CyberheistNews Vol 10 #25 [Eye Opener] "For a long time I've had a gap in my O365 security. PhishRIP is amazing and solves the problem."




CyberheistNews Vol 10 #25
[Eye Opener] "For a long time I've had a gap in my O365 security. PhishRIP is amazing and solves the problem."

One of our readers who is an IT Support Specialist emailed me this the other day: "For a long time I've had a gap in my O365 security. PhishRIP is AMAZING and solves the problem."

What was the issue? Not being able to go into all your users' inbox and rip out emails that you just identified as malicious. You *really* do not want to leave those emails sitting there as social engineering bait. Yes, you are training your users with simulated phishing attacks every month, but if you can -prevent- them from falling for them, wouldn't that be the ideal scenario?

Here is another reader that emailed me: "The more I think about how helpful your PhishER and PhishRIP are to us, I just wanted to let you know if you ever have potential customers wanting a reference I would be more than happy to tell them of our experience and how helpful your product is."
- D.D., IT Systems and Network Administrator

So what is PhishER and this new PhishRIP feature?

PhishER is a simple and easy-to-use web-based platform with critical functionality that serves as your phishing emergency room to identify and respond to user-reported messages.

With the PhishRIP quarantine feature for Microsoft Office 365 you can easily search, find, and *remove* email threats. PhishER will save you so much time!

I saved the best for last. The price is a complete no-brainer. Here is the published pricelist and I strongly suggest you fill out the short form at the right and get a quote ASAP. It's the end of the quarter! :-D
https://www.knowbe4.com/pricing-phisher

PS: If you want to see a live demo, register now and see it tomorrow. See the next item.
[NEW PhishER Feature] Remove, Inoculate, and Protect Against Email Threats Faster with PhishRIP

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. The increase of this email traffic can present a new problem!

PhishRIP as part of the PhishER platform is a new email quarantine feature that integrates with Microsoft Office 365 to help you remove, inoculate, and protect your organization against email threats so you can shut down active phishing attacks fast.

Since user-reported messages require some level of analysis to prioritize, you need a simple and effective way to not only respond to and mitigate these reported messages, but also find and remove those suspicious messages still sitting in your users’ mailboxes.

Now you can with PhishER, a product which allows your Incident Response team to quickly identify and respond to email threats faster. This will save them so much time!

See how you can best manage your user-reported messages.

Join us TOMORROW, Wednesday, June 17 @ 2:00 PM (ET) for a 30-minute demonstration of the PhishER platform. With PhishER you can:

  • NEW! Easily search, find, and remove email threats with PhishRIP, PhishER’s email quarantine feature for Microsoft Office 365
  • Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
  • Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
  • Augment your analysis and prioritization of user-reported messages with PhishML, PhishER’s machine-learning module
  • Meet critical SLAs within your organization to process and prioritize threats and legitimate emails
  • Easy integration with KnowBe4’s email add-in button, Phish Alert, or forwarding to a mailbox works too!
Find out how adding PhishER can be a huge time-saver for your Incident Response team!

Date/Time: TOMORROW, Wednesday, June 17 @ 2:00 PM (ET)

Save My Spot!
https://event.on24.com/wcc/r/2386748/B47AB4364072912259082B72538422CA?partnerref=CHN2
Why People Don't Learn (It's Not Always Their Fault)

IT and security managers often fail to understand how well their employees actually absorb cybersecurity training, according to a survey from Mimecast and Forrester Consulting. The survey gathered responses from 120 senior IT and cybersecurity managers at companies in Australia, Hong Kong, New Zealand, and Singapore, as well as from 240 employees that worked within the same companies.

“The survey, conducted by Forrester Consulting, found that while 59% of security and IT managers think they are ‘ticking the security compliance box’, their employees report a huge disconnect,” Mimecast’s press release states. “More than half of the 240 employees surveyed in APAC (53%) disagree with that statement, and 51% believe their managers do not stress the importance of good security practices.”

Nick Lennon, Country Manager for Mimecast Australia and New Zealand, said the data shows that simply forcing employees to attend security and awareness training programs doesn’t mean those employees will preserve the knowledge or put it into practice.

“While security leaders in APAC believe they’ve made security a social norm by leading and encouraging others, this survey underscores that employees are not retaining, understanding or implementing key areas of cyber security training – and the existing outdated modes of training are simply not bringing about behavioral change,” Lennon said.

Line Larrivaud, Forrester Consulting Project Director for the survey, stated that managers need to grasp how important this training is in preventing cyberattacks.

“At a time when global cybersecurity threats, customer data breaches and the potential for reputational damage has never been greater, it’s of vital importance that business leaders and employees understand and value the importance of cyber security best practice within their organization,” Larrivaud said. “They simply cannot ignore the consequences or circumvent the protocols.”

New-school security awareness training gives your employees lasting, relevant knowledge of social engineering threats and cyber hygiene and actually changes their behavior because they can make smarter security decisions, every day.

Mimecast has the story:
https://www.globenewswire.com/news-release/2020/06/03/2042632/0/en/New-Survey-Reveals-Cybersecurity-Training-is-Missing-the-Mark-as-Employees-Work-around-Company-Security-Policies.html
[BRAND NEW WEBINAR] How to Combat the Fake News and Disinformation Being Used to Attack Your Organization

We live in an age of information, where it can be shared in an instant and spread like wildfire. Especially during the unprecedented times we are currently finding ourselves in, bad actors are taking every opportunity to use current events to not only prey on unsuspecting individuals' best intentions, but to weasel their way into your networks.

A global cold war is being fought in cyberspace, and IT pros like you are finding themselves in the trenches. With all of this going on, how can you equip your employees and protect your networks from a malicious attack?

Join Stu Sjouwerman, KnowBe4’s Founder and CEO, and Perry Carpenter, KnowBe4’s Chief Evangelist and Strategy Officer for a deep dive into how the technology we rely on every day is being exploited to deliver powerful disinformation, misinformation, fake news, and other malicious exploits.

We’ll discuss:
  • How both facts and lies are weaponized
  • Types of delivery systems (email, social media, videos, deep fakes, and more)
  • What’s being done to address these trends
  • Tips to protect your organization and build your human firewall
Find out what you need to know to keep your network protected and earn CPE credit for attending!

Date/Time: Wednesday, June 24 @ 2:00 PM (ET)

Save My Spot!
https://event.on24.com/wcc/r/2426032/A8C31DE65304AA1304DF450E15A24342?partnerref=CHN1
The Enduring Threat of Ransomware During COVID-19

Ransomware attacks continue to blight organizations of all sizes and sectors. The number of incidents involving ransomware reported to Beazley Breach Response (BBR) Services in the first quarter of 2020 increased by 25% compared to Q4 2019.

While no industry was immune, manufacturing experienced the steepest increase of all – up 156% quarter on quarter. As threat actors increasingly exploited ransomware, business email compromise (BEC) eased somewhat in Q1; down 16% from the previous quarter, although it remains a problem across all industries.

While the financial services, healthcare and retail sectors reported fewer BEC incidents than in Q4, this may prove to be a temporary reprieve tied to behavioral changes amid the response to COVID-19. Employees first adjusting to working from home may have been less responsive to emails generally, and organizations may have been more focused on quickly ramping up remote working capacity than on identifying and reporting BEC incidents.

During the pandemic, attackers are taking advantage of the fact that many employees have been working from home, without the technical protections that their corporate networks often provide.

Furthermore, many employees are working from their personal computers, often shared with family members, processing sensitive and potentially personally identifiable information (PII) without the advantage of managed endpoint protection or even regular patching schedules that are also managed by the typical IT team.

Many organizational policies are not designed to function in these distributed environments, leaving them less protected against wire transfer fraud and similar attacks. Even social media is seeing a huge rise in pandemic-related scams.

CONTINUED:
https://blog.knowbe4.com/the-enduring-threat-of-ransomware-during-covid-19
How Many of Your Users’ Credentials Are Compromised? Find out for a Chance to Win a Nintendo Switch!

Your users are your largest attack surface. Data breaches are getting larger and more frequent. Bad guys are getting smarter every year. Add it all up and your organization's risk skyrockets with the amount of your users' credentials that are exposed.

It's time to re-check your email attack surface. Plus, if you’re in the US or Canada, you’ll be entered for a chance to win a Nintendo Switch*.

Find out your current email attack surface now with KnowBe4’s Email Exposure Check Pro (EEC). EEC Pro identifies your at-risk users by crawling business social media information and now also thousands of new breach databases.

EEC Pro now leverages one of the largest and most up-to-date breach data sources to help you find even more of your users' compromised accounts that have been exposed in the most recent data breaches - fast.

Get your complimentary EEC Pro report in less than 5 minutes! It’s often an eye-opening discovery. You are probably not going to like the results...

Get Your Report Now:
https://info.knowbe4.com/email-exposure-check-pro-june-2020

*Terms and Conditions apply.

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman
Founder and CEO
KnowBe4, Inc


PS: If you run O365, you should *really* check out the new PhishRIP feature in PhishER. You're going to like that one...
Quotes of the Week
"Life shrinks or expands in proportion to one’s courage."
- Anais Nin, Writer (1903 - 1977)



"Your time is limited, so don't waste it living someone else's life. Don't be trapped by dogma - which is living with the results of other people's thinking. Don't let the noise of others' opinions drown out your own inner voice. And most important, have the courage to follow your heart and intuition."
- Steve Jobs, Business Magnate (1955 - 2011)



Thanks for reading CyberheistNews

Security News
Pretexting Defined

Pretexting is a social engineering tactic in which an attacker attempts to gain information, access, or money by tricking a victim into trusting them, according to Josh Fruhlinger at CSO Online.

Fruhlinger outlines the various techniques used in these scams, and explains that attackers try to insert enough real details to make the ruse believable.

“It's not enough to find it plausible in the abstract that you might get a phone call from your cable company telling you that your automatic payment didn't go through; you have to find it believable that the person on the phone actually is a customer service rep from your cable company,” Fruhlinger writes.

“Thus, the most important pretexting techniques are those the scam artist deploys to put you at ease. If an attacker has somehow obtained your cable bill, for example by going through your garbage, they'll be armed with the name of your cable provider and your account number when they call you, which makes you more likely to believe that they really are the character they're playing.”

Fruhlinger says this highlights how attackers prepare for targeted attacks. The Internet has made it much easier to gather information about any given person or organization, and all of this information can contribute to a social engineering scheme.

“This example demonstrates something of a pretexting paradox: the more specific the information a pretexter knows about you before they get in touch with you, the more valuable the information they can convince you to give up,” he says.

Fruhlinger concludes that the key to thwarting attacks is knowing how they work. “One of the best ways to prevent pretexting is to simply be aware that it's a possibility, and that techniques like email or phone spoofing can make it unclear who's reaching out to contact you,” Fruhlinger writes.

“Any security awareness training at the corporate level should include information on pretexting scams....On a personal level, it's important to be particularly wary whenever anyone who has initiated contact with you begins asking for personal information. Remember, your bank already knows everything it needs to know about you — they shouldn't need you to tell them your account number.

If you're suspicious about a conversation with an institution, hang up and call their publicly available phone number or write to an email address from their website.” New-school security awareness training can help your employees recognize social engineering tactics by teaching them the inner workings of pretexting attacks.

CSO Online has the story:
https://www.csoonline.com/article/3546299/what-is-pretexting-definition-examples-and-prevention.html
Maze Ransomware “Cartel” Adds More Ransomware Gangs to Its Data Leak Platform

It’s one thing if you’re up against one ransomware cybercriminal group. But what happens when they start acting like the good guys and joining forces?

It’s inevitable that the bad guys adopt the most successful business models used by traditional software vendors. We’ve seen ransomware be offered as a service, cybercriminal organizations that focus on the one part of an attack they’re really good at, and now we’re seeing cybercriminal organizations partner up to leverage one another to strengthen their product.

We heard recently that several ransomware gangs were teaming up to form an “extortion cartel”. But now, according to the “RansomLeaks” twitter account, The Maze Cartel is adding yet another ransomware gang to its family – RagnarLocker. Maze ransomware was the first ransomware to threaten to publicly post data held for ransom as a means of extorting the ransom payment.

And, while other gangs followed suit and began to create their own sites to post stolen data, it does make sense that if one is a really good ransomware creator but not such a great website developer (where data can be easily published), why not ask the guys who have already built the extortion site if you can use it (I assume for a fee)?

And so, Maze began recruiting outside ransomware gangs to be a part of their "cartel". In the end, both gangs make more money, so it’s a “win-win” (for the bad guys anyway).

I expect to see additional gangs jumping on board with the Maze Cartel – this only spells doom for organizations that aren’t prepared for a ransomware attack and the resulting data breach that must be assumed to have occurred.

The only good news is ransomware authors still only have two initial attack vectors – remote desktop access (which you can easily close the loop on), and phishing attacks. Educating users with ongoing security awareness training is impactful enough to lessen the risk of successful phishing attack resulting in the installation of ransomware.

By teaching them how to identify suspicious email and web content, users can stay clear of attacks intent on taking their employer to the cleaners.
What KnowBe4 Customers Say

"I went online to look for more information about the Inside Man series and saw that there was a Season 2. I am sooooooo GEEKED to learn more. We are pleased that our IT provider chose KnowBe4 for our Cybersecurity training!"
- A.N., LEED AP



"I’d like to take a moment to tell you two things; we are seeing great success using KnowBe4 and our Customer Success Manager, David, is fantastic! When I started at our City, cybersecurity was barely on the radar. After many systemic and procedural improvements, we applied for cyber liability insurance and we were, sadly, still uninsurable.

That is when we then began using KnowBe4, it has been the greatest improvement we have made. Along with other continued improvements, KnowBe4 has trained our staff to be a human firewall that no technology could replace.

Making people think about security before taking action has now allowed us to be insurable and score in the top 75th percentile for government entities nationwide. We have aimed to do this in a fun, friendly, and non-shaming way thanks to the tremendous help from our Customer Success Manager, David George.

He has heard our needs, helped to build all of our training, offered great suggestions, been consistently kind, is always responsive, and has been key to our City’s success.

As I attend conferences or receive emails about security, I explain what a great job KnowBe4 does and I have become a big proponent of your product. Thank you for constantly improving your content, thank you for providing this key security component, and thank you to David."
- R.B., Information and Maintenance Services Director

The 10 Interesting News Items This Week
    1. Here's what that Capital One court decision means for corporate cybersecurity:
      https://www.cyberscoop.com/capital-one-incident-response-mandiant-decision/

    2. SpaceX: We've launched 32,000 Linux computers into space for Starlink internet:
      https://www.zdnet.com/article/spacex-weve-launched-32000-linux-computers-into-space-for-starlink-internet/

    3. 40% of Consumers Hold CEO Personally Responsible for Ransomware Attacks, Research Shows:
      https://www.veritas.com/news-releases/2020-06-08-40-percent-of-consumers-hold-ceo-personally-responsible-for-ransomware-attacks-research-shows

    4. Fake ransomware decryptor re-encrypts your files again. Now you have to pay twice:
      https://www.scmagazineuk.com/twice-entangled-fake-ransomware-decryptor-encrypts-victims-files-again-honda-victim-ransomware/article/1685702

    5. The 20 Best Cybersecurity Startups To Watch In 2020:
      https://www.forbes.com/sites/louiscolumbus/2020/06/08/the-20-best-cybersecurity-startups-to-watch-in-2020/?subId3=xid%3Afr1591635661506ejg

    6. FBI warns of increased hacking risk if using mobile banking apps:
      https://www.bleepingcomputer.com/news/security/fbi-warns-of-increased-hacking-risk-if-using-mobile-banking-apps/

    7. This was inevitable: 'Thanos' ransomware weaponizes research tool against Microsoft Windows users:
      https://www.recordedfuture.com/thanos-ransomware-builder/

    8. Russia-linked Gamaredon hacker crew using Microsoft's Visual Basic for Applications to pwn Microsoft's Outlook:
      https://www.theregister.com/2020/06/11/eset_gamaredon_outlook/

    9. Phishing Attack Hits German Coronavirus Task Force:
      https://threatpost.com/phishing-attack-german-coronavirus-task-force/156377/

    10. Ransomware: Hackers took just three days to find this fake industrial network and fill it with malware:
      https://www.zdnet.com/article/ransomware-hackers-took-just-three-days-to-find-this-fake-industrial-network-and-fill-it-with-malware/
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2020 KnowBe4, Inc. All rights reserved.

Subscribe To Our Blog


Ransomware Has Gone Nuclear Webinar




Get the latest about social engineering

Subscribe to CyberheistNews