CyberheistNews Vol 10 #12 Secret Service Warning: Exploiting the Coronavirus for Fraud and Profit


CyberheistNews Vol 10 #12
Secret Service Warning: Exploiting the Coronavirus for Fraud and Profit

When I saw that the United States Secret Service just put out a press release to warn against a wave of Coronavirus phishing scams, (link to PDF below) I asked Eric Howes, KnowBe4 Principal Lab Researcher to give us an update on the Coronavirus attacks he sees piling in, after publishing an initial review on Monday of the coronavirus-themed (C-19) emails that had been reported to us by customers using the Phish Alert Button (PAB).

By Wednesday we had collected a whole new crop of virus-themed emails, several of which were alarmingly extreme in the claims they made while pitching their products, services, and, of course, malicious social engineering campaigns.

Given how rapidly bad actors are ramping up their efforts to exploit the C-19 health crisis, we thought it would be useful to give readers yet another peek at what we're seeing.

More Spammers, More Scammers

One email we hadn't yet seen when we published our initial review of virus-themed emails was the one we had been sure would eventually arrive. On Tuesday it did: the dodgy email requests for charitable donations. This blog post is continued at the KnowBe4 blog, with links and example screen shots of live attacks in the wild, including the link to the Secret Service Warning:

U.S. Homeland Security: "Malicious Actors Expected to Focus Attacks on Teleworkers. Secure Your VPN."

Over the same period, U.S. Homeland Security warned that malicious actors are expected to focus attacks on teleworkers, and came up with a series of suggestions how to secure your VPN. Here are a summary and links:

I recommend you send the link below to your users as part of your ongoing awareness training campaign. It's a great reminder from the very well-known ConsumerReports, quotes KnowBe4 several times and shows screenshots that users reported via the PAB:

How to Avoid Coronavirus Phishing Scams
[Live Demo] Identify and Respond to Email Threats Faster With PhishER

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. The increase of this email traffic can present a new problem!

With only approximately 1 in 10 user-reported emails being verified as actually malicious, how do you handle the real phishing attacks and email threats —and just as importantly— effectively manage the other 90% of user-reported messages accurately and efficiently?

Now you can with PhishER, a product which allows your Incident Response team to quickly identify and respond to email threats faster. This will save them so much time!

See how you can best manage your user-reported messages.

Join us TOMORROW, Wednesday, March 18 @ 2 PM (ET) for a live 30-minute demonstration of the PhishER platform. With PhishER you can:
  • Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
  • Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
  • Augment your analysis and prioritization of user-reported messages with PhishML, PhishER’s new machine-learning module
  • See clusters of messages to identify a potential phishing attack against your organization
  • Meet critical SLAs within your organization to process and prioritize threats and legitimate emails
  • Easy integration with KnowBe4’s email add-in button, Phish Alert, or forwarding to a mailbox works too!
Find out how adding PhishER can be a huge time-saver for your Incident Response team!

Date/Time: TOMORROW, Wednesday, March 18 @ 2 PM (ET)

Save My Spot!
[Heads Up!] A Whopping 21 Percent of Phishing Attack URLs Are Not Detected as Malicious for Days After They Go Live

New data from Akamai provides insight into why phishing attacks are making it all the way to the endpoint… and why they can trick users so easily into becoming a victim.

Every IT pro would like to believe that by putting a layered security defense in place to specifically stop phishing attacks, the attacks would simply be detected and stopped.

Not so fast.

A new report from Content Delivery Network (CDN) provider Akamai shows that the bad guys are figuring out ways to not just make it past your defenses, but are counting on your browser’s use of a CDN to keep their maliciousness alive.

According to Akamai, of over 1200 malicious domains using Akamai’s CDN functionality to deliver malicious content, 21.3% of all phishing URLs used were not known to be malicious to public threat intelligence sources. Akamai estimates that over 2.4 million victims worldwide over a 4-month period were the target of attacks (whether successful or not) using these URLs. Continued:
[NEW WEBINAR] 2020 Phishing by Industry Benchmarking Report: How Does Your Organization Measure Up

As a security leader, you have a lot on your plate. Even as you increase your budget for sophisticated security software, your exposure to cybercrime keeps going up. IT security seems to be a race between effective technology and ever evolving attack strategies from the bad guys. However, there’s an often-overlooked security layer that can significantly reduce your organization’s attack surface:
New-school security awareness training.

Join us for a first look at KnowBe4’s NEW 2020 Phishing Industry Benchmarking Study, a data set of nearly four million users across 17,000 organizations.

You will learn more about:
  • New phishing benchmark data for 19 industries
  • Understanding who’s at risk and what you can do about it
  • Actionable tips to create your “human firewall”
  • The value of new-school security awareness training
Do you know how your organization compares to your peers?

Watch this webinar to find out!

Date/Time: Wednesday, March 25 @ 2 PM (ET)

Save My Spot!
Hackers Use Interactive Malicious COVID-19 Map to Spread Malware"

Cybercriminals constantly latch on to news items that captivate the public’s attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. Recently, however, cybercrooks have started disseminating real-time, accurate information about global infection rates tied to the C-19 pandemic in a bid to infect computers with malicious software.

In one scheme, a real interactive dashboard of Coronavirus infections and deaths produced by Johns Hopkins University is being used in malicious Web sites (and possibly spam emails) to spread password-stealing malware.

The malicious online map, which has been taken down now appeared very polished and convincing, showing an image of the world that depicts viral outbreaks with red dots of various sizes, depending on the number of infections.

The map appeared to offer a tally of confirmed cases, total deaths and total recoveries, by country, and cites Johns Hopkins University’s Center for Systems Science and Engineering as its supposed data source. Continued:
Do Your Users Know What to Do When They Receive a Suspicious Email?

Should they call the help desk, or forward it? Should they forward to IT including all headers? Delete and not report it, forfeiting a possible early warning?

KnowBe4’s no-charge Phish Alert button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user's inbox to prevent future exposure. All with just one click. And now, supports Outlook Mobile.

Phish Alert Benefits:
  • Reinforces your organization's security culture
  • Users can report suspicious emails with just one click
  • Incident Response gets early phishing alerts from users, creating your network of “sensors”
  • Email is deleted from the user's inbox to prevent future exposure
  • Easy deployment via MSI file for Outlook, G Suite deployment for Gmail (Chrome)
Give your employees a safe way to report phishing attacks with one click at no-charge!

Get Your Phish Alert Button Now:

Let's stay safe out there.


Warm Regards,

Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

PS: Don't you hate it when you are right? Bill Gates Describes His Biggest Fear in 2015: “I Rate the Chance of a Widespread Epidemic Far Worse Than Ebola at Well Over 50 Percent”:

And here is someone really doing the math of C-19. Start "social distancing now":
Quotes of the Week
"The greatest discovery of my generation is that a human being can alter his life by altering his attitudes."
- William James, Philosopher (1842 - 1910)

"Whatever you can do, or dream you can, begin it. Boldness has genius, power and magic in it."
- Johann Wolfgang von Goethe, Writer (1749 - 1832)


Thanks for reading CyberheistNews
Security News
Ransomware Attack on Police Department Encrypts Evidence, Sets Criminals Free

Holding data for ransom often has business repercussions beyond just delays and inconvenience. In the case of a police investigation, it’s putting criminals back on the street.

Last year, the police department in Stuart, FL was hit with a ransomware attack. The ripple effect of this attack is still being felt as the evidence in 11 cases was a part of the data held for ransom and was unrecoverable.

The result of this was US prosecutors being forced to drop 11 narcotics cases against six suspected drug dealers – with no evidence, there is no case.

This is reportedly the seventh incident of its kind, where ransomware has had impacts on cases. Even when a ransom is paid and a decryption key provided, an average of 3% of all data encrypted is never recovered. And with ransomware creators going after backups and network storage, the scope of what’s included in that 3% is potentially huge.

The only way to truly ensure data remains viable is to avoid an attack altogether. Ransomware attacks very often still use phishing as the initial attack vector, which makes your users the last line of defense. Empowering them with Security Awareness Training changes the way they approach interactions with email and the web, putting on a mindset of vigilance and suspicion that defaults to an unsolicited email being bad before it’s proven to be legitimate.
[Heads Up] Your Exfiltrated Ransomware Data Is Now Used to Spear Phish Your Business Partners

Ransomware operators are continually improving their tactics to ensure more lucrative payouts, according to Information Security Media Group (ISMG). Over the past several years, attackers have shifted their focus to larger organizations, and they’ve been conducting long-term, targeted attacks designed to cause significant disruption.

Well-known, skillful threat actors aren’t the only ones carrying out these attacks. Liv Rowley, a threat intelligence analyst at Blueliv, told ISMG that sophisticated malware can be easily purchased on the black market.

“We’ve talked about [the] specialization of cybercriminals offering these tools for forever now, but it does seem like they’re becoming more common, and they’re becoming quite cheap,” Rowley said. “You can buy some of the top-named information stealers right now for $85...and that’s one of the best ones out there. So it’s definitely becoming a more accessible market.”

Additionally, a growing number of ransomware groups are now exfiltrating data from their victims before deploying the ransomware. Some of these groups have been known to do this in the past, but they’re now using the stolen data as leverage in case the victim refuses to pay the ransom.

Brett Callow, a security researcher at Emsisoft, told ISMG that ransomware operators are also using this stolen data to craft targeted attacks against the compromised organization’s customers and partners.

“We've now got pretty clear evidence that Maze et al. are using exfiltrated [data] to spear phish other companies,” Callow said. “The problem is, many companies do not disclose these incidents, so their business partners and customers do not know that they should be on high alert. Bottom line: more companies need to disclose, and to disclose quickly.”

It’s also worth noting that the criminals will very likely sell or use the stolen data even if the victim does pay up, so every targeted ransomware attack should now be treated as a data breach. Accordingly, organizations need to focus on preventing attackers from entering the network in the first place. New-school security awareness training can address the human side of this issue by teaching your employees how to recognize phishing and other types of social engineering. ISMG’s Data Breach Today has the story:
Cruel Hoax Scams Elderly Woman

An 89-year-old woman in Delaware lost $9,500 to scammers who told her that her grandson had been arrested for causing a car accident, Delaware Online reports. The scammers called the woman and used her grandson’s real name in the conversation. They first told her to mail $1,500 in bail money to an address in Connecticut, and the woman sent the money.

The same person called the woman back two days later and informed her that the other driver involved in the car crash had died, and the woman would now have to pay $10,000 to cover the funeral costs in order to keep her grandson out of prison. The woman gathered $8,000, which she gave to a man who came to her house.

After this, the woman contacted her family, who informed her that the grandson was fine. The woman realized she had been scammed and called the police after the scammers kept trying to make contact. The police instructed her to call the scammers back so they could arrange a sting.

This time, the scammer told the woman she needed to pay another $10,000 “for the sake of her grandson.” The scammer said he was sending two men to retrieve the cash, and these men would need to enter her house in order to count the money. When the two men arrived, they were arrested by the police and charged with two felonies each.

There are several lessons to be drawn from this incident. First, scammers are lowlifes who won’t hesitate to hurt vulnerable people. In this case, they allowed an elderly woman to believe her grandson was facing prison for manslaughter while they stole her money.

Second, scammers will keep coming back if you pay them once. This is particularly true in extortion and romance scams. Once the scammers identify a susceptible victim, they’ll attempt to extract every penny they can get until the victim either wises up or runs out of money.

Finally, asking for help or verifying that a story is true can often prevent a scam from succeeding. It’s not clear why the woman in this incident didn’t contact her family after the first call, but scammers usually craft excuses to keep the victim isolated. New-school security awareness training can help your employees defend themselves against these attacks.

Delaware Online has the story:
What KnowBe4 Customers Say

"I wanted to send a quick testimonial for you guys. When reviewing options for Phishing Simulation and Security Awareness, we diligently studied all of our choices in the magic quadrant. I'm glad we made the decision we did. KnowBe4 has exceeded every expectation we had as an organization. KnowBe4 is an industry leader for a reason. Their support team is genuinely invested in the success of our company's security. When you partner with KnowBe4, you are getting a partner, not just a service.

Thank you all for the outstanding work throughout the entire process. Our search was initially just a phishing simulation tool search, but we came out with a lot more bang for our buck, and it really will help our end-users start to learn.

After all, they are the most significant weakness. I hope you both have a great day and again, Awesome job.
- C.C., Director of Information Security & Technology


New Phishing Templates

You should check out the Current Events Template Category, we have fresh C-19 templates, but also a new one that simulates a new 2020 Census invitation.

Keep an eye out for a new type of phishing scam: "Celebrities With Coronavirus" Keep those users on their toes with security top of mind, especially now.

The 10 11 Interesting News Items This Week
    1. [Heads Up #1] A Whopping 21 Percent of Phishing Attack URLs Are Not Detected As Malicious For Days After They Go Live

    2. [Heads Up #2] Your Exfiltrated Ransomware Data Is Now Used To Spearphish Your Business Partners

    3. Multiple nation-state groups are hacking Microsoft Exchange servers:

    4. Venafi Survey Results: Are We In a Permanent State of Cyber War?

    5. Ransomware Forces Illinois Public Health Website Offline Amid Coronavirus Outbreak:

    6. Hackers are working harder to make phishing and malware look legitimate:

    7. Hackers Use Interactive Malicious COVID-19 Map to Spread Malware:

    8. Can an old APT learn new tricks? Turla’s TTPs are largely unchanged, but the group recently added a Python backdoor:

    9. Windows Has a New, Wormable Vulnerability. Fix it fast:

    10. Microsoft orchestrates coordinated takedown of Necurs botnet. YAY!:

    11. [INFOGRAPHIC] Ransomware Predicted to Cost $20 Billion in Damages Globally by 2021:
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2020 KnowBe4, Inc. All rights reserved.

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews