CyberheistNews Vol 11 #23 [Heads Up] Ransomware Attacks Run Rampant As Fujifilm Becomes the Next Victim

CyberheistNews Vol 11 #23
[Heads Up] Ransomware Attacks Run Rampant As Fujifilm Becomes the Next Victim

Fujifilm, a huge Japanese company known for digital imaging products, has been hit with ransomware at their Tokyo headquarters. In a statement from the company, "We want to state what we understand as of now and the measures that the company has taken. In the late evening of June 1, 2021, we became aware of the possibility of a ransomware attack. As a result, we have taken measures to suspend all affected systems in coordination with our various global entities."

As a result of the attack, Fujifilm USA posted on the website that they are experiencing difficulties. These difficulties include a halt on processing orders and no lines of communication available for use.

According to Bleeping Computer, it is suspected that the company's servers have been infected with Qbot. Qbot has a history of being utilized by multiple ransomware gangs. It is now being linked to the REvil ransomware group, who most recently hacked JBS, the world's largest meat producing company.

With scores of companies now becoming a victim of ransomware, it's important for your organization to put cybersecurity first. Additional security layers such new-school security awareness training can ensure your users will know how to report any suspicious activity.

Tech Crunch has the full story:
[New PhishER Feature] Turn the Tables on the Bad Guys With PhishFlip

The bad guys are always coming up with new, devious phishing techniques to trick your users. PhishFlip is a new PhishER feature that allows you to respond in real time and turn the tables on the bad guys. With PhishFlip, you can now immediately ‘flip’ a dangerous attack into an instant real-world training opportunity for your users.

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. You can now combine your existing PhishRIP email quarantine capability with the new PhishFlip feature which automatically replaces active phishing threats with a new defanged look-alike back into your users’ mailbox.

The new PhishFlip feature is included in PhishER—yes you read that right, no extra cost— so now you can turn the tables on the bad guys and flip targeted phishing attacks into a simulated phishing test for all users. This new feature dramatically reduces data breach risk and the burden on your IT and InfoSec teams.

See how you can best manage your user-reported messages.

Join us Wednesday, June 23 @ 2:00 PM (ET) for a live 30-minute demo of the PhishER product including our new PhishFlip feature. With PhishER you can:
  • NEW! Automatically flip active phishing attacks into safe simulated phishing campaigns with PhishFlip. You can even replace active phishing emails with safe look-alikes in your user’s inbox.
  • Easily search, find, and remove email threats with PhishRIP, PhishER’s email quarantine feature for Microsoft 365 and G Suite
  • Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
  • Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
  • Easy integration with KnowBe4’s email add-in button, Phish Alert, or forwarding to a mailbox works too!
Find out how adding PhishER can be a huge time-saver for your Incident Response team!

Date/Time: Wednesday, June 23 @ 2:00 PM (ET)

Save My Spot!
The Future of Ransomware

By Roger Grimes. Ransomware is pretty bad right now. It is taking down nearly any company and industry it can, targeting healthcare, energy infrastructure, and food supplies with equal aplomb. It takes down law enforcement, computer security companies, and entire cities at will.

The average ransom paid is over $100K and we routinely see payouts in the many millions of dollars. So far, the largest I have seen is $40M, but I bet larger ones have been paid that I do not know about. This is to say, it is pretty bad out there. Some companies are estimating overall annual damages from ransomware in the multi-hundreds of billions of dollars …ANNUALLY!

As I covered in my last article, ransomware is no longer about just encrypting data and has not been for quite a while. Today’s ransomware is:
  • Encrypting your data
  • Exfiltrating your emails, data, confidential information, IP and will post it publicly or give it to your competitors if you do not pay
  • Stealing company, employee and customer login credentials
  • Extorting your employees and customers
  • Sending spear phishing attacks to your business partners from your own computers using real email addresses and email subject lines your partners trust
  • Conducting DDoS attacks against any services you still have up and running
  • Publicly embarrassing your company
With all of these things being done routinely by ransomware, the question is, how could it get worse? What is the future of ransomware? I think I know.

[LAST CHANCE] Learn To Detect and Defend Against Supply Chain Attacks Before They Compromise Your Network

Your job is to safeguard your organization and its assets from bad actors trying to infiltrate your network. But what do you do when the threat is coming from what looks like a trusted partner or vendor? If they get hacked, the bad guys can target you based on your partnership. These attacks are incredibly hard to detect because they are actually coming from TRUSTED sources. In today’s environment you can trust no one!

Join Roger Grimes, Data-Driven Defense Evangelist at KnowBe4, for this webinar where he’ll break down supply chain attacks to help you differentiate the good guys from the bad guys. He’ll discuss:
  • How cyber criminals pulled off recent, high-profile supply chain attacks
  • Why these threats are so hard to detect
  • What you can do now to prevent these cyberattacks from compromising your organization
  • How to turn the tables on attackers and use their attempts to actually improve your security posture
Get the information you need to know now to protect your organization! And earn CPE credit for attending.

Date/Time: TOMORROW, Wednesday, June 16 @ 2:00 (ET)

Save My Spot!
New Phishing Trends Show That Adult Themes Have Skyrocketed 974%

Phishing lures with adult themes have spiked over the past year, according to researchers at GreatHorn. The researchers explain that these emails are effective at getting people to click, and will also make victims reluctant to report the attack once they realize they’ve been scammed.

“Between May 2020 and April 2021, the number of such attacks increased 974%,” the researchers write. “These attacks reach across a broad spectrum of industries and appear to target based on male-sounding usernames in company + email addresses.”

The researchers note that in addition to stealing information, the attackers can also return to blackmail victims.

“Attackers use phishing attacks as an initial vector to gather information about the target,” GreatHorn says. “Because of the 'adult' content, attackers set up victims with compromising material to be used for blackmail. In these attacks, cybercriminals are tracking the identity of victims who click on their sites by using a technique called an email pass-through.

The same technology enables legitimate email senders to auto-populate an unsubscribe field with a user email address. Once a user clicks on a link in the email, their email address is automatically passed to the linked site. In these attacks, the cybercriminal leverages the information they gleaned in order to set up a second stage. Individuals who clicked on links to compromising material could be targeted in the second attack to extort the individual.”

GreatHorn shares a representative example in which a phishing email claimed to come from a woman staying in the same hotel as the recipient.

“The link at the top of this email points to a destination page which is classified as Malicious by Google Safe Browsing,” the researchers write. “Clicking would bring you to a site with photos. There, a further link points to site which has the appearance of a dating site. It is likely a fake site designed to hook users into providing payment information. User data gleaned in this way will be transmitted to cybercriminals, who will use it for various malicious purposes, such as money withdrawal, blackmailing, or committing further frauds.”

Blog Post with links:
Does Your Domain Have an Evil Twin?

Since look-alike domains are a dangerous vector for phishing and other social engineering attacks, it’s a top priority that you monitor for potentially harmful domains that can spoof your domain.

Our Domain Doppelgänger tool makes it easy for you to identify your potential “evil domain twins” and combines the search, discovery, reporting, and risk indicators, so you can take action now. Better yet, with these results, you can now generate a real-world online assessment test to see what your users are able to recognize as “safe” domains for your organization.

With Domain Doppelgänger, you can:
  • Search for existing and potential look-alike domains
  • Get a summary report that identifies the highest to lowest risk attack potentials
  • Generate a real-world “domain safety” quiz based on the results for your end users
Domain Doppelgänger helps you find the threat before it is used against you.

Find out now!

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

PS: I was interviewed on National TV about cybercrime last week:

Quotes of the Week
"Nine tenths of education is encouragement."
- Anatole France - Novelist (1844 - 1924)

"Never believe that a few caring people can't change the world. For, indeed, that's all who ever have."
- Margaret Mead - Anthropologist (1901 - 1978)

Thanks for reading CyberheistNews

Security News
78% of CISOs Say Attacks Have Increased as a Result of More Employees Working From Home

According to new data from VMware Carbon Black, the sophistication and impact of modern cyberattacks is causing CISOs to rethink how to secure the expanding attack surface.

There’s a tremendous amount of FUD (fear, uncertainty and doubt) that naturally surrounds news of cyberattacks; it’s all doom and gloom and rarely, if ever, rainbows and sunshine. So, it’s sometimes difficult for organizations to determine what’s really happening out there and what’s more hype.

This is one of the reasons I cover report data so often here on our blog; reports like VMware Carbon Black’s Global Security Insights Report 2021 cuts through the hype and provides real insight into what over 3000 CISOs are experiencing and are expecting next.

According to the report, the bad guys are getting more aggressive, more talented and more successful:
  • 76% of CISOs said the number of attacks they face has increased in the past year
  • 79% said attacks have become more sophisticated
  • 81% have suffered a breach, with an average of 2.35 breaches experienced per organization
  • 82% said they have suffered a material breach
CISOs attribute third-party apps as the top cause of breach (at only 14%). What’s interesting is they stated (as positioned in the title of this article) that employees working from home has caused an increase in attacks.

Hmmm… perhaps there’s a correlation that’s missing here. The report mentioned ransomware as the second top breach, with out-of-date security tech and process weaknesses tied for third place. So, where are users in this discussion?

I know that CISOs are focused on information (and much of the report discusses how CISOs want better visibility into data), but your information is safe if the bad guy can never get in. If remote employees are a factor, it’s likely those very same 3000+ CISOs need to have security awareness training implemented within their organizations to improve the user security before you worry about data security.

Blog post:
APWG: "Number of Phishing Sites Reaches Record High"

The number of reported phishing sites reached a record high in January 2021, according to a new report from the Anti-Phishing Working Group (APWG).

The APWG’s Phishing Activity Trends Report for the first quarter of 2021 found that phishing attacks steadily increased throughout 2020 and into 2021.

“The number of phishing attacks observed by the APWG and its contributing members doubled over the course of 2020,” the report states. “Attacks then peaked in January 2021, with an all-time high of 245,771 new phishing sites appearing in that month alone.

The number of attacks then declined in February and March, offering some hope for online consumers. Still, March suffered more than 200,000 attacks, and was the fourth-worst month in APWG’s reporting history.”

Agari, a member of the APWG, observed that the average amount of money lost in business email compromise (BEC) attacks is also on the rise. “Agari found that the average amount requested in wire transfer BEC attacks increased 14 percent from $75,000 in Q4 2020 to $85,000 in Q1 2021,” the report says.

“This increase is primarily attributed to a continued resurgence in BEC campaigns from Cosmic Lynx, a sophisticated Russian-based BEC group, as well as mergers-and-acquisitions themed campaigns that have requested larger payments from BEC targets.”

Agari also noted that a relatively new BEC tactic seeking “financial aging requests” is growing more widespread. “Agari found also that in Q1 2021, scammers requested funds in the form of gift cards in 54 percent of BEC attacks, down from 60 percent in Q 4 2020 and 71 percent in Q3 2020,” the APWG says.

“The other 46 percent of requests involved bank transfer, payroll diversion, and ‘financial aging requests.’ In a financial aging request, the scammer impersonates an executive and requests that someone in the target company send him a report that contains details about outstanding payments owed by the company’s customers, and the accompanying customer contact details.

While aging report BEC attacks have been around for more than a year, their volume was minimal until Q1 2021, when more than 10 percent of all BEC attacks involved aging report requests.”

New-school security awareness training can enable your employees to identify red flags associated with targeted social engineering attacks.

The APWG has the story:
What KnowBe4 Customers Say

"We are very pleased with the overall KnowBe4 service that your company provides. But what really makes your service a "no-brainer" when it comes to renewal and recommending your services to others is the monthly call that I have with BradL. That call, that specific service that KnowBe4 provides, is so helpful and I wanted you to know that we feel it is an essential part of the overall package that you offer.

Please don't ever consider dropping that! It is a call that we look forward to each month and it allows us to take full advantage of the KnowBe4 services like Phishing and Vishing Campaigns, Reports, Training, Retraining, etc. Brilliant feature, an essential part of your package!"
- G.R. Sr. Vice President of Technology
The 10 Interesting News Items This Week
    1. Colonial Pipeline hackers entered network through a single compromised password:

    2. Ransomware Struck Another Pipeline Firm—and 70GB of Data Leaked:

    3. ANOM: Hundreds arrested in massive global crime sting using messaging app:

    4. Cybersecurity to Become a "Matter of Life and Death":

    5. You Really Can’t Do Enough Security Training:

    6. Hacker Known as Max Is 55-Year-Old Woman From Russia, U.S. Says:

    7. Pipeline Investigation Upends Idea That Bitcoin Is Untraceable:

    8. Slilpp, the largest stolen logins market, seized by law enforcement:

    9. By Yours Truly at Forbes: How You Can Avoid Being Victimized By Ransomware:

    10. White House Warns Companies to Implement Ransomware Defenses:
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2021 KnowBe4, Inc. All rights reserved.

Subscribe To Our Blog

Cybersecurity Awareness Month Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews