CyberheistNews Vol 10 #14 [DON'T HIT THE PANIC BUTTON] "You Are Infected" - Bad Guys Launch an Evil New Corona Virus Attack




CyberheistNews Vol 10 #14
[DON'T HIT THE PANIC BUTTON] "You Are Infected" - Bad Guys Launch an Evil New Corona Virus Attack

Malicious actors continue to craft ruthlessly aggressive, evil email attacks tailored to leverage mounting fears and anxieties surrounding the COVID-19 global pandemic among employees in the office and at home.

In the latest Coronavirus-themed phishing email reported to KnowBe4 by customers using the Phish Alert Button (PAB), bad guys try to exploit the very worst fear among email recipients: the fear of infection.

Hitting the Panic Button

Late Friday night March 27, 2020, we spotted a new phishing email warning the recipients that they have been exposed to the Coronavirus through personal contact with a "colleague/friend/family member" and directing them to download a malicious attachment and proceed immediately to the hospital.

This email is simple, succinct, and alarming. Moreover, it spoofs a hospital, lending additional credibility to this particular social engineering scheme, which is clearly designed to elicit a panicked response from readers and override any form of rational, measured thought.

The attached Excel file is billed as a "pre-filled" form that victims should bring with them to the hospital. In fact, that form is a malicious, macro-laden Office document that is at the time of this report detected by only a handful of major anti-virus applications. This malware’s capabilities are incredibly sophisticated and dangerous.

Conclusion: Five High-Priority Recommendations

Many organizations are in the process of enabling their users to work from home securely. Apart from having and enforcing a remote work security policy, we strongly recommend to deploy the following high-priority elements of these urgent projects:
  • a VPN;
  • Single Sign On (SSO) fortified by;
  • Multi Factor Authentication (MFA);
  • An immediate and vigorous security awareness training campaign
  • Fully patched machines in the cloud, the office -and- at the house
The worldwide COVID-19 outbreak has provided malicious actors with an unprecedented opportunity to weaponize widespread fears and concerns among the general public for the purposes of social engineering schemes prosecuted through malicious emails. For the bad guys, this is the ultimate in target-rich environments.

As rapidly mounting infections in western countries drive a growing climate of fear, employees need to be educated and trained to expect these kinds of emails, accurately identify them, and handle them safely.

KnowBe4 has a series of COVID related phishing and vishing templates you can immediately use.

We also released a free training module: "Internet Security When You Work From Home"
This is a Public Service Announcement and anyone, anywhere, anytime can take this course:
https://www.knowbe4.com/work-from-home-course
Brand-New Ransomware Simulator Now With 19 Latest Infection Scenarios

As ransomware techniques continue to evolve, the volume of attacks has surged in the last year with no signs of letting up. In fact, ransomware costs have doubled! The bad guys are demanding larger ransoms and use new evasion techniques that bypass your endpoint security layers antivirus or take advantage of vulnerable end-users.

These cyber criminals have become highly sophisticated in their ways to shut your network down completely to ensure their ransom demands are met. That’s why we've updated our Ransomware Simulator tool “RanSim” to add another three new ransomware scenarios you can test on your network!

These new scenarios simulate prevalent ransomware strains like RIPlacer that allows ransomware to encrypt files on a Windows system without drawing the attention of your AV, and strains like Jaff and GrandCrab that take advantage of open processes through the opening of a malicious pdf attachment.

Try KnowBe4’s NEW Ransomware Simulator tool and get a quick look at the effectiveness of your existing network protection against the latest threats. RanSim will simulate 18 ransomware infection scenarios and 1 cryptomining infection scenario to show you if a workstation is vulnerable to infection.

This is complimentary and will take you 5 minutes max. RanSim may give you some insights about your endpoint security you never expected!
https://info.knowbe4.com/ransomware-simulator-tool-1chn
FBI Warns of Stimulus Check Scams

The FBI's Internet Crime Complaint Center (IC3) issued an alert warning of coronavirus-related phishing attacks, particularly surrounding economic stimulus checks. The news that the US government is likely to send upwards of $1,000 to most Americans has created a golden opportunity for scammers, especially since the delivery method for the cash is still uncertain.

“Look out for phishing emails asking you to verify your personal information in order to receive an economic stimulus check from the government,” the FBI says. “While talk of economic stimulus checks has been in the news cycle, government agencies are not sending unsolicited emails seeking your private information in order to send you money.”

The statement also cautions people to watch out for offers of counterfeit medical products, including fake vaccines and testing kits.

“Be cautious of anyone selling products that claim to prevent, treat, diagnose, or cure COVID-19,” the Bureau says. “Be alert to counterfeit products such as sanitizing products and Personal Protective Equipment (PPE), including N95 respirator masks, goggles, full face shields, protective gowns, and gloves.”

Coronavirus-related fraud has skyrocketed, and we’ve covered many examples of it in the past few weeks. The FBI says to be wary of this trend when you seek information about the topic online.

“Scammers are leveraging the COVID-19 pandemic to steal your money, your personal information, or both,” the statement says. “Protect yourself and do your research before clicking on links purporting to provide information on the virus; donating to a charity online or through social media; contributing to a crowdfunding campaign; purchasing products online; or giving up your personal information in order to receive money or other benefits.” Story with links:
https://blog.knowbe4.com/fbi-warns-of-stimulus-check-scams
[Live Demo] See Ridiculously Easy Security Awareness Training and Phishing

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Join us Wednesday, April 8 @ 2:00 pm (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.

See how easy it is to train and phish your users:
  • Train your users with access to the world's largest library of awareness training content and automated training campaigns with scheduled reminder emails.
  • Send fully automated simulated phishing attacks, including COVID-19 phishing templates and thousands of customizable templates with unlimited usage.
  • NEW Assessments! Find out where your users are in both security knowledge and security culture to help establish baseline security metrics you can improve over time.
  • Advanced Reporting on 60+ key awareness training indicators.
  • Active Directory Integration to easily upload user data, eliminating the need to manually manage user changes.
Find out how 32,000+ organizations have mobilized their end-users as their human firewall.

Date/Time: Wednesday, April 8 @ 2:00 pm (ET)

Save My Spot!
https://event.on24.com/wcc/r/2221013/F79935BDC3895D0E7B4BB23420F63136?partnerref=CHN1
Sitting Ducks: When Employees Work From Home

As the COVID-19 health crisis rages on and millions of workers and students move to working from home (WFH) and online distance education, no one should make the error of thinking that working and learning from the comfortable and familiar surroundings of home somehow makes these employees and students safe. They are not safe. If anything, they're sitting ducks.

Hitting 'Em Where They Live

Many users who find themselves sheltering in place will be struggling with technology and services that they have little experience with. Moreover, their home computer environments may not be nearly as secure and protected as those they enjoy at the office or school.

Inexperienced and emotionally rattled students and employees represent potentially severe security problems for organizations of all shapes and sizes -- and huge opportunities for malicious actors looking to worm their way into the networks of companies, governmental organizations, and schools across the country. And they know it.

We spotted a straightforward attempt to target remote workers at one particular company with a phishing email spoofing the company's IT department and demanding recipients click a malicious link to "securely connect to our network from home." Real in-the-wild screenshots here:
https://blog.knowbe4.com/sitting-ducks-when-employees-work-from-home
See How You Can Get Audits Done in Half the Time at Half the Cost

You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments and third-party vendor risk is a continuous problem.

We listened! KCM now has Compliance, Risk, Policy and Vendor Risk management modules, transforming KCM into a full SaaS GRC platform!

Join us Wednesday, April 8 @ 1:00 PM (ET), for a 30-minute live product demonstration of KnowBe4's KCM GRC platform. See how you can simplify the challenges of managing your compliance requirements across your organization and third-party vendors and ease your burden when it's time for risk assessments and audits.
  • NEW! Demonstrate overall progress and health of your compliance and risk management initiatives with custom reports.
  • Vet, manage and monitor your third-party vendors' security risk requirements.
  • Simplify risk management with an intuitive interface and simple workflow based on the well-recognized NIST 800-30.
  • Quick implementation with pre-built requirements templates for the most widely used regulations.
  • Secure evidence repository and DocuLinks giving you two ways of maintaining audit evidence and documentation.
  • Dashboards with automated reminders to quickly see what tasks have been completed, not met, and past due.
Date/Time: Wednesday, April 8 @ 1:00 PM (ET)

Save My Spot!
https://event.on24.com/wcc/r/2221015/A1CA7DD075729F4CB87EFB5E1C369BE7?partnerref=CHN

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman
Founder and CEO
KnowBe4, Inc


PS: Bill Gates is disappointed with the U.S. response to COVID-19:
https://www.inputmag.com/tech/bill-gates-is-disappointed-with-the-u.s.-response-to-covid-19
Quotes of the Week
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so." - Mark Twain - Author (1835 - 1910)

"The pessimist complains about the wind; the optimist expects it to change; the realist adjusts the sails." - William Arthur Ward - Writer (1921 - 1994)



Thanks for reading CyberheistNews
Security News
Beware! The FCC Releases Audio Samples of Coronavirus Phone Scams

Scammers sink to a new low with these phone scams preying on the fears of U.S. citizens offering hopes of better protecting themselves from the Coronavirus.

We’ve all received robocalls by now, but a new group of calls centered around the coronavirus has received the attention of the FCC. Covering a wide range of themes, these scam calls offer testing kits, scare you into getting your air conditioning ducts cleaned, pretend to be from charity organizations raising money, and even pretend to be from the World Health Organization!

In most of these scams, the intent is to either fool you into giving up your credit card, or to collect personal health information.

The scams are so rampant, the FCC has posted a page dedicated to debunking these scams and even provide audio samples so you can be certain to not become a victim.

The FCC also provide some tips to avoid becoming a victim. These include:
  • Do not respond to calls or texts from unknown numbers, or any others that appear suspicious.
  • Never share your personal or financial information via email, text messages, or over the phone.
  • Be cautious if you’re being pressured to share any information or make a payment immediately.
  • Scammers often spoof phone numbers to trick you into answering or responding. Remember that government agencies will never call you to ask for personal information or money.
  • Do not click any links in a text message. If a friend sends you a text with a suspicious link that seems out of character, call them to make sure they weren't hacked.
  • Always check on a charity (for example, by calling or looking at its actual website) before donating
Interestingly enough, these same bits of guidance equally apply to users within your organization when it comes to vishing, SMiShing, or phishing scams. Organizations can just as easily be the target of coronavirus-themed attacks – particularly when users are working from home, which can bring their defenses down. It’s only through continual security awareness training and phishing that organizations can ensure that, despite tensions running high with COVID-19, users won’t fall for scams, whether seeing them in their personal or work email, on the phone, or via text.

We have added a series of COVID-related phishing and vishing templates to the KnowBe4 platform for immediate use:
https://blog.knowbe4.com/platform-update-covid-19-new-templates-category
Hospitality Provider the Target of an Old-School BadUSB Social Engineering Attack

In what appears to be a mix of old- and new-school social engineering, an attack spotted in the wild using a USB thumb drive offers us a view into how one company could have become the victim.

One of the oldest forms of modern-day social engineering was the “dropping the malware-laden USB stick in the parking lot” scam. This month, security researchers at Trustwave clued the world in on an attempted USB drive-based scam (referred to as a BadUSB device) on one of their unnamed clients.

Here’s how it went down:

The client was mailed (MAILED!) a BestBuy gift card, a letter (on BestBuy letterhead) thanking them for their business and a USB Drive (which the letter indicated contained a list of items the gift card could be spent on).

Instead of falling for the scam, Trustwave was eventually called in to investigate. Upon plugging in the BadUSB device into a test workstation, a PowerShell script was launched which downloaded a second PowerShell script and a Jscript-based malware bot, installed the malware and even posted a fake message box to establish with the victim why there’s no list of items to be purchased with the gift card.

The malware collects a wide range of information about the infected machine and sends it back to the command & control (C2) server and then jumps into a loop awaiting instructions from the C2 server.

This scam is a wonderful example of how simple social engineering, a stolen empty Best Buy gift card, and an inexpensive BadUSB device (which only costs about $7 USD), can be used to infect an organization with malware that can be used to do anything its designers desire in the future.

The question you need to ask yourself is would your users fall for it?

If so, you need them to be put through continual security awareness training where they can learn about social engineering, the various forms of scams that exist (including ones like this one), and how to avoid becoming a victim of each.

On average 45% of your users will plug in USBs. Find out now what your user’s reactions are to unknown USBs, with KnowBe4's new Free USB Security Test. Do it here at no cost:
https://blog.knowbe4.com/hospitality-provider-the-target-of-an-old-school-badusb-social-engineering-attack
Sextortion Combines Lust and Envy

A sleazy phishing campaign is trying to tempt people into opening an attachment that supposedly contains nude pictures of a friend’s girlfriend, BleepingComputer reports. The attackers claim to have hacked the friend’s account and demanded five hundred dollars in return for not releasing the photos.

“We have got access to the e-mail account of one man, and you’re in his contact list,” the email says. “In this contact list, we have found images of his naked girlfriend and demanded five hundred dollars for them. In the event that he will ignore us, we guaranteed him that we will send these photos to everyone of his contacts.

Regrettably, he has not paid, and because you were on his contact list, you obtained this mail. You will find these pix attached to this message.” The email contains a Word document which, when opened, displays a blurred image. Above the image are instructions that tell the recipient to click the “Enable content” or “Enable editing” buttons in order to view the image.

Clicking these buttons will allow the document to run a macro that will download the Racoon information-stealing malware.

BleepingComputer explains that this campaign uses a different social engineering tactic than typical sextortion scams that use threats and intimidation to get the victim to do what they want.

“By promising to deliver photos of a friend's naked girlfriend, the scammers appeal to the curiosity of their targets which, in many cases, might be a more successful method of incentivizing them to open a malicious attachment than making threats,” BleepingComputer writes.

So that’s two of the Seven Deadly Sins. If we look closely enough, we’ll probably be able to find pride, gluttony, avarice, rage, and sloth, too.

Setting aside the moral implications of trying to view private photos of your friend’s girlfriend (or of anyone else for that matter), anyone who knows the risks associated with opening unsolicited documents should immediately recognize this as a scam. Clicking “Enable editing” in a Microsoft Office document should be an even more blatant warning sign.

New-school security awareness training can enable your employees to spot these red flags. BleepingComputer has the story:
https://www.bleepingcomputer.com/news/security/malware-spread-as-nude-extortion-pics-of-friends-girlfriend/
What KnowBe4 Customers Say

"Stu, I live by a personal maxim of letting people know when they are doing well… while they are alive rather than eulogizing them at a funeral. With that in mind, I want to pass on these kudos re what I like about your company; namely:
  • The name
  • The responsiveness of your staff
  • Your product itself, which is based on pro-activity
  • The niche market you fill
  • The monthly reports I get
  • Your pricing is reasonable for what all we get for our investment."
- M.A., CSP Training/ Continuous Improvement Manager



"Hi Stu, hope this email finds you having a great day in the midst of the pandemic crisis. I’m reaching out to let you know that I’ve been working with Jason Greenwood on piloting the KnowBe4 tools, and he is AWESOME! I appreciate Jason for his:
  • Professionalism and Customer Focus
  • Knowledge
  • Thought Leadership
Being in a non-profit healthcare organization, faced with various regulatory and financial cost pressures, while aiming to reduce information security risk, Jason consistently provides ideas for addressing our challenges in providing security awareness training to our employees and volunteer staff.

His knowledge in the subject matter area is exceptional. When I have a call with Jason, he leaves me with inspiration that KnowBe4 is fully capable and ready to assist me in addressing our challenges!

Thanks to you and Jason for everything you do to provide Security Awareness Training, that is sure to enhance any company’s goals and objectives in protecting sensitive information!"

- H.K., Sr. Data Security Program Manager

The 10 11 Interesting News Items This Week
    1. Scammers Hijacking Twitter Accounts To Sell Face Masks:
      https://blog.knowbe4.com/scammers-hijacking-twitter-accounts-to-sell-face-masks?hs_preview=xaPQImNk-27573270529

    2. Elite hackers target WHO as coronavirus cyberattacks spike:
      https://www.reuters.com/article/us-health-coronavirus-who-hack-exclusive/exclusive-elite-hackers-target-who-as-coronavirus-cyberattacks-spike-idUSKBN21A3BN

    3. Ransomware Awareness Is Up, But Training Still Lags, Study Finds:
      https://statetechmagazine.com/article/2020/03/ransomware-awareness-training-still-lags-study-finds

    4. The FCC now has a page with audio samples of COVID-19 phone scams, including some offering free virus test kits:
      https://www.fcc.gov/covid-scams

    5. FireEye warns about the proliferation of ready-made ICS hacking tools:
      https://www.zdnet.com/article/fireeye-warns-about-the-proliferation-of-ready-made-ics-hacking-tools/

    6. New data reveals a significant increase in organizations' average Phish-ProneTM percentage:
      https://finance.yahoo.com/news/knowbe4-benchmarking-report-finds-37-120000208.html

    7. Amid an almost certain recession, KnowBe4 CEO preps for growth:
      https://stpetecatalyst.com/amid-an-almost-certain-recession-knowbe4-ceo-preps-for-growth/

    8. Fake “Corona Antivirus” distributes BlackNET remote administration tool:
      https://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/

    9. Fake Coronavirus ‘Vaccine’ Website Busted in DoJ Takedown:
      https://threatpost.com/fake-coronavirus-vaccine-website-busted-in-doj-takedown/154031/

    10. Early indication of how the Russian Government will spread disinformation during COVID-19:
      https://www.rt.com/op-ed/484190-coronavirus-inequality-wealthy-homeless-london/

    11. Scammers Target U.S. Troops with Fake COVID-19 Tests:
      https://hotforsecurity.bitdefender.com/blog/scammers-target-u-s-troops-with-fake-covid-19-tests-22749.html
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2020 KnowBe4, Inc. All rights reserved.

Subscribe To Our Blog


Ransomware Hostage Rescue Manual




Get the latest about social engineering

Subscribe to CyberheistNews