CyberheistNews Vol 11 #14 [Heads Up] Phishing Remains the Most Common Form of Attack

CyberheistNews Vol 11 #14
[Heads Up] Phishing Remains the Most Common Form of Attack

Phishing attacks are “by far” the most common vector for data breaches, according to a new survey by the UK’s Department for Digital, Culture, Media, and Sport (DCMS). The situation is not much different everywhere else in the world.

“Among those that have identified breaches or attacks, around a quarter (27% of these businesses and 23% of these charities) experience them at least once a week,” the report states. “The most common by far are phishing attacks (for 83% and 79% respectively), followed by impersonation (for 27% and 23%). Broadly, these patterns around frequency and threat vectors are in line with the 2020 and 2019 results.”

The DCMS says most of the respondents observed a noticeable increase in phishing attacks since the beginning of the pandemic.

“Among the organisations saying cyber security had become a higher priority under the pandemic, there were those that said that, in their case, the frequency of attacks had increased since March 2020 – especially phishing attacks,” the report says.

“Others giving this response felt their organisations were more exposed to cyber risks now that their staff were working from home, because there were more endpoints to deal with and because they had less oversight of staff outside the office.

In some cases where organisations had moved online to a greater extent following the lockdown, management boards had started paying more attention to cyber security as a business risk.”

The report found that only 20% of businesses said they conducted simulated phishing exercises for their employees, although respondents had a favorable view of risk assessments.

“In addition to their core purpose of identifying key risks, risk assessments were often viewed as a good way to produce evidence for management boards, which could be used to justify proposed cyber security actions or investment, or to show trends over time and whether things had improved,” the report says.

“For example, one medium business carried out a mock phishing exercise as part of their risk assessment – they found that 15 percent of staff responded to the mock phishing email, and presented these findings to the management board. This led to new user training on phishing emails, as well as other technical rule changes.”

New-school security awareness training with simulated phishing tests can help your employees spot and stop social engineering attacks.

Story with links:
[TOMORROW] Nation-State Hacking 2.0: Why Your Organization Is Now at Risk From This Evolving Threat

Security professionals have worried about cyberwarfare for decades. But the attack on Sony Pictures, the SolarWinds supply chain compromise, and now the latest Microsoft Exchange zero-day exploits show that nation-state attacks are having a much bigger impact than ever before.

Don’t let the big names fool you. Today, any organization is fair game, which means your organization could be next.

Join Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist to find out how these attacks are evolving and why organizations like yours are their new target.

In this webinar you’ll learn:
  • The history of nation-state attacks and how they’re changing
  • Why these attacks now impact organizations of all sizes and industries
  • How you can mitigate the threat of nation-state attacks
  • Why it’s critical to empower your organization’s human firewall
You did not sign up for this, but the digital cold war is here. Find out the strategies you need to implement now and earn CPE credit for attending.

Date/Time: TOMORROW, Wednesday, April 7 @ 2:00 PM (ET)

Save My Spot!
Recent Phishing Scams That Managed to Bypass Email Security Filters

Researchers at Armorblox describe several recent phishing scams that managed to bypass email security filters. The first attempted to gain access to users’ Facebook accounts.

“Recently, the Armorblox threat research team observed an email impersonating Facebook attempt to hit one of our customer environments,” Armorblox says. “The email was titled ‘Reminder: Account Verification’ with the sender name ‘Facebook’ and the sender domain ‘noreply@cc[.]mail-facebook[.]com’.

The email informed victims that their account usage had been restricted due to some security concerns, and invited victims to verify their account activity to restore full access to their Facebook account.”

The email contains a link to a spoofed Facebook login page designed to steal the user’s credentials.

“The parent domain of the page is ‘sliderdoyle[.]com’, which should tell circumspect users that this isn’t a legitimate site,” the researchers write. “However, the surface-level resemblance of the page to Facebook’s real login portal combined with the urgency generated by the context of the email (restricted account access) means that many users will rush through this page and fill in their account details without looking at the URL.”

Another phishing email impersonated Apple and informed the recipient that their Apple account had been locked.

“The email was titled ‘Re: Your Apple ID has been locked on March 11, 2021 PST’ followed by a reference number,” Armorblox says. “The sender name was ‘Appie ID’, using a common technique of misspelling words to get past deterministic security techniques like filters/blocklists while still passing victims’ eye tests. The email informed victims that their Apple ID had been locked for security reasons.

The email invited victims to verify their account within 12 hours of risk having their Apple ID suspended.”

In both of these cases, the scam could have been avoided if users had scrutinized the URL contained in the email. New-school security awareness training can help your employees recognize red flags associated with phishing attacks.

Full story with links:
[PhishER Feature] Remove, Inoculate, and Protect Against Email Threats Faster With PhishRIP

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. The increase of this email traffic can present a new problem!

PhishRIP as part of the PhishER platform is a new email quarantine feature that integrates with Microsoft 365 and G Suite to help you remove, inoculate, and protect your organization against email threats so you can shut down active phishing attacks fast.

Since user-reported messages require some level of analysis to prioritize, you need a simple and effective way to not only respond to and mitigate these reported messages, but also find and remove those suspicious messages still sitting in your users’ mailboxes.

Now you can with PhishER, which is the key ingredient of an essential security workstream. PhishER allows your Incident Response team to quickly identify and respond to email threats faster. This will save them so much time!

See how you can best manage your user-reported messages.

Join us Wednesday, April 14 @ 2:00 PM (ET) for a live 30-minute demonstration of the PhishER platform. With PhishER you can:
  • NEW! Easily search, find, and remove email threats with PhishRIP, PhishER’s email quarantine feature for Microsoft 365 and G Suite
  • NEW! Use Security Roles to Create a Multi-Tiered Incident Response System in PhishER
  • Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
  • Automate message prioritization by rules you set into one of three categories: Clean, Spam, or Threat
  • Easy integration with KnowBe4’s email add-in button, Phish Alert, or forwarding to a mailbox works too!
Find out how adding PhishER can be a huge time-saver for your Incident Response team!

Date/Time: Wednesday, April 14 @ 2:00 PM (ET)

Save My Spot!
Cybercrime Skyrocketed in the US by 55%

According to data released by StockApps, the annual loss from any type of cybercrime in the US reached $4.2 billion in 2020. This turns into billions of dollars lost, and a 55% increase over the last two years.

To give a further breakdown on the types of cybercrime and losses involved, $1.8 billion (42%) of the loss came from business email compromise, a common type of CEO fraud. Other popular methods including phishing attacks and extortion.

With last year's SolarWinds hack that breached thousands of organizations, industries ranging from popular hotels to federal agencies were impacted. This hack greatly contributed to the overall loss, along with other notable attacks such as Twitter and Zoom.

Now according to a recent poll, 82% of Americans are viewing cyberterrorism as the top threat facing the country. While we continue to work in a remote environment during the COVID-19 pandemic, the cybercriminals are only going to get more aggressive in their social engineering tactics.

You may be asking yourself - how do we stop cybercrime in our organization completely? With added layers of security this will help alleviate most of the potential malicious activity, but the only way to truly protect your organization is user education. New-school security awareness training can help your users identify and report any suspicious activity.

Full story with links:
Cyber CSI: Learn How to Forensically Examine Phishing Emails to Better Protect Your Organization Today

Cybercrime has become an arms race where the bad guys constantly evolve their attacks while you, the vigilant defender, must diligently expand your know-how to prevent intrusions into your network. Staying a step ahead may even involve becoming your own cybercrime investigator, forensically examining actual phishing emails to determine the who, the where, and the how.

In this webinar, Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, will show you how to become a digital private investigator! You’ll learn:
  • How to forensically examine phishing emails and identify other types of social engineering
  • What forensic tools and techniques you can use right now
  • How to investigate rogue smishing, vishing, and social media phishes
  • How to enable your users to spot suspicious emails sent to your organization
Get inside the mind of the hacker, learn their techniques, and how to spot phishing attempts before it’s too late!

You Can Watch This Right Now!

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

PS: Must Read I just finished the awesome "2034: A Novel of the Next World War" by Elliot Ackerman & Admiral James Stavridis USN:

Season 1 of our award-winning The Inside Man is live for free on Amazon Prime!:

Quotes of the Week
"Opportunities to find deeper powers within ourselves come when life seems most challenging."
- Joseph Campbell - Author (1904 - 1987)

"The reward for work well done is the opportunity to do more."
- Jonas Salk, Scientist (1914 - 1995)

Thanks for reading CyberheistNews

Security News
Ubiquiti Cyber Attack Details Depict a Far More Disastrous Scenario Than Let On

New whistleblower details surrounding the December 2020 attack on the cloud-enabled IoT device manufacturer paints a far worse picture than what was disclosed.

Cyberattacks almost seem like a daily occurrence, such that we’ve seen organizations notify customers with a “we’ve got everything under control” sounding email with little to no repercussions.

Such an attack on Ubiquiti occurred back in December of last year, and a notice was sent in January of this year notifying customers of the breach while minimizing its impact, suggesting password changes and enabling 2FA.

Case closed, right?

Wrong. New details from a whistleblower bring to light the catastrophic nature of the attack, according to Krebs on Security.

IRS Warns of Phishing for Dot EDU Email Users

The Internal Revenue Service (IRS) has issued an alert warning about a phishing scam targeting university students. A link in the emails leads to a phishing site that asks users to enter their Social Security number, name, date of birth, prior year Annual Gross Income, driver's license number, address, and electronic filing PIN.

“The Internal Revenue Service today warned of an ongoing IRS-impersonation scam that appears to primarily target educational institutions, including students and staff who have ‘.edu’ email addresses,” the alert states.

“The IRS' phishing@irs[.]gov has received complaints about the impersonation scam in recent weeks from people with email addresses ending in ‘.edu.’ The phishing emails appear to target university and college students from both public and private, profit and non-profit institutions.

Taxpayers who believe they have a pending refund can easily check on its status at Where's My Refund? on The suspect emails display the IRS logo and use various subject lines such as ‘Tax Refund Payment’ or ‘Recalculation of your tax refund payment.’ It asks people to click a link and submit a form to claim their refund.”

The IRS says recipients of the email can report the scam to the IRS without clicking on the link. “People who receive this scam email should not click on the link in the email, but they can report it to the IRS,” the alert says.

“For security reasons, save the email using "save as" and then send that attachment to phishing@irs[.]gov or forward the email as an attachment to phishing@irs[.]gov. The Treasury Inspector General for Tax Administration (TIGTA) and IRS Criminal Investigation have been notified.”

The IRS also recommends mitigations for people who may have fallen for the scam. “Taxpayers who believe they may have provided identity thieves with this information should consider immediately obtaining an Identity Protection PIN,” the IRS says. “This is a voluntary opt-in program. An IP PIN is a six-digit number that helps prevent identity thieves from filing fraudulent tax returns in the victim's name.

Taxpayers who attempt to e-file their tax return and find it rejected because a return with their SSN already has been filed should file a Form 14039, Identity Theft Affidavit PDF, to report themselves as a possible identity theft victim. See Identity Theft Central to learn about the signs of identity theft and actions to take.”

The IRS has the story:
KnowBe4 Fresh Content Updates From March: Including New Optional Learning Feature for Your Users

NEW! Enhance Your Users’ Learning Experience with Optional Learning

We are excited to introduce the new Optional Learning feature within the KnowBe4 platform. Optional Learning enables you to offer your users additional training content from the KnowBe4 ModStore. Simply create specific training campaigns with the optional training content you would like to make available for your users to self-select.

Once you push these training campaigns live, the training content is added to your users’ Learner Library tab within the KnowBe4 Learner Experience interface.

You now have the ability to add a variety of training content and supplemental reinforcements that help your users take an active role in their security awareness education with the flexibility to choose what training they want to take and when.

Your users can click on a training content tile in their library and will be able to view the course descriptions pulled directly from the ModStore.

This and much more fresh content here:
What KnowBe4 Customers Say

"I'm personally very happy with the service and the big guys seem to appreciate the better sense of security. Really enjoying the setup and how easily everything integrated together.

Uptime has been fantastic, level of configuration is great, and both the Sales Rep and Customer Success Manager have been great. So kudos to MarkM JohnG! Appreciate you reaching out in person. Very solid business you're running. Thank you."
- R.C., Information Technology

"Hi Stu, Thank you for following up, it is much appreciated. Yes, thank you, very much a happy camper. I’ve sent out a couple of phishing tests with great results, and just started with training for two of our Operations departments.

I did the Security Awareness Proficiency Assessment with our IT Team, it was interesting to see the assessment results, which I will use as a basis for training. Take care."
- W.M., System Trainer / Support
The 11 Interesting News Items This Week
    1. CISA Prepares to Use New Subpoena Power:

    2. Hunting the hunters: How Russian hackers targeted US cyber first responders in SolarWinds breach:

    3. Video Interview: FBI IC3 Internet Crime Report 2020:

    4. Phished Healthcare Provider Takes Legal Action Against Amazon:

    5. Protecting employees from job offer scams can lead to awkward but important conversations:

    6. FBI Warns of Ongoing Zoom-Bombing Attacks on Video Meetings:

    7. Google: North Korean hackers target security researchers yet again:

    8. Biden's cyber executive order to include new rules for federal agencies, contractors:

    9. Bring CISOs into the C-suite to bake cybersecurity into company culture:

    10. Deepfake “Amazon workers” are sowing confusion on Twitter:

    11. Season 1 of our award-winning The Inside Man is live for free on Amazon prime!:
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2021 KnowBe4, Inc. All rights reserved.

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews