€3 Million CEO Fraud from a Phishing Attack on an Office 365 Account.
Finnish antivirus company, ‘F-Secure’, reports on a phishing attack on an Office 365 account this week that nearly cost the company €3 Million. One of the employees of the Finnish investment firm received a phishing email that enabled a €3 Million CEO Fraud Scam. It started with an email that looked like it was from delivery firm DHL but which led to a fake site.
The employee not only clicked on the email, using his own email account, but also left his details including payment information, thereby becoming the next social engineering victim.
Now able to monitor his communication, the cyber criminals then resent the victim further emails. They sent a correction to a new account number which went undetected. They attached an Excel file which included details of the new account where the money should go, and this was unfortunately arranged.
Typical of phishing attacks, the translation of the language in the Excel spreadsheet was so awful that concerns were then raised but sadly much too late.
The company was however, able to freeze the transaction at the last minute and they found that this employee’s account had in fact been compromised.
The bad guys almost won again.
CEO Fraud is on the rise, responsible for over $3 billion in losses and has ruined many careers. Staff, especially finance departments, are often compromised, and there is little likelihood of getting this money back. Be prepared and strengthen your workforce with security awareness training and simulated phishing programmes.
[HEADS UP] Ransomware Now Hits Linux – Web Hosting Provider Pays a Million
South Korean web hosting company Nayana agreed to pay a whopping 1 million in Bitcoin after a ransomware attack hit their 153 Linux servers.
The attack took place June 10 and resulted in over 3,400 business websites the company hosts being encrypted. According to the Nayana’s initial announcement, the attacker demanded 550 Bitcoins to decrypt the infected files. Following a few days of negotiations, they lowered the ransom demand to 397.6 Bitcoins (around a Mil at the time but the rates are volatile).
Trend Micro revealed that the ransomware used in this attack was Erebus, a piece of malware that was initially spotted in September 2016 and which was already seen in Windows attacks earlier this year, when it had a User Account Control bypass feature.
Bad guys now have ported the Erebus ransomware to Linux and are using it to target vulnerable servers. Nayana’s website was running on Linux kernel 18.104.22.168, and old version compiled back in 2008, and is vulnerable to a great deal of exploits that could provide attackers with root access to the server, such as DIRTY COW, Trend Micro noted.
TIME TO CHECK YOUR LINUX KERNELS
Nayana don’t just need to patch their systems, they need to get all of their servers upgraded to newer versions of whatever Linux distro they use, and then properly secure those upgraded systems. With 153 servers, they’re going to have to take their entire service offline for weeks (maybe longer) in order to get that done. More technical detail at the KnowBe4 Blog: https://blog.knowbe4.com/web-hosting-provider-pays-1-million-to-ransomware-attackers
Windows 10 Stops Ransomware Cold? Not So Fast!
Recently, Microsoft claimed that no known ransomware could penetrate the new Win10 Creators Update.
Presenting new anti-ransomware protection features added in Win 10 CU, Robert Lefferts, Director of Program Management, Windows Enterprise and Security, said that no Windows 10 customer was affected by the recent WannaCry ransomware outbreak that took place in mid-May and no currently known ransomware strain can infect Windows 10.
ZDNet decided to not listen, but look for themselves. They hired a pro hacker and wanted to see if such a bold claim would hold up.
FBI: “Extortion and CEO Fraud Are the Top Online Fraud Complaints”
And victims aren’t reporting ransomware attacks…
Online extortion, tech support scams and phishing attacks that spoof the boss (CEO Fraud) were among the most damaging and expensive scams according to new figures from the FBI’s Internet Crime Complaint Center (IC3).
The IC3 report released Thursday identifies some of the most prevalent and insidious forms of cybercrime today, but the total financial losses tied to each crime type also show that victims do not report these crimes to law enforcement very much.
Note that the FBI calls CEO fraud “Business Email Compromise” and commented: “Business Email Compromise (BEC) is defined as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses who regularly perform wire transfer payments. The Email Account Compromise (EAC) component of BEC targets individuals who perform wire transfer payments.
“The techniques used in both the BEC and EAC scams have become increasingly similar, prompting the IC3 to begin tracking these scams as a single crime type in 2017. The scam is carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.”
People Only Report 15% of Ransomware Attacks
Writing for Bleepingcomputer.com — a great tech support forum run by our friend Larry Abrams — Catalin Cimpanu observes that the FBI’s ransomware numbers “are ridiculously small compared to what happens in the real world, where ransomware is one of today’s most prevalent cyber-threats.”
“The only explanation is that people are paying ransoms, restoring from backups, or reinstalling PCs without filing a complaint with authorities,” Cimpanu writes.
Real Cost of Cyber Fraud Closer to 9 billion Dollars
Since roughly 15 percent of the nation’s fraud victims report their crimes to law enforcement, for 2016, 298,728 complaints were received, with a total victim loss of 1.33 billion dollars. Intrepid investigative cybercrime reporter Brian Krebs noted: “If that 15 percent estimate is close to accurate, that means the real cost of cyber fraud for Americans last year was probably closer to 9 billion dollars.
Applying that same 15 percent rule, that brings the likely actual losses from CEO fraud schemes to around 2.4 billion dollars last year.”
Bonus Report. You Can Now See This for Your Own State
For instance, take Florida where KnowBe4 is located. The FBI reported it lost 29,560,665 dollars to BEC just last year, but using the 15% rule it’s most likely a whopping 190 million dollars, and that is just one state. This is the link where you can see the numbers for your state, which is useful if you are going for IT security budget approval and need numbers that are real and close to home.
Did you know that one of the first things hackers try is to see if they can spoof the email address of someone in your own domain? Now they can launch a “CEO fraud” spear phishing attack on your organization.
KnowBe4 can help you find out if this is the case with our complimentary Domain Spoof Test and enter you to win an awesome Stormtrooper Helmet Prop Replica at the same time.
Also, EVERYONE in the US/Canada will receive a real Kevin Mitnick collectible stainless steel lock-pick business card!
On-Demand Webinar: Best Practices and Future Direction of Security Awareness Training
While reported numbers fluctuate from industry study to industry study, they all agree on one thing: cybercriminals are successfully and consistently exploiting human nature to accomplish their goals. Prudent security leaders know that security awareness and training is key to strengthening their ‘human firewall’ – but they often don’t know where to start.
In this webinar “Best Practices and Future Direction of Security Awareness Training”, Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4 and former Gartner Research Analyst in charge of the awareness training magic quadrant, discusses emerging industry trends and provides the actionable information you need to train your last line of defense, your employees.
Perry will cover these topics:
Practical security awareness and behavior management tips
Scam of the Week: Real Estate Wire Transfer Phishing Fraud
According to the NY Daily News, State Supreme Court Justice Lori Sattler was in the process of selling her apartment and buying another, when she received an email that seemed like it was coming from her lawyer.
The “lawyer” instructed her to send the money – a little over 1 million dollars – to an account with the Commerce Bank of China, and she did.
It is not known if the scammers managed to compromise Sattler’s account, the lawyer’s email account or if they created a spoofed one, but it’s highly likely that one of the two people involved was pwned – how else would the bad guys know how to send such a timely and convincing spear-phishing email?
Emails From Fake Realtors Are Skyrocketing
Our customers send us “phishy” emails through our complimentary Phish Alert button, we get thousands per day. These real-estate-themed phishing attacks usually come from spoofed addresses like Keller Williams, Remax and so on.
You have to remember that most Realtors use their personal email accounts to conduct business. Their email signature will have their company email address listed but they are always sending and receiving from either their ISP provided email account or from Hotmail, Yahoo, and Gmail. This is not very secure, but is very convenient when you are on the road most of your day.
Here is a recent scenario. A fake email comes in and it is a PDF file that will pertain to a current real estate transaction, and you know the realtors email account is hacked. It even goes so far where a realtor had their account hacked and after every closing in that office, the closer would receive an email with different wiring instructions. The bad guy had gotten into the realtors email account and knew when every one of their closings were taking place.
I suggest you send employees, friends and family an email about this Scam of the Week, you’re welcome to copy/paste/edit:
“There is an epidemic of real-estate related phishing scams going on. Bad guys silently take over the email address of a home buyer or their realtor / lawyer, and right at the moment that a large amount of money needs to get wired for closing, they send a fake email with a different bank account that the bad guys control.
Always, always, always pick up the phone before you make a large transfer and get confirmation about the correct bank account that the wire goes to. This is true for the house, but also the office.”
Obviously, an end-user who was trained to spot social engineering red flags like this would think twice before they wire money to an unknown account.
Let’s stay safe out there.
Warm Regards, Stu Sjouwerman
Two Albert Einstein Quotes of the Week
“Whoever is careless with the truth in small matters cannot be trusted with important matters.”
“Education is what remains after one has forgotten what one has learned in school.”
Thanks for reading CyberheistNews
Why So Many Top Hackers Hail from Russia
Brian Krebs wrote: “Conventional wisdom says one reason so many hackers seem to hail from Russia and parts of the former Soviet Union is that these countries have traditionally placed a much greater emphasis than educational institutions in the West on teaching information technology in middle and high schools, and yet they lack a Silicon Valley-like pipeline to help talented IT experts channel their skills into high-paying jobs.
His post examines the first part of that assumption by examining a breadth of open-source data.
The supply side of that conventional wisdom seems to be supported by an analysis of educational data from both the U.S. and Russia, which indicates there are several stark and important differences between how American students are taught and tested on IT subjects versus their counterparts in Eastern Europe. Here is the whole post and also the comments at the end which are interesting: https://krebsonsecurity.com/2017/06/why-so-many-top-hackers-hail-from-russia/
Ukraine Was Russia’s Test-Lab for CyberWar
The quintessential cyberwar scenario has come to life in the Ukraine. Twice. On separate occasions, invisible saboteurs turned off the electricity to hundreds of thousands of people. The blackouts were part of a digital blitzkrieg that has pummeled Ukraine for the past three years-a sustained cyberassault.
Global Cyber Alliance: “Few U.S. Hospitals Secure Their Email Against Phishing”
Shaun Waterman at the quite useful CyberScoop site wrote: “Fewer than one-third of the largest 98 public and private hospitals in the United States secure their email against phishing and spamming, according to data released Thursday.
Security Awareness Training Can Lower Your Cyberinsurance Premium
New-school security awareness training might even pay for itself from Day 1!
How? Call your cybersecurity insurance carrier or agent and specifically ask if you get a discount on the premium if you step all employees through awareness training. There could be significant savings and it may even fully pay for the training.
KnowBe4 advises both prospects and existing customers to inquire with their cyber insurance company about a reduced premium or discount for having our training in place. Frequently this works, and the compliance modules and physical security parts in the Diamond pricing level also get them a discount.
One cyber insurance carrier told us: “Thanks for your inquiry, and question earlier on whether we can offer a discounted premium on cyber insurance for having security awareness training in place. Yes, having training in place for employees certainly helps lower the cyber insurance premium.”
New Insider Threat Training Regulations Take Effect for Defense Contractors
I was quoted in FedScoop: “And, according to Stu Sjouwerman, CEO of security awareness training outfit KnowBe4, this regulation is also a response to the popular and increasing focus on human vulnerability in breaches.
making sure you monitor your website is vital for good customer relations
Making sure your website is up and running 24*7 is vital when running any kind of business.
Slow load times can mean lost revenue and also dissatisfied customers who – in today’s digital world – are likely to take their complaints to social media as easily as they are to contact you and report a problem.Read More
Do you know what Application Performance Management is and why you should be using it?
When it comes to web-based applications speed is the essence and this is where Application Performance Management comes in.
APM is the art of managing the performance, availability and user experience of any software application. It monitors the speed at which transactions are performed both by the end-user and by the systems and network infrastructure which support the app. It also provides an end-to-end overview of any potential bottlenecks and service interruptions.Read More
In-house or hosted email? – Either way security is vital
Deciding between in-house or hosted email options is one of the most important decisions a business can make.
Email forms the heart of how most people communicate today and nowhere is this more apparent than in the workplace. The broad availability and adoption of broadband has meant email has quickly risen to overtake both the traditional telephone and the more technological fax machine as the primary form of day-to day (and legally binding) business communication.
AlertSite helps keep your website fast and responsive on all devices
AlertSite by SmartBear has been named Editors’ Choice by PC Magazine for giving businesses complete visibility into their websites and web applications.
S3 is an AlertSite partner and we use its capabilities to offer real-time sophisticated monitoring and reports across all platforms for our clients. PC Magazine awarded the software the title of Editors’ Choice for best Web Monitoring Software 2015.