CyberheistNews Vol 11 #27 [EYE OPENER] They're Here... The Ransomware Ecosystem Now Has Criminal VC Investors

CyberheistNews Vol 11 #27
[EYE OPENER] They're Here... The Ransomware Ecosystem Now Has Criminal VC Investors

OK, now this is officially getting scary.

Security firm LIFARS confirms that cyber criminals are acting like venture capital investors, funding startup cyber criminal organizations, such as Darkside Ransomware.

It was bad enough when we saw ransomware gangs join forces behind Maze to create a data publishing cartel. Then it got worse when we saw Ransomware as a Service take a major evolutionary step and get more organized. Next, we got a glimpse into the cybercrime ecosystem that is continuing to grow.

Now, it just makes sense that because some of these groups have made literally tens or hundreds of millions of dollars, they are doing what any other successful businessperson would do with a lot of capital – invest it.

According to cybersecurity firm LIFARS, the ransomware ecosystem is creating its own venture capital model with ransomware gangs backing new cybercriminal startups in exchange for a percentage of future earnings.

This has serious ramifications; the next generation of malware now has money backing it. That means more organized development teams, faster time to market, and more effective ransomware.

An important way to thwart this next generation of cyber criminals is to look at the parts of the attack they can never modify – the need for a human to get involved via phishing.

Security awareness training keeps those humans from falling for phishing, spear phishing, vishing, SMiShing, or social engineering tactics used to trick victims into clicking links, opening attachments, or responding to malicious requests – thereby, stopping a significant part of ransomware attacks– no matter who’s paying for it.
Implement DMARC the Right Way To Keep Phishing Attacks Out of Your Inbox

DMARC, SPF, and DKIM are global anti-domain-spoofing standards, which can significantly cut down on phishing attacks. Implemented correctly they allow you to monitor email traffic, quarantine suspicious emails, and reject unauthorized emails. But less than 30% of organizations are actually using them. And even fewer are using them correctly.

In this webinar, Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, will teach you how to enable DMARC, SPF, DKIM the right way. You’ll also discover six reasons why phishing still might get through past your filters and what you can do to maximize your defenses.

You’ll learn:
  • How to enable DMARC, SPF, and DKIM
  • How to best configure DMARC and other defenses to prevent phishing attacks
  • What common configuration mistakes organizations make
  • Why a strong human firewall is your best last line of defense
Get the details you need to know now to protect your organization from phishing and social engineering attacks. And earn CPE credit for attending!

Date/Time: THIS WEEK, Thursday, July 15 @ 2:00 PM (ET)

Save My Spot!
Lazarus Group Continues Targeting Large Organizations

North Korea’s Lazarus Group has been launching phishing campaigns against more defense contractors and large engineering companies, according to researchers at AT&T Alien Labs. The attackers are sending spear phishing emails with malicious documents.

“Several documents identified from May to June 2021 by Twitter users were identified as being linked to the Lazarus group,” the researchers write. “Documents observed in previous campaigns lured victims with job opportunities for Boeing and BAE systems....

The documents attempted to impersonate new defense contractors and engineering companies like Airbus, General Motors (GM), and Rheinmetall. All of these documents contain macro malware, which has been developed and improved during the course of this campaign and from one target to another. The core techniques for the three malicious documents are the same, but the attackers attempted to reduce the potential detections and increase the faculties of the macros.”

The titles of the documents include “Rheinmetall_job_requirements [dot] doc,” “General_motors_cars [dot] doc,” and “Airbus_job_opportunity_confidential [dot] doc.”

“The first two documents from early May 2021 were related to a German Engineering company focused on the defense and automotive industries, Rheinmetall,” the researchers write. “The second malicious document appears to include more elaborate content, which may have resulted in the documents going unnoticed by victims.”

The researchers note that this campaign is consistent with earlier Lazarus Group operations. “The reported activity remains in line with the Lazarus’ past campaigns and is not expected to be the last,” the researchers write. “Attack lures, potentially targeting engineering professionals in government organizations, showcase the importance of tracking Lazarus and their evolution.

We continue to see Lazarus using the same tactic, techniques, and procedures that we have observed in the past, such as using Microsoft Office documents that download remote templates, Microsoft Office Macros, and compromised third party infrastructure to host the payloads and proxy C&C traffic through.”

Blog post with links:
[New PhishER Feature] Turn the Tables on the Cybercriminals With PhishFlip

Cybercriminals are always coming up with new, devious phishing techniques to trick your users. PhishFlip is a new PhishER feature that allows you to respond in real time and turn the tables on these threat actors. With PhishFlip, you can now immediately ‘flip’ a dangerous attack into an instant real-world training opportunity for your users.

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. You can now combine your existing PhishRIP email quarantine capability with the new PhishFlip feature which automatically replaces active phishing threats with a new defanged look-alike back into your users’ mailbox.

The new PhishFlip feature is included in PhishER—yes you read that right, no extra cost— so now you can turn the tables on these threat actors and flip targeted phishing attacks into a simulated phishing test for all users. This new feature dramatically reduces data breach risk and the burden on your IT and InfoSec teams.

See how you can best manage your user-reported messages.

Join us Wednesday, July 21 @ 2:00 PM (ET) for a live 30-minute demonstration of the PhishER product including our new PhishFlip feature. With PhishER you can:
  • NEW! Automatically flip active phishing attacks into safe simulated phishing campaigns with PhishFlip. You can even replace active phishing emails with safe look-alikes in your user’s inbox.
  • Easily search, find, and remove email threats with PhishRIP, PhishER’s email quarantine feature for Microsoft 365 and G Suite.
  • Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly.
  • Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat.
  • Easy integration with KnowBe4’s email add-in button, Phish Alert, or forwarding to a mailbox works too!
Find out how adding PhishER can be a huge time-saver for your Incident Response team!

Date/Time: Wednesday, July 21 @ 2:00 PM (ET)

Save My Spot!
87% Increase in Social Engineering Scams During the First Quarter of 2021 Compared to Q1 2020

There was an 87% increase in social engineering scams during the first quarter of 2021 compared to Q1 2020, according to Ayelet Biger-Levin from BioCatch. In an article for The Paypers, Biger-Levin explains that three-quarters of successful scams involved the attacker using information about the victim in order to lend credibility to the scheme.

“In the financial industry, there are two main types of social engineering attacks: harvesting online banking credentials and/or personal information and real-time scams such as authorized payment scams or remote access tool (RAT) scams,” Biger-Levin writes.

“The second type of scam requires little technological sophistication, but scammers do need to prove to victims that they are ‘legit’ so they often spend time harvesting information and learning about their victim prior to committing a crime.

In fact, 75% of victims claim that a scammer already had their personal info when coercing them into defrauding themselves, according to a report by the US Federal Trade Commission.”

Biger-Levin notes that a social engineering scam can bypass many technical defenses since it involves tricking a human.

“These scams are difficult to detect since the cybercriminal does not interact directly with the banking platform and instead convinces the victim to execute an authorized payment themselves,” she writes. “Standard fraud detection tools are unlikely to detect these scams since the device is a user’s trusted device, the network connection matches with the user profile, and any step-up authentication check would also be passed as the victim directly receives the OTP code.”

Biger-Levin adds that voice phishing (vishing) also increased last year.

“Due to global lockdowns, isolation of social distancing, and increased use of digital banking from the pandemic, most types of fraud hit record levels last year,” Biger-Levin says. “Specifically, social engineering was a favorite go-to method for cyber criminals.

According to BioCatch data, one in four confirmed cases of account takeover last year involved some form of social engineering voice scam, such as authorized push payment (APP) fraud.”

New-school security awareness training can give your organization an essential last layer of defense by teaching your employees how to recognize social engineering attacks.

Blog post with links:
[NEW Report] 2021 Phishing By Industry Benchmarking: Find Out How You Are Doing Compared to Your Peers of Similar Size

As a security leader, you’re faced with a tough choice. Even as you increase your budget for sophisticated security software, your exposure to cybercrime keeps going up!

IT security seems to be a race between effective technology and clever attack methods. However, there’s an often-overlooked security layer that can significantly reduce your organization’s attack surface: New-school security awareness training.

The 2021 Study analyzed a data set of 6.6 million users across 23,400 organizations with over 15.5 million simulated phishing security tests. In this report, research from KnowBe4 highlights employee Phish-Prone™ percentages by industry, revealing at-risk users that are susceptible to phishing or social engineering attacks. Taking it a step further, the research also reveals radical drops in careless clicking after 90 days and 12 months of new-school security awareness training.

Do you know how your organization compares to your peers of similar size?

You will learn more about:
  • New phishing benchmark data for 19 industries
  • Understanding who’s at risk and what you can do about it
  • Actionable tips to create your “human firewall”
  • The value of new-school security awareness training
Download this whitepaper to find out!

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

PS: Very good New 8th Layer PodCast: Deceptionology 101: Introduction to the Dark Arts:

Quotes of the Week
"All truth passes through three stages. First, it is ridiculed. Second, it is violently opposed. Third, it is accepted as being self-evident."
- Arthur Schopenhauer - Philosopher (1788 - 1860)

"Whatever you are, be a good one."
- Abraham Lincoln (1809 – 1865)

Thanks for reading CyberheistNews

Security News
Social Engineering and Organizational Culture

Consistent awareness training is necessary to fend off phishing attacks, according to Keatron Evans, a principal security researcher, instructor, and author with Infosec. In an interview with Security Boulevard, Evans explained that employees need to be reminded that social engineering attacks can occur at any time.

“What we’ve found in most cases is that organizations are very reactive to social engineering attacks, but most cultural changes that come as a result of the attacks are short-lived,” Evans said. “For example, we have clear data that shows that within 45 days after a successful phishing campaign, users are very aware and do a good job of screening emails, phone calls, and adhering to other anti-social engineering recommendations.

However, when we check again after 60 days or so, we find that these same users have largely reverted back to their old habits.”

Evans added that employees can grow complacent with phishing attacks if they don’t realize the harm that these attacks can cause. “I think the organizations that regularly fall victim to phishing scams are often a result of an ineffective security culture, which can, in turn, affect their cultural norms when it comes to security,” Evans said.

“If the successful scams don’t cost significant loss or public relations damage to the organization, the organization will often become numb or desensitized to the attacks and adopt the ‘just part of doing business’ mindset.”

Evans also noted that if an employee does fall for a phishing email, the most important thing they can do is report it immediately. As a result, organizations shouldn’t punish employees for reporting these incidents.

“If an employee is phished, reports it to security and is later heavily reprimanded, employees may be less likely to report similar incidents in the future,” Evans said. “This is why it is imperative that leadership be proactive in driving the security awareness message from the top down in the organization and showing commitment to maintaining good security posture—and culture.”

New-school security awareness training can help create a security culture within your organization by teaching your employees to follow security best practices.

Security Boulevard has the story:
WhatsApp Scams Approaching in the UK?

The Southwark Police in London have warned of a spike in WhatsApp phishing scams, according to Paul Ducklin at Naked Security. The station tweeted, “We have seen a surge in WhatsApp accounts being hacked, if you are sent a text from WhatsApp with a code on it, don't share the code with ANYONE no matter who's asking, or the reason why. “

Ducklin notes that users of WhatsApp and similar messaging services are more likely to view messages as trustworthy, since they appear to be coming from an acquaintance.

“Closed-group instant messaging and social media communities don’t suffer from spam in the same way that your email account does, because you can set up your account so that only approved contacts such as friends and family can message you in the first place,” Ducklin writes. “That means, however, that you’re more inclined to trust messages and web links that you do receive, because they generally come from someone you know.”

Ducklin adds that users should be suspicious of unsolicited or strange messages from contacts, especially if the messages sound urgent or try to get you to click on a link. “Never trust messages simply because they come from a friend’s account,” he says. “Just as importantly, if a weird message from a friend’s account makes you think they’ve been hacked, don’t message them back via the same service to warn them."

Naked Security has the story:
Become a Certified Security Awareness and Culture Professional (SACP)™

In today’s evolving cybersecurity landscape, the skills of security awareness professionals are increasingly viewed as crucial to protecting organizational information assets from human error.

Be a leader in the security awareness and culture profession. Earn H Layer’s Security Awareness and Culture Professional (SACP)™ credential and demonstrate your competency to design and lead security awareness programs that build a sustained security-awareness culture.

The Security Awareness and Culture Professional (SACP)™ credential is the only independent, vendor-neutral certification designed specifically for the newest in-demand job roles in security awareness.

Don't miss the $40.00 discount on the SACP Certification Application through July 31, 2021. Use Coupon Code SACPlaunch21 at checkout to take advantage of this special savings.

Learn more about the SACP Exam or download the SACP Candidate Information Bulletin.

Don't wait. Apply today and become one of the first professionals to earn your SACP Certification.
What KnowBe4 Customers Say

"I would like to take this opportunity to express our sincere gratitude for your timely help and assistance. It has been a great pleasure working with the KnowBe4 team so far. I have never had a reason to escalate things. It was always taken care of by the team. Thank you for your support to accomplish our mission. To repay the debt, I have been recommending KB4 to my fellow CISO colleagues and vendors."
The 10 Interesting News Items This Week
    1. Building a culture of cybersecurity: 3 key takeaways from the 2021 SANS report:

    2. By Yours Truly: Premiums Climb as Ransomware Bites:

    3. Suspected Cyber-Criminal “Dr Hex” Tracked Down Via Phishing Kit:

    4. Understanding Russia’s Cyber Strategy - Foreign Policy Research Institute:

    5. White House urges mayors to review local govts’ cybersecurity posture:

    6. The NSA's 'New' Mission: Get More Public With the Private Sector:

    7. Proposed law seeks to boost federal cyber workforce through apprenticeships, training:

    8. The Unfixed Flaw at the Heart of REvil’s Ransomware Spree:

    9. by Yours Truly in Inc Magazine: "From Startup to Unicorn: The Best Practices We Used to Get Here":

    10. New York City the first major metropolitan area to open a real-time Cyberattack Defense Center:
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2021 KnowBe4, Inc. All rights reserved.

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews