CyberheistNews Vol 10 #3 [Heads-Up] New Office 365 Phishing Attack Targets OAuth Apps Instead of Credentials

CyberheistNews Vol 10 #03
[Heads-Up] New Office 365 Phishing Attack Targets OAuth Apps Instead of Credentials

Trying to steal your username and password is so “yesterday.” The 2020 Hacker is now leveraging Office 365 OAuth APIs to gain control over user mailboxes with phishing tactics.

The usefulness of a captured Office 365 user logon to an attacker is only valuable until the logon's owner realizes they’ve been compromised, and their password is changed. And so, like any good attack, cybercriminals want to establish persistence – the ability for their target to remain accessible to them.

A new phishing attack spotted by security researchers at PhishLabs uses a malicious Office 365 App rather than the traditional spoofed logon page to gain access to a user’s mailbox.

Using traditional phishing tactics, victims are lured into clicking on a malicious link that appears to be hosted in SharePoint Online or in OneDrive. The malicious payload is a URL link that requests access to a user’s Office 365 mailbox.

By pressing ‘Accept’, the bad guys are granted full access to the user’s mailbox and contacts, as well as any OneDrive files the user can access.

Here Is Where the Evil Genius Comes In

Because the result of this attack is an app has been connected and granted access to an Office 365 account, resetting the user’s password has no effect. To eliminate the malicious access, the app must be disconnected – a completely separate process!

The good news is that your users still need to fall for the initial phishing email asking them to click the malicious link. Organizations that put users through continual security awareness training know their users have been taught to easily spot attempted attacks like this and not fall for them.

At the end of the day, this is just another phishing attack; there’s nothing particularly impressive about the phish. So, keep your users vigilant – as long as they can spot the phish, there’s nothing to worry about.

This is an interesting one for your friends. Send them a link to this blog post which has a screenshot:
[Live Demo] Identify and Respond to Email Threats Faster With PhishER

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. The increase of this email traffic can present a new problem!

With only approximately 1 in 10 user-reported emails being verified as actually malicious, how do you handle the real phishing attacks and email threats —and just as importantly— effectively manage the other 90% of user-reported messages accurately and efficiently?

Now you can with PhishER, a product which allows your Incident Response team to quickly identify and respond to email threats faster. This will save them so much time!

See how you can best manage your user-reported messages.

Join us, Tuesday, January 21 @ 2:00 pm (ET) for a live 30-minute demonstration of the PhishER platform. With PhishER you can:
  • Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
  • Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
  • Augment your analysis and prioritization of user-reported messages with PhishML, PhishER’s new machine-learning module
  • See clusters of messages to identify a potential phishing attack against your organization
  • Meet critical SLAs within your organization to process and prioritize threats and legitimate emails
  • Easy integration with KnowBe4’s Phish Alert email add-in button, or forwarding to a mailbox works too...
Find out how adding PhishER can be a huge time-saver for your Incident Response team!

Date/Time: Tuesday, January 21 @ 2:00 pm (ET)

Save My Spot:
[Scam of the Week] Don't Fall for This Trick: “Start your 2020 with a gift from us”

Paul Ducklin at Naked Security warned us about a scam that is going around and promises a gift by courier from overseas where the other person hasn’t told you what they’re sending, and the courier company doesn’t deliver the item directly.

Sometimes you get an email saying that the item is delayed because customs want to inspect it; or there’s import duty; or there’s an extra fee if you can’t collect it from the depot yourself. And to help you get through the paperwork easily, there’s often a tracking code and a clickable link in the email.

You can see where this is going, because cybercrooks love to copy real life on the grounds that it’s easier to lull you into a false sense of security when you’re following a process that feels familiar.

Scams like this aren’t so far away from real life, because emails from courier companies that document unexpected import and delivery charges are not that unusual and neither are gifts during the holiday season. Moreover, being gifts, they’re often a surprise that you don’t find about until either you or customs officials open the package. Well, don't fall for this kind of seasonal trick.

I suggest you send the following to your employees, friends and family. Feel free to copy/paste/edit:

ALERT: Bad guys are sending phishing emails that claim there is a free New Year's gift from overseas waiting for you. It's a scam. Here are four reminders about phishing emails like this:
  • Beware free gifts. Seriously, there is no such things as a free lunch. Don’t give out personal data to organizations or people you’ve never heard of.
  • Beware courier emails. When sending or receiving items by courier, get in contact with the recipient or sender by phone – to let them knows about the courier company you’re using and to provide a tracking number you can both trust.
  • These days most cybercriminals are using "HTTPS" websites because everyone expects a padlock in the address bar. But the padlock doesn’t mean you are on a legit site, just that you are on a site with an HTTPS certificate.
  • Do not click on links in emails. Ever. Go to your browser and type in the address of the site.
If you are a KnowBe4 customer, we have a ready-to-send template for you under our Current Events category. I suggest you send it to your full user population very soon. Here is how it looks:
[NEW WEBINAR] Now That Ransomware Has Gone Nuclear, How You Can Avoid Becoming the Next Victim?

There is a reason more than half of today’s ransomware victims end up paying the ransom. Cyber-criminals have become thoughtful; taking time to maximize your organization’s potential damage and their payoff. After achieving root access, the bad guys explore your network reading email, finding data troves and once they know you, they craft a plan to cause the most panic, pain, and operational disruption. Ransomware has gone nuclear.

Join us, Thursday, January 30 @ 2:00 pm (ET), for this webinar where, Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, will dive into:
  • Why data backups (even offline backups) won’t save you
  • Evolved threats from data-theft, credential leaks, and corporate impersonation
  • Why ransomware isn’t your real problem
  • How your end users can become your best, last line of defense
Date/Time: Thursday, January 30 @ 2:00 pm (ET)

Save My Spot!
[FUN DEPT] So, How Do You Say Congrats in a *Really* Big Way? Check -THIS- out!:

I was scratching my head. How do you say Congrats to your team when they have done a truly AWESOME job in 2019, and totally knocked it out of the park in the last quarter?

We are known to do fun and crazy things in KnowBe4, but how do you top what you did last time?

So I asked my Chief of Staff Tiffany Mortimer if she had any ideas. Lo and behold, she came up with something really creative—she gets full credit for this one—and then she got the whole thing executed in just a few days when this normally takes a month.

So how does it look when you have a banner year (lame pun intended) and wrap a building with a huge... banner? Check out how -that- looks!:
[On-Demand Webinar] 12 Ways to Defeat Multi-Factor Authentication

Everyone knows that multi-factor authentication (MFA) is more secure than a simple login name and password, but too many people think that MFA is a perfect, unhackable solution. It isn't!

Join Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist, and security expert with over 30-years experience, for this on-demand webinar where he will explore 12 ways hackers can and do get around your favorite MFA solution.

The webinar includes a hacking demo by KnowBe4's Chief Hacking Officer, Kevin Mitnick, and real-life successful examples of every attack type. Roger will share ideas about how to better defend your MFA solution so that you get maximum benefit and security.

You'll learn about the good and bad of MFA, and become a better computer security defender in the process, including:
  • 12 ways hackers get around multi-factor authentication
  • How to defend your multi-factor authentication solution
  • The role humans play in a blended-defense strategy
Watch This Webinar Right Now!

Let's stay safe out there.

Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

PS: There is a new, very useful whitepaper about overcoming the challenges of managing third-party compliance with new data protection laws like GDPR and CCPA:
Quotes of the Week
"At the center of your being you have the answer; you know who you are and you know what you want." - Lao Tzu - Philosopher (604 - 531 BC)

"There has never been a good war or a bad peace."
- Benjamin Franklin, Founding Father, Diplomat (1706 - 1790)

Thanks for reading CyberheistNews
Security News
Encryption Isn’t Your Only Ransomware Problem - There Are Some Other Nasty Issues

Ransomware has become one of the most dreaded problems in the cyber world and it’s only getting worse. Much worse!

Traditionally, ransomware was a trojan horse malware program which when it found a new host computer simply went off, encrypted all the data it could find, and sent the user an onscreen message to pay a particular ransom amount using an untraceable cryptocurrency. That was bad enough.

These days, ransomware has become much worse and a great backup isn’t going to save you. How has it gotten worse? This blog post is a 7-minute read and very much worth it:
The Top 5 Eyeopener Strategies to Improve Your IT Defenses and Keep Bad Guys out of Your Network

Last year, in 2019 according to CVEdetails, there were 12,174 new, publicly announced vulnerabilities. If that sounds like a high number, it’s a lot less than the previous two years. We had 16,556 in 2018 and 14,714 the year before.

And that’s on top of the several hundreds of millions of unique malware programs and all the conniving human adversaries trying to break into your organization, including nation-states, financial criminals, data and IP thieves, hacktivists, and script kiddies. All-in-all we’ve got a lot to worry about.

Cybersecurity defense is all about decreasing risk from the most likely attacks. The sheer number of new threats definitely complicates the job, but you can significantly improve your defense and it likely won’t cost you much. It’s more of a re-focusing on what should matter the most.

Here are 5 eyeopener strategies to improve your IT defenses and keep the bad guys out of your network.
  1. Understand Risk Better
  2. Concentrate on Defeating Phishing
  3. Better Patch – Focus on the Right Things
  4. Tested Restore
  5. Early Detection
This blog post goes into each of these major points and explains how to achieve them:
What KnowBe4 Customers Say

"I wanted to reach out to share some positive feedback, and I’m copying our CEO and Executive VP for visibility. We’ve recently worked closely with your MSP teams to close our largest joint opportunity to date. You may know this particular opportunity required a lot of heavy lifting from both our teams in the lead up to closing the deal, as well as after the fact.

I wanted to share that your team was very helpful throughout the lengthy process. There were definitely times where extensive administration limited the light at the end of the tunnel, but thanks to the willingness-to-help of Heather and Kelly, possible frustrations and miscommunications were defused.

We have immense growth potential with this customer – so more heavy lifting might come our way – and I trust we’ll continue to be successful together.

We’ve learned a lot working through this opportunity, and I look forward building a mature MSP program together. We’re really just getting started, and I see a massive opportunity for a well-oiled Security Awareness business together.

I only got to work with Kelly and Heather this year (and Monica, who’s been very supportive on the resale side), and the team has been great to work with. I look forward to a more strategic partnership in 2020. I hope to join you for KB4-CON in April, and discuss this more with you and the team.
- M.J., Director, Strategic Alliances
KnowBe4 December Content Update

We've got lots of new stuff for you. This update includes new versions of Email Exposure Check Pro and phishing security test tools now in 20+ languages. Check it all out here:
The 10 11 Interesting News Items This Week
    1. Encryption Isn’t Your Only Ransomware Problem - There Are Some Other Nasty Issues:
    2. Iran’s Military Response May Be ‘Concluded,’ but Cyberwarfare Threat Grows:

    3. CISA INSIGHTS Increased Geopolitical Tensions and Threats Document with 9 Things To Do:

    4. New Standards Set to Reshape Future of Email Security... maybe:

    5. New Iranian data wiper malware hits Bapco, Bahrain's national oil company:

    6. The Evolution Of Phishing And Five Tips To Avoid Being Caught. By yours truly in Forbes:

    7. Facebook Bans Deepfakes but Permits Some Altered Content:

    8. Travelex Outage Blamed on Ransomware Attack & takes Share price down 6%:

    9. SNAKE Ransomware Is the Next Threat Targeting Business Networks:

    10. How Iran built an online disinformation machine to rival Russia's:

    11. BONUS: Why Phishing Threatens Your Brand’s Integrity:
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2020 KnowBe4, Inc. All rights reserved.

Subscribe To Our Blog

Your Coronavirus and Work From Home Resource Center

Get the latest about social engineering

Subscribe to CyberheistNews