CyberheistNews Vol 10 #36 [FUN] What (Really) Happens When You Type in a URL in an Address Bar in a Browser?



 

CyberheistNews Vol 10 #36
[FUN] What (Really) Happens When You Type in a URL in an Address Bar in a Browser?

I saw this post on Twitter with a fun and educational infographic that shows it's quite a complicated affair where lots of things can go wrong. Here is the infographic, if you click on it, it will enlarge. This is fun to step through and send to some end-users that might need to understand a bit more about how it all works under the hood. I also added definitions in super simple words.

Have fun with this one!
https://blog.knowbe4.com/what-happens-when-you-type-in-a-url-in-an-address-bar-in-a-browser
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Join us TOMORROW, Wednesday, September 2 @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.

Get a look at new features and see how easy it is to train and phish your users:
  • NEW! AI Recommended training suggestions based on your users’ phishing security test results.
  • NEW! Brandable Content feature gives you the option to add branded custom content to select training modules.
  • Train your users with access to the world's largest library of 1000+ pieces of awareness training content.
  • Send fully automated simulated phishing attacks, including thousands of customizable templates with unlimited usage.
  • Assessments allows you to find out where your users are in both security knowledge and security culture to help establish baseline security metrics you can improve over time.
  • Advanced Reporting on 60+ key awareness training indicators.
  • Active Directory Integration to easily upload user data, eliminating the need to manually manage user changes.
Find out how 34,000+ organizations have mobilized their end-users as their human firewall.

Date/Time: TOMORROW, Wednesday, September 2 @ 2:00 PM (ET)

Save My Spot!
https://event.on24.com/wcc/r/2600651/79C5CECF9E6B180D3721681F90E18FC7?partnerref=CHN2
Tesla and the FBI Just Prevented a $1 Million Ransomware Hack at the Nevada Gigafactory

Fred Lambert at Electrek just reported on a story we published Aug 26th, and he reveals who was targeted: "Tesla and the FBI worked together to prevent a group of ransomware hackers from attacking Tesla’s Gigafactory Nevada, according to a complaint from the FBI.

The FBI released information this week on the arrest of Egor Igorevich Kriuchkov, a 27-year-old Russian citizen, who they claim was part of a group who attempted to extort millions of dollars from a company in Nevada, which has now been identified as Tesla.

According to the complaint, Kriuchkov traveled to the US in July on a tourist visa and made contact with a Russian-speaking employee at Tesla Gigafactory Nevada.

He met the employee, who remains anonymous in the complaint, several times socially before making him a proposition to pay him to help introduce malware in Tesla’s internal computer system in order to extract corporate data and affect Tesla’s operations.

Kriuchkov alleged that he was representing a group that would then arrange a ransom with Tesla in order to not release the information and stop affecting its operations. The well-trained employee didn’t refuse, but he immediately informed Tesla, who in turn informed the FBI.

CONTINUED:
https://blog.knowbe4.com/tesla-and-the-fbi-just-prevented-a-1-million-ransomware-hack-at-the-nevada-gigafactory
[NEW WEBINAR] Think Like a Hacker: Learn How to Use Open Source Intelligence (OSINT) to Defend Your Organization

In today's digital age we are surrounded by massive amounts of data every day. This makes it ridiculously easy to gather shockingly detailed information about anyone… even your organization. Bad actors use open source intelligence (OSINT) techniques to gather this inside knowledge and create attacks your users will click on. No one knows this better than former CIA Cyber Threat Analyst and Technical Intelligence Officer, Rosa Smothers. But she can show you how to use OSINT to turn the tables on the bad guys and regain the upper hand.

Join us on Thursday, September 10 @ 2:00 PM (ET) for this live webinar as Rosa, now KnowBe4's SVP of Cyber Operations shares her insights on how to leverage OSINT to defend your organization and think like a hacker!

Rosa will show you:
  • How to go beyond general OSINT techniques to gather the details you need for effective investigations
  • Apps and analytic techniques that enhance your research and data interpretation
  • Live demonstrations of OSINT gathering techniques you can use before the bad guys do
  • How training your users to understand OSINT and their digital footprint can protect your organization from threat actors
Learn how to use hackers' best techniques against them and earn CPE credit for attending!

Date/Time: Thursday, September 10 @ 2:00 PM (ET)

Save My Spot!
https://event.on24.com/wcc/r/2622290/4DC55B3755C095890D23F523D78DCC7E?partnerref=CHN1
New Lazarus Spear Phishing Attack on Crypto Organizations Uses a LinkedIn Job Posting as Its Front

What better way to gain complete control over a crypto organization’s network than to target their sysadmin with a Job Posting and then spear phish them?

It’s a brilliant and elegant attack. The Lazarus group, formerly responsible for WannaCry, is jumping on the cryptocurrency-as-the-target bandwagon. We’ve seen prominent twitter accounts being hacked with crypto as the endgame, as well as recent vishing attacks on financial organizations to eventually gain access to high net worth customers’ cryptocurrency accounts.

According to security researchers at F-Secure, in this latest attack from Lazarus, a legitimate LinkedIn ad is posted looking for a sysadmin for a blockchain technology company. The ad targets current sysadmins at cryptocurrency orgs. Once a candidate sysadmin engages via the ad, they are sent a Word document as part of the process, complete with the claim that the document is protected under GDPR and requires macros to be enabled.

Once enabled, a series of malicious actions occur including the conducting of system checks and downloading system-specific malware payloads. Credential harvesting, deletion of security log entries, and lateral movement are all part of the attack.

Despite the sophistication of the attack, there is one common, non-technical element that determines whether this campaign works or not – the human.

The success or failure of this attack rests solely with the sysadmin; if they don’t fall for the macro enabling and realize this is probably a scam, the whole thing falls apart.

This is why I recommend that everyone – from the mailroom to the boardroom step through new-school security awareness training and educate employees on common tactics that are not just used, but often required as part of a phishing attack.
See How You Can Get Audits Done in Half the Time at Half the Cost

You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments and third-party vendor risk is a continuous problem.

KCM GRC is a SaaS-based platform that includes Compliance, Risk, Policy and Vendor Risk Management modules. KCM was developed to save you the maximum amount of time getting GRC done.

Join us TOMORROW, Wednesday, September 2 @ 1:00 PM (ET), for a 30-minute live product demonstration of KnowBe4's KCM GRC platform. Plus, get a look at brand new compliance management features we’ve added to make managing your compliance projects even easier!
  • NEW! Control guidance feature provides in-platform suggestions to help you create controls to meet your specific scopes and requirements.
  • NEW! Assign additional users as approving managers to review task evidence before a task is closed with tiered-level approvals.
  • Vet, manage and monitor your third-party vendors' security risk requirements.
  • Simplify risk management with an intuitive interface and simple workflow based on the well-recognized NIST 800-30.
  • Quick implementation with pre-built requirements templates for the most widely used regulations.
  • Dashboards with automated reminders to quickly see what tasks have been completed, not met, and past due.
Date/Time: TOMORROW, Wednesday, September 2 @ 1:00 PM (ET)

Save My Spot!
https://event.on24.com/wcc/r/2600456/A4AD90725EA774C72016D9EC1418F6F3?partnerref=CHN2

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman
Founder and CEO
KnowBe4, Inc



Quotes of the Week
"Truth, like gold, is to be obtained not by its growth, but by washing away from it all that is not gold."
- Leo Tolstoy, Writer and Philosopher (1828 - 1910)



"Life is really simple, but we insist on making it complicated."
- Confucius, Philosopher (551 - 479 BC)



Thanks for reading CyberheistNews

Security News
The Bureau Explains How Tech Support Scams Work

Tech support scams function like organized businesses and consist of various criminals fulfilling different roles, according to court documents obtained by ZDNet. The documents contain the affidavit of an FBI special agent who describes a case involving an informant who worked for a tech support scam group based out of India.

“The Informant described himself and [Redacted] as brokers engaged in tech support fraud,” the documents state. “He explained that they bought telephone call traffic, specifically calls placed by people who, based on advertising that they had seen on their computers, believed that their computers had been or were being attacked by malware.

The Informant explained that such advertising was not based on any information indicating that the callers’ computers had malware problems and also explained that the advertising was often targeted toward those likely to lack computer or software expertise.”

The informant explained that other participants in the scam, known as “publishers”, would plant the fear-inducing ads across the Internet. “The Informant described the role of ‘publishers’ in the tech support fraud,” the documents say. “He explained that publishers created various forms of online advertising, including pop-up ads, designed to mislead viewers into believing that malicious software or malware was attacking their computers.

For example, the Informant suggested that a publisher could place ads on Facebook offering travel agent services for retirees interested in cruise vacations. A viewer who clicked on the ads would be directed to a page that would state that the viewer's computer had been infected by a virus or was being attacked by malware and advise the viewer to call a particular telephone number.”

The agent then describes how scammers working at fraudulent call centers use social engineering to trick callers into paying for phony tech support.

“The Informant explained that brokers could purchase from a publisher the calls generated by such advertising,” the documents continue. “Using call routing technologies, the publisher would route incoming calls to the broker. The broker in turn could sell the calls by re-routing them directly to call centers or to other brokers who ultimately had the calls routed to call centers.

The Informant explained that call centers, specifically those involved in telemarketing fraud, were facilities designed to accept incoming calls and extract money from the callers. Typically, call centers were comprised of multiple operators, each of whom would be familiar with the sort of advertising that had been seen by the callers.

The operators would accept the calls generated by the publishers’ advertising and seek to extract money from the callers by purporting to provide computer protection services.”

ZDNet has the story:
https://www.zdnet.com/article/fbi-informant-provides-a-glimpse-into-the-inner-workings-of-tech-support-scams/
Recent Phishing Scam Sends Uncertain Employment and Bogus Layoff Notices

Scammers have been exploiting people’s fears by posing as HR employees and sending emails informing recipients that they’ve been laid off, according to Kaspersky’s spam and phishing report for Q2 2020. The emails contain malicious attachments that purport to be receipts for two months’ salary.

“The employee was informed that the company had been forced to discharge them due to the pandemic-induced recession,” the researchers write. “The dismissal ‘followed the book,’ in that the attachment, according to the author of the email, contained a request form for two months’ worth of pay. Needless to say, the victim only found malware attached.”

There are at least two lessons here. First, fear and anxiety are powerful inducements to getting people to open malicious email. Second, consider the role organizational policy can play here. Do people expect to receive such important notices by email? They probably shouldn’t.

The researchers also observed a spike in voice phishing scams at the end of the quarter. These scammers sent emails posing as Microsoft directing recipients to call the Microsoft Support Team at the phone number supplied in the email.

“The share of voice phishing in email traffic rose noticeably at the end of Q2 2020,” they write. “One mailshot warned of a suspicious attempt at logging into the target’s Microsoft account, originating in another country, and recommended that the target contact support by phone at the supplied number.

This spared the scammers the need to create a large number of fake pages, as they tried to get all the information they needed over the phone.”

Scammers also took advantage of global shipping complications by sending fake notices of delivery delays. Kaspersky highlights one instance in which the scammers disguised a malicious attachment as an image file.

“Another, relatively original, trick employed by cybercriminals was a message containing a miniature image of a postal receipt,” they write. “The scammers expected the curious recipient to take the attachment, which was an ACE archive despite its name containing “jpg”, for the real thing and open it.

The mailshots we detected used this as a method of spreading the Noon spyware. The scam can only be detected if the email client displays the full names of attachments.”

Kaspersky has the story:
https://securelist.com/spam-and-phishing-in-q2-2020/97987/
What KnowBe4 Customers Say

Hi Stu, thanks for the email. So far – I’m a very happy camper. The onboarding has been fantastic. KrisP is a joy to work with and has really helped us get off to a solid start. I appreciate the email and more importantly – a solution for phish testing and security awareness training that works well.
- S.R., Director of IT



Hey Stu, Thanks for reaching out! I am a happy camper! The training that we’ve been deploying has been invaluable to my team. I would like to call out JessicaW JaredM, JeffG, and DavidM for their efforts in assisting me with all my needs. In the end it’s not the company, but people who truly care that makes the difference.
- L.S., IT Support Specialist
The 10 Interesting News Items This Week
    1. Double extortion ransomware attacks and how to stop them:
      https://www.computerweekly.com/feature/Double-extortion-ransomware-attacks-and-how-to-stop-them

    2. Average Cost of a Data Breach in 2020 is a chunky 3.86 Million dollars:
      https://www.darkreading.com/vulnerabilities---threats/advanced-threats/average-cost-of-a-data-breach-in-2020-$386m/a/d-id/1338660

    3. 15-Min Must-See Video: Office 365's Vast Attack Surface & All the Ways You Don't Know You're Being Exploited Through It:
      https://www.darkreading.com/cloud/office-365s-vast-attack-surface-and-all-the-ways-you-dont-know-youre-being-exploited-through-it/d/d-id/1338566

    4. How to Not Be a CISO. Most interesting article on Uber’s 2016 data breach. He is facing federal charges:
      https://slate.com/technology/2020/08/uber-joseph-sullivan-charged-data-breach.html

    5. WIRED: "Ransomware Has Gone Corporate. Where Will It End?":
      https://www.wired.com/story/ransomware-gone-corporate-darkside-where-will-it-end

    6. Reuters: Russian-backed organizations amplifying QAnon conspiracy theories, researchers say:
      https://www.reuters.com/article/us-usa-election-qanon-russia-idUSKBN25K13T

    7. Deep Fake: Setting the Stage for Next-Gen Social Engineering:
      https://www.darkreading.com/attacks-breaches/deep-fake-setting-the-stage-for-next-gen-social-engineering/a/d-id/1338680

    8. How phishing attacks have exploited Amazon Web Services accounts:
      https://www.techrepublic.com/article/how-phishing-attacks-have-exploited-amazon-web-services-accounts/

    9. CISA Warns of Vulnerabilities in Popular Domain Name System Software:
      https://us-cert.cisa.gov/ncas/current-activity/2020/08/21/isc-releases-security-advisories-bind

    10. CEO Experian South Africa: "We were not hacked, a clever criminal convinced us to give him our data." LOL:
      https://mybroadband-co-za.cdn.ampproject.org/c/s/mybroadband.co.za/news/security/364636-we-were-not-hacked-a-clever-criminal-convinced-us-to-give-him-our-data-experian-sa-ceo.html/amp
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2020 KnowBe4, Inc. All rights reserved.

Subscribe To Our Blog


Ransomware Hostage Rescue Manual




Get the latest about social engineering

Subscribe to CyberheistNews