CyberheistNews Vol 10 #01
[Heads-Up] Ransomware Attack Forces Arkansas CEO to Fire 300 Employees Days Before Christmas 
The chief executive officer of a telemarketing company in Sherwood, Arkansas has let go 300 employees after the company failed to recover from a ransomware infection a few months back.
In a deeply apologetic letter to employees, The Heritage Company CEO Sandra Franecke said two months ago their servers were attacked by hackers who demanded a ransom to unlock the systems.
Despite paying the attackers what they demanded, the company struggled to get back on its feet. The company could no longer pay wages so the CEO decided to close shop and let everyone go. The layoff came mere days before Christmas, leaving many unsure if they will start 2020 with a job.
The CEO asked everyone to check back on January 2 to see if they will get their jobs back. This is not the first time ransomware shuttered a business in the United States this year. Brookside ENT and Hearing Center, a doctor’s office in Battle Creek, Michigan was forced to close its doors after hackers infected its systems with ransomware, compromising everything from patient records to billing information.
Unlike The Heritage Company, Brookside ENT did not pay the ransom, likely figuring the incident would have the same outcome anyway. Links at the blog:
https://blog.knowbe4.com/heads-up-ransomware-attack-forces-arkansas-ceo-to-fire-300-employees-days-before-christmas
The chief executive officer of a telemarketing company in Sherwood, Arkansas has let go 300 employees after the company failed to recover from a ransomware infection a few months back.
In a deeply apologetic letter to employees, The Heritage Company CEO Sandra Franecke said two months ago their servers were attacked by hackers who demanded a ransom to unlock the systems.
Despite paying the attackers what they demanded, the company struggled to get back on its feet. The company could no longer pay wages so the CEO decided to close shop and let everyone go. The layoff came mere days before Christmas, leaving many unsure if they will start 2020 with a job.
The CEO asked everyone to check back on January 2 to see if they will get their jobs back. This is not the first time ransomware shuttered a business in the United States this year. Brookside ENT and Hearing Center, a doctor’s office in Battle Creek, Michigan was forced to close its doors after hackers infected its systems with ransomware, compromising everything from patient records to billing information.
Unlike The Heritage Company, Brookside ENT did not pay the ransom, likely figuring the incident would have the same outcome anyway. Links at the blog:
https://blog.knowbe4.com/heads-up-ransomware-attack-forces-arkansas-ceo-to-fire-300-employees-days-before-christmas
[LIVE DEMO] See Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us, Wednesday, January 8 @ 2:00 pm (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Check out our new assessment feature and see how easy it is to train and phish your users.
Date/Time: Wednesday, January 8 @ 2:00 pm (ET)
Save My Spot!
https://event.on24.com/wcc/r/2161522/61EC8675F9195AB5ACDC5B9131474C9C?partnerref=CHN2
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us, Wednesday, January 8 @ 2:00 pm (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Check out our new assessment feature and see how easy it is to train and phish your users.
- NEW Assessments! Find out where your users are in both security knowledge and security culture to help establish baseline security metrics you can improve over time.
- Train your users with access to the world's largest library of awareness training content and automated training campaigns with scheduled reminder emails.
- Send fully automated simulated phishing attacks, using thousands of customizable templates with unlimited usage.
- Virtual Risk Officer shows you the Risk Score by user, group, and your whole organization.
- Advanced Reporting on 60+ key awareness training indicators.
- Active Directory Integration to easily upload user data, eliminating the need to manually manage user changes.
- Identify and respond to email threats faster. Enhance your incident response efforts with the PhishER add-on!
Date/Time: Wednesday, January 8 @ 2:00 pm (ET)
Save My Spot!
https://event.on24.com/wcc/r/2161522/61EC8675F9195AB5ACDC5B9131474C9C?partnerref=CHN2
FBI Issues Alert for "Sleeper" LockerGoga and MegaCortex Ransomware
The FBI has issued a warning to private industry recipients to provide information and guidance on the LockerGoga and MegaCortex Ransomware.
Both LockerGoga and MegaCortex are ransomware infections that target the enterprise by compromising the network and then attempting to encrypt all its devices.
In an FBI Flash Alert marked as TLP:Amber and seen by BleepingComputer, the FBI is warning the private industry regarding the two ransomware infections and how they attack a network.
Bad Actors Will Be Resident on the Network for Months
According to the alert, the actors behind LockerGoga and MegaCortex will gain a foothold on a corporate network using exploits, phishing attacks, SQL injections, and stolen login credentials.
Once a network is compromised, the threat actors will install the penetration testing tool called Cobalt Strike. This tool allows the attackers to deploy "beacons" on a compromised device to "create shells, execute PowerShell scripts, perform privilege escalation, or spawn a new session to create a listener on the victim system."
When a network is compromised, the bad actors will be resident on the network for months before they deploy the LockerGoga or MegaCortex ransomware infections.
While the FBI had not said what these attackers are doing during this period, the actors are probably exfiltrating data, deploying information-stealing trojans, and further compromising workstations and servers.
Once the network has been harvested of anything of value, the attackers will deploy the LockerGoga or MegaCortex infections so that they begin to encrypt the devices on the network. This will generate a final revenue source for the attackers.
During the ransomware deployment, the FBI states the actors will execute a kill.bat or stop.bat batch file that terminates processes and services related to security programs, disables Windows Defender scanning features, and disable security-related services.
Two things you obviously want to do is step users through new-school security awareness training, and the FBI recommends: "The most important mitigation provided by the FBI is to make sure you "backup data regularly, keep offline backups, and verify integrity of backup process." Links:
https://blog.knowbe4.com/fbi-issues-alert-for-lockergoga-and-megacortex-ransomware
The FBI has issued a warning to private industry recipients to provide information and guidance on the LockerGoga and MegaCortex Ransomware.
Both LockerGoga and MegaCortex are ransomware infections that target the enterprise by compromising the network and then attempting to encrypt all its devices.
In an FBI Flash Alert marked as TLP:Amber and seen by BleepingComputer, the FBI is warning the private industry regarding the two ransomware infections and how they attack a network.
"Since January 2019, LockerGoga ransomware has targeted large corporations and organizations in the United States, United Kingdom, France, Norway, and the Netherlands. The MegaCortex ransomware, first identified in May 2019, exhibits Indicators of Compromise (IOCs), command and control (C2) infrastructure, and targeting similar to LockerGoga."
Bad Actors Will Be Resident on the Network for Months
According to the alert, the actors behind LockerGoga and MegaCortex will gain a foothold on a corporate network using exploits, phishing attacks, SQL injections, and stolen login credentials.
Once a network is compromised, the threat actors will install the penetration testing tool called Cobalt Strike. This tool allows the attackers to deploy "beacons" on a compromised device to "create shells, execute PowerShell scripts, perform privilege escalation, or spawn a new session to create a listener on the victim system."
When a network is compromised, the bad actors will be resident on the network for months before they deploy the LockerGoga or MegaCortex ransomware infections.
While the FBI had not said what these attackers are doing during this period, the actors are probably exfiltrating data, deploying information-stealing trojans, and further compromising workstations and servers.
Once the network has been harvested of anything of value, the attackers will deploy the LockerGoga or MegaCortex infections so that they begin to encrypt the devices on the network. This will generate a final revenue source for the attackers.
During the ransomware deployment, the FBI states the actors will execute a kill.bat or stop.bat batch file that terminates processes and services related to security programs, disables Windows Defender scanning features, and disable security-related services.
Two things you obviously want to do is step users through new-school security awareness training, and the FBI recommends: "The most important mitigation provided by the FBI is to make sure you "backup data regularly, keep offline backups, and verify integrity of backup process." Links:
https://blog.knowbe4.com/fbi-issues-alert-for-lockergoga-and-megacortex-ransomware
[LIVE DEMO] See How You Can Get Audits Done in Half the Time at Half the Cost
You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments and third-party vendor risk is a continuous problem.
We listened! KCM now has Compliance, Risk, Policy and Vendor Risk management modules, transforming KCM into a full SaaS GRC platform!
Join us, Tuesday, January 7 @ 2:00 pm (ET), for a 30-minute live product demonstration of KnowBe4's KCM GRC platform. See how you can simplify the challenges of managing your compliance requirements across your organization and third-party vendors and ease your burden when it's time for risk assessments and audits.
Save My Spot!
https://event.on24.com/wcc/r/2161517/913D5D0E1A03310F65463DD51B49DC54?partnerref=CHN2
You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments and third-party vendor risk is a continuous problem.
We listened! KCM now has Compliance, Risk, Policy and Vendor Risk management modules, transforming KCM into a full SaaS GRC platform!
Join us, Tuesday, January 7 @ 2:00 pm (ET), for a 30-minute live product demonstration of KnowBe4's KCM GRC platform. See how you can simplify the challenges of managing your compliance requirements across your organization and third-party vendors and ease your burden when it's time for risk assessments and audits.
- Vet, manage and monitor your third-party vendors' security risk requirements.
- Simplify risk management with an intuitive interface and simple workflow based on the well-recognized NIST 800-30.
- Quick implementation with pre-built requirements templates for the most widely used regulations.
- Secure evidence repository and DocuLinks giving you two ways of maintaining audit evidence and documentation.
- Dashboards with automated reminders to quickly see what tasks have been completed, not met, and past due.
Save My Spot!
https://event.on24.com/wcc/r/2161517/913D5D0E1A03310F65463DD51B49DC54?partnerref=CHN2
Microsoft: "How Phishing Is Evolving"
Attackers are always using new tactics to stay ahead of defenders, and Microsoft’s Office 365 Threat Research Team describes three noteworthy phishing techniques they’ve observed in 2019.
The first was the use of hijacked search results to redirect users to malicious sites. Attackers used a traffic generator to artificially push a baited website to the top of Google search results for specific keywords.
When a user clicked on the harmless bait website, they would be redirected to a phishing site or a malware download. This allowed the attackers to send phishing emails with benign links in order to bypass email security filters.
The second technique involved using custom 404 pages as phishing sites. Phishing campaigns are much more efficient when attackers have an easy way to move their phishing page to a different URL, because security technologies are constantly flagging and taking down malicious URLs.
By using a URL for a non-existent page on the phishing domain, attackers could use an unlimited number of URLs in their phishing campaigns. When a user clicked on one of these URLs, they would automatically be redirected to the domain’s 404 Not Found page. These pages can be customized just like a normal webpage, so the attackers made them appear to be sign-in pages in order to steal credentials.
A third phishing technique abused Microsoft’s secure rendering site to automatically generate a duplicate of the targeted company’s Microsoft login page. The researchers explain that this allowed the attackers to create targeted phishing sites for each recipient with minimal effort.
“Phishers sent out emails with URLs pointing to an attacker-controlled server, which served as the man-in-the-middle component and simulated Microsoft sign-in pages,” the researchers write. “The server identified certain specific information based on the recipient’s email address, including the target company, and then gathered the information specific to that company.
The result was the exact same experience as the legitimate sign-page, which could significantly reduce suspicion. Using the same URL, the phishing site was rendered differently for different targeted users”
Attackers will continue finding ways to increase the efficiency of their scams. Security technologies for the most part react to new attack techniques, and attackers know this. New-school security awareness training can enable your employees to anticipate and recognize unfamiliar attacks. Microsoft has the story:
https://www.microsoft.com/security/blog/2019/12/11/the-quiet-evolution-of-phishing
Attackers are always using new tactics to stay ahead of defenders, and Microsoft’s Office 365 Threat Research Team describes three noteworthy phishing techniques they’ve observed in 2019.
The first was the use of hijacked search results to redirect users to malicious sites. Attackers used a traffic generator to artificially push a baited website to the top of Google search results for specific keywords.
When a user clicked on the harmless bait website, they would be redirected to a phishing site or a malware download. This allowed the attackers to send phishing emails with benign links in order to bypass email security filters.
The second technique involved using custom 404 pages as phishing sites. Phishing campaigns are much more efficient when attackers have an easy way to move their phishing page to a different URL, because security technologies are constantly flagging and taking down malicious URLs.
By using a URL for a non-existent page on the phishing domain, attackers could use an unlimited number of URLs in their phishing campaigns. When a user clicked on one of these URLs, they would automatically be redirected to the domain’s 404 Not Found page. These pages can be customized just like a normal webpage, so the attackers made them appear to be sign-in pages in order to steal credentials.
A third phishing technique abused Microsoft’s secure rendering site to automatically generate a duplicate of the targeted company’s Microsoft login page. The researchers explain that this allowed the attackers to create targeted phishing sites for each recipient with minimal effort.
“Phishers sent out emails with URLs pointing to an attacker-controlled server, which served as the man-in-the-middle component and simulated Microsoft sign-in pages,” the researchers write. “The server identified certain specific information based on the recipient’s email address, including the target company, and then gathered the information specific to that company.
The result was the exact same experience as the legitimate sign-page, which could significantly reduce suspicion. Using the same URL, the phishing site was rendered differently for different targeted users”
Attackers will continue finding ways to increase the efficiency of their scams. Security technologies for the most part react to new attack techniques, and attackers know this. New-school security awareness training can enable your employees to anticipate and recognize unfamiliar attacks. Microsoft has the story:
https://www.microsoft.com/security/blog/2019/12/11/the-quiet-evolution-of-phishing
[NEW WEBINAR] Business Email Compromise During Tax Season: How to Spot and Defend Against Common BEC Tax Scams
Tax season is upon us, which makes this prime time for hackers to target your unsuspecting users with the latest Business Email Compromise (BEC) scams. From evolved W2 fraud to tax-related spear phishing, cybercriminals capitalize on the first quarter of each new year with smarter, craftier attacks designed to convince your users to provide confidential information, authorize wire transfers, or enable malicious files.
Join Erich Kron and James McQuiggan, KnowBe4 Security Awareness Advocates, on Wednesday, January 15 @ 2:00 pm (ET) for an in-depth discussion of the new types of BEC scams you can expect to see, what your users should be on alert for this tax season, and how to protect your organization from these evolved threats.
In this webinar you will learn:
Date/Time: Wednesday, January 15 @ 2:00 pm (ET)
Save My Spot!
https://event.on24.com/wcc/r/2166335/1E78505C829A46DE110368503BD447C5?partnerref=CHN1
Tax season is upon us, which makes this prime time for hackers to target your unsuspecting users with the latest Business Email Compromise (BEC) scams. From evolved W2 fraud to tax-related spear phishing, cybercriminals capitalize on the first quarter of each new year with smarter, craftier attacks designed to convince your users to provide confidential information, authorize wire transfers, or enable malicious files.
Join Erich Kron and James McQuiggan, KnowBe4 Security Awareness Advocates, on Wednesday, January 15 @ 2:00 pm (ET) for an in-depth discussion of the new types of BEC scams you can expect to see, what your users should be on alert for this tax season, and how to protect your organization from these evolved threats.
In this webinar you will learn:
- Real-world examples of the latest BEC attacks
- Common targets within your organization and techniques used to trick them
- Red flags your users need to know now to spot BEC attacks
- How to educate your organization so you don’t fall victim
Date/Time: Wednesday, January 15 @ 2:00 pm (ET)
Save My Spot!
https://event.on24.com/wcc/r/2166335/1E78505C829A46DE110368503BD447C5?partnerref=CHN1
[LEGAL ALERT] What You May Have Overlooked in the Run Up to CCPA Compliance
LAW.COM had a very good reminder that you really need to keep in mind. Here is an extract: "With just days to go before the California Consumer Privacy Act (CCPA) compliance date, some companies may be scrambling to get their data collection and management processes in order.
"Others, however, might be taking a wait-and-see approach before fulling investing into large-scale changes. Whatever an organization’s plan, there are certain things all covered entities should know about the far-reaching privacy law before January 2020.
“Reasonable” Security is Required
"The CCPA isn’t all about privacy. In fact, the regulation also mandates that covered entities maintain reasonable security procedures, something that does not get as much attention as the data handling requirements. “It certainly hasn’t been focused on and it ought it to be,” Mark Schreiber, partner at McDermott Will & Emery said.
"To be sure, exactly what constitutes 'reasonable' security isn’t clarified in the CCPA. Still, Schreiber said that there are hints in what the state expects given its past positions. “The California attorney general years ago in other pronouncements identified the 20 CIS [security] controls —which is this fairly intense and robust set of security standards—as being what California would look to. So that’s been out there for some years and those are fairly granular in terms of the different components that need to be in place. Here is the full article.
You have to implement a Security Awareness and Training Program
Number 17 on the CIS list, in the section Organizational CIS Controls requires your organization to roll out a Security Awareness Training Program. If you get hacked because a user falls for a social engineering attack and your suffer a data breach that has California-related records in there—and who hasn't— you are in violation and can get fined.
Here is a whitepaper that clarifies the legal concept of "Reasonable" measures. It's excellent ammo to communicate to your budget holder that this is not an option, it's legally required.
More information on the blog:
https://blog.knowbe4.com/legal-alert-what-you-may-have-overlooked-in-the-run-up-to-ccpa-compliance
Let's stay safe out there.
https://blog.knowbe4.com/top-9-it-security-trends-you-need-to-watch-out-for-in-2020
PPS: And here is KnowBe4's Crystal Ball! "2020 Cybersecurity Predictions by KnowBe4’s Experts"
https://blog.knowbe4.com/2020-cybersecurity-predictions-by-knowbe4s-experts
LAW.COM had a very good reminder that you really need to keep in mind. Here is an extract: "With just days to go before the California Consumer Privacy Act (CCPA) compliance date, some companies may be scrambling to get their data collection and management processes in order.
"Others, however, might be taking a wait-and-see approach before fulling investing into large-scale changes. Whatever an organization’s plan, there are certain things all covered entities should know about the far-reaching privacy law before January 2020.
“Reasonable” Security is Required
"The CCPA isn’t all about privacy. In fact, the regulation also mandates that covered entities maintain reasonable security procedures, something that does not get as much attention as the data handling requirements. “It certainly hasn’t been focused on and it ought it to be,” Mark Schreiber, partner at McDermott Will & Emery said.
"To be sure, exactly what constitutes 'reasonable' security isn’t clarified in the CCPA. Still, Schreiber said that there are hints in what the state expects given its past positions. “The California attorney general years ago in other pronouncements identified the 20 CIS [security] controls —which is this fairly intense and robust set of security standards—as being what California would look to. So that’s been out there for some years and those are fairly granular in terms of the different components that need to be in place. Here is the full article.
You have to implement a Security Awareness and Training Program
Number 17 on the CIS list, in the section Organizational CIS Controls requires your organization to roll out a Security Awareness Training Program. If you get hacked because a user falls for a social engineering attack and your suffer a data breach that has California-related records in there—and who hasn't— you are in violation and can get fined.
Here is a whitepaper that clarifies the legal concept of "Reasonable" measures. It's excellent ammo to communicate to your budget holder that this is not an option, it's legally required.
More information on the blog:
https://blog.knowbe4.com/legal-alert-what-you-may-have-overlooked-in-the-run-up-to-ccpa-compliance
Let's stay safe out there.
Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc
https://blog.knowbe4.com/top-9-it-security-trends-you-need-to-watch-out-for-in-2020
PPS: And here is KnowBe4's Crystal Ball! "2020 Cybersecurity Predictions by KnowBe4’s Experts"
https://blog.knowbe4.com/2020-cybersecurity-predictions-by-knowbe4s-experts
Quotes of the Week
"Let our New Year's resolution be this: we will be there for one another as fellow members of humanity, in the finest sense of the word." - Goran Persson
"Never underestimate the power you have to take your life in a new direction." - Germany Kent
Thanks for reading CyberheistNews
"Never underestimate the power you have to take your life in a new direction." - Germany Kent
Thanks for reading CyberheistNews
Security News
Should Employees Be Held Responsible for Falling for Social Engineering Attacks?
Organizations have to acknowledge their responsibility for ensuring their employees are able to recognize targeted phishing attacks, according to James McGachie, Legal Director of DLA Piper Scotland. Writing in The Herald, McGachie explains that sophisticated spearphishing attacks designed to steal large amounts of money (also known as “whaling”), should be of especial concern to companies.
McGachie cites a recent case in Scotland in which an employee of a media company fell for a spearphishing attack that arrived by email and was tricked into transferring £193,250 to an attacker. The employee was subsequently sued by her employer for the money, with the company arguing that the employee breached her contract by failing to exercise reasonable care. The company held that the phishing emails were “obviously fraudulent.”
The judge ultimately ruled that the employee wasn’t responsible for reimbursing the company for the stolen funds, since she didn’t know she was communicating with a fraudster.
McGachie explains that “while holding that the decision to transfer company funds without any authority was in breach of contract, Lord Summers did not consider that the loss that ensued was the natural consequence of the breach, finding that it was ‘exceptional and unnatural’ because the controller was unaware of the fraud being perpetrated. Accordingly, the action was dismissed.”
McGachie stressed that organizations need to realize their responsibility in this realm before it’s too late.
“From a practical perspective the case highlights the need for employers to ensure staff – particularly those in cash or credit control handling functions – are fully trained and aware of the tell-tale signs of both phishing and whaling scams,” McGachie writes. “Such training may take the form of practical testing through running ‘spot checks’ through deploying ‘test’ phishing and whaling messages to establish if the training has been successful.”
Employees shouldn’t be held responsible for falling for social engineering attacks, especially if they haven’t been taught how to defend themselves. New-school security awareness training can give your employees experiential knowledge of these attacks. The Herald has the story:
https://www.heraldscotland.com/opinion/18093332.phishing-joined-whaling-fraud-threat-businesses/
Organizations have to acknowledge their responsibility for ensuring their employees are able to recognize targeted phishing attacks, according to James McGachie, Legal Director of DLA Piper Scotland. Writing in The Herald, McGachie explains that sophisticated spearphishing attacks designed to steal large amounts of money (also known as “whaling”), should be of especial concern to companies.
McGachie cites a recent case in Scotland in which an employee of a media company fell for a spearphishing attack that arrived by email and was tricked into transferring £193,250 to an attacker. The employee was subsequently sued by her employer for the money, with the company arguing that the employee breached her contract by failing to exercise reasonable care. The company held that the phishing emails were “obviously fraudulent.”
The judge ultimately ruled that the employee wasn’t responsible for reimbursing the company for the stolen funds, since she didn’t know she was communicating with a fraudster.
McGachie explains that “while holding that the decision to transfer company funds without any authority was in breach of contract, Lord Summers did not consider that the loss that ensued was the natural consequence of the breach, finding that it was ‘exceptional and unnatural’ because the controller was unaware of the fraud being perpetrated. Accordingly, the action was dismissed.”
McGachie stressed that organizations need to realize their responsibility in this realm before it’s too late.
“From a practical perspective the case highlights the need for employers to ensure staff – particularly those in cash or credit control handling functions – are fully trained and aware of the tell-tale signs of both phishing and whaling scams,” McGachie writes. “Such training may take the form of practical testing through running ‘spot checks’ through deploying ‘test’ phishing and whaling messages to establish if the training has been successful.”
Employees shouldn’t be held responsible for falling for social engineering attacks, especially if they haven’t been taught how to defend themselves. New-school security awareness training can give your employees experiential knowledge of these attacks. The Herald has the story:
https://www.heraldscotland.com/opinion/18093332.phishing-joined-whaling-fraud-threat-businesses/
These Aren't the Droids You're Looking for
Researchers at Kaspersky have identified sixty-five malicious files masquerading as online copies of Star Wars: The Rise of Skywalker, TechRepublic reports. The files are spread via phishing sites and social media accounts that pose as official movie pages. In addition to distributing malware, the sites also ask users to enter their credit card data before they can watch the film.
The phishing sites contain detailed descriptions of the movie in order to bump the site higher up in search results. The attackers also spread links on social media sites like Twitter. They intentionally manipulate their SEO so that their phishing sites show up when a user is searching for a free version of a movie or show. For example, searching for “rise of skywalker watch free” will likely turn up a number of malicious results near the top.
Tatiana Sidorina, a security researcher at Kaspersky, said in a statement that attackers frequently take advantage of popular movies and shows to spread malware.
“It is typical for fraudsters and cybercriminals to try to capitalize on popular topics, and Star Wars is a good example of such a theme this month,” Sidorina said. “As attackers manage to push malicious websites and content up in the search results, fans need to remain cautious at all times. We advise users to not fall for such scams and instead enjoy the end of the saga on the big screen.”
Kaspersky recommends that users confirm the legitimacy of sites before visiting them. Trying to watch pirated movies online is always a bad idea, and you’re very likely to get your computer infected with malware. While some of the phishing sites in this case posed as official movie pages, common sense dictates that a legitimate version of a movie like Star Wars isn’t going to be released online for free while it’s still in theaters. New-school security awareness training can help your employees avoid falling for these schemes by teaching them to recognize the hallmarks of social engineering. TechRepublic has the story:
https://www.techrepublic.com/article/phishers-prey-on-fans-of-latest-star-wars-film/
Researchers at Kaspersky have identified sixty-five malicious files masquerading as online copies of Star Wars: The Rise of Skywalker, TechRepublic reports. The files are spread via phishing sites and social media accounts that pose as official movie pages. In addition to distributing malware, the sites also ask users to enter their credit card data before they can watch the film.
The phishing sites contain detailed descriptions of the movie in order to bump the site higher up in search results. The attackers also spread links on social media sites like Twitter. They intentionally manipulate their SEO so that their phishing sites show up when a user is searching for a free version of a movie or show. For example, searching for “rise of skywalker watch free” will likely turn up a number of malicious results near the top.
Tatiana Sidorina, a security researcher at Kaspersky, said in a statement that attackers frequently take advantage of popular movies and shows to spread malware.
“It is typical for fraudsters and cybercriminals to try to capitalize on popular topics, and Star Wars is a good example of such a theme this month,” Sidorina said. “As attackers manage to push malicious websites and content up in the search results, fans need to remain cautious at all times. We advise users to not fall for such scams and instead enjoy the end of the saga on the big screen.”
Kaspersky recommends that users confirm the legitimacy of sites before visiting them. Trying to watch pirated movies online is always a bad idea, and you’re very likely to get your computer infected with malware. While some of the phishing sites in this case posed as official movie pages, common sense dictates that a legitimate version of a movie like Star Wars isn’t going to be released online for free while it’s still in theaters. New-school security awareness training can help your employees avoid falling for these schemes by teaching them to recognize the hallmarks of social engineering. TechRepublic has the story:
https://www.techrepublic.com/article/phishers-prey-on-fans-of-latest-star-wars-film/
Star Wars Rogue One: A Phish Story
We’ve heard that scammers are exploiting the release of the new Star Wars movie by distributing malware disguised as free copies of the film. But what if we turned this on its head and used Star Wars to teach a lesson? The CyberWire has a video demonstrating how much simpler it would have been if the rebels had used social engineering to obtain the Death Star plans instead of launching a military assault.
Phishing is a relatively simple form of attack that’s cheap and easy for anyone to carry out, but it works so well that it’s used by every type of attacker, from unskilled criminals to the most sophisticated nation-state threat actors.
New-school security awareness training can enable your employees to defend themselves against phishing attacks at all levels. The CyberWire has the story:
https://thecyberwire.com/videos/video/star-wars-rogue-one-a-phish-story.html
We’ve heard that scammers are exploiting the release of the new Star Wars movie by distributing malware disguised as free copies of the film. But what if we turned this on its head and used Star Wars to teach a lesson? The CyberWire has a video demonstrating how much simpler it would have been if the rebels had used social engineering to obtain the Death Star plans instead of launching a military assault.
Phishing is a relatively simple form of attack that’s cheap and easy for anyone to carry out, but it works so well that it’s used by every type of attacker, from unskilled criminals to the most sophisticated nation-state threat actors.
New-school security awareness training can enable your employees to defend themselves against phishing attacks at all levels. The CyberWire has the story:
https://thecyberwire.com/videos/video/star-wars-rogue-one-a-phish-story.html
What KnowBe4 Customers Say
"I’ve been showing the Inside Man video’s over the past few months. The employees love them and enjoy the little “soap opera” at work. I like that they’re short and have the learning points. My problem for 2020 is how to beat that series in keeping the entertainment and learning going.
We had a Red team test and we were complimented on the fact that no matter how many spam/phishing emails they sent out over a period of time not one employee responded. They said they had never had a company be so frustrating and they’re working on new strategies for next time. KnowBe4 training has really influenced the employee's awareness."
- B.M., CISO, MSIA, CISSP
Note, Inside Man Season 2 will be released soon!
"I’ve been showing the Inside Man video’s over the past few months. The employees love them and enjoy the little “soap opera” at work. I like that they’re short and have the learning points. My problem for 2020 is how to beat that series in keeping the entertainment and learning going.
We had a Red team test and we were complimented on the fact that no matter how many spam/phishing emails they sent out over a period of time not one employee responded. They said they had never had a company be so frustrating and they’re working on new strategies for next time. KnowBe4 training has really influenced the employee's awareness."
- B.M., CISO, MSIA, CISSP
Note, Inside Man Season 2 will be released soon!
The 10 Interesting News Items This Week
- Facebook Discovers Fakes That Show Evolution of Disinformation:
https://www.nytimes.com/2019/12/20/business/facebook-ai-generated-profiles.html - Chinese hacker group caught bypassing 2FA in latest wave of attacks:
https://www.zdnet.com/article/chinese-hacker-group-caught-bypassing-2fa/ - U.S. CyberCom contemplates information warfare to counter Russian interference in the 2020 election:
https://www.washingtonpost.com/national-security/us-cybercom-contemplates-information-warfare-to-counter-russian-interference-in-the-2020-election/2019/12/25/21bb246e-20e8-11ea-bed5-880264cc91a9_story.html - Why Robocallers and Scammers Love Gift Cards - The Wall Street Journal:
https://www.wsj.com/articles/why-robocallers-and-scammers-love-gift-cards-11577019600? - Putin’s Russia, Punching Above Its Weight, Keeps Adversaries Off Balance | NYT:
https://www.nytimes.com/2019/12/23/world/europe/russia-putin.html - Cybersecurity Strategy for a Threatening Landscape: Webinar Recap:
http://www.legalexecutiveinstitute.com/cybersecurity-strategy-webinar/ - Ransomware Situation Goes From Bad to Worse:
https://www.darkreading.com/attacks-breaches/ransomware-situation-goes-from-bad-to-worse/d/d-id/1336664 - Emotet Reigns in Sandbox's Top Malware Threats of 2019:
https://www.bleepingcomputer.com/news/security/emotet-reigns-in-sandboxs-top-malware-threats-of-2019/ - [LEGAL ALERT] What You May Have Overlooked in the Run Up to CCPA Compliance:
https://blog.knowbe4.com/legal-alert-what-you-may-have-overlooked-in-the-run-up-to-ccpa-compliance - South Dakota computers targeted by North Korea:
https://www.kotatv.com/content/news/South-Daktoa-computers-targeted-by-North-Korea-566421041.html
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff
- John Lennon "Imagine" Deepfaked With Modern World Leaders:
https://www.flixxy.com/just-imagine.htm?utm_source=4
- Here is your 6 min Virtual Daytime Vacation in HD...Gorgeous Lofoten in Norway:
https://youtu.be/mg67iIFivDo
- Here is your 4 min Virtual Nighttime Vacation in HD...Things You Never See:
https://youtu.be/O-_DbdhSSnI
- Best of Web 2019 By Zapatou. An epic compilation of 137 famous and iconic viral videos from 2019 by videographer Luc Bergeron (aka Zapatou):
https://www.flixxy.com/best-of-web-2019-hd-by-zapatou.htm?utm_source=4
- Founder of Gravity invented this suit/system. He’s been making records in Britain. GoPro got him to do this one in Arizona...Getting the Money Shot:
https://www.youtube.com/watch?v=ceR4a-81Wdg
- The definitive crypto glossary:
https://a16z.com/2019/11/08/crypto-glossary/
- Watch One Guy Steal 500+ ‘Fallout 76’ Players’ Gear in an Exploit That's Destroyed the Game:
https://www.forbes.com/sites/paultassi/2019/12/24/watch-one-guy-steal-500-fallout-76-players-gear-in-an-exploit-thats-destroyed-the-game/
- Font's Point - Stabilized Sky Time-lapse:
https://www.youtube.com/watch?v=w8OK7M2_hUg&feature=youtu.be
- Blowing $#!+ up is always fun - 3'' Cannon Vs. Bowling Ball:
https://www.youtube.com/watch?v=OwaPlUp0M_0
- The World's Most Dangerous Downhill Ski Race Is Called "Streif"...One Hell of a Ride:
https://youtu.be/Hq_wxQiJxz0
- For The Kids No. 1: More Zach King Video Magic:
https://www.flixxy.com/zach-king-magic-of-the-month-december-2019.htm?utm_source=4 - For The Kids No. 2: Two Lynx in Ontario Have Intense Conversation:
https://www.youtube.com/watch?v=eaXmIPHrHmY&feature=youtu.be
