=

Here's how it works:
  • 15-25 questions depending upon answers=
  • Suggested training materials based on = answers
  • Calendar and list view of tasks
  • Detailed and summary exportable PDF ve= rsions of your program
  • Fully mature awareness program ready i= n 10 minutes
Find out what YOUR program will look like!= There's no cost... Start ASAP!
https://info.knowbe4.com/asap-chn

PS: If you=E2=80=99re a current KnowBe4, just login to your console, clic= k on ASAP at the top right and get started!
Interesting News Items This Week

Nuance the Latest NotPetya Victim to Report Financial Impact:
http://www.bankinfosecurity.com/nuance-latest-notpetya-victim-to-report-f= inancial-impact-a-10138

More Than 500,000 Systems Infected by Stantinko Malware Since 2012:
https://securityintelligence.com/news/more-than-500000-systems-infected-b= y-stantinko-malware-since-2012/

UniCredit breach: Data of 400,000 customers exposed. Another compromise e= xample but what I thought was interesting is how much they were going to = spend to help mitigate the risks, huge!:
https://www.helpnetsecurity.com/2017/07/26/unicredit-breach/

Iranian Espionage Campaign Hinges on Beautiful (But Fake) Woman. Good des= cription of the lengths the bad guys go through to social engineer someon= e and compromise them with a honeytrap:
https://www.infosecurity-magazine.com/news/iranian-espionage-campaign-fak= e/

Phishers=E2=80=99 techniques and behaviors, and what to do if you=E2=80=99= ve been phished. Once a user has been phished, how long does it takes for= the phishers to misuse the stolen credentials:
https://www.helpnetsecurity.com/2017/07/28/phishers-tactics-and-behaviour= s/

Nine HIPAA settlements so far this year. Holy Moly, these are expensive:<= br> http://medcitynews.com/2017/07/hipaa-settlements-so-far-this-year/
Cyberheist 'Fave' Links=
This Week's= Links We Like, Tips, Hints and Fun Stuff
  • Best Of The Year So Far: The most awes= ome jumps, ski, snowboard, bicycling, gymnastics, martial arts, paraglidi= ng, basketball, ping pong, tennis and wingsuit flying in 2017:
    http://www.flixxy.com/people-are-awesome-best-of-the-year-2017-so-far.ht= m?utm_source=3D4

  • Stunningly beautiful sequences filmed = from the cockpit show what life is really like for pilots at 35,000 feet:=
    http://www.flixxy.com/a-stunningly-beautiful-view-from-the-cockpit.htm?u= tm_source=3D4

  • The 'Real Life Sherlock Holmes' is bac= k and continues to blow the minds of the judges and audience at America's= Got Talent 2017:
    http://www.flixxy.com/mind-reader-colin-cloud-amazes-americas-got-talent= -2017.htm?utm_source=3D4

  • How they pulled off the Atomic Blonde'= s killer action scene:
    https://www.wired.com/story/atomic-blonde-killer-action-sequence?    =

  • Why is the Mona Lisa so famous? You wi= ll probably be surprised:
    http://www.flixxy.com/why-is-the-mona-lisa-so-famous.htm?utm_source=3D4<= /span>

  • Some of the World's best teeterboard p= erformers defy gravity in Rome, Italy:
    http://www.flixxy.com/worlds-best-teeterboard.htm?utm_source=3D4    <= /li>
  • For the kids: Animals of all shapes an= d sizes love hugging as much as humans do ... maybe even more:
    http://www.flixxy.com/animals-also-like-to-cuddle.htm?utm_source=3D4
Twitter | LinkedIn | Google | YouTube
Copyright =C2=A9 2014-2017 KnowBe4, Inc. All rights reserved.<= /div>


This email was sent to edward@transocean.com by feedback@knowbe= 4.com

33 N Garden Ave, Suite 1200 Clearwater, FL 33755 USA

----==_mimepart_59808d84c852f_5c1b6bb0480149130333--