Each week, the PhishLabs team posts The Week in Cybercrime (TWIC) to recap noteworthy cybercrime articles and reports (open source).
This year's US State of Cybercrime Survey reinforces two key points that business leaders should take to heart. The first is that "The cybersecurity programs of US organizations do not rival the persistance, tactical skills, and technological prowess of their potential cyber adversaries."
The second is that the correlation between how much you invest in cybersecurity and the strength of your security posture is significant. "Those that demonstrate a more advanced cybersecurity posture are not necessarily smarter. They have simply invested more and have learned from experience." The odds aren't in favor of those that skimp on security spending...
- USPS Spam Delivering Asprox Variant (Zscaler)
The Zscaler team has published a good analysis of a recent US Postal Service malware lure spam campaign. As with similar campaigns that have impersonated shipping companies and postal services, this attack disguises a malicious link as a shipping receipt to lure victims into downloading malware (Asprox in this case).
- A Social Facebook Phish - is your friend acting strange? (CyberCrime & Doing Time)
Facebook scams aren't limited to malicious content shared to timelines. Fraudsters are also using compromised Facebook accounts to phish via chat sessions. In this example, the attacker sends a malicious link that redirects to a spoofed login page, which then directs to malware.
- True Goodbye: 'Using TrueCrypt Is Not Secure' (KrebsonSecurity)
The anonymous developers behind the TrueCrypt encryption suite have called it quits and are encouraging TrueCrypt users to switch to BitLocker (for Windows systems). The reasons are unclear at this point and likely will remain so considering how well the developers maintained their anonymity. That being said, there's some speculation that the retirement of TrueCrypt is related to a crowdfunded audit of the software that began this year.