CyberheistNews Vol 11 #12
by Roger Grimes.
Every organization needs to figure out their increased cyber risk from nation-state warfare attacks and deploy mitigations.
We have been worried about cyberwarfare for decades. It has been around for decades. The first nation-state cyber event that I ever read about, in the Cuckoo’s Egg happened in 1986, before we really even had an Internet.
The 1990s and 2000s were full of massive nation-state cyber campaigns with code names like Titan Rain, Moonlight Maze, and Red Storm. Most of these nation-state attacks were mostly spying operations, trying to learn something the adversary did not know.
Stuxnet in 2010 was a game changer. I will call that the start of Nation-State 2.0. It was a highly sophisticated computer worm, modular in design, created with multi-nation-state cooperation, to take out physical nuclear weapon infrastructure.
It was nation-state malware designed to cause physical damage. It has since been concluded that the physical damage it did was more effective than what would have been caused by traditional explosive bombing, because the targets were located in underground, air-gapped, bomb-resistant, protected bunkers.
I think every computer security defender should read Kim Zetter’s Zero-day analysis. You will better understand cyberwarfare and how sophisticated it is now.
But the attack on Sony Pictures, the SolarWinds supply chain compromise, and now the latest Microsoft Exchange zero-day exploits have declared the nation-state game changed forever more. How has it changed? What makes nation-state cyber attacks Nation-State 2.0? Here are the changes:
Security professionals have worried about cyberwarfare for decades. But the attack on Sony Pictures, the SolarWinds supply chain compromise, and now the latest Microsoft Exchange zero-day exploits show that nation-state attacks are having a much bigger impact than ever before.
Don’t let the big names fool you. Today, any organization is fair game, which means your organization could be next.
Join Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist to find out how these attacks are evolving and why organizations like yours are their new target.
In this webinar you’ll learn:
- The history of nation-state attacks and how they’re changing
- Why these attacks now impact organizations of all sizes and industries
- How you can mitigate the threat of nation-state attacks
- Why it’s critical to empower your organization’s human firewall
Date/Time: Wednesday, April 7 @ 2:00 PM (ET)
Save My Spot!
March 17, 2021 — The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have observed continued targeting through spear phishing campaigns using TrickBot malware in North America.
A sophisticated group of cybercrime actors is luring victims, via phishing emails, with a traffic infringement phishing scheme to download TrickBot.
TrickBot—first identified in 2016—is a Trojan developed and operated by a sophisticated group of cybercrime actors. Originally designed as a banking Trojan to steal financial data, TrickBot has evolved into highly modular, multi-stage malware that provides its operators a full suite of tools to conduct a myriad of illegal cyber activities.
To secure against TrickBot, CISA and FBI recommend implementing the mitigation measures described in this Joint Cybersecurity Advisory, which include blocking suspicious Internet Protocol addresses, using antivirus software, and providing social engineering and phishing training to employees.
Here is the link to the advisory:
Click here for a full PDF version of this report, or cut & paste this URL in your browser:
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us Thursday, April 1 @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at new features and see how easy it is to train and phish your users.
- NEW! AI Recommended training suggestions based on your users’ phishing security test results.
- NEW! Brandable Content feature gives you the option to add branded custom content to select training modules.
- NEW! 2021 Training Modules and fresh content published in the ModStore.
- Did You Know? You can upload your own SCORM training modules into your account for home workers.
- Active Directory Integration to easily upload user data, eliminating the need to manually manage user changes.
Date/Time: Thursday, April 1 @ 2:00 PM (ET)
Save My Spot!
VICE just revealed a 2FA hole you can drive a truck through. A gaping flaw in SMS lets hackers take over phone numbers in minutes by simply paying a company to reroute text messages. This new post in VICE is downright scary.
Bank accounts that use SMS for 2FA could be taken over this way; "High Concept, Low Tech". I suggest you read the whole article which is 15 mins or more. Here is how they started:
"I didn't expect it to be that quick. While I was on a Google Hangouts call with a colleague, the hacker sent me screenshots of my Bumble and Postmates accounts, which he had broken into. Then he showed he had received texts that were meant for me that he had intercepted. Later he took over my WhatsApp account, too, and texted a friend pretending to be me.
"Looking down at my phone, there was no sign it had been hacked. I still had reception; the phone said I was still connected to the T-Mobile network. Nothing was unusual there. But the hacker had swiftly, stealthily, and largely effortlessly redirected my text messages to themselves. And all for just $16."
Full article here. Yikes:
You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments and third-party vendor risk is a continuous problem.
KCM GRC is a SaaS-based platform that includes Compliance, Risk, Policy and Vendor Risk Management modules. KCM was developed to save you the maximum amount of time getting GRC done.
Join us Thursday, April 1 @ 1:00 PM (ET), for a 30-minute live product demo of KnowBe4's KCM GRC platform. Plus, get a look at new compliance management features we've added to make managing your compliance projects even easier!
- NEW! Control guidance feature provides in-platform suggestions to help you create controls to meet your specific scopes and requirements.
- Vet, manage and monitor your third-party vendors' security risk requirements.
- Simplify risk management with an intuitive interface and simple workflow based on the well-recognized NIST 800-30.
- Quick implementation with pre-built requirements templates for the most widely used regulations.
- Dashboards with automated reminders to quickly see what tasks have been completed, not met, and past due.
Save My Spot!
Let's stay safe out there.
Founder and CEO
PS: We have a brand-new feature you asked for available now. Enhance your users’ learning experience with the new optional learning library. Learn more here:
- Albert Einstein - Physicist (1879 - 1955)
"You cannot teach a man anything; you can only help him find it within himself."
- Galileo Galilei (1564 - 1642)
Thanks for reading CyberheistNews
The Record has published an interview with an alleged member of the REvil ransomware gang. The crook said that while ransomware actors could theoretically “start a war” with their access, criminals generally wouldn’t be interested in doing that since it wouldn’t make them money.
“Yes, as a weapon it can be very destructive,” Unknown said. “Well, I know at the very least that several affiliates have access to a ballistic missile launch system, one to a U.S. Navy cruiser, a third to a nuclear power plant, and a fourth to a weapons factory.
It is quite feasible to start a war. But it’s not worth it—the consequences are not profitable.” (It’s worth noting that this kind of gasconade should be received with a healthy dose of skepticism, and taken more as an index of character, not necessarily capability.)
Unknown also confirmed that ransomware operators intentionally go after organizations that have cyber insurance, since these victims are more likely to pay the ransom.
“Yes, this is one of the tastiest morsels,” the individual said. “Especially to hack the insurers first—to get their customer base and work in a targeted way from there. And after you go through the list, then hit the insurer themselves.”
When asked about ransomware negotiators, the criminal unsurprisingly had a negative opinion of most of them. “70% are just there to knock down the price,” Unknown said. “Very often they make it harder. Well, for example, the company has a revenue of $1 billion. They are being ransomed for $1 million.
The negotiator comes and says, we don’t care, we won’t give more than $15,000. We reduce the price to $900,000. He offers $20,000. Well, then we understand that the conversation with him is meaningless and we start publishing the data so that the owners of the network smack him upside the head for negotiating like that.
And of course, after those kinds of tricks, the price tag only goes up. Instead of $1 million, they will pay one-and-a-half. Nobody likes hagglers, especially show-offs. So, more often than not, they are likely to do more harm. They only help purely in buying BTC or Monero. The rest is harmful.”
New-school security awareness training can give your organization an essential layer of defense against ransomware by enabling your employees to identify phishing emails.
The Record has the story:
The FBI has issued an advisory warning of an expected increase in the use of deepfakes for social engineering attacks. Deepfakes are images, videos, audio, or text created via AI to produce extremely convincing imitations of real people.
“Malicious actors almost certainly will leverage synthetic content for cyber and foreign influence operations in the next 12-18 months,” the advisory states. “Foreign actors are currently using synthetic content in their influence campaigns, and the FBI anticipates it will be increasingly used by foreign and criminal cyber actors for spearphishing and social engineering in an evolution of cyber operational tradecraft.”
The FBI says threat actors will also incorporate deepfakes into sophisticated business email compromise scams. “Synthetic content may also be used in a newly defined cyber attack vector referred to as Business Identity Compromise (BIC),” the FBI says. “BIC will represent an evolution in Business Email Compromise (BEC) tradecraft by leveraging advanced techniques and new tools.
Whereas BEC primarily includes the compromise of corporate email accounts to conduct fraudulent financial activities, BIC will involve the use of content generation and manipulation tools to develop synthetic corporate personas or to create a sophisticated emulation of an existing employee. This emerging attack vector will likely have very significant financial and reputational impacts to victim businesses and organizations.”
Fortunately, many deepfakes aren’t perfect (at least not yet), and the Bureau offers the following advice to help recognize this content.
“Visual indicators such as distortions, warping, or inconsistencies in images and video may be an indicator of synthetic images, particularly in social media profile avatars,” the advisory says. “For example, distinct, consistent eye spacing and placement across a wide sample of synthetic images provides one indicator of synthetic content.
Similar visual inconsistencies are typically present in synthetic video, often demonstrated by noticeable head and torso movements as well as syncing issues between face and lip movement, and any associated audio. Third-party research and forensic organizations, as well as some reputable cyber security companies, can aid in the identification and evaluation of suspected synthetic content.”
The FBI also recommends using the SIFT framework to help identify these attacks. “Finally, familiarity with media resiliency frameworks like the SIFT methodology can help mitigate the impact of cyber and influence operations” the FBI says.
“The SIFT methodology encourages individuals to Stop, Investigate the source, Find trusted coverage, and Trace the original content when consuming information online”.
People have tended to worry about deepfakes because of their potential use in disinformation campaigns and influence operations. But as the FBI points out, they can’t be overlooked as a social engineering tool. New-school security awareness training can give your employees a healthy sense of suspicion so they can avoid falling for evolving social engineering tactics.
The FBI has the story:
"Hi, I’d like to compliment/acknowledge one of your employees, Joe Stiles, for the outstanding and exceptional service he provided me while working on my support ticket. The ticket is not resolved yet as I still need to initiate some testing on my end after today’s call. However, Joe went above and beyond to understand the issue, quickly jumped on a zoom call and gave good reasons on why some features didn’t work per our expectations and willingly put a feature request for it. His preparation work was evident and dealt with the issue extremely well.
I have always been pleased with the service I have received from KnowBe4. However, Joe Stile’s professionalism and ability to get to the bottom of the situation quickly exceeded my expectations. Thank you."
- S.S., Cybersecurity Analyst
NEW: Enhance Your Users’ Learning Experience With New Optional Learning Feature
You asked, we listened! We are excited to introduce the new Optional Learning feature within your KnowBe4 platform. Optional Learning enables you to offer your users additional training content from your KnowBe4 ModStore.
Simply create specific training campaigns with the optional training content you would like to make available for your users to self-select. Once you push these training campaigns live, the training content is added to your users’ Learner Library tab within the KnowBe4 Learner Experience interface.
You now have the ability to add a variety of training content and supplemental reinforcements that help your users take an active role in their security awareness education with the flexibility to choose what training they want to take and when. Your users can click on a training content tile in their library and will be able to view the course descriptions pulled directly from the ModStore.
Here is the blog post with more information:
- 'I scrounged through the trash heaps... now I'm a millionaire:' Scary interview with REvil's ransomware operator "Unknown":
- Microsoft Exchange servers targeted by DearCry ransomware abusing ProxyLogon bugs:
- Unusual DearCry ransomware uses ‘rare’ approach to encryption:
- Microsoft Probes Whether Leak Played Role in Suspected Chinese Hack:
- Phishing sites now detect virtual machines to bypass detection:
- Twitter images can be abused to hide ZIP, MP3 files — here's how:
- RDP Attacks Persist Near Record Levels in 2021:
- Can We Stop Pretending SMS Is Secure Now?:
- KnowBe4 Recognized as a Microsoft Security 20/20 Partner Awards Finalist:
- SolarWinds-linked hacking group SilverFish abuses enterprise victims for sandbox tests:
- Your Virtual Sand Ski Vacation in Peru:
- Your second Virtual Ski Vaca in Avoriaz in the French Alps:
- People Are Awesome: Insane Winter Edition:
- Unique footage. Wingsuit Jumper Soars Over Desert Captured by FPV Drone:
- My Wife vs. Ben & Jerry’s Ice Cream Lock:
- FOOL US: Penn & Teller fooled by the Swiss magician LIONEL – Incredible trick with drinks!:
- Scientists Have Unlocked the Secrets of the Ancient 'Antikythera Mechanism'. Fascinating for a 30 min break:
- YouTuber Engine-Swaps His Go-Kart With a Howling Jet Turbine:
- Dubai Has Built The World's Longest Cantilever:
- ERA “Fortress” Euro Cylinder Picked (6 Trap Pins!):
- Monster Truck MADNESS - Guinness World Records:
- Why Going 0 To 60 Mph In Under 2 Seconds Is Almost Impossible:
- For Da Kids #1 Guinea pig train:
- For Da Kids #2 Guy's Best Friends With 14 Wild Chipmunks:
- For Da Kids #3 Parrot climbs up for morning snuggles: