CyberheistNews Vol 10 #53
[Heads Up] Here's Some Powerful Ammo to Grab More of Your Year-End InfoSec Budget
OK, let's sum up where we are, here at the end of December 2020. COVID has propelled IT from 2020 to 2030 in a matter of months. However, only a few of us were ready to have the large majority of our users to Work From Home. Your old firewall is useless. The hardware endpoint with its software security stack now sits in your user's bedroom.
Bad guys consider your user their most rewarding attack surface. It takes 3 months to hack hardware, 3 weeks to hack software, and 3 minutes (if that) to hack a human. You hope your secure gateways do the job but you know that bad stuff gets through your filters and that MFA can be hacked.
WFH is driving orgs to move mission-critical apps to the cloud in a major hurry. That means cloud security has suddenly become paramount and industry pundits predict massive growth from 2021 forward. Cloud-native security companies like CrowdStrike reported 86% year-over-year growth in their recent quarter.
Russia is flexing its hacking- and geopolitical muscle. The SolarWinds supply chain attack has spread chills through IT and government circles. This is very likely the U.S.' worst hack ever, and the damage is still being assessed. It's not sure yet how they initially got into SolarWinds (spear-phishing?) but we know Russia's FSB (their equivalent of the CIA) hacked the SolarWinds Dev-team's MFA access once they owned the SolarWinds network.
So, how about those end-of-year InfoSec Budget quick wins?
During 2020, many IT pros have found that their current IT stack has become too expensive to support and that existing technology debt makes the pivot to the cloud difficult. It is urgent to do a gap analysis and look at the following four areas from a Zero-trust perspective:
Your cloud security starts with your users. The fastest way to dramatically reduce your end-user attack surface is to step them through new-school security awareness training at the house, and that includes frequent social engineering tests as the always-verify process. Existing office-focused awareness education does not always translate to the house.
How does 127% ROI with a one-month payback sound?
Forrester did a Total Economic Impact™ (TEI) study, examining the potential Return on Investment (ROI) orgs might realize by implementing KnowBe4. The resulting research paper assessed the performance of the KnowBe4 platform. How does 127% ROI with a one-month payback sound?
And..Did You Know?
The KnowBe4 platform has its own built-in Learning Management System that you can use to upload your organization's own training modules, so you can use KnowBe4 to train all of your users on anything while they WFH.
The fastest return on your budget dollar, the quickest results, happy camper users and frankly the most fun is to fast-track a PO before the year ends, and get quickly onboarded in January by one of our award-winning CSMs.
Get a quote now, ask for your end-of-quarter discount, and find out how surprisingly affordable this is for your organization. 35,000+ of your peers can't be wrong.
https://info.knowbe4.com/kmsat_get_a_quote_now
OK, let's sum up where we are, here at the end of December 2020. COVID has propelled IT from 2020 to 2030 in a matter of months. However, only a few of us were ready to have the large majority of our users to Work From Home. Your old firewall is useless. The hardware endpoint with its software security stack now sits in your user's bedroom.
Bad guys consider your user their most rewarding attack surface. It takes 3 months to hack hardware, 3 weeks to hack software, and 3 minutes (if that) to hack a human. You hope your secure gateways do the job but you know that bad stuff gets through your filters and that MFA can be hacked.
WFH is driving orgs to move mission-critical apps to the cloud in a major hurry. That means cloud security has suddenly become paramount and industry pundits predict massive growth from 2021 forward. Cloud-native security companies like CrowdStrike reported 86% year-over-year growth in their recent quarter.
Russia is flexing its hacking- and geopolitical muscle. The SolarWinds supply chain attack has spread chills through IT and government circles. This is very likely the U.S.' worst hack ever, and the damage is still being assessed. It's not sure yet how they initially got into SolarWinds (spear-phishing?) but we know Russia's FSB (their equivalent of the CIA) hacked the SolarWinds Dev-team's MFA access once they owned the SolarWinds network.
So, how about those end-of-year InfoSec Budget quick wins?
During 2020, many IT pros have found that their current IT stack has become too expensive to support and that existing technology debt makes the pivot to the cloud difficult. It is urgent to do a gap analysis and look at the following four areas from a Zero-trust perspective:
- VPN and data encryption
- Data and user access
- Cloud infrastructure security
- End-user security education
Your cloud security starts with your users. The fastest way to dramatically reduce your end-user attack surface is to step them through new-school security awareness training at the house, and that includes frequent social engineering tests as the always-verify process. Existing office-focused awareness education does not always translate to the house.
How does 127% ROI with a one-month payback sound?
Forrester did a Total Economic Impact™ (TEI) study, examining the potential Return on Investment (ROI) orgs might realize by implementing KnowBe4. The resulting research paper assessed the performance of the KnowBe4 platform. How does 127% ROI with a one-month payback sound?
And..Did You Know?
The KnowBe4 platform has its own built-in Learning Management System that you can use to upload your organization's own training modules, so you can use KnowBe4 to train all of your users on anything while they WFH.
The fastest return on your budget dollar, the quickest results, happy camper users and frankly the most fun is to fast-track a PO before the year ends, and get quickly onboarded in January by one of our award-winning CSMs.
Get a quote now, ask for your end-of-quarter discount, and find out how surprisingly affordable this is for your organization. 35,000+ of your peers can't be wrong.
https://info.knowbe4.com/kmsat_get_a_quote_now
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us Thursday, January 7 @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at new features and see how easy it is to train and phish your users:
Date/Time: Thursday, January 7 @ 2:00 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/2871748/B4621486C7D9F71C601D996D687E5D5D?partnerref=CHN1
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us Thursday, January 7 @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at new features and see how easy it is to train and phish your users:
- NEW! AI Recommended training suggestions based on your users’ phishing security test results.
- NEW! Brandable Content feature gives you the option to add branded custom content to select training modules.
- Active Directory Integration to easily upload user data, eliminating the need to manually manage user changes.
- NEW! The first 2021 Training Modules were recently published in the ModStore.
- Did You Know? You can upload your own SCORM training modules into your account for home workers.
Date/Time: Thursday, January 7 @ 2:00 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/2871748/B4621486C7D9F71C601D996D687E5D5D?partnerref=CHN1
How Can You Be -More- at Risk With MFA?
By Roger Grimes. In my recent comment on the SolarWinds’ cyber attack, I made the claim that using multifactor authentication (MFA) can sometimes make you more at risk than using a simple login name and password. I wrote this:
“As many MFA users and administrators are finding out, using MFA can make some targeted hacks against you far more likely if they are attempted. I’ve had a credit union security officer tell me that he/she has suffered more successful hacks since his organization implemented MFA and he wished they would go back to login names and passwords.
They wouldn’t be the first to reverse course. Many multi-millionaire cryptocurrency traders that got exploited explicitly because they were using MFA then went back to simple login names and password security years ago. Using MFA was just too much risk out of their control.”
First, I want to state on the outset that I like MFA and I think MFA significantly…significantly…reduces many types of cybersecurity risk. For example, you can’t be phished out of your password if you don’t have or know your password. But, there is a big difference between saying and believing that and believing that you are significantly less likely to be compromised because you use MFA.
As many new companies which converted to MFA for authentication learned, it doesn’t stop all hacking. And none of the individuals I know who went back to simple login names and passwords after being hacked because of MFA regret their reversals. Here are reasons why MFA may increase the risk of some forms of hacking:
CONTINUED:
https://blog.knowbe4.com/how-you-can-be-more-at-risk-with-mfa
By Roger Grimes. In my recent comment on the SolarWinds’ cyber attack, I made the claim that using multifactor authentication (MFA) can sometimes make you more at risk than using a simple login name and password. I wrote this:
“As many MFA users and administrators are finding out, using MFA can make some targeted hacks against you far more likely if they are attempted. I’ve had a credit union security officer tell me that he/she has suffered more successful hacks since his organization implemented MFA and he wished they would go back to login names and passwords.
They wouldn’t be the first to reverse course. Many multi-millionaire cryptocurrency traders that got exploited explicitly because they were using MFA then went back to simple login names and password security years ago. Using MFA was just too much risk out of their control.”
First, I want to state on the outset that I like MFA and I think MFA significantly…significantly…reduces many types of cybersecurity risk. For example, you can’t be phished out of your password if you don’t have or know your password. But, there is a big difference between saying and believing that and believing that you are significantly less likely to be compromised because you use MFA.
As many new companies which converted to MFA for authentication learned, it doesn’t stop all hacking. And none of the individuals I know who went back to simple login names and passwords after being hacked because of MFA regret their reversals. Here are reasons why MFA may increase the risk of some forms of hacking:
CONTINUED:
https://blog.knowbe4.com/how-you-can-be-more-at-risk-with-mfa
See How You Can Get Audits Done in Half the Time at Half the Cost
You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments and third-party vendor risk is a continuous problem.
KCM GRC is a SaaS-based platform that includes Compliance, Risk, Policy and Vendor Risk Management modules. KCM was developed to save you the maximum amount of time getting GRC done.
Join us Thursday, January 7 @ 1:00 PM (ET), for a 30-minute live product demonstration of KnowBe4's KCM GRC platform. Plus, get a look at new compliance management features we’ve added to make managing your compliance projects even easier!
Save My Spot!
https://event.on24.com/wcc/r/2871743/B40208045B08A0EE95D0DF7FDA61D9F6?partnerref=CHN1
You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments and third-party vendor risk is a continuous problem.
KCM GRC is a SaaS-based platform that includes Compliance, Risk, Policy and Vendor Risk Management modules. KCM was developed to save you the maximum amount of time getting GRC done.
Join us Thursday, January 7 @ 1:00 PM (ET), for a 30-minute live product demonstration of KnowBe4's KCM GRC platform. Plus, get a look at new compliance management features we’ve added to make managing your compliance projects even easier!
- NEW! Control guidance feature provides in-platform suggestions to help you create controls to meet your specific scopes and requirements.
- Vet, manage and monitor your third-party vendors' security risk requirements.
- Simplify risk management with an intuitive interface and simple workflow based on the well-recognized NIST 800-30.
- Quick implementation with pre-built requirements templates for the most widely used regulations.
- Dashboards with automated reminders to quickly see what tasks have been completed, not met, and past due.
Save My Spot!
https://event.on24.com/wcc/r/2871743/B40208045B08A0EE95D0DF7FDA61D9F6?partnerref=CHN1
Fireeye's Mandia on SolarWinds Hack: 'This Was a Sniper Round'
Joe Warminsky at Cyberscoop wrote: "The foreign espionage operation that breached several U.S. government agencies through SolarWinds software updates was unique in its methods and stealth, according to FireEye CEO Kevin Mandia, whose company discovered the activity.
“This was not a drive-by shooting on the information highway. This was a sniper round from somebody a mile away from your house,” Mandia said Sunday morning on CBS’s “Face the Nation.” “This was special operations. And it was going to take special operations to detect this breach.”
Mandia estimated that about “only about 50 companies or organizations” were the true targets of the operation, which is suspected to be the work of the Russian intelligence agency known as the SVR. Texas-based SolarWinds reportedly has about 300,000 customers overall in government and industry, and the malware in the spy campaign was pushed out to about 18,000 of those, including U.S. government agencies and major corporations.
In the CBS interview, Mandia did not attribute the operation directly to Russia, but he said it was definitely the work of a nation-state with a long history of participating in the “continuing game in cyberspace.” He said the attack was “very consistent” with an SVR operation, and it was important to make certain any attribution was definitive.
Despite bearing the hallmarks of a familiar hacking group, this particular campaign was “totally unique” and “utterly clandestine” in how it happened, Mandia said.
“And quite frankly, it was a backdoor into the American supply chain that separates this from thousands of other cases that we’ve worked throughout our careers,” Mandia said.
CONTINUED:
https://blog.knowbe4.com/fireeyes-mandia-on-solarwinds-hack-this-was-a-sniper-round
Joe Warminsky at Cyberscoop wrote: "The foreign espionage operation that breached several U.S. government agencies through SolarWinds software updates was unique in its methods and stealth, according to FireEye CEO Kevin Mandia, whose company discovered the activity.
“This was not a drive-by shooting on the information highway. This was a sniper round from somebody a mile away from your house,” Mandia said Sunday morning on CBS’s “Face the Nation.” “This was special operations. And it was going to take special operations to detect this breach.”
Mandia estimated that about “only about 50 companies or organizations” were the true targets of the operation, which is suspected to be the work of the Russian intelligence agency known as the SVR. Texas-based SolarWinds reportedly has about 300,000 customers overall in government and industry, and the malware in the spy campaign was pushed out to about 18,000 of those, including U.S. government agencies and major corporations.
In the CBS interview, Mandia did not attribute the operation directly to Russia, but he said it was definitely the work of a nation-state with a long history of participating in the “continuing game in cyberspace.” He said the attack was “very consistent” with an SVR operation, and it was important to make certain any attribution was definitive.
Despite bearing the hallmarks of a familiar hacking group, this particular campaign was “totally unique” and “utterly clandestine” in how it happened, Mandia said.
“And quite frankly, it was a backdoor into the American supply chain that separates this from thousands of other cases that we’ve worked throughout our careers,” Mandia said.
CONTINUED:
https://blog.knowbe4.com/fireeyes-mandia-on-solarwinds-hack-this-was-a-sniper-round
[New Webinar] Malicious Browser Notifications: The New Phishing Attack Not Blocked by Your Current Cyber Defense
Cybercriminals have added a devious weapon to their attack arsenals - malicious browser notifications. And the worst part is they’re not blocked by any current cyber defense. These innocuous looking pop ups can wreak havoc on your network while remaining completely undetected.
They look more realistic than traditional phishing methods and are designed to trick your unsuspecting users. This is just the latest in a list of sneaky browser attacks the bad guys use to infiltrate your network.
Join Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist to find out what you need to know now about malicious browser attacks and how to stop them.
Attend this session to learn:
Save My Spot!
https://event.on24.com/wcc/r/2943930/8B18F65457EF94CF67224CF723CCBB0D?partnerref=CHN1
Let's stay safe out there:
Cybercriminals have added a devious weapon to their attack arsenals - malicious browser notifications. And the worst part is they’re not blocked by any current cyber defense. These innocuous looking pop ups can wreak havoc on your network while remaining completely undetected.
They look more realistic than traditional phishing methods and are designed to trick your unsuspecting users. This is just the latest in a list of sneaky browser attacks the bad guys use to infiltrate your network.
Join Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist to find out what you need to know now about malicious browser attacks and how to stop them.
Attend this session to learn:
- How legitimate websites are targeted to deliver these stealthy phishing attacks
- Why browser notification phishing attacks bypass your cyber defenses
- Other sneaky browser attacks the bad guys use to infiltrate your network
- How to shore up your defenses and to protect against them all
- Earn CPE credit for attending!
Save My Spot!
https://event.on24.com/wcc/r/2943930/8B18F65457EF94CF67224CF723CCBB0D?partnerref=CHN1
Let's stay safe out there:
Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc
PS: Murder Plot Victim Alexey Navalny Social Engineers FSB Officer Who Confesses:
https://www.bellingcat.com/news/uk-and-europe/2020/12/21/if-it-hadnt-been-for-the-prompt-work-of-the-medics-fsb-officer-inadvertently-confesses-murder-plot-to-navalny/
Quotes of the Week
"Liberty has never come from Government. Liberty has always come from the subjects of it. The history of liberty is a history of limitations of governmental power, not the increase of it."
- Woodrow Wilson - 28th president of the United States (1856 - 1924)
"They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
― Benjamin Franklin, Founding Father (1706 - 1790)
Thanks for reading CyberheistNews
- Woodrow Wilson - 28th president of the United States (1856 - 1924)
"They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
― Benjamin Franklin, Founding Father (1706 - 1790)
Thanks for reading CyberheistNews
Security News
Vaccine-Themed Phishing Campaigns Are Still on the Rise
Researchers at Avanan are seeing a “massive rise in sophisticated vaccine-related BEC email related to the COVID vaccine.” Avanan expects these campaigns to increase over the coming months as more COVID-19 vaccines are rolled out and distributed around the world.
“As happens with all major news events, Avanan is tracking a tremendous number of fake sites, emails and even phone calls and texts which all offer an insider's access to the COVID vaccine,” the researchers write.
“Using Business Email Compromise techniques, hackers create thorough, realistic copies of the websites they spoof and can do so in a matter of days. Based on the pattern and sophistication of the attacks, these are incredibly organized and targeted to larger organizations. As more vaccines get approved, Avanan analysts expect to see similar attacks propagate at scale. “
The researchers describe a specific phishing campaign that purports to come from the legitimate biotechnology company BioNTech. While phishing emails are often riddled with typos and other red flags, the attackers in this case put effort into making their email template and website appear legitimate.
“There are no links to the site in the email, which allowed it to bypass many traditional phishing filters,” Avanan says. “The email itself is well-written, with no easily discoverable spelling or grammar errors. If the user was to Google the domain, they would be directed to a fully functional website that includes contact information matching what's in the email.”
Avanan says the attackers were also paying attention to current events, and they launched this phishing campaign to coincide with the announcement of an effective vaccine candidate.
“Another reason the attack is effective is the timeline,” the researchers write. “Pfizer-BioNTech announced an effective vaccine candidate on November 9th. The attackers registered the domain ‘biontechvaccines[.]org’ on November 11th and within days, had duplicated the entire BioNTech website with a WordPress version on the fake domain.
On December 11th, the Food and Drug Administration approved the BioNTech vaccine for emergency use. A few days later, the first spoof email utilizing BioNTech went out to end-users. Biontechvaccines[.]org (active as of this writing) is not the BioNTech website, but looks very similar.”
Not all phishing attacks will have visible warning signs, so people need to be cautious whenever they’re asked to click a link or provide some information.
Avanan has the story:
https://www.avanan.com/blog/biontech-covid-vaccine-spoofed
Researchers at Avanan are seeing a “massive rise in sophisticated vaccine-related BEC email related to the COVID vaccine.” Avanan expects these campaigns to increase over the coming months as more COVID-19 vaccines are rolled out and distributed around the world.
“As happens with all major news events, Avanan is tracking a tremendous number of fake sites, emails and even phone calls and texts which all offer an insider's access to the COVID vaccine,” the researchers write.
“Using Business Email Compromise techniques, hackers create thorough, realistic copies of the websites they spoof and can do so in a matter of days. Based on the pattern and sophistication of the attacks, these are incredibly organized and targeted to larger organizations. As more vaccines get approved, Avanan analysts expect to see similar attacks propagate at scale. “
The researchers describe a specific phishing campaign that purports to come from the legitimate biotechnology company BioNTech. While phishing emails are often riddled with typos and other red flags, the attackers in this case put effort into making their email template and website appear legitimate.
“There are no links to the site in the email, which allowed it to bypass many traditional phishing filters,” Avanan says. “The email itself is well-written, with no easily discoverable spelling or grammar errors. If the user was to Google the domain, they would be directed to a fully functional website that includes contact information matching what's in the email.”
Avanan says the attackers were also paying attention to current events, and they launched this phishing campaign to coincide with the announcement of an effective vaccine candidate.
“Another reason the attack is effective is the timeline,” the researchers write. “Pfizer-BioNTech announced an effective vaccine candidate on November 9th. The attackers registered the domain ‘biontechvaccines[.]org’ on November 11th and within days, had duplicated the entire BioNTech website with a WordPress version on the fake domain.
On December 11th, the Food and Drug Administration approved the BioNTech vaccine for emergency use. A few days later, the first spoof email utilizing BioNTech went out to end-users. Biontechvaccines[.]org (active as of this writing) is not the BioNTech website, but looks very similar.”
Not all phishing attacks will have visible warning signs, so people need to be cautious whenever they’re asked to click a link or provide some information.
Avanan has the story:
https://www.avanan.com/blog/biontech-covid-vaccine-spoofed
[HACK ALERT] Here Is a Whole New Way Cyber Criminals Empty out Your Bank Account
Researchers at IBM discovered a massive banking fraud campaign that raked in millions of dollars over the course of a few days before it was put to a stop.
The attackers gained access to thousands of victims’ online bank accounts, either through phishing attacks or malware, then used mobile emulators to impersonate the victims’ phones. Mobile emulators are virtualization software that can imitate a real phone, and are usually used for legitimate purposes.
The criminals in this case, however, used them to avoid triggering alerts when they transferred money out of the victims’ accounts.
“This is the work of a professional and organized gang that uses an infrastructure of mobile device emulators to set up thousands of spoofed devices that accessed thousands of compromised accounts,” the researchers explain.
“In each instance, a set of mobile device identifiers was used to spoof an actual account holder’s device, likely ones that were previously infected by malware or collected via phishing pages. Using automation, scripting, and potentially access to a mobile malware botnet or phishing logs, the attackers, who have the victim’s username and password, initiate and finalize fraudulent transactions at scale.
In this automatic process, they are likely able to script the assessment of account balances of the compromised users and automate large numbers of fraudulent money transfers being careful to keep them under amounts that trigger further review by the bank.”
The researchers stress that this operation was enormous and well-planned, and they expect to see similar campaigns in the future.
“The scale of this operation is one that has never been seen before, in some cases, over 20 emulators were used in the spoofing of well over 16,000 compromised devices,” IBM says. “The attackers use these emulators to repeatedly access thousands of customer accounts and end up stealing millions of dollars in a matter of just a few days in each case.
After one spree, the attackers shut down the operation, wipe traces, and prepare for the next attack.”
IBM says the attackers could also intercept certain two-factor authentication measures in order to approve transactions. “It’s of note that the emulator attacks we analyzed have the potential to work on any application that offers online access to customers, especially financial institutions, anywhere in the world,” the researchers write.
“This is applicable even where transactions are approved with a code sent via SMS, and potentially also voice calls, or an email message.”
Two-factor authentication is an important security measure, but it won’t stop every attack.
Blog post at:
https://blog.knowbe4.com/hack-alert-here-is-a-whole-new-way-cyber-criminals-empty-out-your-bank-account
Researchers at IBM discovered a massive banking fraud campaign that raked in millions of dollars over the course of a few days before it was put to a stop.
The attackers gained access to thousands of victims’ online bank accounts, either through phishing attacks or malware, then used mobile emulators to impersonate the victims’ phones. Mobile emulators are virtualization software that can imitate a real phone, and are usually used for legitimate purposes.
The criminals in this case, however, used them to avoid triggering alerts when they transferred money out of the victims’ accounts.
“This is the work of a professional and organized gang that uses an infrastructure of mobile device emulators to set up thousands of spoofed devices that accessed thousands of compromised accounts,” the researchers explain.
“In each instance, a set of mobile device identifiers was used to spoof an actual account holder’s device, likely ones that were previously infected by malware or collected via phishing pages. Using automation, scripting, and potentially access to a mobile malware botnet or phishing logs, the attackers, who have the victim’s username and password, initiate and finalize fraudulent transactions at scale.
In this automatic process, they are likely able to script the assessment of account balances of the compromised users and automate large numbers of fraudulent money transfers being careful to keep them under amounts that trigger further review by the bank.”
The researchers stress that this operation was enormous and well-planned, and they expect to see similar campaigns in the future.
“The scale of this operation is one that has never been seen before, in some cases, over 20 emulators were used in the spoofing of well over 16,000 compromised devices,” IBM says. “The attackers use these emulators to repeatedly access thousands of customer accounts and end up stealing millions of dollars in a matter of just a few days in each case.
After one spree, the attackers shut down the operation, wipe traces, and prepare for the next attack.”
IBM says the attackers could also intercept certain two-factor authentication measures in order to approve transactions. “It’s of note that the emulator attacks we analyzed have the potential to work on any application that offers online access to customers, especially financial institutions, anywhere in the world,” the researchers write.
“This is applicable even where transactions are approved with a code sent via SMS, and potentially also voice calls, or an email message.”
Two-factor authentication is an important security measure, but it won’t stop every attack.
Blog post at:
https://blog.knowbe4.com/hack-alert-here-is-a-whole-new-way-cyber-criminals-empty-out-your-bank-account
No, It's Not You in The Facebook Video... It's a Phishing Link
Scammers are using compromised Facebook accounts to circulate phishing scams to the hacked accounts’ friends, according to Paul Ducklin at Naked Security. The links are sent via Facebook Messenger, and appear to be a video with a blacked-out image and a caption that says “Is it you in the video?”
Ducklin notes that these messages are much more effective when they come from a trusted account. “From someone you didn’t know, a question like that would fall somewhere between bizarre and creepy, but from a friend, who wouldn’t want to take a look?” Ducklin says.
“There is no video, of course – the black image links to a URL shortening service, which in turn redirects to a URL that pops up what looks like a Facebook login page.”
If a user enters their Facebook credentials on this phishing page, their own account will be hacked and their friends will then receive similar messages. Interestingly, the criminals in this case attempt to trick their victims twice by redirecting them to third-party scams after stealing their credentials.
“After entering your password, there’s a short delay, as you might expect when logging in to any online service, after which the crooks seem to pick from a range of other scams and redirect you to one of them randomly,” Ducklin says.
“These didn’t look as though they were being run by the same criminals, so we’re assuming the message-spamming crooks were simply hoping to collect ‘affiliate fees’ from other criminals in the underground. These ‘second redirect’ scams varied from specious VPN offers to a range of those ‘free’ phone deals where all you need to do is pay a modest delivery fee (£1.95 in the variants we saw here), thus giving the crooks a believable excuse to collect your credit card details.”
New-school security awareness training can help your employees recognize scams and teach them not to let their curiosity get the better of them.
Blog with links:
https://blog.knowbe4.com/no-its-not-you-in-the-facebook-video...-its-a-phishing-link
Scammers are using compromised Facebook accounts to circulate phishing scams to the hacked accounts’ friends, according to Paul Ducklin at Naked Security. The links are sent via Facebook Messenger, and appear to be a video with a blacked-out image and a caption that says “Is it you in the video?”
Ducklin notes that these messages are much more effective when they come from a trusted account. “From someone you didn’t know, a question like that would fall somewhere between bizarre and creepy, but from a friend, who wouldn’t want to take a look?” Ducklin says.
“There is no video, of course – the black image links to a URL shortening service, which in turn redirects to a URL that pops up what looks like a Facebook login page.”
If a user enters their Facebook credentials on this phishing page, their own account will be hacked and their friends will then receive similar messages. Interestingly, the criminals in this case attempt to trick their victims twice by redirecting them to third-party scams after stealing their credentials.
“After entering your password, there’s a short delay, as you might expect when logging in to any online service, after which the crooks seem to pick from a range of other scams and redirect you to one of them randomly,” Ducklin says.
“These didn’t look as though they were being run by the same criminals, so we’re assuming the message-spamming crooks were simply hoping to collect ‘affiliate fees’ from other criminals in the underground. These ‘second redirect’ scams varied from specious VPN offers to a range of those ‘free’ phone deals where all you need to do is pay a modest delivery fee (£1.95 in the variants we saw here), thus giving the crooks a believable excuse to collect your credit card details.”
New-school security awareness training can help your employees recognize scams and teach them not to let their curiosity get the better of them.
Blog with links:
https://blog.knowbe4.com/no-its-not-you-in-the-facebook-video...-its-a-phishing-link
What KnowBe4 Customers Say
"As 2020 comes to an end, I wanted to reach out to you personally and provide some feedback on the first year of our relationship between KnowBe4 and us.
To begin, before engaging in business, I mentioned to our sales rep that we were looking for a partnership, and not just a company relationship with a vendor. I wanted a company that we could partner with that would assist us in not only establishing a successful Security Awareness Program for our global Enterprise, but also assist us in maintaining it and get us to a point of having a self-sustaining platform as much as possible a few years into it.
Once we officially became a client of KnowBe4’s in September of 2019, I was introduced to our Enterprise CSM and since then, I've not been disappointed with the level of response, commitment, communication and dedication of support that you and the teams have provided.
Have there been some challenges and growing pains this first year, yes, but very few and the ones that occurred were addressed expeditiously and professionally. That is what I'm looking for in a partnership. I feel I've gotten that level of commitment and service from you and the KnowBe4 team.
Also along the way, I have had the pleasure of collaborating with some of KnowBe4’s leadership as well, including Product Management. I’m looking forward to expanding these relationships in hopes that we can become a top tier client of KnowBe4.
As for the level of service I have experienced across the board from all of those mentioned above, I can say without hesitation that it has been a pleasure working with all of them on every level. Please forward a copy of this email to the leadership as I want to recognize all of you for a job well done.
It has been a pleasure working with you and I would like to wish you and the KnowBe4 team a very Merry Christmas and a Happy and most prosperous New Year."
- C.B., Global Email Security Administrator
"As 2020 comes to an end, I wanted to reach out to you personally and provide some feedback on the first year of our relationship between KnowBe4 and us.
To begin, before engaging in business, I mentioned to our sales rep that we were looking for a partnership, and not just a company relationship with a vendor. I wanted a company that we could partner with that would assist us in not only establishing a successful Security Awareness Program for our global Enterprise, but also assist us in maintaining it and get us to a point of having a self-sustaining platform as much as possible a few years into it.
Once we officially became a client of KnowBe4’s in September of 2019, I was introduced to our Enterprise CSM and since then, I've not been disappointed with the level of response, commitment, communication and dedication of support that you and the teams have provided.
Have there been some challenges and growing pains this first year, yes, but very few and the ones that occurred were addressed expeditiously and professionally. That is what I'm looking for in a partnership. I feel I've gotten that level of commitment and service from you and the KnowBe4 team.
Also along the way, I have had the pleasure of collaborating with some of KnowBe4’s leadership as well, including Product Management. I’m looking forward to expanding these relationships in hopes that we can become a top tier client of KnowBe4.
As for the level of service I have experienced across the board from all of those mentioned above, I can say without hesitation that it has been a pleasure working with all of them on every level. Please forward a copy of this email to the leadership as I want to recognize all of you for a job well done.
It has been a pleasure working with you and I would like to wish you and the KnowBe4 team a very Merry Christmas and a Happy and most prosperous New Year."
- C.B., Global Email Security Administrator
The 11 Interesting News Items This Week
- OUCH. Only 30% prepared to secure a complete shift to remote work:
https://www.helpnetsecurity.com/2020/12/23/secure-shift-remote-work/ - A second hacking group has targeted SolarWinds systems:
https://www.zdnet.com/article/a-second-hacking-group-has-targeted-solarwinds-systems/ - Defending Against State and State-Sponsored Threat Actors:
https://threatpost.com/defending-against-state-threat-actors/162518/ - Microsoft and McAfee headline newly-formed 'Ransomware Task Force':
https://www.zdnet.com/article/microsoft-and-mcafee-headline-newly-formed-ransomware-task-force/ - Just 8% of U.K. Firms Offer Regular Security Training:
https://blog.knowbe4.com/just-8-of-u.k.-firms-offer-regular-security-training - FireEye's Mandia on SolarWinds hack: 'This was a sniper round':
https://blog.knowbe4.com/fireeyes-mandia-on-solarwinds-hack-this-was-a-sniper-round - The SolarWinds cyberattack: The hack, the victims, and what we know:
https://www.bleepingcomputer.com/news/security/the-solarwinds-cyberattack-the-hack-the-victims-and-what-we-know/ - Hacked Networks Will Need to be Burned 'Down to the Ground':
https://www.securityweek.com/hacked-networks-will-need-be-burned-down-ground - 6 persuasion tactics used in social engineering attacks:
https://www.techrepublic.com/article/6-persuasion-tactics-used-in-social-engineering-attacks/ - VMware, Cisco Reveal Impact of SolarWinds Incident:
https://www.securityweek.com/vmware-cisco-reveal-impact-solarwinds-incident - Russians Are Believed to Have Used Microsoft Resellers in Cyberattacks:
https://www.nytimes.com/2020/12/24/us/russia-microsoft-resellers-cyberattacks.html
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff
- Your Virtual Vaca #1 to Australia in 8k HDR!:
https://youtu.be/ISJMsVhY5Yk - Your Virtual Vaca #2 Swiss peaks has great photography and spectacular birds-eye views:
https://youtu.be/mhxcUKplJAM - Classic Le Mans 1999 Peter Dumbreck's Mercedes flip back when Formula 1 cars were designed wrong:
https://youtu.be/e21ZjwZGjiQ - We’ve done past FAVES on Aurora Borealis, but this is a beautiful nice one for the Holidays:
https://youtu.be/AWfxm-zziUk - Racing With The Sun. Super cool endurance race for solar cars:
https://www.youtube.com/watch?v=XwwlHMLRF-I - Urban Snowmobiling in Saint Paul | Levi LaVallee
https://www.youtube.com/watch?v=HoZBi04afwc - Penn & Teller Fool Us | Nathan Coe Marsh | 1080p | Fooled?
https://www.youtube.com/watch?v=qAa-gMI13_g - The Top 10 Dramatic Moments of the 2020 F1 Season!
https://www.youtube.com/watch?v=yfeE988l7nk - The Human Catapult: BASE Jumping Catapult at Bridge Day 2012:
https://www.youtube.com/watch?v=a-FY3aHO6Cw&feature=emb_logo - For Da Kids #1 2020 Awesome Lego Train Set in the Garden and House:
https://www.youtube.com/watch?v=i49BesMwKF4 - For Da Kids #2 Amazing Magician Fools Penn & Teller With Just A Ring!
https://youtu.be/x_Lm7cvA4Vw - For Da Kids #3 People Are Awesome (Kid Edition)
https://www.youtube.com/watch?v=CF5u78G7pY4