CyberheistNews Vol 11 #05 [Heads Up] CISA's New War on Ransomware Awareness Campaign




CyberheistNews Vol 11 #05
[Heads Up] CISA's New War on Ransomware Awareness Campaign

The US Cybersecurity and Infrastructure Security Agency is launching a campaign to raise awareness of the ways organizations can defend themselves against ransomware attacks.

“Ransomware is increasingly threatening both public and private networks, causing data loss, privacy concerns, and costing billions of dollars a year,” CISA stated. “These incidents can severely impact business processes and leave organizations without the data they need to operate and deliver mission-critical services.

Malicious actors have adjusted their ransomware tactics over time to include pressuring victims for payment by threatening to release stolen data if they refuse to pay and publicly naming and shaming victims as secondary forms of extortion.”

CISA’s Acting Director Brandon Wales noted that any type of organization can be targeted by these attacks.

“CISA is committed to working with organizations at all levels to protect their networks from the threat of ransomware,” Wales said. “This includes working collaboratively with our public and private sector partners to understand, develop and share timely information about the varied and disruptive ransomware threats. Anyone can be the victim of ransomware, and so everyone should take steps to protect their systems.”

The agency says the campaign will have an emphasis on healthcare and educational institutions.

“In this campaign, which will have a particular focus on supporting COVID-19 response organizations and K-12 educational institutions, CISA is working to raise awareness about the importance of combating ransomware as part of an organization’s cybersecurity and data protection best practices,” the agency said.

“Over the next several months, CISA will use its social media platforms to iterate key behaviors or actions with resource links that can help technical and non-technical partners combat ransomware attacks.”

The vast majority of ransomware attacks begin when an attacker gains a foothold via a phishing attack or an exposed RDP port.

CISA does not mention this but IT pros like us are in the trenches of a cyberwar that is heating up. The recent SolarWinds hack shows how bad this can get. We did not sign up for this, but Russian organized cybercrime with support from the Kremlin is attacking civilian targets, causing downtime and massive financial damage. Continue to improve your human firewall! You cannot afford not to do this and your board knows this by now.

Here is the official full CISA Release with resources. Forward to your C-Suite together with your budget request for security awareness training:
https://www.cisa.gov/news/2021/01/21/cisa-launches-campaign-reduce-risk-ransomware
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Join us TOMORROW, Wednesday, February 3 @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.

Get a look at new features and see how easy it is to train and phish your users:
  • NEW! AI Recommended training suggestions based on your users’ phishing security test results.
  • NEW! Brandable Content feature gives you the option to add branded custom content to select training modules.
  • NEW! 2021 Training Modules now available in the ModStore.
  • Did You Know? You can upload your own SCORM training modules into your account for home workers.
  • Active Directory Integration to easily upload user data, eliminating the need to manually manage user changes.
Find out how 35,000+ organizations have mobilized their end-users as their human firewall.

Date/Time: TOMORROW, Wednesday, February 3 @ 2:00 PM (ET)

Save My Spot!
https://event.on24.com/wcc/r/2975711/71D4ED42FCD12AB606628DAA70DB612F?partnerref=CHN2
[HEADS UP] Vicious New Phishing Kit Spotted on Over 700 Domains

A cybercriminal gang has recently developed a new phishing kit named LogoKit. It changes logos and text in real-time in order to adapt to the targeted victims. This vicious phishing kit has already been released in the dark web according to threat intelligence firm RiskIQ. The firm has tracked it's progression and in one week the kit was identified in 300 domains, and over 700 within the month.

"Once a victim navigates to the URL, LogoKit fetches the company logo from a third-party service, such as Clearbit or Google's favicon database," said RiskIQ security researcher Adam Castleman in a report this week. The firm also shared a screenshot of how this malicious kit works.

This kit can be very tricky to identify from standard phishing templates because most need perfect pixels that mimic the company's authentication page. RiskIQ is still actively tracking the kit and fear that the kit's simplicity could significantly improve the chances of a successful phishing attack.

Screenshot and links at the blog:
https://blog.knowbe4.com/heads-up-new-phishing-kit-spotted-on-over-700-domains
See How You Can Get Audits Done in Half the Time, Half the Cost and Half the Stress

You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments and third-party vendor risk is a continuous problem.

KCM GRC is a SaaS-based platform that includes Compliance, Risk, Policy and Vendor Risk Management modules. KCM was developed to save you the maximum amount of time getting GRC done.

Join us TOMORROW, Wednesday, February 3 @ 1:00 PM (ET), for a 30-minute live product demonstration of KnowBe4's KCM GRC platform. Plus, get a look at new compliance management features we’ve added to make managing your compliance projects even easier!
  • NEW! Control guidance feature provides in-platform suggestions to help you create controls to meet your specific scopes and requirements.
  • Vet, manage and monitor your third-party vendors' security risk requirements.
  • Simplify risk management with an intuitive interface and simple workflow based on the well-recognized NIST 800-30.
  • Quick implementation with pre-built requirements templates for the most widely used regulations.
  • Dashboards with automated reminders to quickly see what tasks have been completed, not met, and past due.
Date/Time: TOMORROW, Wednesday, February 3 @ 1:00 PM (ET)

Save My Spot!
https://event.on24.com/wcc/r/2975704/23D8274B09DF6E16EB18A4F12A51632C?partnerref=CHN2
Beware the Long Con Phish

By Roger Grimes

Social engineering and phishing happen when a con artist communicates a fraudulent message pretending to be a person or organization which a potential victim might trust in order to get the victim to reveal private information (e.g. a password or document) or perform another desired action (e.g. run a Trojan Horse malware program) that is against the victim’s or their organization’s best interest.

Most are quick flights of fancy. One email, one rogue URL link, one phone call. The fraudster is counting on the victim’s immediate response as key to the success of the phishing campaign. The longer the potential victim takes to respond the less likely they are to fall for the criminal scheme.

But there is another version of social engineering and phishing that relies on a longer length of time and requires multiple actions by the victim to be successful. There are many sophisticated hackers who intentionally spend weeks or months building up rapport with a potential victim, creating a trusted relationship over time that is eventually taken advantage of.

These long-term cons can often be more devastating to the interests of the victim. Everyone needs to be aware of these types of phishing events, because, although they are far rarer, they do happen. Awareness is the key to fighting them. Let’s take a closer look at how they come to be, examples of long-term con scams and what we can do to better protect ourselves, our teams and our organizations.

CONTINUED:
https://blog.knowbe4.com/beware-the-long-con-phish
A Master Class on IT Security: Roger Grimes Teaches Ransomware Mitigation

Cyber-criminals have become thoughtful about ransomware attacks; taking time to maximize your organization’s potential damage and their payoff. Protecting your network from this growing threat is more important than ever. And nobody knows this more than Roger Grimes, Data-Driven Defense Evangelist at KnowBe4.

With 30+ years experience as a computer security consultant, instructor, and award-winning author, Roger has dedicated his life to making sure you’re prepared to defend against quickly-evolving IT security threats like ransomware.

Join Roger for this thought-provoking webinar to learn what you can do to prevent, detect, and mitigate ransomware.

In this session you’ll learn:
  • How to detect ransomware programs, even those that are highly stealthy
  • Official recommendations from the Cybersecurity & Infrastructure Security Agency (CISA)
  • The policies, technical controls, and education you need to stop ransomware in its tracks
  • Why good backups (even offline backups) no longer save you from ransomware
You can learn how to identify and stop these attacks before they wreak havoc on your network. Register now and earn CPE credit for attending!

Date/Time: Wednesday, February 10 @ 2:00 PM ET

Save My Spot!
https://event.on24.com/wcc/r/2995116/FB08DEBEB60D5878F31B05D9D6B85AED?partnerref=CHN

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

PS: Microsoft: "Congrats KnowBe4 on Being One of the Top Apps in 2020":
https://blog.knowbe4.com/microsoft-congrats-knowbe4-on-being-one-of-the-top-apps-in-2020

PPS: Check out the new 'The Inside Man' Season 3 Official Trailer!:
https://blog.knowbe4.com/knowbe4-fresh-content-updates-from-january-including-the-inside-man-season-3-official-trailer



Quotes of the Week
"Be yourself. The world worships the original."
- Ingrid Bergman - Actress (1915 - 1982)



"Reality is created by the mind, we can change our reality by changing our mind."
- Plato - Philosopher (427-347 B.C.)


Thanks for reading CyberheistNews

Security News
A Deeper Look at a Phishing Campaign Targeting the C-Suite

Trend Micro has been tracking a widespread phishing campaign that’s targeting C-level executives at companies around the world. The attackers send emails that inform recipients that their Office 365 password has expired. A link in the email leads to a spoofed Office 365 login page, created with a phishing kit that automatically checks to confirm that the stolen credentials are legitimate.

“The attackers reuse compromised hosts for the phishing pages targeting orgs in the manufacturing, real estate, finance, government, and technological industries in several countries such as Japan, the United States, UK, Canada, Australia, and Europe,” the researchers write.

“As of this writing, we found over 300 unique compromised URLs and 70 email addresses from eight compromised sites, including 40 legitimate emails of company CEOs, directors, owners, and founders, among other enterprise employee targets. We are now working with the respective authorities for further investigation.”

Trend Micro believes this campaign is linked to the recent discovery of hundreds of compromised C-suite email accounts for sale on the black market. “Related to this, during examination of underground activities we identified several advertisements by cybercriminals selling account credentials of CEOs, chief financial officers (CFOs), and finance department members, among others,” the researchers write.

“Those posts were seen in multiple English- and Russian-speaking forums, including an underground forum that seemingly matched with another user’s advertisement.” Trend Micro offers a look at the operation behind this and similar black market offerings, noting that CEOs in the US are the primary targets of these operations.

The attackers used at least eight compromised sites to host their Office 365 phishing kits, with 74% of the victims based in the US. “Phishing attacks and attackers often target employees — usually the weakest link in an organization’s security chain,” Trend Micro says.

“As seen in this particular campaign, the attackers target high profile employees who may not be as technically or cybersecurity savvy, and may be more likely to be deceived into clicking on malicious links.

By selectively targeting C-level employees, the attacker significantly increases the value of obtained credentials as they could lead to further access to sensitive personal and organizational information, and used in other attacks.”

Trend Micro has the story:
https://www.trendmicro.com/en_us/research/21/a/fake-office-365-used-for-phishing-attacks-on-c-suite-targets.html
Thousands of Stolen Credentials Accessible Via Google Search as Cybercriminals Accidentally Make Them Public

A publishing goof by cybercriminals on a WordPress site made files containing stolen passwords indexable by Google and were subsequently publicly available via search.

What initially started as a Xerox scan notification scam intent of stealing victim’s Office 365 credentials became a story of how even the bad guys make mistakes. According to a new report from Check Point, the attackers made a publishing mistake, causing the files containing the stolen passwords to be exposed across dozens of drop-zone servers.

Indexed by Google, the passwords could have been (or possibly were) used by opportunistic hackers if they knew what to search for. According to Check Point, they were able to find dozens of compromised WordPress servers hosting the malicious PHP files that collected and stored the compromised credentials.

Sure, it’s a rather big “if”, but it does go to show you that once a credential is compromised, you have no idea who has access to it, nor how it will be used to further cybercriminal activity.

The way to avoid such situations is to instruct users via security awareness training on how to identify phishing attacks that use brand impersonation (such as Microsoft) to trick victims into giving up credentials in the first place.

Blog post with link to report:
https://blog.knowbe4.com/thousands-of-stolen-credentials-accessible-via-google-search-as-cybercriminals-accidentally-make-them-public
What KnowBe4 Customers Say

"Greetings Stu, I manage the bulk of our work with KnowBe4. We just wanted to send along a quick note - we’ve been extremely happy with the work and service that DavidG, our Customer Success Manager, has provided. David has been responsive, approachable, and an excellent resource for us as we continue to build out our cybersecurity strategy. We encounter quite a few customer representatives from a variety of different vendors; David is consistently amongst the most valuable and professional we work with. We wanted to recognize his good work here, enjoy the rest of your day!"
- H.P., SVP Technology



"Hi Stu, just wanted to say that JacksonH has done a great job supporting our organization as well as getting us on a training program for our users that was sorely needed. Honorable mention: JamesP for helping us when Jackson was out."
- C.R., Info Security Analyst



"Just let me say if the customer service I am receiving from CalvinB is what a person can expect from KnowBe4 then you guys should rule the market. I am uber impressed with the both of you."
A.J., Director of Information Systems
The 11 Interesting News Items This Week
    1. Most Tools Failed to Detect the SolarWinds Malware. Those That Did Failed Too:
      https://www.cfr.org/blog/most-tools-failed-detect-solarwinds-malware-those-did-failed-too

    2. Russian government warns of US retaliatory cyberattacks:
      https://www.bleepingcomputer.com/news/security/russian-government-warns-of-us-retaliatory-cyberattacks/

    3. Loss Prevention Mag: "Retail Scores Below Average in Cyber-Security Culture. What Are Our Weak Spots?":
      https://losspreventionmedia.com/retail-scores-below-average-in-cyber-security-culture-what-are-our-weak-spots/

    4. North Korean hackers are targeting security researchers with malware and 0-days:
      https://www.bleepingcomputer.com/news/security/north-korean-hackers-are-targeting-security-researchers-with-malware-0-days/

    5. Emotet: The world's most dangerous malware botnet was just disrupted by a major police operation:
      https://www.zdnet.com/article/emotet-worlds-most-dangerous-malware-botnet-disrupted-by-international-police-operation/

    6. Phishing email attacks targeting remote workers on the rise:
      https://securitybrief.eu/story/phishing-email-attacks-targeting-remote-workers-on-the-rise

    7. UK Fraud epidemic 'is now national security threat':
      https://www.bbc.com/news/business-55769991

    8. Apps at Work: 2020's most popular apps. Remote work and security tools have the wind in their sails:
      https://www.okta.com/businesses-at-work/2021/#2020-most-popular-apps

    9. WSJ: Suspected Russian Hack Extends Far Beyond SolarWinds Software, Investigators Say
      https://www.wsj.com/articles/suspected-russian-hack-extends-far-beyond-solarwinds-software-investigators-say-11611921601?

    10. CSO's ultimate guide to security and privacy laws, regulations, and compliance:
      https://www-csoonline-com.cdn.ampproject.org/c/s/www.csoonline.com/article/3604334/csos-ultimate-guide-to-security-and-privacy-laws-regulations-and-compliance.amp.html

    11. BONUS: ID hackers stole over $11B in unemployment benefits from CA last year, 10% of all claims, and possible another 27% in total of all claims:
      https://krebsonsecurity.com/2021/01/the-taxman-cometh-for-id-theft-victims/
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2021 KnowBe4, Inc. All rights reserved.



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews