CyberheistNews Vol 10 #51
[HEADS UP] They're Here! The COVID-19 Vaccine Phishes Finally Arrive
We expected that massive media attention surrounding the development and distribution of COVID-19 vaccines would spur bad guys to launch new vaccine-themed phishing campaigns. So, we recently released eight new simulated phishing templates for the KMSAT security awareness training platform.
Now, just two weeks after that announcement (and on the very day that the UK launched its own mass vaccination program), the first real vaccine-themed phishing emails have arrived. Let's take a look.
The first one reported to us by customers using the Phish Alert Button (PAB) uses the very kind of social engineering scheme that we anticipated. This email appears to be trying to exploit a very recent report in The Washington Post that Pfizer may not be able to supply additional doses of its vaccine to the United States in large volumes until sometime in Q2.
Predictably enough, the link in the email body takes unwitting clickers to a credentials phish. To be sure, the language used in the body of that malicious email is a bit stilted -- definitely not the effortlessly clear prose one would expect in a professionally written email of this type. But it will do.
As it turns out, this particular phish compares quite well with one of the eight simulated phishing templates we introduced two weeks ago!
The social engineering scheme in both emails exploits some of the basic questions and concerns that users and employees will have about the several vaccines currently on the cusp of widespread distribution:
Conclusion
Malicious actors had a field day back in March in April as the Coronavirus washed over countries around the world. It was and still is the perfect tool for social engineering scared, confused, and even downright paranoid end users into opening the door to your organization's network.
Nine months later, as an entirely predictable round of vaccine-themed phishing emails begins to land in your employees' inboxes, it is high time to get your users up to speed by stepping them through New-school Security Awareness Training and testing them with the vaccine-themed simulated phishing templates already available in KMSAT.
Full post with several example screenshots:
https://blog.knowbe4.com/theyre-here-covid-19-vaccine-phishes-finally-arrive
We expected that massive media attention surrounding the development and distribution of COVID-19 vaccines would spur bad guys to launch new vaccine-themed phishing campaigns. So, we recently released eight new simulated phishing templates for the KMSAT security awareness training platform.
Now, just two weeks after that announcement (and on the very day that the UK launched its own mass vaccination program), the first real vaccine-themed phishing emails have arrived. Let's take a look.
The first one reported to us by customers using the Phish Alert Button (PAB) uses the very kind of social engineering scheme that we anticipated. This email appears to be trying to exploit a very recent report in The Washington Post that Pfizer may not be able to supply additional doses of its vaccine to the United States in large volumes until sometime in Q2.
Predictably enough, the link in the email body takes unwitting clickers to a credentials phish. To be sure, the language used in the body of that malicious email is a bit stilted -- definitely not the effortlessly clear prose one would expect in a professionally written email of this type. But it will do.
As it turns out, this particular phish compares quite well with one of the eight simulated phishing templates we introduced two weeks ago!
The social engineering scheme in both emails exploits some of the basic questions and concerns that users and employees will have about the several vaccines currently on the cusp of widespread distribution:
- How soon will a vaccine be available?
- Will it be safe?
- How can I get it?
- When can I get it?
- How much will it cost?
- Should I get it?
Conclusion
Malicious actors had a field day back in March in April as the Coronavirus washed over countries around the world. It was and still is the perfect tool for social engineering scared, confused, and even downright paranoid end users into opening the door to your organization's network.
Nine months later, as an entirely predictable round of vaccine-themed phishing emails begins to land in your employees' inboxes, it is high time to get your users up to speed by stepping them through New-school Security Awareness Training and testing them with the vaccine-themed simulated phishing templates already available in KMSAT.
Full post with several example screenshots:
https://blog.knowbe4.com/theyre-here-covid-19-vaccine-phishes-finally-arrive
[NEW PhishER Feature] Remove, Inoculate, and Protect Against Email Threats Faster With PhishRIP
Your users are likely already reporting potentially dangerous emails in some fashion within your organization. The increase of this email traffic can present a new problem!
PhishRIP as part of the PhishER platform is a new email quarantine feature that integrates with Microsoft 365 and G Suite to help you remove, inoculate, and protect your organization against email threats so you can shut down active phishing attacks fast.
Since user-reported messages require some level of analysis to prioritize, you need a simple and effective way to not only respond to and mitigate these reported messages, but also find and remove those suspicious messages still sitting in your users’ mailboxes.
Now you can with PhishER, which is the key ingredient of an essential security workstream. PhishER allows your Incident Response team to quickly identify and respond to email threats faster. This will save them so much time!
See how you can best manage your user-reported messages.
Join us TOMORROW, Wednesday, December 16 @ 2:00 PM (ET) for a live 30-minute demonstration of the PhishER platform. With PhishER you can:
Date/Time: TOMORROW, Wednesday, December 16 @ 2:00 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/2775085/FEC0C8506D18806C57D08B4FDC2967DB?partnerref=CHN2
Your users are likely already reporting potentially dangerous emails in some fashion within your organization. The increase of this email traffic can present a new problem!
PhishRIP as part of the PhishER platform is a new email quarantine feature that integrates with Microsoft 365 and G Suite to help you remove, inoculate, and protect your organization against email threats so you can shut down active phishing attacks fast.
Since user-reported messages require some level of analysis to prioritize, you need a simple and effective way to not only respond to and mitigate these reported messages, but also find and remove those suspicious messages still sitting in your users’ mailboxes.
Now you can with PhishER, which is the key ingredient of an essential security workstream. PhishER allows your Incident Response team to quickly identify and respond to email threats faster. This will save them so much time!
See how you can best manage your user-reported messages.
Join us TOMORROW, Wednesday, December 16 @ 2:00 PM (ET) for a live 30-minute demonstration of the PhishER platform. With PhishER you can:
- NEW! Easily search, find, and remove email threats with PhishRIP, PhishER’s email quarantine feature for Microsoft 365 and G Suite
- Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
- Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
- Augment your analysis and prioritization of user-reported messages with PhishML, PhishER’s machine-learning module
- Easy integration with KnowBe4’s email add-in button, Phish Alert, or forwarding to a mailbox works too!
Date/Time: TOMORROW, Wednesday, December 16 @ 2:00 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/2775085/FEC0C8506D18806C57D08B4FDC2967DB?partnerref=CHN2
Why Are You Being Phished?
By Roger Grimes. People often wonder, why are they being phished? Why are they being phished by a hacker in the first place? What does their organization have that some hacker decided they were noteworthy enough to be targeted in the first place?
Targeted vs. Random
Most organizations are hit by phishing randomly without special targeting. The originating phishing sender had the recipient’s email address, usually from buying or downloading a large bulk list of email addresses or the involved email address was scraped from some other hapless victim who was previously compromised.
The hacker and his/her phishing scam didn’t especially pick out a particular victim. They obtained tens of millions or even hundreds of millions of potential victims and their email addresses to send to all of them at the same time and/or over several phishing campaigns.
Email addresses from your organization just happened to be on the list. That is how the vast majority of phishing emails end up in an inbox.
The opposite possibility is that your organization was especially targeted, on purpose, by a hacker. For a variety of possible reasons, a hacker decided your company had a reason to be targeted, be it money, intellectual property, nation-state objective, and some other justification. Targeted spear phishing attacks are far less common, but harder to defend against.
This article by Roger Grimes is continued here:
https://blog.knowbe4.com/why-are-you-being-phished
By Roger Grimes. People often wonder, why are they being phished? Why are they being phished by a hacker in the first place? What does their organization have that some hacker decided they were noteworthy enough to be targeted in the first place?
Targeted vs. Random
Most organizations are hit by phishing randomly without special targeting. The originating phishing sender had the recipient’s email address, usually from buying or downloading a large bulk list of email addresses or the involved email address was scraped from some other hapless victim who was previously compromised.
The hacker and his/her phishing scam didn’t especially pick out a particular victim. They obtained tens of millions or even hundreds of millions of potential victims and their email addresses to send to all of them at the same time and/or over several phishing campaigns.
Email addresses from your organization just happened to be on the list. That is how the vast majority of phishing emails end up in an inbox.
The opposite possibility is that your organization was especially targeted, on purpose, by a hacker. For a variety of possible reasons, a hacker decided your company had a reason to be targeted, be it money, intellectual property, nation-state objective, and some other justification. Targeted spear phishing attacks are far less common, but harder to defend against.
This article by Roger Grimes is continued here:
https://blog.knowbe4.com/why-are-you-being-phished
[On-Demand Webinar] 12 Ways to Defeat Multi-Factor Authentication
Everyone knows that multi-factor authentication (MFA) is more secure than a simple login name and password, but too many people think that MFA is a perfect, unhackable solution. It isn't!
Join Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist, and security expert with over 30-years experience, for this on-demand webinar where he will explore 12 ways hackers can and do get around your favorite MFA solution.
The webinar includes a hacking demo by KnowBe4's Chief Hacking Officer, Kevin Mitnick, and real-life successful examples of every attack type. Roger will share ideas about how to better defend your MFA solution so that you get maximum benefit and security.
You'll learn about the good and bad of MFA, and become a better computer security defender in the process, including:
https://info.knowbe4.com/webinar-12-ways-to-defeat-mfa-chn
Everyone knows that multi-factor authentication (MFA) is more secure than a simple login name and password, but too many people think that MFA is a perfect, unhackable solution. It isn't!
Join Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist, and security expert with over 30-years experience, for this on-demand webinar where he will explore 12 ways hackers can and do get around your favorite MFA solution.
The webinar includes a hacking demo by KnowBe4's Chief Hacking Officer, Kevin Mitnick, and real-life successful examples of every attack type. Roger will share ideas about how to better defend your MFA solution so that you get maximum benefit and security.
You'll learn about the good and bad of MFA, and become a better computer security defender in the process, including:
- 12 ways hackers get around multi-factor authentication
- How to defend your multi-factor authentication solution
- The role humans play in a blended-defense strategy
https://info.knowbe4.com/webinar-12-ways-to-defeat-mfa-chn
Embarrassment Is Better Than Regret - Report Suspected Phishing Emails
By Javvad Malik. There are many great things I can say about my time at KnowBe4. Colleagues are fun, approachable, witty, and have a phrase for most eventualities. The phrase that goes around in my mind the most whenever I receive an unexpected email is, “When in doubt, PAB it out.”
The Phish Alert Button (PAB), is an add-in for your mail client that allows you to quickly and easily report suspicious emails. So, any time I receive an email that could potentially be fraudulent, I hit the PAB button. It then disappears from my inbox and goes over to our well-trained security team that conducts a quick forensic investigation and either thanks me for my ability to spot a malicious email, or returns it back into my inbox, giving it the all clear.
The PAB makes me feel part of the security team, but without the responsibility. It’s a win-win. But I do vividly remember receiving my first phishing email and being fairly convinced that it was indeed a phishing email. And I hovered over the PAB for a long time, not sure if I should click it.
I mean, what if I was wrong and it was a benign email, and I would have wasted the time of my security colleagues? Even worse, how could I, Mr. CISSP, of all people be so ignorant as to accidentally mark a legitimate email as a phish?
But then I was told the story of a girl named Tilly Smith. At 10 years old, Tilly was on holiday with her family at a gorgeous place named Mai Khao Beach. One day, when walking along the beach, Tilly noticed the tide had gone out far. A lot further than it should have, and the water had turned frothy.
A few months earlier in geography class, her teacher showed the class footage of Hawaii in 1946. It was the only film anyone had seen of a tsunami. Tilly became hysterical, convinced they were about to experience a tsunami. A word that meant very little to her parents or any of the lifeguards on the beach.
She began to yell and cry, trying to convince her parents that they were in grave danger. Her dad had to make the choice of either listening to his daughter who was spouting stuff he had never heard of, or take her back to the hotel until she calmed down.
He decided he had to take a chance. If nothing happened, then he would be embarrassed, and probably would have to buy everyone drinks for the rest of the week. But if a tsunami did hit, and he had said nothing, the regret would be too much to bear. So, he told the security guards, the lifeguards and anyone who would listen. Eventually, the beach was cleared and everyone went back to the hotel and climbed to the third floor.
It wasn’t long before the first of three giant waves struck not just their beach, but beaches all over South East Asia. It was the Boxing Day tsunami of 2004. By the end of the day, the tsunami would have killed a quarter of a million people on beaches in 13 different countries, with the exception of Mai Khao Beach in Thailand. All because a 10-year-old girl was not willing to let embarrassment silence her.
I think about Tilly nearly every time I hit the PAB button.
If you’re an employee and you see anything suspicious, raise it with your security team, even if you don’t have a PAB button. You could prevent your organisation from becoming the next headline victim of a ransomware attack.
And if you’re in charge of security at your organisation, create a culture of openness and give the tools and mechanisms for your colleagues to reach out and voice their concerns. Save them from embarrassment and regret.
Blog:
https://blog.knowbe4.com/embarrassment-is-better-than-regret-report-suspected-phishing-emails
By Javvad Malik. There are many great things I can say about my time at KnowBe4. Colleagues are fun, approachable, witty, and have a phrase for most eventualities. The phrase that goes around in my mind the most whenever I receive an unexpected email is, “When in doubt, PAB it out.”
The Phish Alert Button (PAB), is an add-in for your mail client that allows you to quickly and easily report suspicious emails. So, any time I receive an email that could potentially be fraudulent, I hit the PAB button. It then disappears from my inbox and goes over to our well-trained security team that conducts a quick forensic investigation and either thanks me for my ability to spot a malicious email, or returns it back into my inbox, giving it the all clear.
The PAB makes me feel part of the security team, but without the responsibility. It’s a win-win. But I do vividly remember receiving my first phishing email and being fairly convinced that it was indeed a phishing email. And I hovered over the PAB for a long time, not sure if I should click it.
I mean, what if I was wrong and it was a benign email, and I would have wasted the time of my security colleagues? Even worse, how could I, Mr. CISSP, of all people be so ignorant as to accidentally mark a legitimate email as a phish?
But then I was told the story of a girl named Tilly Smith. At 10 years old, Tilly was on holiday with her family at a gorgeous place named Mai Khao Beach. One day, when walking along the beach, Tilly noticed the tide had gone out far. A lot further than it should have, and the water had turned frothy.
A few months earlier in geography class, her teacher showed the class footage of Hawaii in 1946. It was the only film anyone had seen of a tsunami. Tilly became hysterical, convinced they were about to experience a tsunami. A word that meant very little to her parents or any of the lifeguards on the beach.
She began to yell and cry, trying to convince her parents that they were in grave danger. Her dad had to make the choice of either listening to his daughter who was spouting stuff he had never heard of, or take her back to the hotel until she calmed down.
He decided he had to take a chance. If nothing happened, then he would be embarrassed, and probably would have to buy everyone drinks for the rest of the week. But if a tsunami did hit, and he had said nothing, the regret would be too much to bear. So, he told the security guards, the lifeguards and anyone who would listen. Eventually, the beach was cleared and everyone went back to the hotel and climbed to the third floor.
It wasn’t long before the first of three giant waves struck not just their beach, but beaches all over South East Asia. It was the Boxing Day tsunami of 2004. By the end of the day, the tsunami would have killed a quarter of a million people on beaches in 13 different countries, with the exception of Mai Khao Beach in Thailand. All because a 10-year-old girl was not willing to let embarrassment silence her.
I think about Tilly nearly every time I hit the PAB button.
If you’re an employee and you see anything suspicious, raise it with your security team, even if you don’t have a PAB button. You could prevent your organisation from becoming the next headline victim of a ransomware attack.
And if you’re in charge of security at your organisation, create a culture of openness and give the tools and mechanisms for your colleagues to reach out and voice their concerns. Save them from embarrassment and regret.
Blog:
https://blog.knowbe4.com/embarrassment-is-better-than-regret-report-suspected-phishing-emails
Got (Bad) Email? IT Pros Are Loving This Tool: Mailserver Security Assessment
With email still a top attack vector, do you know if hackers can get through your mail filters? Spoofed domains, malicious attachments and executables to name a few...
Email filters have an average 7-10% failure rate where enterprise email security systems missed spam, phishing and malware attachments.
KnowBe4’s Mailserver Security Assessment (MSA) is a complimentary tool that tests your mailserver configuration by sending 40 different types of email message tests that check the effectiveness of your mail filtering rules.
Here's how it works:
https://info.knowbe4.com/mailserver-security-assessment-CHN
With email still a top attack vector, do you know if hackers can get through your mail filters? Spoofed domains, malicious attachments and executables to name a few...
Email filters have an average 7-10% failure rate where enterprise email security systems missed spam, phishing and malware attachments.
KnowBe4’s Mailserver Security Assessment (MSA) is a complimentary tool that tests your mailserver configuration by sending 40 different types of email message tests that check the effectiveness of your mail filtering rules.
Here's how it works:
- 100% non-malicious packages sent
- Select from 40 automated email message types to test against
- Saves you time! No more manual testing of individual email messages with MSA's automated send, test, and result status
- Validate that your current filtering rules work as expected
- Results in an hour or less!
https://info.knowbe4.com/mailserver-security-assessment-CHN
Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc
PS: We just won the "Security Project of the Year" and "Security Education and Training Provider of the Year" Awards:
https://www.computingsecurityawards.co.uk/
Quotes of the Week
"Nobody can give you wiser advice than yourself."
- Marcus Tullius Cicero, Philosopher, Statesman and Orator (106 - 45 BC)
"The only way of discovering the limits of the possible is to
venture a little way past them into the impossible."
— Arthur C. Clarke, Science Fiction Author, (1917 - 2008)
Thanks for reading CyberheistNews
- Marcus Tullius Cicero, Philosopher, Statesman and Orator (106 - 45 BC)
"The only way of discovering the limits of the possible is to
venture a little way past them into the impossible."
— Arthur C. Clarke, Science Fiction Author, (1917 - 2008)
Thanks for reading CyberheistNews
Security News
GDPR Compliance Scams Rising
Organizations need to be on the lookout for GDPR-themed phishing lures, according to Mike Puglia, Chief Product Officer at Kaseya. In an article for ITProPortal, Puglia explains that GDPR compliance is something most organizations are worried about, and scammers are aware of this.
An email concerning a possible GDPR violation would catch the attention of many employees, particularly executives and others responsible for ensuring compliance. This tactic is particularly effective since ignoring such a tip—if it were legitimate—could have legal ramifications down the road.
“The complex nature of GDPR requirements, regulations, and guidance is a source of stress,” Puglia says. “With stories regularly hitting the press about big fines for data privacy violations, these factors have combined to create a situation that makes businesses more likely to look for advice from a firm that specializes in GDPR compliance, especially when making changes to their cybersecurity suite.”
Puglia describes a recent phishing scam that informed recipients that their organization was out of compliance, and conveniently offered to help them fix the problem.
“No one wants the headaches that come with non-compliance, so they’re likely to be receptive to the fake offer of ‘help’ with their company’s ‘problem,’” Puglia says. “All of this is presented very reasonably, making it an easy social engineering attack to fall for. Some variations of the scam even spoof internal company emails, with the cybercriminals posing as corporate IT techs that are performing routine maintenance, including the right graphics, header, signatures, and other details that make it convincing.
Targeted executives or other power users may even arrive at a landing page that’s personalized just for them, with many relevant details already populated so they only need to provide a few things to finalize the upgrades.“
Puglia concludes that education can help employees avoid falling for social engineering tactics.
“Security awareness training can lower a company’s chance of experiencing a damaging cybersecurity incident, but this only works if it’s regularly refreshed,” he says. “A recent experiment found that subjects only retain the awareness created by phishing resistance training for about four months before improvements are lost.”
New-school security awareness training with realistic phishing simulations can provide your organization with a vital layer of defense.
ITProPortal has the story:
https://www.itproportal.com/features/dont-get-hooked-by-gdpr-compliance-phishing-scams/
Organizations need to be on the lookout for GDPR-themed phishing lures, according to Mike Puglia, Chief Product Officer at Kaseya. In an article for ITProPortal, Puglia explains that GDPR compliance is something most organizations are worried about, and scammers are aware of this.
An email concerning a possible GDPR violation would catch the attention of many employees, particularly executives and others responsible for ensuring compliance. This tactic is particularly effective since ignoring such a tip—if it were legitimate—could have legal ramifications down the road.
“The complex nature of GDPR requirements, regulations, and guidance is a source of stress,” Puglia says. “With stories regularly hitting the press about big fines for data privacy violations, these factors have combined to create a situation that makes businesses more likely to look for advice from a firm that specializes in GDPR compliance, especially when making changes to their cybersecurity suite.”
Puglia describes a recent phishing scam that informed recipients that their organization was out of compliance, and conveniently offered to help them fix the problem.
“No one wants the headaches that come with non-compliance, so they’re likely to be receptive to the fake offer of ‘help’ with their company’s ‘problem,’” Puglia says. “All of this is presented very reasonably, making it an easy social engineering attack to fall for. Some variations of the scam even spoof internal company emails, with the cybercriminals posing as corporate IT techs that are performing routine maintenance, including the right graphics, header, signatures, and other details that make it convincing.
Targeted executives or other power users may even arrive at a landing page that’s personalized just for them, with many relevant details already populated so they only need to provide a few things to finalize the upgrades.“
Puglia concludes that education can help employees avoid falling for social engineering tactics.
“Security awareness training can lower a company’s chance of experiencing a damaging cybersecurity incident, but this only works if it’s regularly refreshed,” he says. “A recent experiment found that subjects only retain the awareness created by phishing resistance training for about four months before improvements are lost.”
New-school security awareness training with realistic phishing simulations can provide your organization with a vital layer of defense.
ITProPortal has the story:
https://www.itproportal.com/features/dont-get-hooked-by-gdpr-compliance-phishing-scams/
Updates on Vishing
Voicemail scams are on the rise, according to Paul Ducklin at Naked Security. These scams are a form of voice phishing (“vishing”) in which scammers churn out automated phone calls and leave pre-recorded messages when the calls go to voicemail.
Like Nigerian prince email scams, this tactic allows scammers to weed out the people who are savvy enough to recognize the scam immediately.
“The theory behind recognising and reacting to voicemail prompts is obvious: many people understandably refuse to answer calls from numbers they don’t know, and program them to go through to voicemail automatically,” Ducklin explains.
“By leaving automated messages in the same way that many legitimate companies do, such as taxi-booking firms, the criminals avoid having to get involved personally at the start. This not only saves the crooks time, but also – by asking you to make a voicemail choice such as pressing ‘1’ or staying on the line – pre-selects those people who haven’t figured out right away that it’s a scam.”
Fortunately, most of these scams are easy to recognize once you know what they look like. Ducklin concludes with advice on how to avoid falling victim to scams: “Don’t try. Don’t buy. Don’t reply. Memorise this easily-remembered saying that the Australian cybersecurity industry came up with many years ago. It’s a neat way of reminding yourself how to deal with spammers and online charlatans.
“Don’t let yourself get sucked or seduced into talking to the scammers at all. We advise against what’s called ‘scambaiting’ – the pastime of deliberately leading scammers on, especially over the phone, in the hope that it might be amusing to see who’s at the other end. You’re talking to a crook, so the best thing that can happen to you is nothing.
“Contact companies you know using information you already have. If you are worried about a fraudulent transaction, login to your account yourself, or call the company’s helpline yourself.
“Never rely on information provided inside an email, or read out to you in a call. Don’t return a call to a number given by the caller. If it’s a scammer, you will not only end up talking to them, but also confirm any guesses (e.g. ‘you applied for a loan’ or ‘it’s about your Amazon account’) that the scammer made in the initial contact.”
New-school security awareness training can help your employees recognize social engineering tactics and follow security best practices.
Naked Security has the story:
https://nakedsecurity.sophos.com/2020/12/08/vishing-criminals-let-rip-with-two-scams-at-once/
Voicemail scams are on the rise, according to Paul Ducklin at Naked Security. These scams are a form of voice phishing (“vishing”) in which scammers churn out automated phone calls and leave pre-recorded messages when the calls go to voicemail.
Like Nigerian prince email scams, this tactic allows scammers to weed out the people who are savvy enough to recognize the scam immediately.
“The theory behind recognising and reacting to voicemail prompts is obvious: many people understandably refuse to answer calls from numbers they don’t know, and program them to go through to voicemail automatically,” Ducklin explains.
“By leaving automated messages in the same way that many legitimate companies do, such as taxi-booking firms, the criminals avoid having to get involved personally at the start. This not only saves the crooks time, but also – by asking you to make a voicemail choice such as pressing ‘1’ or staying on the line – pre-selects those people who haven’t figured out right away that it’s a scam.”
Fortunately, most of these scams are easy to recognize once you know what they look like. Ducklin concludes with advice on how to avoid falling victim to scams: “Don’t try. Don’t buy. Don’t reply. Memorise this easily-remembered saying that the Australian cybersecurity industry came up with many years ago. It’s a neat way of reminding yourself how to deal with spammers and online charlatans.
“Don’t let yourself get sucked or seduced into talking to the scammers at all. We advise against what’s called ‘scambaiting’ – the pastime of deliberately leading scammers on, especially over the phone, in the hope that it might be amusing to see who’s at the other end. You’re talking to a crook, so the best thing that can happen to you is nothing.
“Contact companies you know using information you already have. If you are worried about a fraudulent transaction, login to your account yourself, or call the company’s helpline yourself.
“Never rely on information provided inside an email, or read out to you in a call. Don’t return a call to a number given by the caller. If it’s a scammer, you will not only end up talking to them, but also confirm any guesses (e.g. ‘you applied for a loan’ or ‘it’s about your Amazon account’) that the scammer made in the initial contact.”
New-school security awareness training can help your employees recognize social engineering tactics and follow security best practices.
Naked Security has the story:
https://nakedsecurity.sophos.com/2020/12/08/vishing-criminals-let-rip-with-two-scams-at-once/
Current Events and Phishbait
Staying up-to-date on current geopolitical events can be useful when identifying and investigating phishing campaigns, according to Joe Slowik, a Senior Security Researcher at DomainTools. Slowik describes how DomainTools came across a batch of malicious documents, apparently delivered via phishing emails, that appeared to have been crafted by a nation-state APT.
“Overall, documents appear related to political, military, and related subjects largely in conflict zones such as the Caucasus and the Russian-backed breakaway regions of eastern Ukraine,” Slowik explains. “Additional items, such as the Slovenian defense document which DomainTools researchers were able to link to a phishing email, strongly imply state-sponsored interests for espionage or similar purposes as motivating this campaign.”
Based on this targeting, an obvious suspect would be Russian intelligence services, but Slowik notes that Ukrainian intelligence could also be behind the activity.
“Irrespective of specific attribution, possible links to a known Advanced Persistent Threat (APT) actor (Cloud Atlas) combined with campaign themes that are highly political in nature with no obvious mechanism for monetization make the discovered campaign a likely state-sponsored or state-directed espionage campaign,” Slowik writes.
“While targeting in this case may imply Russian-related interests, it is important to note that earlier Cloud Atlas activity has also targeted entities in the Russian Federation. One possible alternative hypothesis given the targeting in Russia, as well as a focus on breakaway regions in Ukraine, is that the activity represents Ukraine-sponsored cyber espionage activity.
Although interesting, again insufficient evidence exists to support this hypothesis at this time.” Regardless of who’s behind the operation, Slowik explains that the themes of the phishing documents and knowledge of current events helped the researchers tie the campaign together.
“Based on precedent, analysts can identify developments in adversary operations and technical capabilities by tracking identifiers related to major events and conflict zones,” Slowik writes.
“Identifying capabilities deployed to take advantage of such items can yield insights into fundamental attacker tradecraft and behaviors, and enable defense and response for incidents which may strike far closer to home at a later date.”
DomainTools has the story:
https://www.domaintools.com/resources/blog/current-events-to-widespread-campaigns-pivoting-from-samples-to-identify
Staying up-to-date on current geopolitical events can be useful when identifying and investigating phishing campaigns, according to Joe Slowik, a Senior Security Researcher at DomainTools. Slowik describes how DomainTools came across a batch of malicious documents, apparently delivered via phishing emails, that appeared to have been crafted by a nation-state APT.
“Overall, documents appear related to political, military, and related subjects largely in conflict zones such as the Caucasus and the Russian-backed breakaway regions of eastern Ukraine,” Slowik explains. “Additional items, such as the Slovenian defense document which DomainTools researchers were able to link to a phishing email, strongly imply state-sponsored interests for espionage or similar purposes as motivating this campaign.”
Based on this targeting, an obvious suspect would be Russian intelligence services, but Slowik notes that Ukrainian intelligence could also be behind the activity.
“Irrespective of specific attribution, possible links to a known Advanced Persistent Threat (APT) actor (Cloud Atlas) combined with campaign themes that are highly political in nature with no obvious mechanism for monetization make the discovered campaign a likely state-sponsored or state-directed espionage campaign,” Slowik writes.
“While targeting in this case may imply Russian-related interests, it is important to note that earlier Cloud Atlas activity has also targeted entities in the Russian Federation. One possible alternative hypothesis given the targeting in Russia, as well as a focus on breakaway regions in Ukraine, is that the activity represents Ukraine-sponsored cyber espionage activity.
Although interesting, again insufficient evidence exists to support this hypothesis at this time.” Regardless of who’s behind the operation, Slowik explains that the themes of the phishing documents and knowledge of current events helped the researchers tie the campaign together.
“Based on precedent, analysts can identify developments in adversary operations and technical capabilities by tracking identifiers related to major events and conflict zones,” Slowik writes.
“Identifying capabilities deployed to take advantage of such items can yield insights into fundamental attacker tradecraft and behaviors, and enable defense and response for incidents which may strike far closer to home at a later date.”
DomainTools has the story:
https://www.domaintools.com/resources/blog/current-events-to-widespread-campaigns-pivoting-from-samples-to-identify
What KnowBe4 Customers Say
"Hello, Thank you for reaching out! I am really enjoying the product. It was a bucket list wish fulfilled to push the button to start a campaign. I have wanted a SAT program for a very long time. We are still getting buy-in for the training piece, but I expect I will get that soon. I will absolutely recommend this to others."
- H.C., Network Analyst
"Hello, Thank you for reaching out! I am really enjoying the product. It was a bucket list wish fulfilled to push the button to start a campaign. I have wanted a SAT program for a very long time. We are still getting buy-in for the training piece, but I expect I will get that soon. I will absolutely recommend this to others."
- H.C., Network Analyst
The 10 Interesting News Items This Week
- Nation-State Hackers Breached FireEye, Stole Its Red Team Tools:
https://www.darkreading.com/attacks-breaches/nation-state-hackers-breached-fireeye-stole-its-red-team-tools/d/d-id/1339652 - U.S. cybersecurity firm FireEye discloses breach, theft of internal hacking tools:
https://www.reuters.com/article/us-fireeye-cyber/u-s-cybersecurity-firm-fireeye-discloses-breach-theft-of-internal-hacking-tools-idUSKBN28I31E - Cyber Exposures Soar During Pandemic:
https://www.shrm.org/resourcesandtools/hr-topics/technology/pages/cyber-exposures-soar-during-pandemic.aspx - Cybercrime Is Now A Trillion Dollar-plus Drag On The Global Economy And 1% Of Global GDP:
https://www.professionalsecurity.co.uk/news/commercial-security/cyber-survey/ - Starlink awarded $885 Million out of $16 Billion Total from FCC for Rural Broadband:
https://lynxotic.com/spacex-starlink-awarded-885-million-out-of-9-2-billion-total-from-fcc-for-rural-broadband/ - 'Ransomware Is Quickly Becoming a National Emergency' Amid Pandemic: CISA Acting Director Testifies:
https://sociable.co/government-and-policy/ransomware-national-emergency-amid-pandemic-cisa-acting-director-testifies/ - Interpol is keeping track - Police arrest more than 20,000 online fraudsters worldwide:
https://www.enca.com/news/police-arrest-more-20000-online-fraudsters-worldwide - Ransomware attacks target backup systems, compromising the company ‘insurance policy’:
https://www.scmagazine.com/home/security-news/ransomware/ransomware-attacks-target-backup-systems-compromising-the-company-insurance-policy/ - The Wall Street Journal: Why Companies Should Stop Scaring Employees About Cybersecurity:
https://www.wsj.com/articles/why-companies-should-stop-scaring-employees-about-cybersecurity-11607364000? - COVID-19 Vaccine Cyberattacks Steal Credentials, Spread Zebrocy Malware:
https://threatpost.com/covid-19-vaccine-cyberattacks-credentials-zebrocy/162072/
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff
- Your very first Virtual Vaca to magical Europe!:
https://www.youtube.com/watch?v=AjcxPd6Oag8 - Your second Virtual Vaca to Vancouver Island:
https://www.youtube.com/watch?v=1hcQOXYPejA - Your third Virtual Vaca to Bordeaux, France:
https://www.youtube.com/watch?v=1hcQOXYPejA - The World's First Commercially Available Flying Car Is Here And It's Legal. I want one!
https://www.youtube.com/watch?v=LZi0IsFpAI4 - SpaceX’s Starship flies high-altitude test that ends with a bang — and with congrats from Jeff Bezos:
https://www.geekwire.com/2020/spacexs-starship-flies-high-altitude-test-ends-bang-congrats-jeff-bezos/ - "Limitless Fun" Mountain bike tire ad from Michelin:
https://www.youtube.com/watch?v=pULJG0g3tHU - The Duel: Timo Boll vs. KUKA Robot:
https://www.youtube.com/watch?v=tIIJME8-au8 - The extraordinary final test to become a Shaolin Kung Fu Master:
https://www.youtube.com/watch?v=Zbow21FKJS4 - Rooftop Skiing in France. Good Morning By Richard Permin:
https://www.youtube.com/watch?v=NtZVFUvn3_U - BASE Jumper climbs bridge without rope. Yikes!
https://www.youtube.com/watch?v=fTiAhDgAW-8 - Bluetooth and camera-enabled key. A high tech hack from the Lock Picking Lawyer:
https://www.youtube.com/watch?v=DGdsIrAjp3k&t=10s - "How to Build an Underwater Restaurant":
https://youtu.be/o0BbTC9zQYo