CyberheistNews Vol 10 #39 CrowdStrike: "More Cyberattacks in the First Half of 2020 Than in All of 2019"




CyberheistNews Vol 10 #39
CrowdStrike: "More Cyberattacks in the First Half of 2020 Than in All of 2019"

According to a recent study conducted by cybersecurity firm CrowdStrike, recent threat activity throughout its customers’ networks has shown more intrusion attempts within the first half of 2020 than in all of 2019.

This may be due to the pandemic and subsequent lockdown measures forcing employees to mass shift to teleworking. This may also be due to the growing availability of ransomware-as-a-service.

Between January 1 and June 30 of 2020, CrowdStrike stated that their threat hunting team detected and blocked roughly 41,000 potential intrusions. Last year, the same team investigated just 35,000 intrusions over 12 months, resulting in a 154% increase in cyberattacks year-on-year.

CrowdStrike believes that the biggest cause for the dramatic increase in threat activity was the adoption of teleworking as a result of the COVID-19 pandemic, stating that the switch was too sudden and expanded several organizations’ attack surfaces by an unpredictable amount.

Threat actors jumped on the opportunity to exploit these newly increased attack surfaces and were more successful than in recent years as well. Extortion attacks were also up this year, with threat actors using ransomware to steal sensitive personal data and then threaten to release it if ransom demands were not met.

Get the full report here:
https://blog.knowbe4.com/crowdstrike-more-cyberattacks-in-the-first-half-of-2020-than-in-all-of-2019
Your Organization Through the Eyes of an Attacker

The bad guys are out there, watching and waiting for an opportunity to strike. They are gathering information about your organization and users, devising the perfect plan to infiltrate your defenses.

What if you could see your organization through the eyes of an attacker? We'll give you insights into their motivations and how you can use that information to your advantage. Plus, we’ll show simple strategies you can implement to make your organization a harder target.

Join Roger Grimes, Data-Driven Defense Evangelist at KnowBe4, as he dives into the mind of a hacker to help you better understand your risks, and what you can do today to improve your defenses right now.

In this session you’ll learn:
  • Why hackers are targeting your organization
  • Three key questions you need to be able to answer about your network security
  • The common mistakes your organization will make when building your defenses
  • How your end users can help you can defend against ever-evolving threats
Get the details you need to know now and earn CPE credit for attending!

Date/Time: TOMORROW, Wednesday, September 23 @ 2:00 PM (ET)

Save My Spot!
https://event.on24.com/wcc/r/2658973/3F22E53E58BF9BF9C2A11A40F807A5F5?partnerref=CHN2
When Phishing and Disinformation Meet

The Insider reported that QAnon is co-opting a USPS phishing scam, and claim the smishing text messages are linked to human trafficking.

"A viral [text] phishing scheme is targeting people across the country with scammy text messages claiming to be from the United States Postal Service (USPS). Now, QAnon conspiracy theorists have jumped into the fray, falsely claiming the scheme is tied to human trafficking, as reported by Insider.

There’s no evidence to suggest this is true. The rumor has spread on Facebook and Instagram, echoing the Wayfair conspiracy theory that went viral earlier this summer. Unlike the Wayfair conspiracy, however, the USPS myth is obfuscating a real phishing threat.

The scam involves text messages that claim to have information about a USPS delivery. To find out more, people have to click a link. On Twitter, security researcher Eric Ellason said the link goes to the domain m9sxv.info, which then redirects to jtuzd.rdtk.io. He speculated the goal was to steal peoples’ credentials, as reported by Gizmodo.

On September 1st, an Instagram user with over 5,000 followers posted a screenshot of the text message, and said that clicking the link would have given traffickers access to her location. “There is a new sex trafficking method where you will receive a text message saying that there was an issue with a package that you have purchased,” she wrote. “Whether the ‘problem’ is your packaged has been lost, damaged, etc. the message will send you to a link to ‘track your package’, and apparently once you open the link your location will begin to be immediately tracked.”

By then, the rumor had already gone viral enough that Polaris, the non-profit behind the National Human Trafficking Hotline, had to put out a statement. It said the organization had received numerous reports about the USPS scheme and its supposed link to human trafficking. It urged people not to spread false information.

“Handling a surge of concern over viral social media posts makes it far more difficult for the Trafficking Hotline to handle other reports in a timely manner and might result in wait times for people who have a limited window of opportunity to reach out safely,” Polaris wrote.

If there’s a bright spot on this bleak horizon, it’s that the rumor could stop people from clicking the link in the scammy text message. Inadvertently thwarting a phishing scam by spreading misinformation about human trafficking is very 2020, to say the least. KnowBe4 just released a new Disinformation training module.

You can discuss this topic at KnowBe4's HackBusters user forums:
https://discuss.hackbusters.com/t/wave-of-smishing-texts-informing-you-of-parcel-arrival-hoping-to-get-your-creds/5137
[WEBINAR] The Critical Need to Improve Your Compliance Processes

You know that compliance is an important requirement but can also be time-consuming and fraught with risk. Still, most organizations have not implemented the processes and tools necessary to manage the compliance process efficiently.

The often-tedious processes related to compliance don’t have to be a burden or a risk. Your security and compliance can be aligned and made more efficient by reducing or eliminating redundant steps and using the right tools.

Join Erich Kron, Technical Evangelist at KnowBe4, to learn how you can streamline your processes to effectively demonstrate compliance and save so much time.

In this webinar we will discuss:
  • Common challenges organizations face regarding compliance
  • The dangerous impact non-compliance can have on your organization
  • Differences between organizational and departmental compliance
Find out how to streamline your audit processes, assign tasks, and organize evidence in a way that will save you tons of time. And earn CPE credit for attending!

Date/Time: THIS WEEK, Thursday, September 24 @ 2:00 PM (ET)

Save My Spot!
https://event.on24.com/wcc/r/2659486/A283A72CF83010D5972DCDE73B202AD1?partnerref=CHN2
Bitcoin Millionaire Loses 16M to a Compromised Wallet and Simple Social Engineering

This brief tale of misfortune shows how unpatched software and letting your guard down – especially when 16 mil is on the line – can be all that’s needed for a successful scam.

A recent post to a GitHub thread focused on phishing attacks using the Electrum digital wallet came to life recently with a user known as 1400BitcoinStolen posted about how they had been taken for 1,400 BTC that had been sitting since 2017.

According to the thread, the owner of the 1,400 Bitcoins foolishly installed an older version of Electrum – one that was well-known to have been exploited multiple times. The moment a transfer was attempted, a pop-up appears asking them to update their security before transferring funds.

Apparently that pop-up was the work of a phishing scam intent on stealing security details enough to pose as the Bitcoiner and to transfer their $16 million in BTC to another address.

There are two lessons to be learned from this story:
    1. Always use the most up to date software – the makers of the Electrum digital wallet have posted the vulnerability of the earlier version of software for over two years on their website.

    2. Always be suspect anytime security and credentials are involved – whenever someone is asked to provide their credentials, answer security questions, or take actions that are abnormal, your defenses should go up.
It unfortunately sounds like the former bitcoin millionaire wasn’t paying attention at all from start to finish – and got taken for it. Your organization can fall prey to the same lack of attention should users involved with the company’s finances be tricked into committing fraud, giving up credentials that provide access to email, and more.

Teaching your users to always be alert and vigilant when interacting with email and the web is critical.
Your National Cybersecurity Awareness Month Resource Kit

October is National Cybersecurity Awareness Month (NCSAM), which is a perfect time for you to raise awareness about the importance of cybersecurity in your organization. Not sure where to start? We've got you covered with the resources you need to help keep your users secure from anywhere.

Here is what you'll get:
  • A sample Cybersecurity Awareness Month training plan PDF containing recommended bite-sized training content to share with your users for each week throughout October
  • A complimentary training module for your users: "Social Media: A Global Concern" available in 34 languages
  • Resources to share with your users including infographics, awareness posters and screensavers, and a helpful cybersecurity awareness tip sheet
  • Bonus: access to resources for you including our popular on-demand webinar and whitepaper
Request your kit now to help your users make smarter security decisions this October and beyond.

Get Your NCSAM Resource Kit!
https://www.knowbe4.com/ncsam-resource-kit

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

PS: Check out the Glassdoor Top Tech CEOs during COVID List, you may find some familiar faces. :-D
https://www.techrepublic.com/article/glassdoor-the-top-8-tech-ceos-during-covid-19/



Quotes of the Week
"Laughter is the sun that drives winter from the human face."
- Victor Hugo (1802 - 1885)



"In any moment of decision, the best thing you can do is the right thing, the next best thing is the wrong thing, and the worst thing you can do is nothing."
- Theodore Roosevelt (1858 – 1919)



Thanks for reading CyberheistNews

Security News
[Announcement] KnowBe4 ModStore: New Series "Security Snapshots" From Twist & Shout

They've made you laugh. They've made you cry. You know and love them! Twist & Shout are here once again with a series of 12 stand-alone security micro-dramas! These Security Snapshots are small but mighty in impact. Each short film takes a fundamental behavioral issue and demonstrates how people can come unstuck, in excruciating frame-by-frame slow-motion.

Topics include phishing, unsecured Wi-Fi, waste-disposal, email attachments, and oversharing on social media.
  • Security Snapshots #01 - Physical Access
  • Security Snapshots #02 - Oversharing/Safe Media
  • Security Snapshots #03 - Phishing
  • Security Snapshots #04 - Document Disposal
  • Security Snapshots #05 - Clean Desk Policy
  • Security Snapshots #06 - Cloud Sharing
  • Security Snapshots #07 - Passwords
  • Security Snapshots #08 - Public Wi-Fi
  • Security Snapshots #09 - Ransomware
  • Security Snapshots #10 - Mobile Devices
  • Security Snapshots #11 - Portable Storage Devices
  • Security Snapshots #12 - Insider Threat
You can check them all out here and have a good chuckle. Great for a "learning moment" instant-instruction when someone falls for a phishing attack:
https://blog.knowbe4.com/announcement-knowbe4-modstore-new-series-security-snapshots-from-twist-shout
Assume Criminals Already Have Your Information

People should operate under the assumption that criminals already have their personal information in order to avoid falling victim to phishing and fraud, according to Shai Cohen, Senior Vice President of Global Fraud Solutions at TransUnion.

On the CyberWire’s Hacking Humans podcast, Cohen explained that organizations need to implement numerous layers of defense to prevent both their employees and customers from criminals.

“The key is for organizations to really advance the digital play because the surface has become, as we expect, especially in today's environment, more and more digital,” he said. “And as we see new methods, we kind of add more solutions that can help continue and prevent any kind of fraud issues, you know, account takeover, phishing, stealing personal data and using it in a bad way, creating things like synthetic identity.

All these types of methods require us to kind of stay on our toes and keep evolving our solutions.”

Cohen described the methods that TransUnion is using to fight fraudsters who use stolen data, but he added that there are steps people can take to defend themselves as well.

“So first of all, the assumption is always that your information is already on the dark web, right?” Cohen said. “And the fraudsters possess your information. So, because of all of these threats, the consumer needs to kind of always make sure that they check twice before pressing on an email link and make sure that all the information that they have is being used safely, not do anything that – especially with phishing attacks, right?

Phishing is all about, you know, send you a text, emails, phone calls trying to get your personal data. Be very careful when opening anything, any communication from someone that you don't really know.”

Cohen said consumers should also ask their banks and other institutions about the protections they have in place to thwart fraud.

“And also, when you work with, for example, financial institutions or your provider, make sure that their level in digitally protecting your data is there and they pay a lot of attention to that, because consumers expect their financial institutions, anyone that they do business with, to be advanced digitally and especially in protecting their information,” Cohen concluded.

“So check also with your provider.” New-school security awareness training can help your employees take proactive steps to defend themselves against fraud and social engineering.

The CyberWire has the story:
https://thecyberwire.com/podcasts/hacking-humans/116/transcript
How to Become a Harder Target and Keep Chinese APTs Out of Your Network

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding threat actors associated with China’s Ministry of State Security (MSS).

CISA says these hacking groups rely largely upon open-source collection, public exploits, and known vulnerabilities to compromise networks. These techniques aren’t technically sophisticated, but they don’t need to be.

“The continued use of open-source tools by Chinese MSS-affiliated cyber threat actors highlights that adversaries can use relatively low-complexity capabilities to identify and exploit target networks,” CISA says. “In most cases, cyber operations are successful because misconfigurations and immature patch management programs allow actors to plan and execute attacks using existing vulnerabilities and known exploits.”

Some of the top vulnerabilities exploited by Chinese threat actors over the past twelve months include serious flaws in F5’s Big-IP, Citrix and Pulse Secure VPNs, and Microsoft Exchange Server. Patches are available for all of these vulnerabilities, but the hackers are able to exploit them before organizations apply the fixes.

The threat actors are also using repositories of leaked usernames and passwords to launch credential-stuffing attacks against accounts.

“While this sort of activity is not a direct result of the exploitation of emergent vulnerabilities, it demonstrates that cyber threat actors can effectively use available open-source information to accomplish their goals,” the agency says.

“Further, a threat actor does not require a high degree of competence or sophistication to successfully carry out this kind of opportunistic attack.”

Additionally, CISA says these groups are sending spearphishing emails with malicious links to gain initial access to networks. “In the last 12 months, CISA has observed Chinese MSS-affiliated actors use spearphishing emails with embedded links to actor-owned infrastructure and, in some cases, compromise or poison legitimate sites to enable cyber operations,” the advisory states.

Alert employees who are resistant to criminal social engineering are also forearmed against many of the things professional spies will throw at them. New-school security awareness training can provide your organization with an essential layer of defense by enabling your employees to thwart social engineering attacks.

CISA has the story:
https://us-cert.cisa.gov/ncas/alerts/aa20-258a
What KnowBe4 Customers Say

"Stu, our Agency has been a happy client of KnowBe4. One of the reasons it has been a pleasure to work with your organization is ErinF. Erin has been attentive and helpful, representing KnowBe4 superbly with us and reflecting a warm and friendly "corporate culture" for your organization.

Other than when I have called Erin for advice, Erin has checked in with me periodically, just to make sure everything is working for us. That is uncommon nowadays and it is very much appreciated. She deserves a big shout-out. We are about renewing our contract with KnowBe4 and look forward to our continuing relationship."
- G.I., CISO



"Stu, I am a fairly new KnowBe4 customer. I have been working with GregG, who is your Customer Success Manager assigned to me. Just wanted to tell you that he is the most high energy guy. He hits it out of the park every time we talk. I love his helpful attitude too. He usually ends the call asking when he get me back on his calendar to follow-up. That is very unusual, that the CSM asks for more work! I love this guy …and I love everything KnowBe4 is doing. Great work!"
- H.C. Cyber Security Manager



"HA! That’s awesome! Yes, our security consultants are conducting a Pentest this week and set up a social engineering test (phishing), mimicking KB4. I think that’s fantastic that you guys saw it and alerted me. That just enforces my faith in KB4, knowing you’re taking care of us in this way.

Their phishing e-mail went out today and I’ll know the results tomorrow morning. I’m pretty confident very few, if any, of my users fell for it, though our consultants work very hard, every time we do a Pentest with a social engineering component, to do their homework and reconnaissance when building their e-mail template. Thank you!"
- H.J., Systems Administrator
The 11 Interesting News Items This Week
    1. OUCH: 39% of Employees Access Corporate Data on Personal Devices:
      https://resources.trendmicro.com/20-Q3-UK-Head-in-the-Clouds.html

    2. U.S. Charges Chinese Nationals in Cyberattacks on More Than 100 Companies:
      https://www.wsj.com/articles/justice-department-unseals-indictments-alleging-chinese-hacking-against-u-s-international-firms-11600269024?

    3. I found "61 Books Elon Musk Thinks You Should Read". Turns out I read 25 of them:
      https://mostrecommendedbooks.com/elon-musk-books/

    4. How to protect companies from business email compromise:
      https://searchsecurity.techtarget.com/post/How-to-protect-companies-from-business-email-compromise

    5. IRS Seeks Fresh Ways to Trace Cryptocurrency Transactions:
      https://www.bankinfosecurity.com/irs-seeks-fresh-ways-to-trace-cryptocurrency-transactions-a-14992

    6. The Federal Government: Ransomware’s Most Desirable Target:
      https://votiro.com/blog/the-federal-government-ransomwares-most-desirable-target/

    7. Interview with yours truly. People Who Have Wowed Us Over 25 Years:
      https://www.eskenzipr.com/2020/09/17/people-who-have-wowed-us-over-25-years-stu-sjouwerman/

    8. Chinese intelligence is building detailed profiles on tens of thousands of citizens worldwide, leaked database suggests:
      https://www.computing.co.uk/news/4020127/chinese-intelligence-building-detailed-profiles-tens-thousands-citizens-worldwide-leaked-database-suggests

    9. Hacker group Malsmoke exploit Adobe, IE browser to target porn surfers:
      https://www.business-standard.com/article/current-affairs/hacker-group-malsmoke-exploit-adobe-ie-browser-to-target-porn-surfers-120091300198_1.html

    10. New Windows exploit lets you instantly become admin. Have you patched?:
      https://arstechnica.com/information-technology/2020/09/new-windows-exploit-lets-you-instantly-become-admin-have-you-patched/

    11. BONUS: Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals:
      https://www.darkreading.com/threat-intelligence/likely-links-emerge-between-lazarus-group-and-russian-speaking-cybercriminals-/d/d-id/1338938
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2020 KnowBe4, Inc. All rights reserved.



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews