Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

---

 

Ransomware threat highlights why backing up data is essential

A stark reminder that a good backup is the only thing that can save your data. Please – back up your data regularly.

Among other things, one the key message emanating from this particularly painful case was in the undisputable importance of backing up data. As the journalist noted in a follow up article – in which he detailed how much effort and cost is required to reclaim back some of his digital life – he now swears by it. It is way of life for him:
“When you control your data locally, and have it stored redundantly, no one can take it from you. Not permanently, at least. I’ve now got a local and online backup solution, and I’m about to add a second off-site backup into that mix. That means I’ll have four copies of everything important to me. Overkill? Probably. But I’m once bitten.”

Cybercrime: A Black Market Price List From The Dark Web

Sometimes, attackers can’t use the machines they’ve hacked themselves. So – they’ll sell access to it to the highest bidder on the black market. Have you ever wondered how much a much a hacked machine rents for these days? The guys over at Dark Reading found out.

For years now, security researchers have observed the evolution of the cybercrime economy, as malware authors, identity thieves and fraudsters have peddled their wares in a marketplace that has grown increasingly specialized in its division of labor. 
Today, the menu of options is staggering, with many widely available items and services becoming quickly commoditized. Social security numbers, stolen credit card numbers and full identity information run for as cheap as a few bucks each.

5 things you should know about two-factor authentication

Two-Factor Authentication and Two-Step Verification are essential methods to protect the access to your systems. Here are some useful things to know about these methods.

One of the best pieces of security advice any computer expert can give you is to enable two-factor authentication for websites that support it. With password breaches so common nowadays, it could be the one thing that keeps hackers from stealing your identity online. Here are five points to help you understand this technology.

Petya ransomware eats your hard drives

Another week, another piece of ransomware.
This nasty version starts with a HR related phishing message with a Dropbox link to land the dropper. Once you do, your data is held hostage. Same old tricks but, still highly effective.

It looks like 2016 should be declared a year of ransomware, as new families and new versions are popping up every now and then like mushrooms after the rain.
Ransomware is evolving — fast.
The new versions of ransomware use strong asymmetrical encryption with long keys so that files cannot be decrypted without the key. The bad guys have started using TOR and payments in bitcoins for the sake of staying totally anonymous. And now there is Petya ransomware which in a certain sense encrypts the whole hard drive all at once instead of encrypting files one by one.

Lessons Learned While Protecting Gmail

Google’s Abuse Team deals with a plethora of online threats every single day. Here’s a great great video about the lengths they go through to keep Gmail and Google Apps safe, and the lessons they’ve learned while doing it.

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

---

 

Audit Reveals IRS Struggles to Implement Security Controls
The IRS has access to vast amounts of confidential information of American citizens. Yet they fail to implement some basic security controls to keep it safe.

Until the IRS takes appropriate steps to resolve control deficiencies, taxpayer data will remain “unnecessarily vulnerable” to inappropriate use, says Gregory Wilshusen, GAO director of information security issues and co-author of the audit report, which was published March 28.

McAfee Labs Unlocks LeChiffre Ransomware – McAfee
One good piece of Ransomware news this week. There’s always a war going on between creators of malware and security companies. This week, McAfee won a battle by figuring out how to unlock a specific piece of ransomware.

As we analyzed this ransomware, we found that we could unlock all LeChiffre-encrypted files without having to pay a ransom.

Like It Or Not, Firewalls Still Front And Center
Having a secure firewall – how important is it?

According to survey respondents, 91% of security practitioners say that firewalls are as critical as always or more critical than ever to their security architecture, and the same ratio believe this will continue to be the case for the next half decade.

PowerWare – New Ransomware Written in PowerShell

Another piece of ransomware has been found using Microsoft Word. Microsoft Word documents rarely contain macros for a very good reason. If you see a prompt requesting permission to run a word macro, answer “no” then review the document. Most legitimate document authors don’t use macros in their documents and almost all hackers do.

Criminal gangs behind PowerWare are spreading it using spam messages including a Word document attachment purporting to be an invoice. The attackers use an old trick in order to convince victims in enabling the macros, they request to enable macros to correctly view the document.

 

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

---

 

Businesses fail to prepare as cybercrime surges globally

Cybercrime is on the rise, causing massive losses to businesses. Unfortunately, most organizations don’t have a plan in place to protect themselves against it. Don’t let your business be one of the unprepared businesses that gets taken advantage of.

Cybercrime is now the second most reported economic crime and has affected at least a third of organizations in the past 24 months, yet many businesses are still underprepared, a PWC report has found.

PhishLabs on the growing sophistication of business email scams

Business email compromise (BEC) is a scam that’s growing rapidly. Here’s a great video about how it can affect you.

The dirty dozen: 12 cloud security threats

Cloud security experts gathered last month to come up with a list of 12 security threats to watch out for.

As the RSA Conference earlier this month, the CSA (Cloud Security Alliance) listed the “Treacherous 12,” the top 12 cloud computing threats organizations face in 2016. The CSA released the report to help both cloud customers and providers focus their defensive efforts.

Wait, my Mac can be infected?

There used to be a time where Macs were thought to be safe from viruses and attacks. Not anymore. Your Mac is vulnerable, too.

We won’t blame you if you were one of the people who believed the myth of the super-secure Mac. We blame the Internet and the media for building up the hype.

At last week’s RSA conference, I sat in a session that covered hacking a Mac. The theory behind this presentation was that an assailant could hack into a Mac given the practice of installing software that did not come from a trusted store or official App Store. This bit of social engineering plays into the ego of the “uber-savvy” Mac user.

CryptoWall, TeslaCrypt and Locky: A Statistical Perspective

A statistical view of systems affected by a specific strain of ransomware. Very interesting.

In total, we collected over 18.6 million hits from CryptoWall, TeslaCrypt and Locky C&C communications. It is important to consider that when analysing IPS hits, malware may communicate to its C&C server multiple times. In this case, analysing the ratios of these numbers provide more meaningful results.

More companies snared by same type of phishing attack that hit Snapchat

These attacks prove it: spearphishing and Business Email Comprimise are here to stay.

Cybercrooks are boldly targeting companies with campaigns designed to steal employees’ personal data, frequently through targeted emails claiming to come from within the company.

This kind of scam, called spear-phishing, can trick employees into divulging sensitive information, as we saw late last month when Snapchat was snared by a targeted email that appeared to come from Snapchat’s CEO and requested data on current and past employees.

Tips To Maximize Battery Life And Battery Lifespan Of Your iPhone, iPad And Other iDevices, According To Apple : PERSONAL TECH

There’s a big chance that you’re actively doing things that are hurting the battery life of your phone or computer. Here are some great tips for maximizing you iPhone’s battery life. Also, Craig Federighi finally confirmed that force quitting apps does not affect battery life.

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

---

 

​Apple users beware: First live ransomware targeting Mac found ‘in the wild’

Once a safe haven because of their small marketshare, Macs are now getting their fair share of attention from malware creators. Here’s a ransomware specifically targeting Macs.

“This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom,” Palo Alto Threat Intelligence Director Ryan Olson told Reuters on Sunday.

7 Attack trends that make security pros sweat

Find out what attacks the security experts are worried about these days.

Researchers with the SANS Institute took full advantage of the opportunity to give a packed house a run-down of the threats and the attack techniques that have come to the forefront lately, those which the security industry is most likely to find itself fighting most in the year to come.

Key takeaways from the RSA security conference

A lot of security professionals seem to agree that detection of issues in your environment is far more important and feasible than prevention of all possible issues.

One of the CISO’s summed it up brilliantly: “If it were that easy cyber security would not be the topic of discussion around the globe on a daily basis for both CEOs and nation leaders.”

Snapchat snared by phishers impersonating CEO, employee data swiped

Phishing is one of the most common scams on the internet. New types of phishing scams pop up daily. In this particular scam, they impersonated someone you might trust.

Spear-phishing is a type of social engineering attack targeted at a particular individual or organization to make it more believable – in this case, by impersonating Snapchat’s CEO.
The attacker stole private payroll information of an unknown number of past and present Snapchat employees.

3 Cybercriminal Tactics Using Netflix

Cybercriminals are now using Netflix in their crimes. Read here how.

With such a level of cultural influence, Netflix has in turn gained not only our familiarity, but also our trust. And that’s exactly why Netflix is also drawing the attention of cybercriminals.

Business email compromise scammers add tax return fraud to their toolbox

Fraudsters might be targeting you with this common scam.

Traditional business email compromise (BEC) scams involve a fraudster emailing a CFO or equivalent member of an organization, pretending to be the CEO or another high-ranking official of the company. The aim of this type of scam is to trick the recipient into carrying out a large and “urgent” wire transfer…

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

---

 

Scam Of The Week – Netflix For Free

With the pervasiveness of Netflix, this particular phishing scam is extremely effective.

At the moment, there are active malware and phishing campaigns targeting Netflix users. The operations are fairly sophisticated, so it is likely this is the work of an Eastern European cybermafia.

Phishing Attacks Continue to Sneak Past Defenses

It seems like every week there is a different spin on phishing scams. Keep your guard up.

“Even though companies are taking actions, it is still one of the easiest ways in,” Angela Knox, senior director of engineering and threat research for Cloudmark

Ninety-one percent of companies encountered phishing attacks in 2015, with the lion’s share—84 percent—of companies claiming attacks successfully snuck past their security defenses, according to a survey of 300 U.S. and UK firms conducted as part of the report. A relatively simple attack—sending a message to the accounting department purportedly from the company CEO—has become quite popular, with 63 percent of companies having encountered the tactic.2

Hack Brief: Last Year’s IRS Hack Was Way Worse Than We Realized

The IRS keeps adjusting the number of accounts that got compromised in a hack last year. I have no confidence that these numbers are right. Take a look at one of our past articles for ways to protect yourself from this particular breach.

The initial IRS report indicated that 114,000 accounts had been compromised. It revised that number last August, raising it to 334,000. On Friday, the IRS added another 390,000 accounts to the pile, for a total of well over 700,000 people. There have also been a total of 500,000 targeted, but failed, attempts at access.

Wireless mice and keyboards vulnerable to MouseJack takeover

This is a rare vulnerability that can affect air gapped machines and machines without the use of the networking stack.

An attack of this nature can happen so fast that even if the victim realizes someone has accessed their machine, it’s probably too late. The implications are grave, as hackers could leverage this flaw to steal credentials and sensitive data, or infect a machine with malware that can quickly spread across a connected enterprise. “They can even bypass an air-gapped network by turning a PC into a WiFi hotspot,” said Rouland. Potential applications run the gamut from financial cybercrime to corporate spying to nation-state cyberespionage. Bastille discovered the vulnerability in products manufactured by all seven of the wireless vendors it tested — AmazonBasics, Dell, Gigabyte, HP, Lenovo, Logitech and Microsoft.

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

---

 

Ransomware: How To Lose Your Business In 24 Hours

Great insightful story about ransomware and how it can hurt you.

In 2013, 72% of data breaches analysed world-wide were at companies with 100 or fewer employees

Average cost of cybercrime rises by 200% in just five years

Cybercrime keeps growing and becoming more expensive for companies to deal with. These numbers are staggering and there doesn’t seem to be any end in sight.

Cybercrime is costing the global economy up to $450 billion annually, a new report by Hamilton Place Strategies reveals.
The document finds that the median cost of cybercrime has actually increased by approximately 200% in the last five years alone, and that it is very likely to continue in that vein

A Skeleton Key of Unknown Strength

A new vulnerability has been discovered that’s present in a shocking amount of devices. It’s not clear what the exploit landscape looks like yet for this bug, but it may be the most widely distributed vulnerability of all time.

We’ve investigated the DNS lookup path, which requires the glibc exploit to survive traversing one of the millions of DNS caches dotted across the Internet.  We’ve found that it is neither trivial to squeeze the glibc flaw through common name servers, nor is it trivial to prove such a feat is impossible.  The vast majority of potentially affected systems require this attack path to function, and we just don’t know yet if it can.  Our belief is that we’re likely to end up with attacks that work sometimes, and we’re probably going to end up hardening DNS caches against them with intent rather than accident.  We’re likely not going to apply network level DNS length limits because that breaks things in catastrophic and hard to predict ways.

Adding Up The Total Costs of Ransomware

If you’ve got ransomware on your systems, it can get really expensive. The Hollywood Presbyterian Medical Center had to pay $17,000 in Bitcoins just to get rid of it.

Hollywood Presbyterian had $974,387,384 in revenue and $20,979,948 in net income for 2015. If we divide both figures by 365 days we see that the hospital takes in roughly $2.7 million in revenue and generates $57,479 of net income per day. It was noted in several reports that long delays were experienced by patients and that medical information was being shared via phone and fax between doctors.

Trend of ransom payoffs to unlock malware from ‘electronic stickups’ troubles law enforcement

More shocking ransomware news. It’s more widespread than we think. And businesses have to pay a lot to get rid of it. This is not a good scenario.

Often, businesses conclude paying the ransom is the quickest and most efficient way to get their data back.
“People don’t like to talk about it. It’s happening across all industries, banking, small businesses and other places,” said Phil Lieberman, a cybersecurity consultant.

It’s Here. New Ransomware Hidden In Infected Word Files

Another ransomware strain has been found. This particular one comes in an old form that computer security experts hadn’t seen much for years.

There is a new ransomware strain somewhat amateurishly called “Locky”, but this is professional grade malware. The major headache is that this flavor starts out with a Microsoft Word attachment which has malicious macros in it, making it hard to filter out. Over 400,000 workstations were infected in just a few hours, data from Palo Alto Networks shows.

The battle of the reboot

If you download a new security patch, you need to reboot your computer to install it. Unfortunately, many people neglect to do the second step for way too long – leaving their systems vulnerable to attack.

Windows computers must be rebooted to complete the patch installations. And because a reboot takes the computer out of service for a few minutes, it causes downtime. And when that system is dependent on other systems, or vice versa, rebooting can cause a chain reaction that cripples critical software services. So in fact, the simple act of rebooting a computer to complete the patch installations is the hardest part of the job.

Mega Mess: Records Escape from Disposal Truck

A cyber attack isn’t the only way to lose customer data. You can also just drop it on the street.

“During transport, a small quantity of records were released on Fowler Street in Fort Myers, Florida,” the statement says. “This incident resulted from the condition of the container used by Lee County Solid Waste Division to transport the records and the Lee County driver’s failure to properly secure the container door.”

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

---

 

Stay safe with our Facebook cheat sheet

Everybody uses Facebook. But not everybody uses it securely. Here are some good tips on keeping your Facebook time as safe as possible.

Studies have shown that although 92% of internet users worry about their online privacy, only 29% have taken steps to change their privacy settings to ensure greater protection on social networking sites.

The Phishie Awards: (Dis)Honoring The Best Of The Worst Phishing Attacks

Phishing attacks are one of the biggest threat on the internet. It’s a scam anyone can fall for. Here are some of the most cunning, most dangerous and most creative phishing attacks out there.

These days, the social engineer’s favorite tool isn’t the smile; it’s the humble phishing message.

It’s a very adaptable piece of kit. It can deliver any manner of malicious payloads, as attachments, embedded objects, or links. It can be customized to lure in any kind of game — from John Q. Public to John Q. White House Ambassador. It can be used as part of attacks to steal data, steal money, or steal secrets.

Samsung warns customers not to discuss personal information in front of smart TVs

Just when you thought you were safe, you find out that your TV might be spying on you! If you have a “smart TV” – definitely read this.

Samsung has confirmed that its “smart TV” sets are listening to customers’ every word, and the company is warning customers not to speak about personal information while near the TV sets.

CTO Perspectives: Why do Security Professionals need Threat Intelligence

As eliminating threats becomes more and more difficult, it becomes more and more important to realize the danger you might be in in your technology environment.

Many factors influence relevancy. Is the threat source known? Is the target known? Are the protocols or behaviors being used by the threat in use in your environment? Does the threat discriminate or does it apply techniques that can broadly apply to many different environments?

Skimmers Hijack ATM Network Cables

A scary new technique to hide ATM skimmers. To stay safe make sure you ALWAYS use a first party ATM.

“These devices are plugged into the ATM network cables and intercept customer card data. Additional devices are attached to the ATM to capture the PIN,” NCR warned. “A keyboard overlay was used to attack an NCR ATM, a concealed camera was used on the Diebold ATM. PIN data is then likely transmitted wirelessly to the skimming device.”

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

---

 

Monday Morning Quarterbacking Super Bowl 50: Infosec Edition

Some advice for football teams is also applicable to information security. Good advice for your business.

Don’t skip practice
It goes without saying that a football team that doesn’t practice isn’t going to win anything. But it’s interesting how many security teams only practice on-the-job training for data breaches, highly targeted attacks, insider data leaks, and the like.

10 Shocking New Facts About Ransomware

Ransomware has taken over the cybercriminal world in the last few years and there’s no end in sight. My favorite excerpt of this article is the extremely awkward advice from the FBI.

Last fall the FBI said that it suggests to consumers or businesses caught with their proverbial pants down to just pay the blackmailers if they want to access their data.

New Magic Ransomware developed from open source EDA2 Ransomware

Yet another type of ransomware has been developed. More threats to watch out for.

…the eda2 ransomware kit contains everything a would-be criminal needs in order to create their very own ransomware. This kit includes the code for not only the ransomware executable and the encryption algorithm, but also the PHP web panel that acts as a Command & Control server for storing the encryption keys of victims.

Mystery hacker hijacks Dridex Trojan botnet… to serve antivirus installer

Turns out a hacker grew a conscience. Is this a good Samaritan or a black hatter gone grey? No one knows.

But the recent hack means part of the botnet has been requisitioned to quite different ends. “The content behind the malware download URL has been replaced, it’s now providing an original, up-to-date Avira web installer instead of the usual Dridex loader,” explained Moritz Kroll, a malware expert at Avira.

Java installer flaw shows why you should clear your Downloads folder

Got old Java installers in your download folders? Delete them – or risk getting infected. It’s important.

On Friday, Oracle published a security advisory recommending that users delete all the Java installers they might have laying around on their computers and use new ones for versions 6u113, 7u97, 8u73 or later.

Adwind malware-as-a-service hits more than 400,000 users globally

If you can’t build your own malware, you can just buy it. Adwind is currently undetectable by anti-virus programs. Network egress policies should catch the outbound traffic but, further research is needed.

Criminals who bought and used Adwind kit targeted private individuals and small and medium businesses from a number of industries, including: manufacturing, finance, engineering, design, retail, government, shipping, telecom and a lot of others.

That’s why we can’t but encourage enterprises to review the purpose of using Java platform and disable it for all unauthorized sources.

#TheSAS2016 Comics: Banking APTs

Dozens of banks recently lost millions of dollars via so-called APTs. It’s complicated. So here’s a simple “comic” to explain it.

We know that the blogs were a tad long so to summarize we’ve turned it into comic form for your enjoyment.

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

---

 

NSA Hacker Chief Explains How to Keep Him Out of Your System

An unusual insight into what issues the NSA top hacking and cyber security team takes advantage of. Advanced criminals probably use the same methods to break into organizations like yours.

Rob Joyce, the nation’s hacker-in-chief, took up the ironic task of telling a roomful of computer security professionals and academics how to keep people like him and his elite corps out of their systems.

FTC: Tax Fraud Behind 47% Spike in ID Theft

Cyber criminals like stealing your identity. Here are some scary numbers from the IRS about tax fraud and identity theft. It’s more common than you think.

…nearly 50 percent increase in identity theft complaints in 2015, and that by far the biggest contributor to that spike was tax refund fraud.

Remember – never give out sensitive information on incoming phone calls to anyone. Reputable institutions like the IRS would never ask you to:

The IRS does not initiate contact with taxpayers by email to request personal or financial information. This includes any type of electronic communication, such as text messages and social media channels.

Big Week For Ransomware

Several major organizations were victims of ransomware this week. Read their horror stories here.

What a week for ransomware. The bullish code that extorts users by locking or encrypting their files and devices has made headlines all week. In case you missed it, here’s a roundup.

Moving to a Plugin-Free Web

In a historic move,  Oracle announces plan to deprecate the Java Plugin browser plugin. The attack surface area on most PC’s just shrank by one.

Oracle plans to deprecate the Java browser plugin in JDK 9. This technology will be removed from the Oracle JDK and JRE in a future Java SE release.

Here’s Why You Need to Install iOS 9.2.1, Stat

A massive security flaw was spotted in iOS recently. The new update fixes the flaw – so download it immediately.

The update fixes a rather serious security flaw, which allowed cybercriminals to potentially monitor, copy and steal the data you use, send and access over a phony Wi-Fi connection. The stolen goods could have included anything you typed while using the device, such as usernames, passwords, and private messages.

Scammers increasingly using rogue extensions to victimize Chrome and ChromeOS users

If you thought Google Chrome and ChromeOS were free from security issues, think again.

Jerome Segura, a Malwarebytes senior security researcher, said cybercriminals are finding extensions are an excellent way to infiltrate Chrome and ChromeOS because, like apps, most users pay little attention to the permissions that must be agreed to prior to downloading an extension.

CryptoWall 4 Targets Booking.com Customers

There’s a new variant of CryptoWall on the loose – infecting systems and causing mayhem. This article explains how it works.

How It Infects Your System: If users ignore Microsoft’s default security warning, the computer becomes infected when the malicious macro code drops and executes an Upatre variant.
This Upatre variant utilizes a common malware technique called process hollowing or dynamic forking to ultimately infect the computer with CryptoWall.

Monday review – the hot 29 stories of the week – Naked Security

Want to read some more? Here are some more great security stories from around the web.

Each week we scour the web to discover the latest developments, news and tips that will help you keep your technology (and your business) safe and secure.

Here are the most interesting articles we’ve found this week that could be helpful to you:

---

 

Too many people still use terrible passwords

When you make your password easy to guess, attackers can easily break into your systems and access your sensitive data. So – please don’t use one of these passwords!

The fifth annual SplashData chart of the internet’s worst passwords is out, and it looks like people just can’t learn the lesson. The firm has aggregated the passwords from around two million that were leaked in 2015, finding that basic, easy-to-guess terms are still in abundance. The most popular code behind which people store their valuables is “123456,” with “password” sitting comfortably in second place. Places three and four are similarly guessable, with “12345678” and “qwerty” being the… look, guys, just no, please stop doing this.

Fake Facebook emails deliver malware masquerading as audio message

Phishing attacks are one of the most common scams on the web. Now, you can even find them in Facebook Audio messages. Moral of the story: always be careful with attachments.

A new spam campaign is targeting Facebook users. It uses the same approach as the recent one aimed at WhatsApp users, and Comodo researchers believe that the authors of both campaigns are likely the same.

The fake emails are made to look like an official communication from the popular social network, and their goal is to make the victims believe they have received a voice message

Symantec Disavows Business Partner Caught Running a Tech Support Scam

Don’t think you can trust someone just because they seem trustworthy. One of Symantec’s partners recently got caught running the “Tech Support Scam”. To make things worse, one of their competitors (MalwareBytes) caught them.

This type of online fraud is known in the industry as “tech support scam,” and most of the times, scammers pose as official support staff for companies such as Microsoft, Google, or Apple.

In this particular case, Malwarebytes was investigating a tech support scam reported by one of its users.

The anatomy and physiology of APT attacks

Curious what a real cyberattack looks like? Here’s a great overview of APT’s (Advanced Persistent Attacks) and how the techniques used by early cyber criminals have been expounded upon and are in use by governments around the world today.

Building on what cybercriminals began, security services from many countries have the capability to attack and steal for their national interests.

Firm Sues Cyber Insurer Over $480K Loss

Business email compromise scams (BEC) are a common type of attack business owners face. Here’s a detailed case study of one BEC scam that is being fought by cyber insurance provider Chubb.

In a letter sent by Chubb to the plaintiff, the insurance firm said it was denying the claim because the scam, known alternatively as “business email compromise” (BEC) and CEO fraud, did not involve the forgery of a financial instrument as required by the policy.

Plus – even the FBI recommends adopting two step or two factor authentication. Please take their advice.

The FBI urges businesses to adopt two-step or two-factor authentication for email, where available, and/or to establish other communication channels — such as telephone calls — to verify significant transactions. Businesses are also advised to exercise restraint when publishing information about employee activities on their Web sites or through social media.