CyberheistNews Vol 10 #6 [Heads-Up] Scam of the Week: Coronavirus Phishing Attacks in the Wild


CyberheistNews Vol 10 #06
[Heads-Up] Scam of the Week: Coronavirus Phishing Attacks in the Wild

Yup, you can count on it, when there is a worldwide health scare, the bad guys are on it like flies on $#!+. We are seeing a new malicious phishing campaign that is based on the fear of the Coronavirus, and it's the first of many.

The message is obviously not from the CDC and at the time of this writing, there are very very few local cases in America. Let's hope it stays that way.

Here is a sample of the message that is being used. Your users can report this as phishing through the free Phishing Alert Button, delete the message if they receive it, or use your existing reporting mechanisms. There will be many other social engineering attacks using this same scare. Here are a screen shot of the real attack, a screenshot of the simulated phishing attack we urge you to send your users, and a ready-to-send email blurb for employees:
See Ridiculously Easy Security Awareness Training and Phishing

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Join us TOMORROW, Wednesday, February 5 @ 2:00 pm (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.

See how easy it is to train and phish your users:

  • Train your users with access to the world's largest library of awareness training content and automated training campaigns with scheduled reminder emails.
  • Send fully automated simulated phishing attacks, using thousands of customizable templates with unlimited usage.
  • NEW Assessments! Find out where your users are in both security knowledge and security culture to help establish baseline security metrics you can improve over time.
  • Advanced Reporting on 60+ key awareness training indicators.
  • Active Directory Integration to easily upload user data, eliminating the need to manually manage user changes.

Find out how 31,000+ organizations have mobilized their end-users as their human firewall.

Date/Time: TOMORROW, Wednesday, February 5 @ 2:00 pm (ET)

Save My Spot!
It's OK to Just Say No to Phone Scams

Earlier this week a credit union located in the Midwest United States alerted its members via email to a pair of phone-and-text-based scams designed to trick unwitting users into coughing up key information about their credit union accounts as well as personally identifiable information (PII) that could be used to facilitate identity theft.

The scams described — by both text (aka smishing) and phone (aka vishing) — are quite aggressive. And it's a sure bet that this particular credit union isn't the only bank or other financial institution whose members and customers are being targeted by with such social engineering campaigns.

It's also important to remember that smishing and vishing campaigns are by no means restricted to banks and credit unions. Often powered by AI/deep-fake technology, these kinds of tactics are increasingly being used against ordinary businesses and organizations to enable everything from credential-phishing to what must surely be everyone's favorite scam -- wire fraud.

As aggressive as these social engineering campaigns are, they are also easily defeated if users simply remember one key bit of advice: do not give out personally identifiable or sensitive financial information in response to a cold call or text. Period.

If you didn’t initiate the call or text exchange yourself, no legitimate representative of a financial institution should be asking for information about you or your account. In other words: learn to say NO and hang up, even in the face of high-pressure tactics. More:
[NEW FORENSICS WEBINAR] Cyber CSI: Learn How to Forensically Examine Phishing Emails to Better Protect Your Organization Today

Cybercrime has become an arms race where the bad guys constantly evolve their attacks while you, the vigilant defender, must diligently expand your know how to prevent intrusions into your network. Staying a step ahead may even involve becoming your own cybercrime investigator, forensically examining actual phishing emails to determine the who, the where, and the how.

In this webinar, Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, will show you how to become a digital private investigator! You’ll learn:

  • How to forensically examine phishing emails and identify other types of social engineering
  • What forensic tools and techniques you can use right now
  • How to investigate rogue smishing, vishing, and social media phishes
  • How to enable your users to spot suspicious emails sent to your organization

Get inside the mind of the hacker, learn their techniques, and how to spot phishing attempts before it’s too late!

Date/Time: Wednesday, February 12 @ 2:00 PM (ET)

Save My Spot!
Phishing Attacks Target Telecom Companies and Their Tools to Facilitate SIM Swapping Attacks

Motherboard reports that SIM swappers are launching phishing attacks against employees at Verizon, T-Mobile, and Sprint in order to hijack customer service tools. Once they have access to these tools, the hackers can take over phone numbers directly without having to trick an employee into performing each swap for them.

The attackers are using phishing pages that spoof the login portals of VPNs that the companies use to access these tools. For example, Verizon uses a tool called “Omni,” which allows employees of Verizon and its authorized resellers to manage customer accounts. A former employee of a Verizon reseller told Motherboard that this tool could “definitely” be used to carry out SIM swapping attacks.

“Omni is a site that employees use to process things that customers come in store for that’s account related,” the former employee said. “So device and SIM changes, billing, usage related things, plans, and activations are processed through there....Once you’ve logged into an account, you can edit the ICCID [a SIM card's unique identification code] for a line being used. From there you pop the SIM card you swapped into a phone and then it’ll have the victim’s number, which will then be used for identity theft.”

OUCH. Continued at the KnowBe4 blog:
Did You Register for RSAC 2020 Yet? Get Your Free Expo Plus Pass!

Check out all the activities KnowBe4 will be doing at RSAC:

Expo Plus Pass: Receive your complimentary Expo Plus Pass on us by using the code XE0UKNOWB when registering on the RSAC official website.

Get Your Free Book Signed by Kevin Mitnick: Drop by KnowBe4’s Booth S-1841, for the Kevin Mitnick Book Signing! Meet the ‘World’s Most Famous Hacker' and get a signed copy of his latest book. When: Tuesday, February 25, at 4-6 PM

Enter for the Chance to Win an Arcade Cocktail Table at KnowBe4’s Booth S-1841: Join us to see a demo of the innovative KnowBe4 Security Awareness Training Platform to train and phish your users to be entered for a chance to win. You’ll also get your “Human Error Conquered” hat!

Reserve a Seat: Join Perry Carpenter, KnowBe4’s Chief Evangelist and Strategy Officer, during the session “Improving Security Awareness with Psychology, Advertising and Analytics”, on Wednesday, February 26th, 8:00 am. Learn how current best practices for employee cyber security awareness programs go beyond PowerPoint and include collaborative, creative and data-driven approaches.

Let's stay safe out there.

Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

PS: Endgadget had a good article with the title: "Phishing Scams Leveled Up, And We Didn’t. Don’t Be Jeff Bezos." Good read, good budget ammo and an eye opener:

Quotes of the Week
"Human greatness does not lie in wealth or power, but in character and goodness. People are just people, and all people have faults and shortcomings, but all of us are born with a basic goodness."
- Anne Frank, Writer (1929 - 1945)

"As human beings, our greatness lies not so much in being able to remake the world as in being able to remake ourselves." - Mahatma Gandhi

Thanks for reading CyberheistNews

Security News
Latest Ryuk Ransomware Attacks on Oil and Gas Companies Includes Compromising Active Directory

Ransomware has definitely grown up from its infant stages where it simply infected one computer. From spreading through lateral movement, to the use of a victim's email to spread the infection, to extorting the ransom by also exfiltrating data, to infecting literally thousands of endpoints in a single attack, ransomware is no longer the same minor inconvenience it once was.

But a new attack tactic caught my attention – the hacking of Active Directory to increase the number of infected machines. Last week, Clint Bodungen, founder and CEO of incident response vendor ThreatGen spoke at the S4x20 conference in Miami.

There he outlined an incident involving Ryuk ransomware and some of ThreatGen’s old and gas customers where AD was leveraged as part of the attack. According to Bodungen, the attackers:

  • Sat dormant within the victim networks for months before launching the ransomware
  • Used RDP to move laterally within the network (which implies compromised credentials)
  • Gained elevated access to AD
  • Edited a logon script for roaming users to include installing Ryuk

This is the definition of seeing traditionally data theft-related attack tactics merge with a ransomware attack. According to Bodungen, the initial attack vectors were spear phishing and water hole attacks. Both of these attack types require the interaction of a user. Train those users!
It's the Access, Not the Technology. Don't Be Bezos.

Exercising a suitable level of operational security is the key to protecting yourself from the consequences of sophisticated cyberattacks, according to Lionel Laurent at Bloomberg. Reports emerged last week that Amazon CEO Jeff Bezos’s iPhone may have been hacked in 2018 via a malicious video file sent by, or through, or on behalf of, Mohammed bin Salman, the Crown Prince of Saudi Arabia.

While evidence of the hack so far remains circumstantial, sophisticated commercial spyware is the primary suspect and the security consultants hired to investigate thought the Crown Prince (or at least his WhatsApp account) to be a possible source of the attack.

It’s not clear if Bezos had to interact with anything to trigger the alleged spyware. Indeed, much about the incident remains unclear, and further investigation will be required before observers can confidently understand what happened. But it’s worth considering that expensive, high-end spyware deployed by nation-states sometimes makes use of zero-day vulnerabilities, which allow attackers to gain access to devices without any action on the part of the victim.

As a result, it’s not always possible to defend yourself against every attack, especially if you’re a high-profile or high-ranking individual like a CEO.

Even so, Laurent notes that there are measures you can implement to minimize the effects of such an attack. “We know from the technical report that Bezos doesn't use a burner phone, keeps personal selfies on his system, and might not even know his iTunes password,” Laurent writes. “The icing on the cake, though, is personal trust.

The ‘last mile’ of the hack seems to have simply come down to getting Bezos’s number and sending him a message. Access, not technology, was the key.”

Laurent emphasizes that Bezos isn’t to blame here. If the allegations are true, then the event is an example of the highest level of social engineering combined with nation-state-level hacking capabilities.

“The fact that the infamous 4.22 MB video file landed in Bezos’s phone on May 1, 2018 — just four weeks after the pair exchanged numbers — suggests the hack really began when they first met in April 2018,” Laurent adds. “In the hierarchy of scams, if a phishing hack is disseminated to unsuspecting members of the public, and spear-phishing targets one individual, then securing this kind of personal connection surely tops both.”

Regardless of whether or not the Crown Prince was behind the hack, the incident should motivate people to reassess where their data are stored, how sensitive the data are, and who could potentially gain access to the information.

It’s also worth mentioning that while high-profile figures are particularly likely to be targeted by sophisticated attackers, many of the same defensive measures apply to everyone. They can mitigate more common types of attacks as well. New-school security awareness training can help your employees implement appropriate measures to protect themselves against both sophisticated and unsophisticated attacks. Bloomberg has the story:
[LIVE DEMO] See How You Can Get Audits Done in Half the Time at Half the Cost

You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments and third-party vendor risk is a continuous problem.

We listened! KCM now has Compliance, Risk, Policy and Vendor Risk management modules, transforming KCM into a full SaaS GRC platform!

Join us, TOMORROW, Wednesday, February 5 @ 1:00 PM (ET), for a 30-minute live product demonstration of KnowBe4's KCM GRC platform. See how you can simplify the challenges of managing your compliance requirements across your organization and third-party vendors and ease your burden when it's time for risk assessments and audits.

  • NEW! Demonstrate overall progress and health of your compliance and risk management initiatives with custom reports.
  • Vet, manage and monitor your third-party vendors' security risk requirements.
  • Simplify risk management with an intuitive interface and simple workflow based on the well-recognized NIST 800-30.
  • Quick implementation with pre-built requirements templates for the most widely used regulations.
  • Secure evidence repository and DocuLinks giving you two ways of maintaining audit evidence and documentation.
  • Dashboards with automated reminders to quickly see what tasks have been completed, not met, and past due.

Date/Time: TOMORROW, Wednesday, February 5 @ 1:00 PM (ET)
Save My Spot!
What KnowBe4 Customers Say

"I actually just got done with a presentation at an all-hands meeting announcing the partnership with KnowBe4, the completion of our baseline, and coming training modules. Everything is going great so far and my interactions with your Sales, CS, and tech support departments have so far been fantastic. Please give my compliments to Athena Shaw our CSM, John Green our Sales contact, and Asia LoPresti and Jose Caraballo in your support department." - M.K., Systems Administrator
The 10 Interesting News Items This Week
    1. The NSA Just Released 136 Historical Security Awareness Posters. These are fun!:

    2. Russian Cybercrime Boss Burkov Pleads Guilty:

    3. The top corporate apps in 2019 included a surprise, check out KnowBe4!:

    4. Leaked report shows United Nations suffered hack:

    5. Microsoft Issues Excel Security Alert As $100 Million ‘Evil Corp’ Campaign Evolves:

    6. AIG must cover client's $5.9 million in cyber-related losses, judge rules:

    7. Emotet Uses Coronavirus Scare to Infect Japanese Targets:

    8. Training Budget Ammo: SEC Urges Better Cybersecurity Practices at Financial Firms:

    9. Japan Considers Emergency Cybersecurity Measures Ahead of 2020 Olympics:

    10. Dozens of companies have data dumped online by ransomware ring seeking leverage:
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2020 KnowBe4, Inc. All rights reserved.

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews