CyberheistNews Vol 10 #47 [SCARY EYE OPENER] The Bad Guys Can Now Bypass Your Filters and Implant Malicious Emails Straight Into Your Inbox

CyberheistNews Vol 10 #47

[SCARY EYE OPENER] The Bad Guys Can Now Bypass Your Filters and Implant Malicious Emails Straight Into Your Inbox

Taking advantage of IMAP functionality a new tool now available on the dark web empowers cybercriminals to circumvent mail scanners, virtual sandboxes, and other security solutions.

It’s every phisher's dream and should be your nightmare: a means to bypass all that security software designed to weed out malicious emails, attachments and links. Well, it’s here. According to security analysts at Gemini Advisory, the tool known as “Email Appender” has hit the market on the dark web.

This tool gives any cybercriminal with a set of email account credentials an ability to implant a malicious email directly into the Inbox of that victim’s mailbox. By using an IMAP connection (which is normally used to retrieve email), Email Appender uses allowed functionality to append a message to the victim’s Inbox.

In other words, that malicious phishing email you don’t want getting to your user’s Inbox is placed there directly with no alarms sounding, lights flashing, or other warning that it’s malicious. Able to set the Sender address, email contents, and include attachments, Email Appender is the next big thing (until someone makes an IMAP security solution).

There is a silver lining here; to make this work, the attacker does need the victim’s email credentials. So as long as users are vigilant about phishing scams designed to fool them into logging onto a fake Office 365 website (or equivalent), this attack has no ability to succeed.

Organizations that employ security awareness training educate their users about the dangers of phishing attacks, the types of attacks to watch out for, and why it’s important for your users to be a strong human firewall as your last line of defense.

Blog post with links to more detail:
https://blog.knowbe4.com/cybercriminals-can-now-bypass-security-solutions-and-implant-malicious-emails-directly-into-inboxes-with-email-appender

[NEW PhishER Feature] Remove, Inoculate, and Protect Against Email Threats Faster With PhishRIP

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. The increase of this email traffic can present a new problem!

PhishRIP as part of the PhishER platform is a new email quarantine feature that integrates with Microsoft 365 and G Suite to help you remove, inoculate, and protect your organization against email threats so you can shut down active phishing attacks fast.

Since user-reported messages require some level of analysis to prioritize, you need a simple and effective way to not only respond to and mitigate these reported messages, but also find and remove those suspicious messages still sitting in your users’ mailboxes.

Now you can with PhishER, which is the key ingredient of an essential security workstream. PhishER allows your Incident Response team to quickly identify and respond to email threats faster. This will save them so much time!

See how you can best manage your user-reported messages.

Join us TOMORROW, Wednesday, November 18 @ 2:00 PM (ET) for a live 30-minute demonstration of the PhishER platform. With PhishER you can:

NEW! Easily search, find, and remove email threats with PhishRIP, PhishER’s email quarantine feature for Microsoft 365 and G Suite
Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
Augment your analysis and prioritization of user-reported messages with PhishML, PhishER’s machine-learning module
Meet critical SLAs within your organization to process and prioritize threats and legitimate emails
Easy integration with KnowBe4’s email add-in, the Phish Alert Button, or forwarding to a mailbox works too!

Find out how adding PhishER can be a huge time-saver for your Incident Response team!

Date/Time: TOMORROW, Wednesday, November 18 @ 2:00 PM (ET)

Save My Spot!
https://event.on24.com/wcc/r/2774981/B80596E023E56D9B57E3EA753FFD0A8B?partnerref=CHN2

Emotet Trojan Makes Another Comeback With New Tactics, Techniques and Procedures

New analysis of Q3 shows Emotet attacks on the rise, complete with new methods and features that have impacted governments and enterprise businesses alike.

The Emotet banking trojan has been around since 2019, but seems to be the cat with nine lives, as it continues to evolve and repeatedly show itself after quiet periods. According to Recorded Future’s Cyber Threat Analysis report for Q3 of 2020, campaigns involving the trojan demonstrate it’s been undergoing modifications to make it more successful in infecting systems:

The replacement of TrickBot with QakBot as a final payload
A 1,000 percent increase in Emotet downloads, correlating with Emotet’s packer change, which causes the Emotet loader to have a lower detection rate across anti-virus software
Operators using new Word document templates
Operators using password protected archives containing malicious macros to bypass detections

Recorded Future’s analysts believe the Emotet will “continue to employ major pauses, we believe it is highly likely that Emotet will continue to be a major threat and impact organizations across a variety of industries throughout the end of the year and into 2021.”

We’ve seen Emotet involved in attacks on government agencies, and been employed in a malware-as-a-service model. The changes made in Q3 indicate it’s authors are paying attention to how it’s being detected and blocked, and are changing tactics to stay viable and successful in its goal to infect endpoints.

More:
https://blog.knowbe4.com/emotet-makes-another-comeback-with-new-tactics-techniques-and-procedures

Do You Know if New Ransomware Attacks Can Bypass Your Network Defenses?

The bad guys continue to demand larger ransoms and are getting more insidious on how they target your organization and take advantage of vulnerable users. A new ‘name-and-shame’ ransomware is responsible for a significant increase in ransomware attacks this year as evidenced by two popular ransomware families - Maze and DoppelPaymer.

That’s why we've updated our Ransomware Simulator tool “RanSim” to add another two new ransomware scenarios you can test on your network! These new scenarios simulate ransomware strains that exploit known security vulnerabilities in Windows, use vulnerable VPNs and remote desktop servers, and can easily bypass your endpoint security and AV filters.

Try KnowBe4’s NEW Ransomware Simulator tool and get a quick look at the effectiveness of your existing network protection against the latest threats. RanSim will simulate 20 ransomware infection scenarios and 1 cryptomining infection scenario to show you if a workstation is vulnerable to infection.

Here's how RanSim works:

100% harmless simulation of real ransomware and cryptomining infections
Does not use any of your own files
Tests 21 types of infection scenarios
Just download the install and run it
Results in a few minutes!

This is complimentary and will take you 5 minutes. RanSim may give you some insights about your endpoint security you never expected!

Download RanSim!
https://info.knowbe4.com/ransomware-simulator-tool-1chn

[Listen Up] Ransomware: Statistically, It's Likely to Happen to Anybody.

Joe has a Hacking Humans podcast story about how Emotet is being used in phishing emails through thread hijacking, Dave's story is a two-fer: one is about bad guys using image manipulation and the other has Elon Musk giving away Bitcoin again taking advantage of the US election.

The Catch of the Day is from a listener named John about an email-based vishing attack, and later in the show they we welcome back Kurtis Minder of GroupSense on the burgeoning ransomware negotiation industry.

Hacking Humans is the best podcast in this space.

Here it is:
https://thecyberwire.com/podcasts/hacking-humans/124/notes

Will You Get Spoofed During The Holidays? Find Out for a Chance to Win!

Are you aware that one of the first things hackers try is to see if they can spoof the email address of someone in your own domain?

Now they can launch a "CEO fraud" spear phishing attack on your organization, and that type of attack is very hard to defend against, unless your users are highly ‘security awareness’ trained.

KnowBe4 can help you find out if this is the case with our free Domain Spoof Test. Plus, if you’re in the US or Canada, you'll be entered for a chance to win a $500 Amazon Gift Card*.

Find out now if your email server is configured correctly, many are not!

This is a simple, non-intrusive "pass/fail" test.
We will send a spoofed email "from you to you".
If it makes it through into your inbox, you know you have a problem.
You'll know in 48 hours or faster.

Get Your Domain Spoof Test!

https://info.knowbe4.com/dst-sweepstake-holiday-2020

*Terms and conditions apply.

Let's stay safe out there, with tens of millions working from home.

Warm Regards,

Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

PS: Excited to Announce: "KnowBe4 Named Cybersecurity Company Of The Decade, 2010-2020!":
https://cybersecurityventures.com/knowbe4-named-cybersecurity-company-of-the-decade-for-2010-2020/

Quotes of the Week

"The secret of genius is to carry the spirit of the child into old age, which means never losing your enthusiasm."
- Aldous Huxley, Novelist (1894 - 1963)

"Nobody grows old merely by living a number of years. We grow old by deserting our ideals. Years may wrinkle the skin, but to give up enthusiasm wrinkles the soul."
- Samuel Ullman, Poet (1840 - 1924)

Thanks for reading CyberheistNews

Security News

Employee Stress and Remote Work Are Leading Causes of Data Breaches

Stressed employees and remote working conditions are the two most common causes of email-related data breaches, according to a survey commissioned by data security company Egress. Based on interviews with hundreds of senior IT security employees in the US and UK, the survey found that:

“93% had experienced data breaches via outbound email in the past 12 months.
“Organisations reported at least an average of 180 incidents per year when sensitive data was put at risk, equating to approximately one every 12 working hours.
“The most common breach types were replying to spear-phishing emails (80%); emails sent to the wrong recipients (80%); incorrect file attachments (80%).
“62% rely on people-led reporting to identify outbound email data breaches.
“94% of surveyed organisations have seen outbound email volume increase during COVID-19. 68% say they have seen increases of between 26 and 75%.
“70% believe that remote working raises the risk of sensitive data being put at risk from outbound email data breaches.”

The survey determined that employee stress and remote work were the two most frequently cited causes of serious breaches. “When asked to identify the root cause of their organisation’s most serious breach incident in the past year, the most common factor was ‘an employee being tired or stressed,’” Egress says.

“The second most cited factor was ‘remote working.’ In terms of the impact of the most serious breach incident, on an individual-level, employees received a formal warning in 46% of incidents, were fired in 27% and legal action was brought against them in 28%.

At an organisational-level, 33% said it had caused financial damage and more than one-quarter said it had led to an investigation by a regulatory body.”

New-school security awareness training can help minimize the risk of social engineering attacks and accidental breaches by teaching your employees to follow security best practices.

Egress has the story:
https://www.egress.com/en-us/news/2020-outbound-email-security-report

University Research Shows Security Awareness Training Is a Necessary Layer of Defense

A research paper in the Journal of Computer Information Systems says that security awareness training is a necessary complement to technical defenses and security policies, SC Magazine reports. Published by researchers from the University of Sussex and the University of Auckland, the paper acknowledges that technical defenses can help, but they can’t influence the human behavioral responses targeted by social engineering.

Hamidreza Shahbaznezhad, a co-author of the report and senior data scientist in industry at the University of Auckland, said in a press release that technical defenses are helpful but not comprehensive.

“Although technical countermeasures such as anti-phishing and spamming tools, email malware detection and data loss prevention are deployed to mitigate the risk of phishing attacks, using these technologies to detect phishing attacks remains a challenging problem,” Shahbaznezhad said.

“This is not least because they often require human intervention to analyze and distinguish between phishing and legitimate emails.”

Dr. Mona Rashidirad, co-author and lecturer in strategy and marketing at the University of Sussex Business School, added that awareness training needs to be factored into organizations’ security budgets.

“Security safeguards alone will not protect a company from phishing scams,” Dr. Rashidirad said. “Organizations and individuals substantially invest in security safeguards to protect the integrity, availability, and confidentiality of information assets. However, our study supports the findings of recent studies that these safeguards are not adequate to provide the ultimate protection of sensitive and confidential information.”

The researchers write that training programs should teach employees how to think about their own behavior, and how attackers can manipulate them.

More:
https://blog.knowbe4.com/university-research-shows-security-awareness-training-is-a-necessary-layer-of-defense

What KnowBe4 Customers Say

"Hi Stu, Yes, I honestly couldn't be happier. Every single person I've worked with so far has been fantastic. The training materials are great. I've had universally positive feedback from my users, if you discount the one humorless person from accounting.

Not only am I able to deliver entertaining training to my end-users, but for the first time ever, I can train our large contingent of Japanese expatriates in their native language, which I'm sure is going to make a big difference.

I'm starting my regularly scheduled phishing campaigns on Monday, and I'm really excited to see what kind of improvement we can make over our terrible baseline score."
- C.J. IT Security Architect

The 10 Interesting News Items This Week