OK, here is something new and really scary.

KnowBe4's Chief Hacking Officer Kevin Mitnick called me with some chilling news. A white hat hacker friend of his developed a working "ransomcloud" strain, which encrypts cloud email accounts like Office 365 in real-time. My first thought was :"Holy $#!+".

I asked him: "Can you show it to me?", and Kevin sent this to me a few hours ago. Lucky for us, this ransomware strain is not in the wild just yet, but it's on the horizon, so this is your heads-up! If a white hat can do this, so can a black hat.

This new strain uses a smart social engineering tactic to trick the user to give the bad guys access to their cloud email account, with the ruse of a "new Microsoft anti-spam service".

Once your employee clicks "accept" to use this service, it's game over: all email and attachments are encrypted real-time! See it for realz here in 5 minutes and shiver:
YouTube Ransomcloud Demo

What Kevin recommends at the end of this video: "Stop, Look and Think before you click on any link in an email that could potentially give the bad guys access to your data." is now more true than ever.

What Percentage Of Your Users Would Click On That Link?

Organizations are moving millions of users to O365. However, this video proves that being in the cloud does not automatically mean you are secure. The Phish-prone percentage of your users is your number one vulnerability, as they remain to be the weakest link in your IT security, cloud or not.

Here is a way to get your users' phish-prone percentage baseline at no cost

KnowBe4's free Phishing Security Test allows you to choose which environment you want to test:

If you choose the O365 option, your user will be send this Phishing Security Test (PST) email after you upload the email addresses and whitelist our domain:

As you just saw, cyber-attacks are rapidly getting more sophisticated. We help you step your employees throuigh new-school security awareness training to better manage the urgent IT security problems of social engineering, spear-phishing and ransomware attacks. Take the first step now. No need to talk to anyone.

Find out what percentage of your employees are Phish-prone with our free Phishing Security Test (PST). If you don't do it yourself, the bad guys will.

https://www.knowbe4.com/phishing-security-test-offer

Ransomware Attack Uses NSA 0-Day Exploits To Go On Worldwide Rampage

Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity
company F-Secure, called the attack "the biggest ransomware outbreak in
history." This is a cyber pandemic caused by a ransomware weapon of mass
destruction.

FedEx Corp, Renault, Russian banks, gas stations in China, and Spanish
telecommunications firm Telefonica which reported 85% of their systems being
down as a result of a cyberattack earlier today, and ironically the Russian
Interior ministry has 1,000 machines encrypted. Even the German Railways
were infected.

Dozens of hospitals in the UK were shut down. Cybersecurity experts have long
used the phrase "where bits and bytes meet flesh and blood," which signifies
a cyberattack in which someone is physically harmed.

SUMMARY:

Yet unknown cyber criminals have taken an NSA 0-day threat and weaponized a
ransomware strain so that it replicates like a worm and takes over the whole
network using the SMB protocol. There is a 2-month old MS patch that needs to
be applied urgently if you have not done that already.

I suggest you immediately look into this and patch your systems before your
users fall for this phishing attack. Here is a blog post with all the
updated details, links to patches, background, workarounds if you cannot patch,
and the blog post is being updated close to real-time:

https://blog.knowbe4.com/ransomware-attack-uses-nsa-0-day-exploits-to-go-on-worldwide-rampage

On the same page is an option to download a no-charge tool to check if your
endpoint security software protects you against ransomware infections, the
tool is called 'RanSim'.

This is a bad one. Let's stay safe out there.

Warm regards,
Stu Sjouwerman,
Founder and CEO, KnowBe4, Inc.

Internet bad guys are increasingly trying to circumvent your spam filters and instead are targeting your users directly through their smartphone with smishing attacks, which are hard to stop.

The practice has been around for a few years, but current new scams are mystery shopping invitations that start with a text, social engineering the victim to send an email to the scammers, and then get roped into a shopping fraud.

These types of smishing attacks are also more and more used for identity theft, bank account take-overs, or pressure employees into giving out personal or company confidential information. Fortune magazine has a new article about this, and they lead with a video made by USA Today which is great to send to your users as a reminder. An Australian researcher also just published data to suggest cybercriminals are getting better results using the phone these days.

I suggest you send employees, friends and family an email with these two paragraphs about this Scam Of The Week, feel free to copy/paste/edit:

"Bad guys are increasingly targeting you through your smartphone. They send texts that trick you into doing something against your own best interest. At the moment, there is a mystery shopping scam going on, starting out with a text invitation, asking you to send an email for more info which then gets you roped into the scam.

Always, when you get a text, remember to "Think Before You Tap", because more and more, texts are used for identity theft, bank account take-overs and to pressure you into giving out personal or company confidential information. Here is a short video made by USA Today that shows how this works: https://www.youtube.com/watch?v=ffck9C4vqEM

Obviously, an end-user who was trained to spot social engineering red flags (PDF) would think twice before falling for these scams. The link goes to a complimentary job aid that you can print out and pin to your wall. Feel free to distribute this PDF to as many people as you can.

Let's stay safe out there,

Warm regards,

Stu Sjouwerman

Founder and CEO, KnowBe4, Inc.

It's suddenly all over the news. In hindsight, it was a matter of "not if, but when".

Sophos just warned against a new hybrid worm that combines the ETERNALBLUE exploit and cryptomining.

ETERNALBLUE is the infamous escaped NSA code that was used in the WannaCry worm, so the combination of this method of breaking in, followed by a cryptomining payload, has been dubbed WannaMine.

WannaMine attacks aren’t new, but the Sophos Support team has recently had a surge in the number of enquiries from people asking for advice about the issue. Sophos posted a 13 minute video interview.

Here are the quick Questions and Answers, based on the video.

Q. Is WannaMine like WannaCry? Is it ransomware that scrambles my disk?

A. The name “WannaMine” is a coined term (pun intended) that refers to a malware family that uses the network spreading capabilities of WannaCry to deliver cryptomining malware rather than ransomware.

Q. What is cryptomining malware? Is it as dangerous as ransomware?

A. Cryptomining is when crooks secretly get your computer to do the calculations needed to generate cryptocurrency, such as Bitcoin, Monero or Ethereum; the crooks keep any cryptocoin proceeds for themselves.

To make money with cryptomining, you need a lot of electricity to deliver a lot processing power on a lot of computers.

By illegally installing cryptominers inside your network, the crooks therefore steal your resources to do their work.

Q. Can cryptomining damage my computer?

A. We’ve seen stories of mobile phone batteries bulging due to overheating when the device was deliberately forced to do mining calculations for hours on end.

However, WannaMine doesn’t run on mobile phones – it attacks Windows computers.

Nevertheless, even if no permanent damage is done, you’ll probably find your laptop batteries draining much faster than usual, your fans running flat out, and your laptop being noticeably hotter than usual.

Also, if malware like WannaMine can penetrate your network, you are at serious risk of other malware at the same time, including ransomware.

We frequently see evidence of cryptomining left behind on computers that were zapped by ransomware, so don’t ignore WannaMine infections if they show up – where one crooks goes, others will surely follow.

Q. If I don’t own any cryptocoins and I’m not part of the cryptocurrency scene, am I still at risk?

A. Yes.

WannaMine malware attacks aren’t trying to locate your digital cryptocurrency stash and steal it.

They want free use of your computer for cryptomining calculations of their own, whether you’re interested in cryptocurrency or not.

Q. Can security software prevent WannaMine attacks?

A. Yes.

Exploit prevention software (e.g. Sophos Intercept X) can block the ETERNALBLUE attack to prevent malware like this from entering your network in the first place.

Anti-virus and host intrusion prevention software (e.g. Sophos Endpoint Protection) can stop the malicious processes that allow the WannaMine attack to proceed, even if the exploit triggers at te start.

Network security software (e.g. Sophos XG Firewall) can block the network activity required for malware like WannaMine to work.

Q. What else can I do?

A. Patch promptly, and pick proper passwords.

WannaMine malware typically includes the same ETERNALBLUE exploit that was abused by WannaCry and allowed it to spread. This exploit was patched last year in Microsoft update MS17-010, so a properly patched network wouldn’t be open to the exploit in the first place.

If the ETERNALBLUE hole is already closed, WannaMine can try to spread using password cracking tools to find weak passwords on your network.

Sophos said: It only takes one user with poor password hygiene to put your whole network at risk.

Here are three things you can do about this right now

• Re-test your whole network for Patch MS17-010 and make 100% sure that all machines are indeed updated

• Step your users through new-school security awareness training, and have them do the new Strong Passwords Module.

• Download the free Weak Password Test tool, and immediately scan AD for passwords that need to be beefed up.

How weak are your user’s passwords? Are they... P@ssw0rd?

KnowBe4’s complimentary Weak Password Test (WPT) checks your Active Directory for several different types of weak password related threats.

WPT gives you a quick look at the effectiveness of your password policies and any fails so that you can take action. WPT tests against 10 types of weak password related threats for example; Weak, Duplicate, Empty, Never Expires, plus 6 more.

Here's how Weak Password Test works:

• Reports on the accounts that are affected

• Tests against 10 types of weak password related threats

• Does not show/report on the actual passwords of accounts

• Just download the install and run it

• Results in a few minutes!

This will take you 5 minutes and may give you some insights you never expected!

Download Now:

https://info.knowbe4.com/weak-password-test

Warm regards,

Stu Sjouwerman
Founder and CEO, KnowBe4, Inc.

The moment this 3-minute video was released on LinkedIn it went viral, had 900 likes, 90 comments, and well over 30K views in no time.

Kevin Mitnick, KnowBe4's Chief Hacking Officer wrote: "I’m excited to share the new
#USBNinja cable that uses Bluetooth to command the malicious cable to inject its
payload onto a targeted machine. The transmitter range is up to 100m depending on the antenna used.

"My sincere Congrats to Olaf, Dennis, Vincent Yiu and the rest of the RFID Team for
such brilliant work. This work was borne out of the NSA’s COTTONMOUTH project
disclosed by Edward Snowden. For those that are interested in the #USBNinja cable,
this was formally codenamed USBHarpoon."

Here is a link where you can see this brand new attack video yourself:
https://blog.knowbe4.com/knowbe4s-chief-hacking-officer-kevin-mitnick-demonstrates-the-usb-ninja-cable-attack

Warm regards, Stu

This starts to be more than a bit concerning. The faces in this post look like pretty normal humans. They could be social media shots. However, they were generated by a recent type of algorithm: generative adversarial network, or GAN.

Nvidia researchers Tero Karras, Samuli Laine, and Timo Aila posted details of the method to produce completely imaginary fake faces with stunning, almost eerie, realism.

GANs employ two "dueling" neural networks to train a model to learn the nature of a dataset well enough to generate convincing fakes. When you apply GANs to images, this provides a way to generate often highly realistic still fakes you could use for extremely hard to detect social engineering attacks, especially combined with deep fake videos.

Here is the blog post with the links to the paper, still shots and example videos. Check it out and shiver:
https://blog.knowbe4.com/these-incredibly-realistic-fake-faces-show-how-ai-can-now-mess-with-us

Warm regards, Stu

Let me share some observations after 7 years of building KnowBe4 from scratch into a 100 million dollar company.

We train your employees to recognize social engineering attacks and not fall for hacker tactics that attempt to manipulate them into doing something against their and your interest. In short, we enable your employees to make smarter security decisions, every day.

But what is the basic mechanism behind social engineering? Why exactly does it work? How do you arm yourself against it?
Over the last 15 years, a lot of books have been written about this, and many experts have voiced their opinions. However, here is some hard-won experience from the trenches.

We all know that the bad guys go after your users—the weak link in IT security—because hacking humans is easier and faster than hacking software or hardware. Hacking the wetware can often be done in less than a minute.

OK, so exactly WHY is it so easy to hack the wetware?

Let's have a look at people's behavior in general for a moment and paint a picture in your mind. Two extremes: fully rational on the left and fully irrational on the right. In a business environment, which ideally is driven by both reason and competition, there is of course no pure black or white, these two extremes are really a gray scale and employees operate hopefully left from the middle.

GrayScale

How do the bad guys manipulate behavior? They attempt to influence—essentially bypass—rational behavior ("I'm not clicking that!") and force the user to the right into more irrational behavior ("I'm clicking that now!")

In other words, they are pushing your users from rational behavior that's based on a cycle of observation, deciding, and acting, into a more irrational short circuit that's a knee-jerk reaction consisting of only observation -> action without the decision step.

Here is an example of this in real-life battle

Since the 1950s, U.S. Navy fighter pilots have been trained to understand and follow the OODA Loop: Observe, Orient, Decide and Act.

From Wikipedia: The OODA loop is the decision cycle of observe, orient, decide, and act, developed by military strategist and United States Air Force Colonel John Boyd. Boyd applied the concept to the combat operations process, often at the operational level during military campaigns.

OODA-LOOP

Top Guns use the OODA loop in dogfights, and use a series of them in very short succession. Here is how that looks, Check out the US Navy's Blue Angels in action:

But the OODA loop can be applied in a number of ways, including business in general and here is how it applies to social engineering:

1. Observation Your end user is active in your organization getting their tasks done. Suddenly the end user observes something that seemingly they need to do something about, either to prevent a negative consequence or benefit from an opportunity. (The attacker's first attack vector).

2. Orientation in business refers to human judgement to put this into context with past experience and business understanding, to quickly predict what to do next. ("Hmm, I see phishing red flags here...")

3. Decide using the data and orientation toward rational, productive behavior. ("I'm not clicking that!")

4. Action putting that decision in motion. (User clicks on the Phish Alert Button instead)

Even without the heart-pounding thrill of barrel rolls and live-ammo contact with the enemy, the OODA Loop is a powerful weapon for everyone if they apply it correctly.

The exact anatomy of social engineering

The game for the bad guys is to get inside the OODA Loop and cut out the decide step. That is the exact anatomy of social engineering: subversion of the decision-making process.

The bad guy wants your user to react without much (or any) rational thought. The click, or the opening of the attachment, is action based on emotion, a good example is the attacker artificially creating shock (Celebrity Death!) in the mind of your user.

In the past, some people have tried to describe this process with terms like "influencing or activating the subconscious" which contains a hard-wired series of behavior patterns, like yanking your hand off a hot stove.

What they really tried to describe was the omission of the "decide" step in the OODA Loop.

So, how to arm your users against human hacking?

Educate them about social engineering. Show them how it works. Train them how the bad guys try to manipulate employees. Explain the exact mechanism so that they actually understand it, and are able to apply what they learned in their work environment.

A trained employee is much harder to fool, and dramatically less gullible when they are confronted with attack vectors that try to social engineer them. Step your users through new-school security awareness training.

Get a quote and find out how surprisingly affordable this is for your organization.

https://info.knowbe4.com/enterprise_get_a_quote_now

The ransomware strain that crippled several cities and school districts in the U.S. earlier this year is back with more tricks up its sleeve to avoid detection.

If you haven’t heard of SamSam, you haven’t been paying attention. Just one example of the kind of destruction they can cause is the recent attack on the Colorado Department of Transportation which caused downtime for 2,000+ systems.

This new SamSam strain adds a human element to its already devious mix of evasive techniques to keep antivirus, endpoint, and even more advanced security software from detecting it.

SamSam avoids being discovered using sophisticated methods of constructing its payload and how it executes. In their recent blog, endpoint protection company Malwarebytes provides a detailed technical explanation of how this new variant of SamSam works.

Your Executive Summary

Your executive summary is that basically this SamSam strain avoids detection using three advanced techniques.

• It decrypts the payload only at run-time, making it nearly impossible to identify and analyze.
• It’s loader, payload, and logs are wiped, leaving very few traces behind for any forensics or scanning tools.
• It requires a password to be entered by the threat actor to run in the first place.

It’s that last part of the attack that makes this latest strain so dangerous. Unlike most ransomware strains which are designed to spread automatically, this new strain of SamSam is designed for targeted attacks.

By requiring a password, the payload remains encrypted (and, therefore, an absolute secret), only woken up when and where the bad guys choose to unleash it in your network, all at the same moment to create the biggest impact and damage.

Do You Want The Good News Or The Bad News?

The good news is that, should users accidentally download this strain of ransomware, or your network is compromised via an RDP brute-force attack, the payload is harmless without the password to run it. The bad news is, should the SamSam gang decide that your organization is next up to be extorted, all your users will be sitting on their hands for possibly weeks if your backups fail.

The Two Problems: Open RDP Ports And Social Engineering

Gangs like SamSam and Crysis use two main attack vectors to get in. RDP ports and social engineering your users, normally through email attachments. Let's take a look at RDP first.

RDP Attack

A typical RDP attack goes through the following steps: An attacker picks targets with RDP ports available online and identifies if the computer is assigned to an enterprise network. Alternatively, he can always buy access to previously hacked RDP servers, via marketplaces like xDedic.

They try to brute-force the RDP connection, and once the system is accessed they return multiple times to quickly compromise the machine. These repeated attempts are generally successful in a matter of minutes.

Once they gain access the attacker goes lateral in the network and infects critical machines, but does not get the ransomware code executed... yet.

Social Engineering Your Users

Recent research shows that between 10.5% and 15% of malicious email makes it through the filters. This gap analysis is the best proof that you should train your end users and create an additional security layer that you could call your Human Firewall.

Five Things You Can Do About This Right Away:

1. When is the last time you tested the restore function of your backups? You want to do that ASAP, and make sure you have weapons-grade backups at all times.

2. Scan your network to identify any open RDP ports and ideally disable RDP completely on all Windows machines if possible. By default, the server listens on TCP port 3389 and UDP port 3389.

3. Best practice to protect a network from a brute force RDP attack is to apply strong RDP security settings, including limiting or disabling access to shared folders and clipboards from remote locations.

4. An RDP brute force approach does open the attacker’s information to the targeted network, so automate the process of parsing the Windows Event Viewer logs, find any compromised user accounts, identify the IP address of the attacker and block that.

5. Do a no-charge Phishing Security Test and find out what percentage of your users is Phish-prone. Use that percentage as a catalyst to start a new-school security awareness training program, which—by survey—your users are actually going to appreciate because it helps them stay safe on the internet at the house.

Let's stay safe out there.

Warm regards,
Stu Sjouwerman
Founder and CEO,
KnowBe4, Inc

We've been reporting on the top-clicked phishing email subjects every quarter for a while now across three different categories: general emails, those related to social media, and 'in the wild' attacks that are a result of millions of users clicking on the Phish Alert Button on real phishing emails and allowing our team to analyze the results.

Make Your Users Think Twice

Sharing the latest threats with users is a great way to keep them on their toes. Also we see a lot of similarities in the subjects quarter over quarter, so knowing what the popular ones are can help them to stay vigilant and ultimately think twice before clicking. The bad guys continue to take advantage of the human psyche and bypass rational behavior.

Using Human Nature Against Us

“Hackers are smart and know how to leverage multiple psychological triggers to get the attention of an innocent victim. In today’s world, it’s imperative that businesses continually educate their employees about the tactics that hackers are using so they can be savvy and not take an email at face-value. Hackers will continue to become more sophisticated with the tactics they use and advance their utilization of social engineering in order to get what they want,” said Perry Carpenter, chief evangelist and strategy officer at KnowBe4.

Here is a visual representation of top messages for the last quarter.

Warm regards, Stu

After monitoring this new outbreak for 24 hours, I came to the conclusion we were dealing with cyber warfare, and not ransomware. Two separate reports coming from Comae Technologies and Kaspersky Lab experts confirm this now.

NotPetya is a destructive disk wiper similar to Shamoon which has been targeting Saudi Arabia in the recent past. Note that Shamoon actually deleted files, NotPetya goes about it slightly different, it does not delete any data but simply makes it unusable by locking the files and then throwing away the key. The end result is the same.

Someone is hijacking known ransomware families and using them to attack Ukrainian computer systems. Guess who.

You never had a chance to recover your files. There are several technical indicators that NotPetya was only made to look as ransomware as a smoke screen:

• It never bothers to generate a valid infection ID
• The Master File Table gets overwritten and is not recoverable
• The author of the original Petya also made it clear NotPetya was not his work

This has actually happened earlier. Foreshadowing the NotPetya attack, the author of the AES-NI ransomware said in May he did not create the XData ransomware, which was also used in targeted attacks against Ukraine. Furthermore, both XData and NotPetya used the same distribution vector, the update servers of a Ukrainian accounting software maker.

Catalin Cimpanu, the Security News Editor for Bleepingcomputer stated: "The consensus on NotPetya has shifted dramatically in the past 24 hours, and nobody would be wrong to say that NotPetya is on the same level with Stuxnet and BlackEnergy, two malware families used for political purposes and for their destructive effects. Evidence is clearly mounting that NotPetya is a cyber-weapon and not just some overly-aggressive ransomware."

Cybersecurity has moved from tech to a CEO and Board-level business issue

You did not sign up for this, but today it is abundantly clear that as an IT pro you are have just found yourself on the front line of 21-st century cyber war. Cybersecurity has moved from tech to a CEO and Board-level business issue. I strongly suggest you have another look at your defense-in-depth, and make sure to:

Have weapons-grade backups
Religiously patch
Step users through new-school security awareness training.

Sophos reported on one of the more scary ransomware strains I have seen lately. It's called Goldeneye and encrypts the workstation twice: both the files and the Master File Table (MFT).

It's a phishing attack with two attachments. One is a PDF and the other an Excel file. The Excel file contains a loader that pulls down all the malware. The PDF is the social engineering ruse that makes the user open the Excel file. If your user is untrained enough to open both attachments and there are crucial files on the local hard disk without a backup, you potentially get to pay ransom TWICE.

The spam email presents itself as a job application form to be filled out. It has attached an uninfected PDF with the application to get the process started, and in the PDF is a polite reference that the Excel file contains more details -- no explicit demand to open up the file... just business as usual.

Opening up the Excel file, you get a suggestion how to display the aptitude test. Sophos said: "The crooks don’t openly ask you to do anything obviously risky, such “Enable macros” or “Turn off the default security configuration”, but they do encourage you to make a change to your Office settings, something that Excel will invite you to do because the file contains what are known as Visual Basic for Applications (VBA) macros.

In fact, if you permit macros to run in this Excel file, you will quickly regret it: the VBA downloads a copy of the Goldeneye ransomware and immediately launches it." The VBA programming language used in Office macros is powerful enough to allow cybercriminals to control Word or Excel programmatically, but also to perform more general actions such as downloading files from the web, saving them to disk, and running them.

Yikes.

Once the Excel file is activated, all the malicious activity happens in the background, but when the encryption pass is done, there's a whole bunch of files left behind called: YOUR_FILES_ARE_ENCRYPTED.TXT which announce the infection:

Most strains of file-encrypting ransomware stop here, but Goldeneye's developer has experience in this field and does a double-whammy attack similar to their Petya / Misha strain and encrypts the Master File Table (MFT) of that machine as well.

Goldeneye works a bit different than the previous editions: it first encrypts the files, then performs the UAC bypass and the low-level MFT attack, then reboots and pretends doing a CheckDisk.

Once the “check” is finished, another reboot sounds the alarm with some dramatic ASCII art:

Pressing the Any Key gives you this:

In case you’re wondering why Sophos redacted the so-called personal decryption codes in the images above, the encryption is different for your files and for your MFT: the malware uses different algorithms and different keys each time.

In short, if you pay up to unlock your scrambled MFT so you can reboot into Windows, then, assuming the crooks actually send you the key, you’ll get back into Windows only to face the YOUR_FILES_ARE_ENCRYPTED.TXT pay page as well. If you don’t have any backup, you get to pay up 1.4 Bitcoins all over again. That's 2.8 total which starts to get very expensive.

How vulnerable is your network against ransomware attacks?

KnowBe4 has been working hard on something brand new. Bad guys are constantly coming out with new versions of ransomware strains to evade detection. Is your network effective in blocking ransomware when employees fall for social engineering attacks?

KnowBe4’s Ransomware Simulator "RanSim" gives you a quick look at the effectiveness of your existing network protection.

Here's how RanSim works:

• 100% harmless simulation of a real ransomware infection

• Does not use any of your own files

• Tests 10 types of infection scenarios

• Just download the install and run it

• Results in a few minutes!

RanSim has been downloaded thousands of times and run against dozens of AV products. The results have been an eye opening experience for many IT pros. NOTE: RanSim was created for Windows-based workstations running Windows 7 or higher.

Download Your FREE RanSim Now

https://info.knowbe4.com/ransomware-simulator-tool

Why are organizations in the West subjected to relentless phishing and ransomware attacks? We need to go back in history for a bit to understand what caused this, and determine how we can best prepare ourselves.

First of all, let's look at planet Earth from the following perspective: It is an anarchy of nations. The United Nations has turned out to be a disappointing, ineffective, and corrupt mess. Credit where credit is due, the U.N. has done some very good work in certain corners. The Universal Declaration of Human Rights is a excellent example, but taken as a whole, the U.N. has mostly been paralyzed.

Now, let's go back to right after WWII. The cold war has started up, and there is a atomic arms race with mutually assured destruction as the only deterrent. Two superpowers at each other's throat with physical walls being built and the Iron Curtain coming down. I remember traveling with my parents passing CheckPoint Charlie from West- to East Berlin as boy, an unpleasant experience to say the least. Physical barriers were used to keep people both out and in, we have all seen the cold war spy movies, the images are vivid.

Fast forward 40 years.

The USSR fragments in 1991, and the Russian economy collapses. Communism implodes because that business model is not sustainable. At the time, there were roughly 800,000 official KGB agents in Russia. After the collapse, they spent ten years morphing into the FSB, all the while expanding and absorbing other instruments of power, including criminal networks, other security services, economic interests, and parts of the political elite.

The West loses it's arch enemy, starts enjoying peace and focuses less on NATO as their main defensive force against the USSR. The strong anti-USSR values that bind the West together no longer hold and the world order that America depends upon starts to come apart.

During those 40 years, the cold war has gone underground, it transforms to some degree in covert actions committed by both the CIA and the FSB, and overt actions like propaganda campaigns by both sides which are very much going on today.

Former Soviet satellite states are disillusioned with the NATO and the west, and at the moment believe they have to fend for themselves -- or even having to defend their sovereign territory against Russian aggression like the Ukraine.

In Moscow, Vladimir Putin is playing the long game

In Moscow, Vladimir Putin is playing the long game and is leveraging this unraveling of the Western world order as fast as he can. He is trying to make Russia into a superpower again, and uses everything he can in his spook toolkit including the asymmetrical hybrid information warfare we see today.

The last two administrations have failed to see that the West is already at war, whether it wants to be or not. I am quoting Molyy McKew here, who has been an advisor to Eastern European governments: "It may not be a war we recognize, but it is a war. This war seeks, at home and abroad, to erode our values, our democracy, and our institutional strength; to dilute our ability to sort fact from fiction, or moral right from wrong; and to convince us to make decisions against our own best interests." Interesting that this last is one of the definitions of social engineering.

The current war is one of subversion more than domination. These shadow tactics are what the KGB starred in and what Vladimir Putin learned when he came up through the KGB ranks.

A large majority of Russians who were shocked by the economic and social hardships of the 1990s applauded Putin as the strongman who built a new security state, even though his Kleptocracy weakened the Russian economy and civic institutions. Looking at Russia today, it's a gas station with a flag on it, with an overblown police force and a criminal economy the size of Italy. Oh, and the world’s largest nuclear arsenal...

Putin is operating on a very old, very successful principle that to keep your own group together, there is nothing better than having a mutual enemy. Putin wants the West to fragment and become as weak and broken as they perceive themselves to be.

Putin’s Russia needs the USA to be its enemy Number One

In short, Putin’s Russia needs the USA to be its enemy Number One. It's a war that needs to be won and its goal is an unstable new world of "all against all" where Putin can be a strong player. Keep in mind that it's a combined war machine, Russia's hard power and the technological, information, economic, cultural and criminal tools are all used toward this strategic objective. Here is where Gen. Valery Gerasimov's doctrine comes in. He's the chief of Russia’s General Staff. In his 2013 article, Gerasimov talked about the Russian military’s desire to hone its hacking skills as an extension of conventional warfare and political conflict.

It is also where the criminal hackers fit right in that harrass Western corporations and non-profits. They are all part and parcel of Putin's much larger campaign of destabilization. They are not going away any time soon.

There is one parallel between global geopolitics and IT security. Used to be in the early days with dumb terminals and no mobile devices that firewalls actually worked, similar to the Iron Curtain. But now with the traditional periphery gone and BYOD all over the place, firewalls are not that effective and the end-user really needs to be your human firewall.

That end-user needs to be trained to recognize social engineering attacks and efforts to manipulate them by highly sophisticated Eastern European bad actors.

There is something that can be done about this...

The vast majority of these attacks start with phishing. KnowBe4's integrated training and phishing platform allows you to send fully simulated phishing emails so you can see which users answer the emails and/or click on links in them or open infected attachments. If you have a Platinum subscription you can even send them "vishing" attacks straight to the phone on their desk.

See it for yourself and get a live, one-on-one demo.

Request A Demo

https://info.knowbe4.com/kmsat-request-a-demo

Warm regards,
Stu Sjouwerman
CEO, KnowBe4, Inc.

Our friends at Barracuda run their Email Threat Scanner over hundreds of thousands of customer mailboxes and discovered a highly effective phishing attack that tricks a whopping 90% of the victims. You need to tell your users about this right away.

This evil airline phishing attack combines all "criminal best-practices" to steal credentials and drop malware on disk which is used to then further hack into your network.

The campaign targets companies that deal with frequent shipping of goods or employee travel, for instance logistics, shipping, or manufacturing, but almost any organization has people that frequently visit customers or business partners.

The phishing attack targets these employees, and the attackers do quite a bit of research before sending the phishing emails. The messages are constructed with subject lines and bodies that include destinations, airlines, and other details that are specific to each victim, helping them appear more authentic. Here is an example subject line:

Fwd: United Airlines: Confirmation – Flight to Tokyo – $3,543.30

“After getting the employee to open the email, the second tool employed by the attacker is an advanced persistent threat embedded in an email attachment. The attachment, usually a flight confirmation or receipt, is typically formatted as a PDF or DOCX document. In this attack, the malware will be executed upon the opening of the document,” Asaf Cidon, vice president of content security services at Barracuda, said in a post explaining the attacks."

To start with, send this to all employees, no matter if they travel or not. Feel free to copy/paste/edit:

"There is a new spin on an existing phishing scam you need to be aware of. Bad guys are doing research on you personally using social media and find out where and when you (might) travel for business. Next, they craft an email especially for you with an airline reservation or receipt that looks just like the real thing, sent with a spoofed "From" email address that also looks legit.

"Sometimes, they even have links in this email that go to a website that looks identical to the real airline, but is fake. They try to do two things: 1) try to steal your company username and password, and 2) try to trick you into opening the attachment which could be a PDF or DOCX. If you click on the link or open the attachment, your workstation will possibly get infected with malware that allows the bad guys to hack into our network.

"Remember, if you want to check any airline reservations or flight status, open your browser and type the website name in the address bar or use a bookmark that you yourself set earlier. Do not click on links in emails to go to websites. And as always.... Think before You Click!"

What To Do About It

Barracuda recommends the following. (Here at KnowBe4 we call it defense-in-depth but it is the same concept):

"Companies should use a multi-layered security approach to block this type of attack.

1. The first layer is sandboxing. Effective sandboxing and advanced persistent threat prevention should be able to block malware before it ever reaches the corporate mail server.
2. The second layer is anti-phishing protection. Advanced phishing engines with Link Protection look for links to websites that contain malicious code. Links to these compromised websites are blocked, even if those links are buried within the contents of a document.
3. The third layer is employee training and awareness. Regular training and testing of your employees will increase their awareness and help them catch targeted attacks without compromising your internal network."
   We could not agree more.

If you want to spend less time putting out fires, get more time to be proactive, and get the things done you know need to be done, step your employees through effective security awareness training. It will help you prevent compromises like this or at least make it much harder for the bad guys to social engineer your users. More than 9,000 of your peers are using KnowBe4.

Security researchers have discovered a new fileless ransomware in the wild, which injects malicious code into a legitimate system process (svchost.exe) on a targeted system and then self-destructs itself in order to evade detection by antivirus.

The nasty has been called SOREBRECT and unlike more generic "spray-and-pray" ransomware, it has been designed to specifically target enterprise systems in various industries.

SOREBRECT also takes pains to delete the infected system’s event logs and other artifacts that can provide forensic information such as files executed on the system, including their timestamps. These deletions deter analysis and prevent SOREBRECT’s activities from being traced.

This malicious code, after it has taken control of the machine, uses Microsoft’s Sysinternals PsExec command-line utility to encrypt files. I am sure that Mark Russinovich is not happy about this!

Why PsExec?

“PsExec can enable attackers to run remotely executed commands, instead of providing and using an entire interactive login session, or manually transferring the malware into a remote machine, like in RDPs,” Trend Micro says.

SOREBRECT Also Encrypts Network Shares

SOREBRECT also scans the local network for other connected computers with open shares and locks files available on them as well. “If the share has been set up such that anyone connected to it has read-and-write access to it, the share will also be encrypted,” researchers say.

In addition, SOREBRECT uses the Tor network protocol in an attempt to anonymize its communication with its command-and-control (C&C) server, just like almost every other malware.

Sorebrect Ransomware Spreads Worldwide

According to Trend Micro, Sorebrect was initially targeting Middle Eastern countries like Kuwait and Lebanon, but from last month, this threat has started infecting people in Canada, China, Croatia, Italy, Japan, Mexico, Russia, Taiwan, and the U.S.

This is not the first time when researchers have come across Fileless malware. Two months ago, Cisco's Talos researchers discovered a DNSMessenger attack that was completely fileless and used DNS TXT messaging capabilities to compromise systems.

In February, Kaspersky researchers also discovered fileless malware that resided solely in the memory of the compromised computers, which was found targeting banks, telecommunication companies, and government organizations in 40 countries.

Fileless malware is much harder to detect by antivirus than malware that first lies down a file on disk, and then does its dirty work. Kaspersky said: ""Unfortunately the use of common tools combined with different tricks makes detection very hard. In fact, detection of this attack would be possible in RAM, network and registry only."

What To Do About It

Below the best practices for securing your systems and network against SOREBRECT suggested by TrendMicro.

• Restrict user write permissions

• Limit privilege for PsExec

• Back up files

• Keep the system and network updated

• Deploy multilayered security mechanisms

• Foster a cybersecurity-aware workforce.

Trend Micro advised: "User education and awareness helps improve everyone’s security posture. Like other malware, ransomware’s points of entry is typically through email and malicious downloads or domains. Organizations should conduct regular training to ensure that employees have a solid understanding of company security policy, procedure, and best practices."

We could not agree more. You need defense-in-depth and a human firewall as your last line of defense. Here is a free job-aid for your employees. It's a single page with the 22 Social Engineering Red Flags. They can print it and pin it to their wall. This is a link to a PDF that is hosted at HubSpot, where our website lives:

https://cdn2.hubspot.net/hubfs/241394/Knowbe4-May2015-PDF/SocialEngineeringRedFlags.pdf?

Warm regards, Stu

OK, this is a headscratcher. This is why we were surprised. I found it in a Wall Street Journal article (paywall).

Bill Burr, the author of “NIST Special Publication 800-63. Appendix A.” which covers “traditional” password complexity requirements, has said that password complexity has failed in practice.

Whoa Nellie.

NIST started from scratch and the general idea of the new NIST guidelines is to use pass phrases of (suggested 25 normal characters) that change only as needed, as in a compromised account.

Turns out this NIST special publication has been formal since last month – and it’s been available in draft form for some time before that.

It is true that complex passwords with arbitrary password expiration force many users to make poor security choices. I applaud NIST for being pragmatic about this. Let’s at least get the conversation going. The real test will be how the audit and compliance world accepts these recommendations.

So now, we need a little bit of feedback about the password policy in your organization, because we were just updating our password training module!

Please take this 1-minute, 7-question, multiple choice survey.

Help me out and give me your feedback? This is the link to Survey Monkey (not phishing, but if you do not want to click on redirected links, please copy and paste this in your browser)

https://www.surveymonkey.com/r/KB4_password_survey

Thanks in advance!

Warm regards,

Stu

Here is the latest tactic in the cat-and-mouse game between cybercrime and security software vendors. The bad guys have come up with new a ransomware phishing attack, tricking users to open what appears to be a document scanned from an internal Konica Minolta C224e. This model is one of the most popular business scanner/printer in the world. The emails are written to make the user think that the communication is from a vendor.

Basically, Locky is back with a vengeance and a whole new bag of evil tricks.

The campaign launched Sept. 18 features a sophisticated new wrinkle, enabling it to slip past many of the machine learning algorithm-based software sold by some of the industry’s most popular vendors, said security firm Comodo.

“The method of phishing is by an attachment of an email; the attachment is disguised as a printer output, and it contains a script inside an archive file,” said Fatih Orhan, vice president of Comodo Threat Research Labs. “These are not enough to make a phishing detection.”

This is the third recent Locky attack

The third in an increasingly sophisticated series of ransomware attacks launched this summer is also a “Locky” malware variant dubbed IKARUS by Comodo, some other other security vendors are calling it Diablo6.

As in previous attacks, the hackers are using a botnet of zombie computers which makes it hard to block in spam filters.

“Employees today scan original documents at the company scanner/printer and email them to themselves and others as a standard practice, so this malware-laden email looks quite innocent but is anything but harmless,” the report continues.

The most innovative hook of this new feature involves the way the hackers manage to evade anti-malware software.

Here is how it evades machine learning

“Machine learning algorithms need to extract the attachment, open the archive, extract the script and understand it has a malicious intent,” said Orhan, the Comodo research head. “But usually, these scripts contain just a download component and do not have malicious intent on their own.”

“That’s why even machine learning is not sufficient in making these kind of detections,” he continued. “Complex solutions are needed to run the script dynamically, download actual payload, and perform malware analysis to conclude that it is phishing.”

In other words, it looks like that again the bad guys are ahead of your antivirus, whether that is traditional or machine-learning flavor.

What do you do when all filters have failed?

Your users still are and will remain your last line of defense, when all filters have failed. You need to create a human firewall. New-school security awareness training is the way to go. Join 13,000 KnowBe4 customers and keep the bad guys out of your network.

I strongly suggest you get a quote for new-school security awareness training for your organization and find out how affordable this is. You simply have got to start training and phishing your users ASAP. If you don't, the bad guys will.

Get a quote now and you will be pleasantly surprised.

https://info.knowbe4.com/kmsat_get_a_quote_now

Warm regards, Stu

Oh boy. Uber is known for pushing the limits of the law and has dozens of lawsuits pending against it, but this one went too far and now comes the reckoning.

Bloomberg was first to report that hackers stole the personal data of 57 million customers and drivers from Uber, a massive breach that the company concealed for more than a year. Finally, this week, they fired their chief security officer and one of his deputies for their roles in keeping the hack under wraps, which included a $100,000 payment to the attackers to "delete the data". Yeah, sure!

Victim Of A Simple Credentials Phishing Attack?

Here’s how the press describes the hack: Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company.

From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company. If you read between the lines, that could very well be a simple credentials spear phishing scheme, done with some crafty social engineering, or perhaps careless developers leaving internal login passwords lying around online:

Failure To Disclose

Joe Sullivan, the outgoing security chief, spearheaded the response to the hack last year, a spokesman told Bloomberg. Sullivan, a onetime federal prosecutor who joined Uber in 2015 from Facebook Inc., has been at the center of much of the decision-making that has come back to bite Uber this year.

Bloomberg reported last month that the board commissioned an investigation into the activities of Sullivan’s security team. This project, conducted by an outside law firm, discovered the hack and the failure to disclose, Uber said.

SNAFUS are bad, but cover-ups can kill you

No doubt regulators will also be asking tough questions about why they were not informed about the breach until this week, and class-action lawsuits... heeeere we come!

Uber says it has "not seen evidence of fraud or misuse tied to the incident." Let's hope that they are right, but it is highly unlikely that these records were deleted. It's practically sure they are sold on the dark web or will be. There are many ways that data could be abused by criminals without Uber ever becoming aware.

All organizations would be wise to remember this: SNAFUS are bad, but cover-ups can kill you. You can ask forgiveness for being hacked and handle your disclosure correctly, but many people will find it harder to forgive if you deliberately covered up the truth.

Expect Uber-themed phishing attacks

Now that this is all over the press, the bad guys are going to send Uber-themed phishing attacks in a variety of flavors. First will be emails with warnings like "Your Uber Account Has Been Compromised" sending people to compromised websites where indeed their credentials will be stolen! You can imagine online criminals are going to have a field day with this, since it's all over the press and people are going to get worried.

I suggest you send the following to your friends, family and employees, feel free to copy/paste/edit:

Uber has suffered a data breach a year ago, and the address and email information of 57 million people were stolen. Uber paid off the hackers who then supposedly deleted the data, but that cannot be confirmed.

Watch out for phishing emails related to this Uber data theft, for instance that your "Uber account was compromised" and that you need to change your password, or anything else related to Uber that could be suspicious.

Never click on a link in an email, always go to the website yourself through your browser's address bar or a bookmark you have set eaarlier. Remember, Think Before You Click!

Warm regards,

Stu Sjouwerman

Founder and CEO, KnowBE4, Inc.

Cisco's midyear report released this week showed that CEO Fraud netted cybercrime five times more money than ransomware over the last three years.

The surprising highlight of Cisco's ninety page report was that cybercrime made $5.3 billion from CEO Fraud attacks --called business email compromise (BEC) by the FBI-- compared with a "mere" $1 billion for ransomware over a three-year stretch,

Organized Eastern European cybercrime is more and more taking the "time is money" approach, in this case billions, says Steve Martino, Cisco's chief information security officer. "What we are looking at is the continual commercialization of cyberattacks," Martino says, pointing out that is a major theme in the report.

Malicious ransomware takes time to develop and extensively test before any net Bitcoin comes into the wallet, compared to doing a quick bit of research on LinkedIn and crafting a spoofed spear phishing attack. CEO Fraud simply is faster to pull off. Moreover, your run-of-the-mill spray-and-pray ransomware attacks are often lower-dollar numbers.

Schooling Users on CEO Fraud and Ransomware

Cisco's Martino says targeted cybersecurity education for employees can help prevent users from falling for CEO Fraud and ransomware attacks. The finance department could especially benefit from security training on phishing campaigns, so when the bogus email comes across the transit of the CEO asking for a funds transfer it can be detected, Martino says.

Regular software patching also is crucial. When spam laden malware hits or ransomware attacks similar to WannaCry surfaces, the impact can be minimized. "People focus on new technology, but forget about patching and maintaining the infrastructure," Martino observed.

And a balanced defensive and offensive posture, with not just firewalls and antivirus but also including measures to hunt down possible attacks through data collection and analysis, he adds.

Spyware Makes A Comeback

Cisco found that in the first half of this year, attackers altered their methods of delivering, hiding, and evading their malicious packages and techniques.

Fileless malware is popping up, which lives in memory and deletes itself once a device restarts, according to the report. As a result, it makes detection and the ability to investigate it more difficult.

Additionally, attackers are also making use of anonymized and decentralized infrastructures, such as Tor proxy services, to hid command and control activities.

Meanwhile, three families of spyware ran rampant, with Hola, RelevantKnowledge, and DNSChanger/DNS Unlocker affecting more than 20% of the 300 companies in the sample for the report.

Ironically, however, many companies and organizations underestimate or virtually dismiss spyware. "Spyware is being disguised as adware and adware, unlike spyware, does not create damages for a company," says Franc Artes, Cisco's Security Business Group architect. He adds that attackers are injecting spyware and other forms of malware into adware, since adware is a low priority for security teams.

Download Your CEO Fraud Prevention Manual

CEO fraud has ruined the careers of many executives and loyal employees. Don’t be next victim. This brand-new manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.

Download The Manual Here:

https://info.knowbe4.com/ceo-fraud-prevention-manual

Warm regards,
Stu

We all know that two-factor authentication (2FA) is much better than just simple user/password credentials. However, there is a nasty spoofing trick that bypasses 2FA if the user does not pay attention. Warn your users that have 2FA-enabled accounts against this, which are usually key people with access to sensitive information.

• Using creds from the massive databases with tens of millions of credentials that have surfaced the last few weeks -- notably from LinkedIn, My Space and Twitter, or

• Sending a phishing email with a malicious attachment which installs a keylogger on the box and sends the credentials back to the hacker

Once they have the creds, here's the 4 steps how this scam goes down:

• The attacker sends the target a text message, spoofing the company that the target has an account with. The text states they have detected "suspicious" activity to the account, and so are sending the 2FA code to the target, which they should then text back to them to avoid having their account locked.

• The attacker logs into the account with the known credentials, which prompts the 2FA code to be sent to the target.

• The (worried) target tries to prevent a negative consequence and texts the code back to the attacker, but by doing that they give the hacker just the thing they needed to break into the account.

• The hacker now enters the victim's 2FA code, and they're in. The French would say: "Simple comme Bonjour".

So, I would send an email to your employees, friends and family who have any of their accounts protected with 2FA. Feel free to copy/paste/edit:

"There is a new scam you need to watch out for if you log into your accounts and have to wait for a text message on your phone to enter and only then log in. This more secure system is called "2-factor authentication". These two factors are:

• one thing you need to know -- your password
• one thing you have to have -- the text code on your phone

Now, criminal hackers are trying to get past this with a nasty trick you need to watch out for. Tens of millions of hacked user names and passwords have recently surfaced -- yours may be one of them -- and they are using these for this scam.

They send you a fake (spoofed) text that looks like it's from the company you have an account with, claiming that your account may be hacked or that there is suspicious activity happening.

In the same text they say they will send you your verification code and that you need to send that right back to them or your account gets closed. But if you text that verification code back, you have given the hacker just the thing they needed to hack into your account!

TIP TO STAY SAFE

If your accounts are protected by 2-factor authentication, the only time you will be sent the code is to verify an attempt to log into your account. That means if you did not just try to log in and you suddenly receive a verification code through a text message to your smartphone, it is because a scammer who already has your user name and password is trying to hack into your account.

Never provide your verification code to anyone. Only use it to input the code into your smartphone or computer when you log into a 2-factor authentication protected account. And as a reminder, never give out personal information, such as your Social Security number or credit card numbers in response to a text message (or email) because you simply cannot know for sure who is really on the other end of that communication line.

Remember, Think Before You Click!"

I would send this right away to people in Accounting, HR, Legal, and C-level execs that have 2FA accounts set up for them.

Let's stay safe out there.

Warm regards,

Stu Sjouwerman

Founder and CEO of KnowBe4, Inc.
www.KnowBe4.com

I was at RSA 2017 in San Francisco last week, and apart from meetings with customers, VCs and the Press, I found a large amount of relevant security news. Out of the firehose of RSA data, I distilled the 7 urgent reasons why you need to create your "human firewall" as soon as you possibly can. Employees are your last line of defense and need to become an additional security layer when (not if) attacks make it through all your technical filters.

1. Ransomware heads the list of deadly attacks

SANS' Ed Skoudis said the rise in ransomware was the top threat. “We’ve seen this can bring down a whole network of file servers and we expect many more attacks”. His advice is that companies practice network security “hygiene” and limit permission for network shares to only those jobs that require it. And of course train your users within an inch of their lives.

2. Phishing leads the IRS dirty dozen of scams

The Internal Revenue Service rounded up some of the usual suspects in its annual look at the Dirty Dozen scams you need to watch out for this year. It should come as no surprise that the IRS saw a big spike in phishing and malware incidents during the 2016 tax season because the agency has been very public about its battle with this scourge.

3. CEO Fraud / W-2 Scams is their close second

Just this month the IRS issued another warning about what it called dangerous, evolving and very early W-2 scams that are targeting a widening swath of corporations, school districts and other public and private concerns. High-risk users in Accounting and HR need to be frequently exposed to simulated attacks using email, phone and text to inoculate them against these attacks.

4. Phone Scams

Your users need to be trained that when they pick up the phone, the person on the other end might be a criminal hacker that tries to manipulate them into getting access to the network. They impersonate "Tech Support" and ask for a password, or pretend to solve technical problems and compromise the workstation.

5. Your Antivirus is getting less and less effective

We all had the nagging suspicion that antivirus is not cutting it anymore, but the new Virus Bulletin numbers confirm your intuition. Virus Bulletin (VB) is the AV industry's premier "insider site", and shows how good/bad endpoint detection rates are, but VB also covers spam filters, and tests them on a regular basis.

Both antivirus (aka endpoint protection) and spam filter tests are published in quadrants graphing the results. What most people do not know, is that participants in this industry all share the same samples, and it's often just a matter of who gets the definition out first, because soon enough everyone else has that malware sample and blocks the hash. The problem? Proactive detection rates have dropped from about 80% down to 67-70% over approx 9 months.

Now you might think that if AV does not catch it, your spam filter will. Think again. One in 200 emails with malicious attachments makes it through. That puts the potential for malware making it in your users' inbox into the millions… every day. Here is a blog post with the scary numbers.

6. The Internet Of Things

Your users need to understand the nature of connectedness. Both consumer and commercial devices are using wireless protocols to connect to each other and the internet, with vendors rushing products to market without proper security features. Your employees need to be trained to change the default passwords and disable remote access. If your organization has anything to do with critical infrastructure, users need to be aware of the risks and do fire drills so they are prepared for any kind of attacks against the IoT.

7. Over-reliance On Web Services

This break down in two different flavors. First, shadow-IT where employees completely bypass the IT department and create their own storage and services: an invitation to a host of vulnerabilities and data breaches that IT cannot control. Employees need to be enlightened about the dangers of shadow-IT and understand the risks. Second, web-apps and mobile apps are increasingly vulnerable to attacks while talking to third-party services. There’s no actual certainty that apps are connecting to the expected entity, or if a man-in-the-middle stepped in, stealing data, and possibly returning false information. This is a problem that developers need to solve with industry-strength handshaking and encryption protocols

I strongly suggest you get a quote for new-school security awareness training for your organization and find out how affordable this is. You simply have got to start training and phishing your users ASAP. If you don't, the bad guys will, because your filters never catch all of it. Get a quote now and you will be pleasantly surprised.

Get A Quote: https://info.knowbe4.com/kmsat_get_a_quote_now

Let's stay safe out there.

Warm regards,

Stu Sjouwerman,

Founder and CEO, KnowBe4, Inc