CyberheistNews Vol 10 #10
[HEADS-UP] Famous 'Shark' Got Hooked and Lost 400K in an Embarrassing Email Phishing Scam 
"Shark Tank" star Barbara Corcoran is missing nearly 400,000 Wednesday morning after her office was victimized by email scammers who used a tiny typo to gain the upper hand.
The scam started last week when an email chain was forwarded to Barbara's bookkeeper, a woman named Christine. Folks on Barbara's team tell us the email appeared to have been sent from Barbara's executive assistant, Emily ... and it informed Christine she had the green light to pay 388,700 dollars to a company called FFH Concept GmbH in Germany.
The problem is that email didn't really come from Emily.
The scammers changed Emily's email address by removing one letter, so they were the ones actually communicating with Christine ... who did ask the right questions. For instance, she asked what the money was for, and got an email back saying FFH was designing German apartment units in which Barbara had invested.
Great cover story because we're told Barbara really does invest in real estate, and FFH is a real company in Germany. Plus, all of this looks even more legit because it appears to be coming from Barbara's assistant.
Anyway, on Tuesday ... the bookkeeper fires off the wire payment to the account listed in the original email. Afterward, she emails Barbara's assistant, Emily -- at her real address -- and it's only then that Emily uncovers the scam. She noticed her address was altered on the previous chain of emails.
Unfortunately, the money is gone, but we're told Barbara's IT folks traced the original scam emails back to a Chinese IP address, and her attorneys are figuring out their next move.
Yes, even a Shark can get hooked by a phishing scam.
https://blog.knowbe4.com/breaking-news-shark-gets-hooked-for-380k-in-email-phishing-scam
"Shark Tank" star Barbara Corcoran is missing nearly 400,000 Wednesday morning after her office was victimized by email scammers who used a tiny typo to gain the upper hand.
The scam started last week when an email chain was forwarded to Barbara's bookkeeper, a woman named Christine. Folks on Barbara's team tell us the email appeared to have been sent from Barbara's executive assistant, Emily ... and it informed Christine she had the green light to pay 388,700 dollars to a company called FFH Concept GmbH in Germany.
The problem is that email didn't really come from Emily.
The scammers changed Emily's email address by removing one letter, so they were the ones actually communicating with Christine ... who did ask the right questions. For instance, she asked what the money was for, and got an email back saying FFH was designing German apartment units in which Barbara had invested.
Great cover story because we're told Barbara really does invest in real estate, and FFH is a real company in Germany. Plus, all of this looks even more legit because it appears to be coming from Barbara's assistant.
Anyway, on Tuesday ... the bookkeeper fires off the wire payment to the account listed in the original email. Afterward, she emails Barbara's assistant, Emily -- at her real address -- and it's only then that Emily uncovers the scam. She noticed her address was altered on the previous chain of emails.
Unfortunately, the money is gone, but we're told Barbara's IT folks traced the original scam emails back to a Chinese IP address, and her attorneys are figuring out their next move.
Yes, even a Shark can get hooked by a phishing scam.
https://blog.knowbe4.com/breaking-news-shark-gets-hooked-for-380k-in-email-phishing-scam
[NEW] KnowBe4 Named a Leader in The Forrester Wave™ for Security Awareness and Training Solutions
We are excited to announce that Forrester Research has named KnowBe4 as a Leader in The Forrester Wave™: Security Awareness and Training Solutions, Q1 2020 based on our scores in the strategy, market presence, and current offering categories. We received the highest scores possible in 17 out of 23 evaluation criteria, including learner content and go-to-market approach.
According to the report, “KnowBe4’s enviable platform is powered by business strategy excellence... Reference customers were happy with the service provided by the KnowBe4’s customer service managers and vast array of training options... If you are after a comprehensive security awareness program tailored to how your employees like to learn, work with KnowBe4.”
Being recognized as one of the organizations that lead the pack in The Forrester Wave for Security Awareness and Training Solutions is an honor for us. As the world's largest security awareness training platform, we believe being named a Leader continues to validate the success of our ability to carry out our mission to enable organizations and their users to make smarter security decisions using world-class training and simulated phishing to improve their security posture and mitigate risk.
Learn why KnowBe4 has been recognized as a Leader.
Download Your Complimentary Copy of the Report Now!
https://info.knowbe4.com/forrester-wave-security-awareness-training-chn
The Forrester Wave™: Security Awareness and Training Solutions, Q1 2020, Forrester Research, Inc., February 25, 2020
We are excited to announce that Forrester Research has named KnowBe4 as a Leader in The Forrester Wave™: Security Awareness and Training Solutions, Q1 2020 based on our scores in the strategy, market presence, and current offering categories. We received the highest scores possible in 17 out of 23 evaluation criteria, including learner content and go-to-market approach.
According to the report, “KnowBe4’s enviable platform is powered by business strategy excellence... Reference customers were happy with the service provided by the KnowBe4’s customer service managers and vast array of training options... If you are after a comprehensive security awareness program tailored to how your employees like to learn, work with KnowBe4.”
Being recognized as one of the organizations that lead the pack in The Forrester Wave for Security Awareness and Training Solutions is an honor for us. As the world's largest security awareness training platform, we believe being named a Leader continues to validate the success of our ability to carry out our mission to enable organizations and their users to make smarter security decisions using world-class training and simulated phishing to improve their security posture and mitigate risk.
Learn why KnowBe4 has been recognized as a Leader.
Download Your Complimentary Copy of the Report Now!
https://info.knowbe4.com/forrester-wave-security-awareness-training-chn
The Forrester Wave™: Security Awareness and Training Solutions, Q1 2020, Forrester Research, Inc., February 25, 2020
An Influence or Wire Fraud?
A 22-year-old Instagram and YouTube influencer named Kayla Massa has been arrested after allegedly convincing her followers to assist her in a fraud scheme, Quartz reports. Prosecutors say Massa posted on Instagram, Snapchat, and Facebook using social engineering to tell her followers to DM her if they lived in New Jersey and wanted to make money.
When someone responded, Massa would offer to pay them to let her friend use their bank account to temporarily store some money as a tax write-off. She allegedly assured them it was legal, and told them to empty the account so they didn’t suspect she was trying to steal their money.
Once Massa and her associates had access to a victim’s bank account, they would allegedly deposit counterfeit money orders and fraudulent checks into the account and then withdraw it as cash. They would then block the victim on social media and leave them with an empty bank account. When the victim’s bank realized the money orders and checks were fraudulent, it would recall the money and the victim’s account would be thousands of dollars in the red. Continued at the KnowBe4 blog:
https://blog.knowbe4.com/an-influence-or-wire-fraud
A 22-year-old Instagram and YouTube influencer named Kayla Massa has been arrested after allegedly convincing her followers to assist her in a fraud scheme, Quartz reports. Prosecutors say Massa posted on Instagram, Snapchat, and Facebook using social engineering to tell her followers to DM her if they lived in New Jersey and wanted to make money.
When someone responded, Massa would offer to pay them to let her friend use their bank account to temporarily store some money as a tax write-off. She allegedly assured them it was legal, and told them to empty the account so they didn’t suspect she was trying to steal their money.
Once Massa and her associates had access to a victim’s bank account, they would allegedly deposit counterfeit money orders and fraudulent checks into the account and then withdraw it as cash. They would then block the victim on social media and leave them with an empty bank account. When the victim’s bank realized the money orders and checks were fraudulent, it would recall the money and the victim’s account would be thousands of dollars in the red. Continued at the KnowBe4 blog:
https://blog.knowbe4.com/an-influence-or-wire-fraud
[NEW WEBINAR] Never Assume Breach: Build a Data-Driven Defense Strategy to Secure Your Organization's Most Valuable Assets
Even the world’s most successful organizations have significant weaknesses in their IT security defenses, which today’s determined hackers can exploit at will. There’s even a term for it: Assume Breach.
But assuming you’ll be hacked isn’t an option for you. Your organization can’t afford a loss of assets or downtime.
Join Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, for this informative webinar where you’ll learn not only the most common reasons for data breaches in organizations like yours but how you can determine your specific weaknesses.
You’ll walk away from this understanding:
Date/Time: Wednesday, March 11 @ 2 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/2201211/35A472D6C4E6527D41A2BC75555D82EA?partnerref=CHN1
Even the world’s most successful organizations have significant weaknesses in their IT security defenses, which today’s determined hackers can exploit at will. There’s even a term for it: Assume Breach.
But assuming you’ll be hacked isn’t an option for you. Your organization can’t afford a loss of assets or downtime.
Join Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, for this informative webinar where you’ll learn not only the most common reasons for data breaches in organizations like yours but how you can determine your specific weaknesses.
You’ll walk away from this understanding:
- What most organizations are doing wrong and how to fix it
- How to build an action plan to improve your IT security effectiveness
- Why security awareness training is a security layer you can’t afford to skip
Date/Time: Wednesday, March 11 @ 2 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/2201211/35A472D6C4E6527D41A2BC75555D82EA?partnerref=CHN1
WSJ: "Losing 450K in Three Days: Hackers Trick Victims Into Big Wire Transfers"
Great budget ammo here! Rachel Louise Ensign wrote a great story for the WSJ about CEO fraud, also known by the FBI as Business Email Compromise. I'm quoting an extract and I strongly recommend sending a link to the original WSJ article to your C-levels as it is excellent ammo to get budget for new-school security awareness training.
"In 2018, Frank Krasovec took on a 1 million dollar personal line of credit from PlainsCapital Bank. A few months later, he went on a business trip. When he returned, 450K was missing.
"Mr. Krasovec, the chairman of Dash Brands Ltd., which owns Domino’s Pizza Inc. franchises in China, said he soon learned that someone had hijacked his email and asked his assistant to wire the money to a Hong Kong account.
"Fraudsters are stealing billions of dollars each year through this type of scam, which combines sophisticated hacking with wire transfers, an old-fashioned but efficient way to move money overseas. Banks and law-enforcement officials are struggling to curb the problem, while victims like Mr. Krasovec say they are finding it nearly impossible to get their money back.
"Years ago, lenders only had to worry about real-life bank robbers. Now, the wire-transfer scam puts them in a tough position. Customers expect them to move money quickly for legitimate transactions, while also guarding against hackers that have infiltrated clients.
"The largest banks are most likely to be conduits for the wire-transfer scams, according to the American Bankers Association. But community banks, with much smaller technology budgets to build their defenses, are also vulnerable.
FBI: 2019 Losses up to 1.8 Billion from 1.3 Billion in 2018
"The Federal Bureau of Investigation received reports of nearly 1.8 billion in losses from this type of scam in 2019, up from about 1.3 billion the prior year. The agency estimates total losses world-wide, which include those not reported to the agency, were 26 billion between June 2016 and July 2019. The transfers primarily go to banks in Hong Kong and mainland China, where chances of recovering the money are slim, the agency said.
"Victims include “the elderly, college students, nonprofits, religious organizations, celebrities, CEOs of companies,” FBI Supervisory Special Agent Zacharia Baldwin said in an interview. “It could be anybody.”
"Hackers can break into a target’s email by trying out passwords made public in previous data breaches. They also may use phishing schemes like those used against political campaigns and in corporate espionage. The hackers then commandeer an account and impersonate the victim, asking assistants or colleagues to initiate a wire transfer." Send this link to your C-levels:
https://blog.knowbe4.com/wsj-losing-450000-in-three-days-hackers-trick-victims-into-big-wire-transfers
Great budget ammo here! Rachel Louise Ensign wrote a great story for the WSJ about CEO fraud, also known by the FBI as Business Email Compromise. I'm quoting an extract and I strongly recommend sending a link to the original WSJ article to your C-levels as it is excellent ammo to get budget for new-school security awareness training.
"In 2018, Frank Krasovec took on a 1 million dollar personal line of credit from PlainsCapital Bank. A few months later, he went on a business trip. When he returned, 450K was missing.
"Mr. Krasovec, the chairman of Dash Brands Ltd., which owns Domino’s Pizza Inc. franchises in China, said he soon learned that someone had hijacked his email and asked his assistant to wire the money to a Hong Kong account.
"Fraudsters are stealing billions of dollars each year through this type of scam, which combines sophisticated hacking with wire transfers, an old-fashioned but efficient way to move money overseas. Banks and law-enforcement officials are struggling to curb the problem, while victims like Mr. Krasovec say they are finding it nearly impossible to get their money back.
"Years ago, lenders only had to worry about real-life bank robbers. Now, the wire-transfer scam puts them in a tough position. Customers expect them to move money quickly for legitimate transactions, while also guarding against hackers that have infiltrated clients.
"The largest banks are most likely to be conduits for the wire-transfer scams, according to the American Bankers Association. But community banks, with much smaller technology budgets to build their defenses, are also vulnerable.
FBI: 2019 Losses up to 1.8 Billion from 1.3 Billion in 2018
"The Federal Bureau of Investigation received reports of nearly 1.8 billion in losses from this type of scam in 2019, up from about 1.3 billion the prior year. The agency estimates total losses world-wide, which include those not reported to the agency, were 26 billion between June 2016 and July 2019. The transfers primarily go to banks in Hong Kong and mainland China, where chances of recovering the money are slim, the agency said.
"Victims include “the elderly, college students, nonprofits, religious organizations, celebrities, CEOs of companies,” FBI Supervisory Special Agent Zacharia Baldwin said in an interview. “It could be anybody.”
"Hackers can break into a target’s email by trying out passwords made public in previous data breaches. They also may use phishing schemes like those used against political campaigns and in corporate espionage. The hackers then commandeer an account and impersonate the victim, asking assistants or colleagues to initiate a wire transfer." Send this link to your C-levels:
https://blog.knowbe4.com/wsj-losing-450000-in-three-days-hackers-trick-victims-into-big-wire-transfers
[LIVE DEMO] See Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, March 4 @ 2:00 pm (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
See how easy it is to train and phish your users:
Date/Time: TOMORROW, Wednesday, March 4 @ 2:00 pm (ET)
Save My Spot!
https://event.on24.com/wcc/r/2198105/5DA00F49B08FF658A44E49253278C580?partnerref=CHN2
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, March 4 @ 2:00 pm (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
See how easy it is to train and phish your users:
- Train your users with access to the world's largest library of awareness training content and automated training campaigns with scheduled reminder emails.
- Send fully automated simulated phishing attacks, using thousands of customizable templates with unlimited usage.
- NEW Assessments! Find out where your users are in both security knowledge and security culture to help establish baseline security metrics you can improve over time.
- Advanced Reporting on 60+ key awareness training indicators.
- Active Directory Integration to easily upload user data, eliminating the need to manually manage user changes.
- Identify and respond to email threats faster. Enhance your incident response efforts with the PhishER add-on!
Date/Time: TOMORROW, Wednesday, March 4 @ 2:00 pm (ET)
Save My Spot!
https://event.on24.com/wcc/r/2198105/5DA00F49B08FF658A44E49253278C580?partnerref=CHN2
KnowBe4's Fave Podcast "Hacking Humans" Surpassed 1M Downloads!
Each week the CyberWire’s Hacking Humans podcast looks behind the social engineering scams, phishing schemes, and criminal exploits that make headlines and take a heavy toll on organizations around the world.
They talk to social engineering experts, security pros, cognitive scientists, and those practiced in the arts of deception (perhaps even a magician or two).
We also hear from people targeted by social engineering attacks and learn from their experiences. Trust us: check out the recent episodes and subscribe today.
https://thecyberwire.com/podcasts/hacking-humans.html
Let's stay safe out there.
PS: Great for a break! KnowBe4: The Making of a Unicorn. A Cybersecurity Story: https://m.youtube.com/watch?v=W9UvWQJoRfE
Each week the CyberWire’s Hacking Humans podcast looks behind the social engineering scams, phishing schemes, and criminal exploits that make headlines and take a heavy toll on organizations around the world.
They talk to social engineering experts, security pros, cognitive scientists, and those practiced in the arts of deception (perhaps even a magician or two).
We also hear from people targeted by social engineering attacks and learn from their experiences. Trust us: check out the recent episodes and subscribe today.
https://thecyberwire.com/podcasts/hacking-humans.html
Let's stay safe out there.
Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc
PS: Great for a break! KnowBe4: The Making of a Unicorn. A Cybersecurity Story: https://m.youtube.com/watch?v=W9UvWQJoRfE
Quotes of the Week
"If we glance at the most important revolutions in history, we see at once that the greatest number of these originated in the periodical revolutions on the human mind."
- Wilhelm von Humboldt, Philosopher (1767-1835)
"Do your work with your whole heart, and you will succeed - there's so little competition."
- Elbert Hubbard - Writer (1859 - 1915)
Thanks for reading CyberheistNews
- Wilhelm von Humboldt, Philosopher (1767-1835)
"Do your work with your whole heart, and you will succeed - there's so little competition."
- Elbert Hubbard - Writer (1859 - 1915)
Thanks for reading CyberheistNews
Security News
Amazon Prime Phishbait: Lessons Learned
An Amazon phishing campaign is accidentally sending out links that lead straight to the attacker’s remote access console, according to Paul Ducklin at Naked Security. Ducklin explains that Sophos came across a generic Amazon Prime phishing email which informed recipients that their Amazon account had been suspended.
The email contained a link for the user to verify their account by updating their card number and billing address. The email wasn’t particularly convincing or well-written, but the Sophos researchers followed the link to see where it would take them.
The link first redirected them through two legitimate WordPress sites, which had apparently been hacked by the attacker to use as stepping stones before the actual phishing site. This is a common tactic to avoid being detected by spam filters.
After this, the attacker presumably intended to send the victim to a phishing page that would try to steal their Amazon credentials and financial details. However, the attacker seems to have made a disastrous mistake and instead used the URL to the console that controlled the hacked WordPress sites.
The attacker had planted a small, obscure PHP file on each compromised site that granted them direct access to the site’s files and allowed them to do things that even the WordPress administrator couldn’t do.
“In other words, the crooks have set things up so they can sidestep the WordPress administration console entirely,” Ducklin explains. “They don’t need a password; they won’t get logged by the WordPress system; and they can add and modify files that WordPress wouldn’t normally allow, essentially allowing them to hide content such as phishing pages and malware downloads in plain sight.”
It’s not clear how the attacker compromised these sites in the first place, but Ducklin notes that outdated and vulnerable WordPress plugins are a frequent entry point. Ducklin says the story demonstrates the importance of good security practices for website administrators as well as for regular users.
Even a minor website can have value to criminals as a staging area for future crimes. “If your site gets hacked, you’ll probably end up blacklisted,” he writes. “Once the crooks start using your website to host malicious content, you are likely to end up getting blocked or filtered by security products and the major browsers.”
New-school security awareness training can create a culture of security within your organization by teaching all of your employees to follow security best practices. Naked Security has the story:
https://nakedsecurity.sophos.com/2020/02/21/the-amazon-prime-phishing-attack-that-wasnt/
An Amazon phishing campaign is accidentally sending out links that lead straight to the attacker’s remote access console, according to Paul Ducklin at Naked Security. Ducklin explains that Sophos came across a generic Amazon Prime phishing email which informed recipients that their Amazon account had been suspended.
The email contained a link for the user to verify their account by updating their card number and billing address. The email wasn’t particularly convincing or well-written, but the Sophos researchers followed the link to see where it would take them.
The link first redirected them through two legitimate WordPress sites, which had apparently been hacked by the attacker to use as stepping stones before the actual phishing site. This is a common tactic to avoid being detected by spam filters.
After this, the attacker presumably intended to send the victim to a phishing page that would try to steal their Amazon credentials and financial details. However, the attacker seems to have made a disastrous mistake and instead used the URL to the console that controlled the hacked WordPress sites.
The attacker had planted a small, obscure PHP file on each compromised site that granted them direct access to the site’s files and allowed them to do things that even the WordPress administrator couldn’t do.
“In other words, the crooks have set things up so they can sidestep the WordPress administration console entirely,” Ducklin explains. “They don’t need a password; they won’t get logged by the WordPress system; and they can add and modify files that WordPress wouldn’t normally allow, essentially allowing them to hide content such as phishing pages and malware downloads in plain sight.”
It’s not clear how the attacker compromised these sites in the first place, but Ducklin notes that outdated and vulnerable WordPress plugins are a frequent entry point. Ducklin says the story demonstrates the importance of good security practices for website administrators as well as for regular users.
Even a minor website can have value to criminals as a staging area for future crimes. “If your site gets hacked, you’ll probably end up blacklisted,” he writes. “Once the crooks start using your website to host malicious content, you are likely to end up getting blocked or filtered by security products and the major browsers.”
New-school security awareness training can create a culture of security within your organization by teaching all of your employees to follow security best practices. Naked Security has the story:
https://nakedsecurity.sophos.com/2020/02/21/the-amazon-prime-phishing-attack-that-wasnt/
Spamming Tools Are a Commodity in the Criminal Underworld
Cheap and easy-to-use phishing kits and other social engineering tools are readily available for purchase on the black market, according to researchers at Digital Shadows. Criminals create clones of legitimate websites and package them for sale, allowing other criminals to quickly set up convincing phishing sites on their own domains.
These phishing templates usually cost between 2 and 68 bucks. Experienced cybercriminals also create phishing tutorials and offer them for sale, so even skids with minimal technical skills can learn how to start scamming people. “The barriers of entry to phishing attacks can be significantly lowered by the existence of pre-made templates, infrastructure, and tutorials for sale on cybercriminal forums and marketplaces,” the researchers write.
“Phishing tutorials may be purchased on cybercriminal forums and marketplaces at an average cost of $24.83, and the tools needed to conduct an attack can cost under $20. The average cost of a prebuilt page or template is $23.27.”
These phishing tools also vary depending on the type of campaign they’re designed for. The researchers explain that attackers adapt their strategies based on which type of target they’re going after.
“The first stage will almost always involve choosing a target,” they write. “Are you going after minnows or that elusive 1,000-lb marlin? Knowing this beforehand is important, as different targets require different tactics and tools.
For example, a large-scale, more indiscriminate phishing attack (minnows) can be more conducive to the use of impersonal and generic emails cast with a broad net (e.g. a spam botnet). Targeting a high-ranking executive (marlin), on the other hand, might require a more nuanced and personalized approach (e.g. spearphishing).”
Likewise, different attacks necessitate different defenses. Executives and employees who have the authority to transfer money are more likely to be targeted with sophisticated spearphishing attacks, while other employees are often targets of opportunity. In every case, however, the employees themselves are the key to stopping these attacks.
“Phishing pages and malware can both be detected and blocked, but direct social engineering is much harder to spot,” the researchers say. “Detection of the first two rely on technical indicators that point to a specific threat, which can be mitigated automatically by, for example, spam blockers or malware scanners. Social engineering relies on exploits against the human operating the device.”
Social engineering attacks are designed to bypass technical defenses, so organizations need to address human vulnerabilities. Digital Shadows has the story:
https://www.digitalshadows.com/blog-and-research/the-ecosystem-of-phishing/
Cheap and easy-to-use phishing kits and other social engineering tools are readily available for purchase on the black market, according to researchers at Digital Shadows. Criminals create clones of legitimate websites and package them for sale, allowing other criminals to quickly set up convincing phishing sites on their own domains.
These phishing templates usually cost between 2 and 68 bucks. Experienced cybercriminals also create phishing tutorials and offer them for sale, so even skids with minimal technical skills can learn how to start scamming people. “The barriers of entry to phishing attacks can be significantly lowered by the existence of pre-made templates, infrastructure, and tutorials for sale on cybercriminal forums and marketplaces,” the researchers write.
“Phishing tutorials may be purchased on cybercriminal forums and marketplaces at an average cost of $24.83, and the tools needed to conduct an attack can cost under $20. The average cost of a prebuilt page or template is $23.27.”
These phishing tools also vary depending on the type of campaign they’re designed for. The researchers explain that attackers adapt their strategies based on which type of target they’re going after.
“The first stage will almost always involve choosing a target,” they write. “Are you going after minnows or that elusive 1,000-lb marlin? Knowing this beforehand is important, as different targets require different tactics and tools.
For example, a large-scale, more indiscriminate phishing attack (minnows) can be more conducive to the use of impersonal and generic emails cast with a broad net (e.g. a spam botnet). Targeting a high-ranking executive (marlin), on the other hand, might require a more nuanced and personalized approach (e.g. spearphishing).”
Likewise, different attacks necessitate different defenses. Executives and employees who have the authority to transfer money are more likely to be targeted with sophisticated spearphishing attacks, while other employees are often targets of opportunity. In every case, however, the employees themselves are the key to stopping these attacks.
“Phishing pages and malware can both be detected and blocked, but direct social engineering is much harder to spot,” the researchers say. “Detection of the first two rely on technical indicators that point to a specific threat, which can be mitigated automatically by, for example, spam blockers or malware scanners. Social engineering relies on exploits against the human operating the device.”
Social engineering attacks are designed to bypass technical defenses, so organizations need to address human vulnerabilities. Digital Shadows has the story:
https://www.digitalshadows.com/blog-and-research/the-ecosystem-of-phishing/
A Single BEC Gang Is Launching Thousands of Attacks Per Year
A unique cybercriminal group launched business email compromise (BEC) attacks against more than 2,100 companies in the US between April and August 2019, according to researchers at Agari.
The group, which Agari calls “Exaggerated Lion,” is based in Nigeria, Ghana, and Kenya, and it’s been conducting online scams since at least 2013. In 2017, the gang started carrying out BEC scams, and they’ve continually improved their tactics ever since.
Almost all of the group’s emails are sent from domains registered with Google’s G Suite, and most of these domains end with the “.management” top-level domain. Agari notes that only about 12,000 “.management” domains have ever been registered, and more than ten percent of these belong to Exaggerated Lion.
Additionally, the group’s domains don’t host any content and are only used for sending emails, indicating that the domains are purely meant for launching BEC attacks.
Interestingly, Exaggerated Lion’s domains don’t try to spoof a company’s website. Rather, they use long strings of technical-looking keywords separated by hyphens. For example, the emails are sent from addresses like “personnel[@]office-secure-ssl-sl-mail71521-apps-server-portal-apps-mai [dot] management.”
This method is meant to remove any suspicion on the part of the recipient, since they’ll assume the email was sent from a secure infrastructure and they won’t wonder why it didn’t come from a familiar domain.
The attackers use fake invoices generated by a free online tool, which allows them to easily change the details for each targeted company. They send these invoices to employees who work in the targeted organization’s accounting department. Agari says the gang has generated millions of dollars using these techniques.
Business email compromise is an extremely profitable criminal enterprise, and it’s not surprising that organized crime groups have it down to a science. This is their full-time job, so they can afford to put a great deal of effort into crafting convincing, targeted attacks. You can’t assume that your employees will be able to spot any visible warning signs in these emails, because there often won’t be any. New-school security awareness training can enable your employees to thwart these attacks by teaching them the fundamentals of social engineering. Agari has the story:
https://www.agari.com/email-security-blog/business-email-compromise-bec-exaggerated-lion/
A unique cybercriminal group launched business email compromise (BEC) attacks against more than 2,100 companies in the US between April and August 2019, according to researchers at Agari.
The group, which Agari calls “Exaggerated Lion,” is based in Nigeria, Ghana, and Kenya, and it’s been conducting online scams since at least 2013. In 2017, the gang started carrying out BEC scams, and they’ve continually improved their tactics ever since.
Almost all of the group’s emails are sent from domains registered with Google’s G Suite, and most of these domains end with the “.management” top-level domain. Agari notes that only about 12,000 “.management” domains have ever been registered, and more than ten percent of these belong to Exaggerated Lion.
Additionally, the group’s domains don’t host any content and are only used for sending emails, indicating that the domains are purely meant for launching BEC attacks.
Interestingly, Exaggerated Lion’s domains don’t try to spoof a company’s website. Rather, they use long strings of technical-looking keywords separated by hyphens. For example, the emails are sent from addresses like “personnel[@]office-secure-ssl-sl-mail71521-apps-server-portal-apps-mai [dot] management.”
This method is meant to remove any suspicion on the part of the recipient, since they’ll assume the email was sent from a secure infrastructure and they won’t wonder why it didn’t come from a familiar domain.
The attackers use fake invoices generated by a free online tool, which allows them to easily change the details for each targeted company. They send these invoices to employees who work in the targeted organization’s accounting department. Agari says the gang has generated millions of dollars using these techniques.
Business email compromise is an extremely profitable criminal enterprise, and it’s not surprising that organized crime groups have it down to a science. This is their full-time job, so they can afford to put a great deal of effort into crafting convincing, targeted attacks. You can’t assume that your employees will be able to spot any visible warning signs in these emails, because there often won’t be any. New-school security awareness training can enable your employees to thwart these attacks by teaching them the fundamentals of social engineering. Agari has the story:
https://www.agari.com/email-security-blog/business-email-compromise-bec-exaggerated-lion/
What KnowBe4 Customers Say
We got this feedback last week. Made me personally quite happy!
"1. Platform is very powerful and well executed (in software code sense); it allows a lot of automation (which is crucial for general IS practitioners like me with tons of responsibilities and zero time availability).
2. KnowBe4 philosophy extends well beyond of just selling the product, but you actually care if we made the most out of it. By adopting your robust platform we not only put a check mark for compliance purpose (yes, this is important too), but we as a company are improving our IS Awareness posture in very measurable ways. And we just started.
3. Our Customer Success Manager Nick Coppley is wonderful: a) he has deep knowledge of the platform; b) he is readily available and reachable at first request; c) he not only has answers for my questions, but offering the roadmaps for my very different business cases. I very much appreciate his help.
Stu, I wish more companies were like yours - life would be better."
- F.M., Information Security Architect
We got this feedback last week. Made me personally quite happy!
"1. Platform is very powerful and well executed (in software code sense); it allows a lot of automation (which is crucial for general IS practitioners like me with tons of responsibilities and zero time availability).
2. KnowBe4 philosophy extends well beyond of just selling the product, but you actually care if we made the most out of it. By adopting your robust platform we not only put a check mark for compliance purpose (yes, this is important too), but we as a company are improving our IS Awareness posture in very measurable ways. And we just started.
3. Our Customer Success Manager Nick Coppley is wonderful: a) he has deep knowledge of the platform; b) he is readily available and reachable at first request; c) he not only has answers for my questions, but offering the roadmaps for my very different business cases. I very much appreciate his help.
Stu, I wish more companies were like yours - life would be better."
- F.M., Information Security Architect
The 10 Interesting News Items This Week
- Sodinokibi ransomware may tip NASDAQ after an attack, so they may hurt stock prices:
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-may-tip-nasdaq-on-attacks-to-hurt-stock-prices/ - An FBI unit recovered 300 million of 3.5 billion in reported cybercrime losses last year:
https://www.cyberscoop.com/fbi-ic3-recovered-funds-tonya-ugoretz/ - North Korea Is Recycling Mac Malware. That's Not the Worst Part:
https://www.wired.com/story/malware-reuse-north-korea-lazarus-group/ - Internal Docs Show Why the U.S. Military Publishes North Korean and Russian Malware:
https://www.vice.com/en_us/article/5dmwyx/documents-how-cybercom-publishes-russian-north-korean-malware-virustotal - Android malware can steal Google Authenticator 2FA codes:
https://www.zdnet.com/article/android-malware-can-steal-google-authenticator-2fa-codes/ - Guess who else is now doing security training/culture surveys?:
https://blog.knowbe4.com/guess-who-else-is-now-doing-security-training-surveys - Loss Of Face. Facial Recognition Firm Clearview AI Suffers Data Breach:
https://www.infosecurity-magazine.com/news/facial-recognition-clearview-ai/ - Russian hacking, spear-phishing, nondisclosure agreements: How Florida was affected in 2016 election:
https://www.tallahassee.com/story/news/local/state/2020/02/25/russian-hacking-floridas-election-system-what-we-know-four-years-later/4555126002/ - Ransomware victims thought their backups were safe. They were wrong:
https://www.zdnet.com/article/ransomware-victims-thought-their-backups-were-safe-they-were-wrong/ - IBM Survey: Only 38% of State and Local Government Employees Trained on Ransomware Prevention:
https://newsroom.ibm.com/2020-02-27-IBM-Survey-Only-38-of-State-and-Local-Government-Employees-Trained-on-Ransomware-Prevention
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff
- Holy Moly! Mission Human Flight in 4K at the China Tianmen Mountain. I want one of those!:
https://www.youtube.com/watch?v=ctuByt_4eRc - Your 4K Virtual Vacation: New York 1911 in color and sound. Awesome!:
https://www.flixxy.com/trip-through-new-york-city-in-1911-color-and-sound.htm?utm_source=4 - And now compare to Moscow, Tverskaya Street in 1896 - also in Color at 60fps:
https://www.flixxy.com/moscow-tverskaya-street-in-1896-color-60fps.htm?utm_source=4 - This week's selection of awesome people performing balance tricks, soccer tricks, yoyo skills, weightlifting and more!:
https://www.flixxy.com/people-are-awesome-best-of-the-week-74.htm?utm_source=4 - Max's Journey to the Moon” from Wriggles & Robins:
https://www.flixxy.com/maxs-journey-to-the-moon.htm?utm_source=4 - Super Hot: Watch NASA crank up an Orion motor that could help save astronauts' lives:
https://www.cnet.com/news/see-nasa-prep-for-the-moon-with-fiery-orion-motor-test/ - This chart shows every major technological innovation in the last 150 years — and how they have changed the way we work:
https://www.businessinsider.com/barclays-how-technology-has-changed-the-world-2018-4 - The 'purrfect' music for calming cats. I tried it; it works:
https://phys.org/news/2020-02-purrfect-music-calming-cats.html - This Is How Much Quicker the Electric VW I.D. R Is Than a McLaren 720S:
https://www.thedrive.com/news/32333/this-is-how-much-quicker-the-electric-vw-i-d-r-is-than-a-mclaren-720s - What’s It Like to Spend a Year On the Far Side of the Moon?:
https://www.youtube.com/watch?v=LuG5vYqHoHY - For The Kids #1:Funny Parrots Annoying Cats Compilation 2016:
https://www.youtube.com/watch?v=l2mx3m6zYCI - For The Kids #2: Cute Seal Catches a Ride on a Kayak:
https://www.flixxy.com/adorable-seal-catches-ride-on-kayak-national-geographic.htm
