CyberheistNews Vol 10 #50 [Scam of the Week] Warn Your Employees About New Zoom Phishing Attacks

CyberheistNews Vol 10 #50
[Scam of the Week] Warn Your Employees About New Zoom Phishing Attacks

Zoom-themed phishing attacks have spiked since the start of the pandemic. We are seeing both Zoom and Teams-themed criminal campaigns. Attackers adapted quickly earlier this year when a large portion of workers began operating remotely, and the phishers still are improving their lures to exploit your organizations’ dependence on video-conferencing platforms.

Scammers registered more than 2,449 Zoom-related domains from late April to early May this year alone. Con artists use these domain names, which include the word 'Zoom,' or 'Teams' to send phishing attacks that look like they are coming from the official video conferencing services.

This finding isn’t surprising, since attackers always update their phishing lures to take advantage of ongoing trends and events. The BBB says users can defend themselves against new variations of phishing lures and suggest a few security best practices.

I suggest you send the following to your employees, friends, and family. You're welcome to copy, paste, and/or edit:
"There are new Zoom (and Microsoft Teams) phishing attacks you need to watch out for. The Better Business Bureau has three great tips.

"Out of the blue, you receive an email, text, or social media message that includes Zoom’s logo and a message saying something like, ‘Your Zoom account has been suspended. Click here to reactivate.’ or ‘You missed a meeting, click here to see the details and reschedule,’"

"You might even receive a message welcoming you to the platform and requesting you click on a link to activate your account". the BBB warned:
  • “Double check the sender’s information. and are the only official domains for Zoom. If an email comes from a similar looking domain that doesn’t quite match the official domain name, it’s probably a scam.
  • “Never click on links in unsolicited emails. Phishing scams always involve getting an unsuspecting individual to click on a link or file sent in an email that will download dangerous malware onto their computer. If you get an unsolicited email and you aren’t sure who it really came from, never click on any links, files, or images it may contain.
  • “Resolve issues directly. If you receive an email stating there is a problem with your account and you aren’t sure if it is legitimate, contact the company directly. Go to the official website by typing the name in your browser and find the ‘Contact Support’ feature to get help.”
Remember: Think Before You Click." It is more important than ever these days."
New-school security awareness training helps your employees not to fall for video-conferencing attacks by keeping them up-to-date with evolving phishing trends.
BRAND-NEW: Kevin Mitnick Presents "When the Bad Guys Hide in Plain Sight: Hacking Platforms You Know and Trust".

Today’s hackers are concealing their attacks in places you wouldn’t expect… utilizing tools your users know and trust to deliver their malicious payloads. Secure email services with end-to-end encryption and cloud storage solutions like Google Drive just aren’t as trustworthy as your end users believe.

In this exclusive webinar Kevin Mitnick, KnowBe4’s Chief Hacking Officer and Perry Carpenter, KnowBe4’s Chief Evangelist & Strategy Officer will show you why your users should think twice before trusting seemingly benign emails.

In this session we’ll share:
  • Why you shouldn’t always trust legitimate providers like Google Drive
  • How hackers use safe email senders to bypass email security tools
  • The hidden dangers of storing passwords in your browser
  • Actual phishing attacks we’re seeing in the wild
  • Eye-opening hacking demos you won’t want to miss
See the dangers lurking behind seemingly innocent actions for yourself. And earn CPE credit just for attending.

Date/Time: TOMORROW, Wednesday, December 9 @ 2:00 PM (ET)

Save My Spot!
Ransomware Gangs Are Now Cold-Calling Victims if They Restore From Backups Without Paying

Catalin Cimpanu at ZDNet reported on another evil escalation in ransomware extortion tactics. In attempts to put pressure on victims, some ransomware gangs are now cold-calling victims on their phones if they suspect that a hacked company might try to restore from backups and avoid paying ransom demands.

"We've seen this trend since at least August-September," Evgueni Erchov, Director of IR & Cyber Threat Intelligence at Arete Incident Response, told ZDNet on Friday. Ransomware groups that have been seen calling victims in the past include Sekhmet (now defunct), Maze (now defunct), Conti, and Ryuk, a spokesperson for cyber-security firm Emsisoft told ZDNet on Thursday.

"We think it's the same outsourced call center group that is working for all the [ransomware gangs] as the templates and scripts are basically the same across the variants," Bill Siegel, CEO and co-founder of cyber-security firm Coveware, told ZDNet in an email. Arete IR and Emsisoft said they've also seen scripted templates in phone calls received by their customers.

According to a recorded call made on behalf of the Maze ransomware gang, and shared with ZDNet, the callers had a heavy accent, suggesting they were not native English speakers. The post has a redacted transcript of a call, provided by one of the security firms as an example, with victim names removed.

Another Escalation in Ransomware Extortion Tactics

The use of phone calls is another escalation in the tactics used by ransomware gangs to put pressure on victims to pay ransom demands after they've encrypted corporate networks.

Previous tactics included the use of ransom demands that double in value if victims don't pay during an allotted time, threats to notify journalists about the victim company's breach, or threats to leak sensitive documents on so-called "leak sites" if companies don't pay.

However, while this is the first time ransomware gangs have called victims to harass them into paying, this isn't the first time that ransomware gangs have called victims. In April 2017, the UK's Action Fraud group warned schools and universities that ransomware gangs were calling their offices, pretending to be government workers, and trying to trick school employees into opening malicious files that led to ransomware infections.

Full story:
[NEW PhishER Feature] Remove, Inoculate, and Protect Against Email Threats Faster With PhishRIP

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. The increase of this email traffic can present a new problem!

PhishRIP as part of the PhishER platform is a new email quarantine feature that integrates with Microsoft 365 and G Suite to help you remove, inoculate, and protect your organization against email threats so you can shut down active phishing attacks fast.

Since user-reported messages require some level of analysis to prioritize, you need a simple and effective way to not only respond to and mitigate these reported messages, but also find and remove those suspicious messages still sitting in your users’ mailboxes.

Now you can with PhishER, which is the key ingredient of an essential security workstream. PhishER allows your Incident Response team to quickly identify and respond to email threats faster. This will save them so much time!

See how you can best manage your user-reported messages.

Join us Wednesday, December 16 @ 2:00 PM (ET) for a live 30-minute demonstration of the PhishER platform. With PhishER you can:
  • NEW! Easily search, find, and remove email threats with PhishRIP, PhishER’s email quarantine feature for Microsoft 365 and G Suite
  • Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
  • Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
  • Augment your analysis and prioritization of user-reported messages with PhishML, PhishER’s machine-learning module
  • Easy integration with KnowBe4’s email add-in button, Phish Alert, or forwarding to a mailbox works too!
Find out how adding PhishER can be a huge time-saver for your Incident Response team!

Date/Time: Wednesday, December 16 @ 2:00 PM (ET)

Save My Spot!
[HEADS UP] FBI Warns US Companies of BEC Scammers

The Federal Bureau Investigation is issuing warnings to US companies that are taking advantage of email auto-forwarding. If successful, this would fall right into the trap of a business email compromise (BEC) attack.

The warning was issued through a joint Private Industry Notification (PIN) and coordinated with DHS-CISA. BEC attackers are most famous for compromising business email accounts with the end goal of redirecting payments back to them.

These cybercriminals used email rules to target web-based email clients to hide their activity while also impersonating employees. These types of costly tactics could potentially force companies to go out of business. "According to recent FBI reporting, cybercriminals are implementing auto-forwarding rules on victims’ web-based email clients to conceal their activities," the FBI released in a statement.

The FBI advises IT admins to prohibit automatic forwarding to any email or external addresses. This measure could fully block any incoming BEC attacks. It's also important for your users to be educated about BEC attacks.

Full story with links:
Will You Get Spoofed During the Holidays? Find Out for a Chance to Win!

Are you aware that one of the first things hackers try is to see if they can spoof the email address of someone in your own domain?

Now they can launch a "CEO fraud" spear phishing attack on your organization, and that type of attack is very hard to defend against, unless your users are highly ‘security awareness’ trained.

KnowBe4 can help you find out if this is the case with our free Domain Spoof Test. Plus, if you’re in the US or Canada, you'll be entered for a chance to win a $500 Amazon Gift Card*.

Find out now if your email server is configured correctly, many are not!
  • This is a simple, non-intrusive "pass/fail" test.
  • We will send a spoofed email "from you to you".
  • If it makes it through into your inbox, you know you have a problem.
  • You'll know within 48 hours!
Get Your Domain Spoof Test!

*Terms and Conditions apply.

Warm Regards,

Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

PS: Visit the KnowBe4 Holiday Cybersecurity Resource Center at Cybercrime Mag:

Quotes of the Week
"Employ your time in improving yourself by other men's writings, so that you shall gain easily what others have labored hard for."
- Socrates, Philosopher (469 - 399 BC)

"When a true genius appears, you can know him by this sign: that all the dunces are in a confederacy against him."
- Jonathan Swift, Writer (1667-1745)

Thanks for reading CyberheistNews

Security News
Phishing Campaign Targets Vaccine Supply Chain

Researchers at IBM’s X-Force have identified a phishing campaign targeting the COVID-19 vaccine “cold chain” (the part of the supply chain focused on “the safe preservation of vaccines in temperature-controlled environments during their storage and transportation”).

The phishing emails appeared to be requests for quotations (RFQs) related to the cold chain, and contained malicious HTML attachments that would open credential-harvesting phishing pages.

“Our analysis indicates that this calculated operation started in September 2020,” the researchers write. “The COVID-19 phishing campaign spanned across six countries and targeted organizations likely associated with Gavi, The Vaccine Alliance’s Cold Chain Equipment Optimization Platform (CCEOP) program, which we explain further in this blog.

While firm attribution could not be established for this campaign, the precision targeting of executives and key global organizations hold the potential hallmarks of nation-state tradecraft.”

The operation appears to have been highly targeted, since the attackers knew exactly who to impersonate. “The spoofed phishing emails appear to originate from a business executive from Haier Biomedical, a Chinese company currently acting as a qualified supplier for the CCEOP program, in coordination with the World Health Organization (WHO), UNICEF and other U.N. agencies,” X-Force says.

“It is highly likely that the adversary strategically chose to impersonate Haier Biomedical because it is purported to be the world’s only complete cold chain provider. Likewise, the Haier Biomedical employee who is purported to be sending these emails would likely be associated with Haier Biomedical’s cold chain distribution operations based on his role, which is listed in the email signature block..”

The researchers conclude that the immediate goal of the campaign was likely espionage related to the vaccine, but the access gained could also be intended for use in future campaigns.

“We assess that the purpose of this campaign may have been to harvest credentials to gain future unauthorized access,” they write. “From there, the adversary could gain insight into internal communications, as well as the process, methods and plans to distribute a COVID-19 vaccine.

This includes information regarding infrastructure that governments intend to use to distribute a vaccine to the vendors that will be supplying it. However, beyond critical information pertaining to the COVID-19 vaccine, the adversary’s access could extend deeper into victim environments.

Moving laterally through networks and remaining there in stealth would allow them to conduct cyber espionage and collect additional confidential information from the victim environments for future operations.”

New-school security awareness training helps your employees thwart both sophisticated and amateur social engineering attempts.

Story with links:
This Year, Both the Ransomware Payments and Attacks Almost Double

The average ransomware payout has increased by 178% over the past year, according to researchers at Atlas VPN. In Q4 2019, the payments averaged USD 84K. By Q3 2020, the average payment had risen to USD 234K. These numbers have steadily increased each quarter.

“From Q4 2019 to Q1 2020, the average payment demand rose by over 27K, from 84K to 111K, which is a 33% increase,” the researchers write. “In the second quarter, ransom payouts spiked drastically by almost 67K, representing a 60% jump.

Finally, the ransom demand payouts peaked in the third quarter of 2020, hitting almost 234K, or a 31% jump compared to the previous quarter.”

The researchers attribute this trend to the increasing sensitivity of data encrypted and stolen by ransomware operators. “Cybercriminals expect larger payouts when they target bigger companies, steal more data, or the information stolen is extremely sensitive,” Atlas VPN says.

“For example, instead of stealing user email addresses, hackers now target financial details, personal information like social security numbers (SSNs), and police reports.”

Additionally, the number of recorded ransomware attacks nearly doubled in 2020, which the researchers say is primarily due to the increase in remote work brought on by the pandemic.

“There were 78.36 million ransomware attacks detected in Q3 of 2020, while in Q3 2019, the number stood at 40.95 million,” the researchers write. “This constitutes a 91% jump in ransomware attacks in one year. Adding up all the ransomware attacks in the first three quarters of 2020 amounts to 199.75 million, a 40% rise in attacks compared to 142.4 million in 2019.”

Atlas VPN offers the following advice for organizations to defend themselves against these attacks:
  • “Firstly, employees should follow well-known cybersecurity practices, such as using 2-Factor Authentication (2-FA) whenever possible, not clicking on suspicious links, and updating their software and OS. These steps might seem like basic practices, but surprisingly, many people do not follow them.
  • “Employers should set up employee training workshops where a security specialist shares security practices together with scenarios that could happen if these tips are not followed. Showcasing incidents that already happened in other companies could be of value to show employees how a single malicious link can cripple a company.”
Ransomware isn’t a trivial threat: it can be a business-killer, and it’s expected to rise in 2021. New-school security awareness training gives your organization a vital last line of defense by equipping your employees with the skills they need to thwart cyberattacks.

Atlas VPN has the story:
What KnowBe4 Customers Say

Thanks for reaching out Stu. We have been using your program. The whole process of purchase, onboarding, and implementation was handled excellently by your staff. Our Success Manager JohnK has been a great help in setting up, through his experience, what an effective program might look like for us. Thanks again!"
- M.C., Manager Information Systems

"Hi Stu, we are definitely happy, thank you for checking in. I can't say enough good things about SusanG, our success manager. She's very friendly, knowledgeable, responsive, and has been a great help getting us up and running. It has truly been a pleasure working with her. Both of our programs, phish testing and awareness training, are in full swing toward our objectives. As far as it relates to KnowBe4, I've received nothing but positive feedback and lots of it. The moduless are great. We really couldn't be happier. Every expectation has been met and exceeded."
H.T., Information Security Officer
The 11 Interesting News Items This Week
    1. Recently, the *By Far* most downloaded podcast with the most positive feedback was the new one by Roger Grimes. 55 minutes packed with great tips. Use this link!

    2. A coordinated, global network of hackers tried to break into the COVID-19 'cold supply chain':

    3. Sales of CEO email accounts may give cyber criminals access to the "crown jewels" of a company:

    4. More Than Fifty Networks in North American Suspiciously Resurrected at Once:

    5. 11 Expert Tips For Young Tech Execs Recovering From A Devastating Hack:

    6. Phishing targets US brokerage firms using FINRA lookalike domain:

    7. UK's HMRC phishing scam abuses mail service to bypass spam filters:

    8. A Broken Piece of Internet Backbone (BGP) Might Finally Get Fixed:

    9. Hackers target EU Commission, COVID-19 cold chain supply orgs:

    10. Quarter of Firms Suffered 7+ Serious Cyber-Attacks in 2020:

    11. KnowBe4 Awarded Gold Medal in Security for Inc.’s 2020 Best in Business List:
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2020 KnowBe4, Inc. All rights reserved.

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews