CyberheistNews Vol 11 #16
[Heads Up] COVID-Related Phishing Attacks Return to Mid-Pandemic Heights
New data from Palo Alto Network’s Unit42 provides a wealth of insight into specifically how cybercriminals have leveraged COVID-related theming to ensure a successful phishing attack.
Throughout the last 14 months, the bad guys have consistently kept pace with the state of the pandemic. They have been looking for the best aspects of the COVID saga to get the attention of individuals and businesses alike for these attacks.
According to Unit42’s new COVID-19 themed phishing attack data, these scammers know exactly how to press the buttons of their potential victims at just the right time. For example, the current concern is around vaccines. According to Unit42:
Blog post here:
https://blog.knowbe4.com/covid-related-phishing-attacks-return-to-mid-pandemic-heights/
New data from Palo Alto Network’s Unit42 provides a wealth of insight into specifically how cybercriminals have leveraged COVID-related theming to ensure a successful phishing attack.
Throughout the last 14 months, the bad guys have consistently kept pace with the state of the pandemic. They have been looking for the best aspects of the COVID saga to get the attention of individuals and businesses alike for these attacks.
According to Unit42’s new COVID-19 themed phishing attack data, these scammers know exactly how to press the buttons of their potential victims at just the right time. For example, the current concern is around vaccines. According to Unit42:
- Vaccine-related phishing attacks rose by 530% from December 2020 to February 2021
- Phishing attacks targeting pharmacies and hospitals rose by 189% during that same timeframe
Blog post here:
https://blog.knowbe4.com/covid-related-phishing-attacks-return-to-mid-pandemic-heights/
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us Wednesday, May 5 @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at new features and see how easy it is to train and phish your users.
Date/Time: Wednesday, May 5 @ 2:00 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/3110182/AA7A941780B5CBFECB5B45AFBB451B34?partnerref=CHN
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us Wednesday, May 5 @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at new features and see how easy it is to train and phish your users.
- NEW! AI Recommended training suggestions based on your users’ phishing security test results.
- NEW! Brandable Content feature gives you the option to add branded custom content to select training modules.
- NEW! Security Awareness Proficiency Assessment Benchmarks let you compare your organization’s proficiency scores with other companies in your industry.
- Did You Know? You can upload your own SCORM training modules into your account for home workers.
- Active Directory Integration to easily upload user data, eliminating the need to manually manage user changes.
Date/Time: Wednesday, May 5 @ 2:00 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/3110182/AA7A941780B5CBFECB5B45AFBB451B34?partnerref=CHN
Currently Popular Social Engineering Tactics
Criminals are exploiting new technology to launch updated versions of old attacks, according to Derek Slater at CSO. George Gerchow, CSO at Sumo Logic, told Slater that threat actors are sending spear phishing emails that impersonate real employees within the organization.
“It’s not easy to defend what you can’t see, and you are only as strong as the weakest link,” said Gerchow. “For example, there have been a plethora of targeted emails coming in that look like they are from your trusted partners but are in fact bad actors posing as employees you may know within your network.”
Gerchow added that attackers are putting more effort into making their social engineering techniques extremely convincing.
“Now we see these long, sophisticated attempts to build trust or relationships with some of our outbound-facing teams whose entire job is to help,” Gerchow said. “The bad actors have even posed as suppliers using our product with free accounts and have gone through use cases and scenarios to engage expertise within our company.”
Oz Alashe, CEO of CybSafe, told CSO that some attackers exploited the pandemic by sending malicious versions of remote work and collaboration tools.
“The threat actors send over a Visual Studio Project containing malicious code,” Alashe said. “The user self-runs the program, and their device is infected pretty quickly. This attack essentially exploits the desire or need to assist or help others with passion projects.”
Full blog post with links:
https://blog.knowbe4.com/currently-popular-social-engineering-tactics
Criminals are exploiting new technology to launch updated versions of old attacks, according to Derek Slater at CSO. George Gerchow, CSO at Sumo Logic, told Slater that threat actors are sending spear phishing emails that impersonate real employees within the organization.
“It’s not easy to defend what you can’t see, and you are only as strong as the weakest link,” said Gerchow. “For example, there have been a plethora of targeted emails coming in that look like they are from your trusted partners but are in fact bad actors posing as employees you may know within your network.”
Gerchow added that attackers are putting more effort into making their social engineering techniques extremely convincing.
“Now we see these long, sophisticated attempts to build trust or relationships with some of our outbound-facing teams whose entire job is to help,” Gerchow said. “The bad actors have even posed as suppliers using our product with free accounts and have gone through use cases and scenarios to engage expertise within our company.”
Oz Alashe, CEO of CybSafe, told CSO that some attackers exploited the pandemic by sending malicious versions of remote work and collaboration tools.
“The threat actors send over a Visual Studio Project containing malicious code,” Alashe said. “The user self-runs the program, and their device is infected pretty quickly. This attack essentially exploits the desire or need to assist or help others with passion projects.”
Full blog post with links:
https://blog.knowbe4.com/currently-popular-social-engineering-tactics
See How You Can Get Audits Done in Half the Time, Half the Cost and Half the Stress
You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments and third-party vendor risk is a continuous problem.
KCM GRC is a SaaS-based platform that includes Compliance, Risk, Policy and Vendor Risk Management modules. KCM was developed to save you the maximum amount of time getting GRC done.
Join us Wednesday, May 5 @ 1:00 PM (ET), for a 30-minute live product demo of KnowBe4's KCM GRC platform. Plus, get a look at new compliance management features we've added to make managing your compliance projects even easier!
Save My Spot!
https://event.on24.com/wcc/r/3110172/FB6425DAD7CFE8B5EF40667A576E325C?partnerref=CHN
You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments and third-party vendor risk is a continuous problem.
KCM GRC is a SaaS-based platform that includes Compliance, Risk, Policy and Vendor Risk Management modules. KCM was developed to save you the maximum amount of time getting GRC done.
Join us Wednesday, May 5 @ 1:00 PM (ET), for a 30-minute live product demo of KnowBe4's KCM GRC platform. Plus, get a look at new compliance management features we've added to make managing your compliance projects even easier!
- NEW! Control guidance feature provides in-platform suggestions to help you create controls to meet your specific scopes and requirements.
- Vet, manage and monitor your third-party vendors' security risk requirements.
- Simplify risk management with an intuitive interface and simple workflow based on the well-recognized NIST 800-30.
- Quick implementation with pre-built requirements templates for the most widely used regulations.
- Dashboards with automated reminders to quickly see what tasks have been completed, not met, and past due.
Save My Spot!
https://event.on24.com/wcc/r/3110172/FB6425DAD7CFE8B5EF40667A576E325C?partnerref=CHN
Eavesdrop On the Back-and-Forth of Negotiating With a Criminal Ransomware Organization
Details around the recent successful ransomware attack on fashion retailer FatFace provide some insight into what you should expect [delete and] when you become a victim.
If you’ve paid attention to news stories about organizations hit by ransomware, the topic of paying the ransom inevitably comes up. But a recent story about how FatFace was hit by the Conti ransomware gang provided some first-hand details that I found fascinating.
According to the story over at Computer Weekly, the discussion about the ransom amount started at around $8 million. From the negotiation logs (shown below), the cybercriminals didn’t just come up with that number randomly.
They looked through Fat Face's databases, and website traffic statistics to come up with their initial ask.
Full Story with screenshots of the conversation:
https://blog.knowbe4.com/eavesdrop-on-the-back-and-forth-of-negotiating-with-a-criminal-ransomware-organization/
Details around the recent successful ransomware attack on fashion retailer FatFace provide some insight into what you should expect [delete and] when you become a victim.
If you’ve paid attention to news stories about organizations hit by ransomware, the topic of paying the ransom inevitably comes up. But a recent story about how FatFace was hit by the Conti ransomware gang provided some first-hand details that I found fascinating.
According to the story over at Computer Weekly, the discussion about the ransom amount started at around $8 million. From the negotiation logs (shown below), the cybercriminals didn’t just come up with that number randomly.
They looked through Fat Face's databases, and website traffic statistics to come up with their initial ask.
Full Story with screenshots of the conversation:
https://blog.knowbe4.com/eavesdrop-on-the-back-and-forth-of-negotiating-with-a-criminal-ransomware-organization/
Are Your Users' Passwords... P@ssw0rd?
Are your users' passwords…P@ssw0rd? Verizon's Data Breach Report showed that 81% of hacking-related breaches used either stolen and/or weak passwords.
Employees are the weakest link in your network security, using weak passwords and falling for phishing and social engineering attacks.
KnowBe4's complimentary Weak Password Test checks your Active Directory for 10 different types of weak password related threats and reports any fails so that you can take action.
This will take you 5 minutes and may give you some insights you never expected!
Find your weak passwords:
https://info.knowbe4.com/weak-password-test-chn
Let's stay safe out there.
Are your users' passwords…P@ssw0rd? Verizon's Data Breach Report showed that 81% of hacking-related breaches used either stolen and/or weak passwords.
Employees are the weakest link in your network security, using weak passwords and falling for phishing and social engineering attacks.
KnowBe4's complimentary Weak Password Test checks your Active Directory for 10 different types of weak password related threats and reports any fails so that you can take action.
This will take you 5 minutes and may give you some insights you never expected!
Find your weak passwords:
https://info.knowbe4.com/weak-password-test-chn
Let's stay safe out there.
Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc
PS: KnowBe4 went public last week. Here are two interviews with the InfoSec press:
- KnowBe4 CEO Stu Sjouwerman talks IPO, and ‘strengthening that human firewall’:
https://www.scmagazine.com/home/security-news/knowbe4-ceo-stu-sjouwerman-talks-ipo-and-strengthening-that-human-firewall/
- KnowBe4 Issues IPO to Drive Global Expansion, New Automation Features:
https://www.darkreading.com/operations/knowbe4-issues-ipo-to-drive-global-expansion-new-automation-features/d/d-id/1340814
Quotes of the Week
"Always pass on what you have learned."
- Yoda
"In just 30 years, we have undergone changes that took centuries in other countries."
- Vladimir Putin, March 1, 2018, Presidential Address to the Federal Assembly
Thanks for reading CyberheistNews
- Yoda
"In just 30 years, we have undergone changes that took centuries in other countries."
- Vladimir Putin, March 1, 2018, Presidential Address to the Federal Assembly
Thanks for reading CyberheistNews
Security News
UK's MI5: “I Have Spying Skills...No, Wait…”
At least 10,000 UK citizens have been targeted by nation-state actors via fake LinkedIn accounts over the past five years, the BBC reports. Ken McCallum, Director-General of MI5, said these fake profiles are being used on “an industrial scale” to launch social engineering attacks.
“MI5 did not specifically name LinkedIn but BBC News has learned the Microsoft-owned service is indeed the platform involved,” BBC says. “The 10,000-plus figure includes staff in virtually every government department as well as key industries, who might be offered speaking or business and travel opportunities that could lead to attempts to recruit them to provide confidential information.”
LinkedIn is particularly useful for these types of campaigns because many users regularly connect with people they don’t know.
The UK’s Chief Security Officer Dominic Fortescue stated, “Since the start of the pandemic, many of us have been working remotely and having to spend more time at home on our personal devices. As a result, staff have become more vulnerable to malicious approaches from hostile security services and criminal organisations on social media.”
The UK’s Centre for the Protection of National Infrastructure (CPNI) has launched an initiative dubbed “Think Before You Link” to raise awareness of social engineering on LinkedIn. LinkedIn itself said it welcomed the government’s campaign.
“We welcome the online safety efforts of the Centre for the Protection of National Infrastructure and its work to expand their Think Before You Link campaign in the United Kingdom,” LinkedIn said. “Teams at LinkedIn work to keep LinkedIn a safe place where real people can connect with professionals they know and trust.
We actively seek out signs of state sponsored activity on the platform and quickly take action against bad actors in order to protect our members.” New-school security awareness training can help your employees recognize targeted social engineering attacks.
The BBC has the story:
https://www.bbc.com/news/technology-56812746
At least 10,000 UK citizens have been targeted by nation-state actors via fake LinkedIn accounts over the past five years, the BBC reports. Ken McCallum, Director-General of MI5, said these fake profiles are being used on “an industrial scale” to launch social engineering attacks.
“MI5 did not specifically name LinkedIn but BBC News has learned the Microsoft-owned service is indeed the platform involved,” BBC says. “The 10,000-plus figure includes staff in virtually every government department as well as key industries, who might be offered speaking or business and travel opportunities that could lead to attempts to recruit them to provide confidential information.”
LinkedIn is particularly useful for these types of campaigns because many users regularly connect with people they don’t know.
The UK’s Chief Security Officer Dominic Fortescue stated, “Since the start of the pandemic, many of us have been working remotely and having to spend more time at home on our personal devices. As a result, staff have become more vulnerable to malicious approaches from hostile security services and criminal organisations on social media.”
The UK’s Centre for the Protection of National Infrastructure (CPNI) has launched an initiative dubbed “Think Before You Link” to raise awareness of social engineering on LinkedIn. LinkedIn itself said it welcomed the government’s campaign.
“We welcome the online safety efforts of the Centre for the Protection of National Infrastructure and its work to expand their Think Before You Link campaign in the United Kingdom,” LinkedIn said. “Teams at LinkedIn work to keep LinkedIn a safe place where real people can connect with professionals they know and trust.
We actively seek out signs of state sponsored activity on the platform and quickly take action against bad actors in order to protect our members.” New-school security awareness training can help your employees recognize targeted social engineering attacks.
The BBC has the story:
https://www.bbc.com/news/technology-56812746
Phone Scammers Seem to Know a Lot About Your Amazon Orders
People need to be aware that cybercriminals sometimes have access to leaked or stolen data they can use to make their scams more convincing, according to Laxitha Mundhra at CiOL.
This is particularly effective when the victim doesn’t know that the information has been leaked, because in that case they might assume a phishing message is legitimate if it contains information only the vendor should know.
Mundhra cites a source at Amazon as saying that the company has received more reports of scam phone calls in which the scammers know precise details about customers’ Amazon orders. (Amazon itself hasn’t officially commented on this yet.)
“Many users have reported that they have received calls stating that they have won a prize for ordering a product,” Mundhra says. “The scary part is, the scamsters know the exact details of the order, including product, price, date and time of order, place of delivery, etc. They lure the customer about big prizes on small orders.
Some users have reported that they received calls for their Prime Membership account status. Other times, these scamsters seem to be placing fast-selling schemes in front of potential buyers. The phishing attacks are not new, but the fact that the scamsters know every little detail about an order is scary.”
It’s not clear where the scammers in this case got the data from, but Mundhra points to two recent incidents as examples of possible sources.
“Every order that you place, comes from a third party,” Mundhra explains. “Thus, the data leak can be possible on any of the checkpoints. However, recently, a B2B supply chain automation startup Bizongo reported a data leak of 2.5 Mn user files. The security team at Website Planet discovered that the data leak at Bizongo was in two formats – customer bills and shipping labels.
The firm stated that there were a total of 2,532,610 exposed files due to a misconfiguration, a total of 643 GB of data. Bizongo has Amazon, Flipkart, Myntra, Swiggy, and Zomato among the clients using its B2B supply chain and vendor management solutions.
In January, Juspay acknowledged a data breach of over 100 million debit and credit card users on the dark web. Juspay processes payments for companies like Amazon, Swiggy, MakeMyTrip, and several other companies.”
CiOL has the story:
https://www.ciol.com/amazon-data-leak-users-report-phishing-scam-calls/
People need to be aware that cybercriminals sometimes have access to leaked or stolen data they can use to make their scams more convincing, according to Laxitha Mundhra at CiOL.
This is particularly effective when the victim doesn’t know that the information has been leaked, because in that case they might assume a phishing message is legitimate if it contains information only the vendor should know.
Mundhra cites a source at Amazon as saying that the company has received more reports of scam phone calls in which the scammers know precise details about customers’ Amazon orders. (Amazon itself hasn’t officially commented on this yet.)
“Many users have reported that they have received calls stating that they have won a prize for ordering a product,” Mundhra says. “The scary part is, the scamsters know the exact details of the order, including product, price, date and time of order, place of delivery, etc. They lure the customer about big prizes on small orders.
Some users have reported that they received calls for their Prime Membership account status. Other times, these scamsters seem to be placing fast-selling schemes in front of potential buyers. The phishing attacks are not new, but the fact that the scamsters know every little detail about an order is scary.”
It’s not clear where the scammers in this case got the data from, but Mundhra points to two recent incidents as examples of possible sources.
“Every order that you place, comes from a third party,” Mundhra explains. “Thus, the data leak can be possible on any of the checkpoints. However, recently, a B2B supply chain automation startup Bizongo reported a data leak of 2.5 Mn user files. The security team at Website Planet discovered that the data leak at Bizongo was in two formats – customer bills and shipping labels.
The firm stated that there were a total of 2,532,610 exposed files due to a misconfiguration, a total of 643 GB of data. Bizongo has Amazon, Flipkart, Myntra, Swiggy, and Zomato among the clients using its B2B supply chain and vendor management solutions.
In January, Juspay acknowledged a data breach of over 100 million debit and credit card users on the dark web. Juspay processes payments for companies like Amazon, Swiggy, MakeMyTrip, and several other companies.”
CiOL has the story:
https://www.ciol.com/amazon-data-leak-users-report-phishing-scam-calls/
EtterSilent Facilitates Malware Delivery
Cybercriminals are using a new malicious document builder dubbed “EtterSilent,” according to researchers at Intel 471. The builder is used to craft Microsoft Office documents with macros that install malware. Intel 471 says EtterSilent has been used by many well-known malware strains, including Trickbot, Bazar, BokBot, Gozi ISFB, and QBot.
The latter three campaigns rely on bulletproof hosting, making them resilient to takedowns. The researchers explain that EtterSilent’s rise highlights the way in which the criminal economy operates.
“The latest ‘product’ is a malicious document builder, known in the underground as ‘EtterSilent,’ that Intel 471 has seen leveraged by various cybercrime groups,” the researchers write. “As it has grown in popularity, it has constantly been updated in order to avoid detection.
Used in conjunction with other forms of malware, it’s a prime example of how ease of use and a concentration of skill sets leads to a commoditization of the cybercrime economy.”
The tool’s developer offers two versions: “one that exploits a known vulnerability in Microsoft Office (CVE-2017-8570) and another that uses a malicious macro.” The version with the malicious macro is more popular since it works against Office versions that have been patched against the vulnerability.
The phishing documents impersonate DocuSign in an effort to trick users into running the macro by clicking “Enable editing” and “Enable content.” “The malicious document, when opened, shows a template that poses as DocuSign, the popular software that allows individuals and organizations to electronically sign documents,” Intel 471 says.
“The maldoc then leverages Excel 4.0 macros stored in a hidden sheet, which allow an externally-hosted payload to be downloaded, written to disk and executed using regsvr32 or rundll32. From there, attackers can follow up and drop other assorted malware.”
These campaigns rely on end-users falling for the phishing documents in order to succeed. New-school security awareness training can educate your employees about social engineering attacks.
Intel 471 has the story:
https://intel471.com/blog/ettersilent-maldoc-builder-macro-trickbot-qbot/
Cybercriminals are using a new malicious document builder dubbed “EtterSilent,” according to researchers at Intel 471. The builder is used to craft Microsoft Office documents with macros that install malware. Intel 471 says EtterSilent has been used by many well-known malware strains, including Trickbot, Bazar, BokBot, Gozi ISFB, and QBot.
The latter three campaigns rely on bulletproof hosting, making them resilient to takedowns. The researchers explain that EtterSilent’s rise highlights the way in which the criminal economy operates.
“The latest ‘product’ is a malicious document builder, known in the underground as ‘EtterSilent,’ that Intel 471 has seen leveraged by various cybercrime groups,” the researchers write. “As it has grown in popularity, it has constantly been updated in order to avoid detection.
Used in conjunction with other forms of malware, it’s a prime example of how ease of use and a concentration of skill sets leads to a commoditization of the cybercrime economy.”
The tool’s developer offers two versions: “one that exploits a known vulnerability in Microsoft Office (CVE-2017-8570) and another that uses a malicious macro.” The version with the malicious macro is more popular since it works against Office versions that have been patched against the vulnerability.
The phishing documents impersonate DocuSign in an effort to trick users into running the macro by clicking “Enable editing” and “Enable content.” “The malicious document, when opened, shows a template that poses as DocuSign, the popular software that allows individuals and organizations to electronically sign documents,” Intel 471 says.
“The maldoc then leverages Excel 4.0 macros stored in a hidden sheet, which allow an externally-hosted payload to be downloaded, written to disk and executed using regsvr32 or rundll32. From there, attackers can follow up and drop other assorted malware.”
These campaigns rely on end-users falling for the phishing documents in order to succeed. New-school security awareness training can educate your employees about social engineering attacks.
Intel 471 has the story:
https://intel471.com/blog/ettersilent-maldoc-builder-macro-trickbot-qbot/
What KnowBe4 Customers Say
"Stu, I wanted to reach out and let you know that I am impressed with the continued customer service your organization provides. ZacE is our rep for the Knowbe4 platform and he has provided timely responses and his broad knowledge of the platform is invaluable. Zac has always delivered outstanding technical expertise along with his commitment to timely responses says a lot about the Knowbe4 organization. Kudos..."
- P.E., Head of GRC/Privacy
"Dear Stu, I wanted to take the time and let you know, which you probably already know, how awesome your customer service is and especially Brandie L. I have been a client of yours for over a year and the customer service structure is so amazing.
Brandie and I work on setting up quarterly training courses for my staff and she understands the courses and system so well that when I ask a question or ask for suggestions, she has all the answers. She has been so wonderful that I am now comparing all my training vendors to KnowBe4, and I can honestly say no one has measured up to Brandie and the rest of your team.
Thank you for creating a work culture that is second to none and makes the customer priority one. I am very happy with the products and service that if there is a day, (which I don’t ever think there will be) that doesn’t go as planned, I know it will be no big deal because I have faith that Brandie will make it right. Have a great weekend."
- W.M. CBAP | BSA / Compliance Officer, VP
"Stu, I wanted to reach out and let you know that I am impressed with the continued customer service your organization provides. ZacE is our rep for the Knowbe4 platform and he has provided timely responses and his broad knowledge of the platform is invaluable. Zac has always delivered outstanding technical expertise along with his commitment to timely responses says a lot about the Knowbe4 organization. Kudos..."
- P.E., Head of GRC/Privacy
"Dear Stu, I wanted to take the time and let you know, which you probably already know, how awesome your customer service is and especially Brandie L. I have been a client of yours for over a year and the customer service structure is so amazing.
Brandie and I work on setting up quarterly training courses for my staff and she understands the courses and system so well that when I ask a question or ask for suggestions, she has all the answers. She has been so wonderful that I am now comparing all my training vendors to KnowBe4, and I can honestly say no one has measured up to Brandie and the rest of your team.
Thank you for creating a work culture that is second to none and makes the customer priority one. I am very happy with the products and service that if there is a day, (which I don’t ever think there will be) that doesn’t go as planned, I know it will be no big deal because I have faith that Brandie will make it right. Have a great weekend."
- W.M. CBAP | BSA / Compliance Officer, VP
The 11 Interesting News Items This Week
- WSJ: Ransomware Targeted by New Justice Department Task Force:
https://www.wsj.com/articles/ransomware-targeted-by-new-justice-department-task-force-11619014158 - Indonesian hackers arrested over $60 million US Covid-19 scam:
https://www.msn.com/en-us/news/world/indonesian-hackers-arrested-over-60-million-us-covid-19-scam/ar-BB1fIjeS - NSA discovers critical Exchange Server vulnerabilities, patch now:
https://www.bleepingcomputer.com/news/security/nsa-discovers-critical-exchange-server-vulnerabilities-patch-now/ - 7 social engineering tactics threat actors are using now:
https://www.csoonline.com/article/3613937/7-new-social-engineering-tactics-threat-actors-are-using-now.html - 61 percent of employees fail basic cybersecurity quiz:
https://www.scmagazine.com/home/security-news/61-percent-of-employees-fail-basic-cybersecurity-quiz/ - Global Dwell Time Drops as Ransomware Attacks Accelerate:
https://www.darkreading.com/threat-intelligence/global-dwell-time-drops-as-ransomware-attacks-accelerate/d/d-id/1340663 - Swedish Prosecutor Says Russia's GRU Hacked Sweden's Sports Body:
https://www.usnews.com/news/technology/articles/2021-04-13/swedish-prosecutor-says-russias-gru-hacked-swedens-sports-body - Human Error Causes Data Breaches. Here’s What To Do About It:
https://www.healthcarebusinesstoday.com/human-error-causes-data-breaches-heres-what-to-do-about-it/ - Hundreds of networks reportedly hacked in Codecov supply-chain attack:
https://www.bleepingcomputer.com/news/security/hundreds-of-networks-reportedly-hacked-in-codecov-supply-chain-attack/ - REvil gang tries to extort Apple, threatens to sell stolen blueprints:
https://www.bleepingcomputer.com/news/security/revil-gang-tries-to-extort-apple-threatens-to-sell-stolen-blueprints/ - BONUS - Ransomware gang wants to short the stock price of their victims:
https://therecord.media/ransomware-gang-wants-to-short-the-stock-price-of-their-victims/
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff
- Your first virtual Vacation this week is to Madagascar, Stunning 4K Video!:
https://www.youtube.com/watch?v=zPS0UNKLPkg - Your second virtual Vaca is to the Alps, presenting the amazing places and landscapes of France, Italy, Switzerland, Austria and Germany:
https://www.flixxy.com/the-alps.htm?utm_source=4 - BASE Jumping and Slacklining on the World's Biggest Hammock:
https://www.youtube.com/watch?v=8irW-b4iKP0 - Mick Jagger teamed up with Dave Grohl to release a surprise song about coming out of the pandemic:
https://www.flixxy.com/eazy-sleazy-mick-jagger-with-dave-grohl.htm?utm_source=4 - Penn & Teller: Fool Us: Seth Rapheal:
https://www.youtube.com/watch?v=06jxT7fszME - This percentage trick is so easy - but you probably don't know it. It makes solving percentage questions so much faster:
https://www.flixxy.com/a-simple-math-trick.htm?utm_source=4 - New Big Electric Vehicle Luxury: The 2022 Mercedes-Benz EQS:
https://www.youtube.com/watch?v=JgdigNDXcF8 - The Hidden Environmental Costs of Electric Cars:
https://www.youtube.com/watch?v=sVCRHSScuCM - Elon Musk is not the only one who can land rockets on their tail:
https://www.youtube.com/watch?v=G695xnSeOp4 - Now ==this== is a super well done AI agent with awesome voice quality:
https://www.youtube.com/watch?v=Xu0OKD3UL_k - Norway's Cruise Ship Tunnel Plan Explained:
https://www.youtube.com/watch?v=Sfv0-WWxYNk - Kayaking At 100km/h On Snow | Red Bull Kayaking:
https://www.youtube.com/watch?v=p8NrGr3AbuY - Wingsuit Flying, Cycling, & More Across The Earth Ultimate Compilation:
https://www.youtube.com/watch?v=NItzduPmzDE - For Da Kids #1 - Motorcycle-Loving Senior Husky Get His Own Sidecar:
https://www.youtube.com/watch?v=tJcsIwUviq8 - For Da Kids #2 - Taigan Lion Park - Where Lions Hug Tourists:
https://www.flixxy.com/taigan-lion-park-where-lions-hug-tourists.htm?utm_source=4 - For Da Kids #3 - Rescued Fox Makes Friends With Everyone She Meets:
https://www.youtube.com/watch?v=PZYxKQFe1G4