CyberheistNews Vol 11 #31 [HEADS UP] Microsoft Warns of Sneaky Phishing Campaign

CyberheistNews Vol 11 #31
[HEADS UP] Microsoft Warns of Sneaky Phishing Campaign

Microsoft's Security Intelligence team recently sent an alert to Office 365 users and admins to watch out for a suspicious phishing email that uses spoofed sender addresses.

The alert was sent after observing an active campaign that was zoning in on Office 365 organizations with convincing emails.

In a statement by Microsoft, "An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters."

Microsoft notes that this campaign is sneakier than usual due to the convincing Microsoft logos with the link posing as a 'file share' request to access bogus reports. However, the main phishing URL relies on a Google storage resource that takes the victim to the Google App Engine domain Appspot. This results in hiding a second URL that directs the victim to a compromised SharePoint site, and thus allowing the attack to bypass sandboxes.

Our blog has the rest of the alert with the specific example of the phishing page:
Open Source Intelligence (OSINT): Learn the Methods Bad Actors Use to Hack Your Organization

The digital age has unleashed massive amounts of personal and organizational data on the internet. No breaking through firewalls or exploiting vulnerabilities required.

It is shockingly easy to gather detailed intelligence on individuals and organizations. Everything cybercriminals need to specifically target your end users is out there for the taking. Password clues, tech stack details, and banking/credit card accounts can be found easily and through public resources. There’s even a name for it: Open Source Intelligence (OSINT).

No one knows OSINT techniques and how bad actors use them better than Rosa Smothers, former CIA Cyber Threat Analyst and Technical Intelligence Officer, now KnowBe4’s SVP of Cyber Operations and James McQuiggan, KnowBe4’s Security Awareness Advocate.

Join Rosa and James for this webinar where you will gain insights on how to leverage OSINT to defend your organization and outthink cybercriminals!

In this webinar you’ll learn:
  • How to use OSINT techniques to gather the details you need for effective investigations
  • What specific apps and analytic techniques can enhance your research and data interpretation
  • Demonstrations of OSINT gathering techniques you can use before the cybercriminals do
  • How training your users to understand OSINT and their digital footprint can protect your organization
Learn how to use the cybercriminals’ best techniques before they do and earn CPE credit for attending!

Date/Time: TOMORROW, Wednesday, August 11 @ 2:00 PM (ET)

Save My Spot!
New Phishing Campaign Uses Blackmail to Lure Victims

Bitdefender has observed a phishing campaign that tries to blackmail users into sending money by claiming their computer has been hacked. The emails contain real passwords that have been leaked, in order to convince the recipient that the claims are legitimate.

“In this case, spammers attempt to fool recipients by referring to old passwords and existing email addresses, most of which have already been exposed online,” Bitdefender says. “The perps specify that login credentials to your online accounts were purchased from the web and used to install malicious software and spyware on your device.

"They use scare tactics to induce a sense of panic in recipients, threatening to expose a video montage containing lewd scenes of victims watching adult videos online to friends and family.”

The researchers note that this technique isn’t new, but the scale of the campaign is significant. “The attacks spread across the globe, with unusually high numbers of spam emails reaching users in Romania (over 400,000 emails), Italy and the Netherlands,” the researchers write. “The messages originate from multiple IP addresses in Europe, Asia, Africa and the Americas. It seems they've been distributed in masses via a large spam botnet controlled by the same threat group.”

Blog post with Bitdefender recommendations and links:
[New PhishER Feature] Turn the Tables on the Cybercriminals With PhishFlip

Cybercriminals are always coming up with new, devious phishing techniques to trick your users. PhishFlip is a new PhishER feature that allows you to respond in real time and turn the tables on these threat actors. With PhishFlip, you can now immediately ‘flip’ a dangerous attack into an instant real-world training opportunity for your users.

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. You can now combine your existing PhishRIP email quarantine capability with the new PhishFlip feature which automatically replaces active phishing threats with a new defanged look-alike back into your users’ mailbox.

The new PhishFlip feature is included in PhishER—yes you read that right, no extra cost— so now you can turn the tables on these threat actors and flip targeted phishing attacks into a simulated phishing test for all users. This new feature dramatically reduces data breach risk and the burden on your IT and InfoSec teams.

See how you can best manage your user-reported messages.

Join us Wednesday, August 18 @ 2:00 PM (ET) for a live 30-minute demonstration of the PhishER product including our new PhishFlip feature.

With PhishER you can:
  • NEW! Automatically flip active phishing attacks into safe simulated phishing campaigns with PhishFlip. You can even replace active phishing emails with safe look-alikes in your user’s inbox.
  • Easily search, find, and remove email threats with PhishRIP, PhishER’s email quarantine feature for Microsoft 365 and G Suite
  • Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
  • Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
  • Easy integration with KnowBe4’s email add-in button, Phish Alert, or forwarding to a mailbox works too!
Find out how adding PhishER can be a huge time-saver for your Incident Response team!

Date/Time: Wednesday, August 18 @ 2:00 PM (ET)

Save My Spot!
[EYE OPENER] The World’s Most Impersonated Brand in Phishing Attacks Is...

Despite so much news surrounding phishing attacks pretending to be from Microsoft’s Office 365 platform, a new report from Vade Secure provides a global perspective to impersonation.

If I was to ask you what brand is most impersonated in phishing attacks, you’d likely say ‘Microsoft.’ That’s a good educated guess, as even I’ve covered news stating they are pretty constantly the most impersonated brand. But new data from security vendor Vade Secure covering the first half of 2021 shows the world as a whole doesn’t experience impersonation quite the same way that, say, the U.S. does.

According to their Phishers’ Favorites Top 25 H1 2021, Worldwide Edition report, Microsoft does remain the top *cloud* brand worldwide, but they aren’t number one overall; not even close.

The top brand impersonated worldwide is French bank Crédit Agricole (with 17,775 phishing URLs), with Facebook coming in second place and then Microsoft in a distant third (having only 12,777 phishing URLs in comparison).

According to Vade Secure, phishing activity spiked in Q2 of this year, increasing a whopping 281%. Also noted is an increase in the use of remote images (ones that are displayed when an email is opened but are hosted remotely) as a means of evading detection.

Whether Crédit Agricole is familiar to you or not isn’t really the issue here; the focus should be on how cybercriminals use well-known brands – in this case regionally – to trick victims into engaging with malicious attachments and links.

Continual Security Awareness Training is needed to keep your users updated on trends like this, so they can be particularly vigilant whenever seeing emails purporting to be from a much-impersonated brand.

Blog with links:
[NEW WEBINAR] 2021 Phishing by Industry Benchmarking Report: How Does Your Organization Measure Up?

As a security leader, you have a lot on your plate. Even as you increase your budget for sophisticated security software, your exposure to cybercrime keeps going up. IT security seems to be a race between effective technology and ever evolving attack strategies from the threat actors. However, there’s an often-overlooked security layer that can significantly reduce your organization’s attack surface: New-school security awareness training.

In this on-demand webinar Perry Carpenter, KnowBe4's Chief Evangelist and Strategy Officer, and Joanna Huisman, KnowBe4's Senior Vice President of Strategic Insights and Research, review our 2021 Phishing by Industry Benchmarking Study, a data set of 6.6 million users across 23,400 organizations.

You will learn more about:
  • New phishing benchmark data for 19 industries
  • Understanding who’s at risk and what you can do about it
  • Actionable tips to create your “human firewall”
  • The value of new-school security awareness training
Do you know how your organization compares to your peers?

Watch this webinar to find out!
The Latest BEC Attacks Are Now Targeting Your Lower-Level Employees

A new report from Barracuda found that most business email compromise (BEC) attacks are now targeting employees who aren’t in executive or financial roles.

“Many organizations focus their training and protection on who they perceive to be the most targeted individuals within the organization—usually executive and finance teams,” Barracuda’s researchers write. “However, 77% of BEC attacks targeted employees in other departments.

Attackers look for an entry point and a weak link within your organization, and then they work their way to more valuable accounts. This highlights the need to secure and educate every employee to the same level.”

Barracuda also found that one in five BEC attacks target employees in sales roles.

“Due to the nature of their role, sales reps are used to getting external messages from senders they haven’t communicated with before,” the researchers write. “At the same time, they are all connected with payments and with other departments including finance. For hackers, these individuals could be a perfect entry point to get into an organization and launch other attacks.”

IT departments were another prime target, with each IT employee being targeted by an average of forty attacks.

“When we look at the number of phishing emails targeting IT teams, although they received only 5% of the total number of attacks, each employee was targeted by 40 email attacks, which is well above average,” the researchers write. “IT staff has access to business-critical applications, so compromising their accounts can be extremely valuable to hackers as it will give them access to organizations’ security and IT infrastructure.

Cybercriminals tailor their attacks to their victims, so there were barely any BEC attacks, which usually look for quick monetary return, targeting IT teams. However, when it comes to attacks that include phishing URLs designed to compromise accounts, IT was one of the top targets.”

Blog with links:

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

PS: [HUMOR] 12 Steps to a Security Ignorance Program:

PPS: By Yours Truly. "The Right Ratio of Carrot-to-Stick When It Comes to Incentivizing Your Employees":

Quotes of the Week
"It is the mark of an educated mind to be able to entertain a thought without accepting it."
- Aristotle - Philosopher (384 - 322 BC)

"A bird is safe in its nest - but that is not what its wings are made for."
- Amit Ray - Author (born 1960)

Thanks for reading CyberheistNews

Security News
Phishing Attacks Target IT Professionals More Than Any Other Organizational Role

New data from security vendor Ivanti suggests that cybercriminals are focusing in on those in IT roles as targets of phishing attacks, with many admitting to falling victim for these scams.

Most of my articles revolve around cyberattacks that begin with an executive or someone in Finance. And that’s usually because the focus is to gain control over an account with access to financials or influence over staff that do.

But, new research conducted by digital workplace vendor Ivanti demonstrates that IT isn’t immune to both attempted and successful phishing attacks. According to Ivanti:
  • 74% of IT professionals have been the victim of a phishing attack
  • 40% have experienced an attack in the last month
  • 80% believe attacks have increased in the last year
  • 85% believe attacks are more sophisticated than ever
The data also shows that IT pros are overwhelmingly the primary target of attack over any other role within the organization including sales (only 35% reported being a victim of a phishing attack), executives (27%), and Marketing (25%).

My guess is that IT is being targeted under the assumption that their account has elevated privileges – something needed in every data breach and ransomware attack.

What makes this so concerning is that nearly half (47%) of IT pros admit to having fallen for a phishing attack themselves. This data demonstrates every employee – especially IT pros – are potential targets and victims of phishing attacks.

So, it’s necessary for every employee (including IT) to shore up their phishing detection skills using Security Awareness Training to ensure they can quickly and easily see malicious content for what it really is and avoid falling for these kinds of attacks.

Blog with links:
You Knew It Would Eventually Happen: Ransomware Lawsuits

Organizations that have fallen victim to a ransomware attack are now being sued by impacted employees and customers alike who are citing loose cybersecurity was in place.

For a long time, analysts and technical evangelists have been saying that the aftermath of a cyberattack will by financially impactful. It appears that recent ransomware attacks are no exception. The recent attacks on critical infrastructure have resulted in multiple lawsuits where businesses and customers relying on victim organizations are suing for damages.

For example, we saw the pipeline attack back in February cause temporary gas shortages and rises in gas prices – this has resulted in multiple lawsuits. Scripps Health suffered a ransomware attack back in May and is already facing several class-action lawsuits.

It’s evident that those impacted by ransomware attacks are keenly aware of their ability to seek damages. The challenge is to prove that the victim organization was “cyber-negligent” in that their cybersecurity stance was lax.

My question is “What is the technical security-centric litmus test for negligence?” Think about it – do these companies being sued need to simply demonstrate they put forth a reasonable effort to fend off the lawsuit?

Or will the specific circumstances of each attack fall under scrutiny and, if it turns out there was **something** the organization could have done to better secure the vulnerable part of the environment, the organization will be found at fault? (We’ve seen this level of detail come into play with lawsuits between cyber insurance companies and their insured organizations that fell victim to a cyberattack.)

Only time will tell what the outcome of the lawsuits will be and what precedence will be set by them. But one thing is clear – if you want to steer clear of ransomware-related lawsuits, don’t become a victim in the first place.

And that means tightening up security around three initial attack vectors I’ve mentioned time and time again: vulnerabilities (so put proper vulnerability management in place), RDP access (disable RDP and use a secure remote solution), and phishing attacks (leverage security awareness training to educate employees on how to spot malicious content). If you address these three issues, ransomware should be far less of a problem.

What KnowBe4 Customers Say

"As the Network Security Engineer for our Judicial Branch, I wanted to reach out and thank ShannonR for her time and dedication as our CSM. Implementing KnowBe4 for all Judicial Branch employees was one of my major projects this year; and Shannon did a great job in assisting with all aspects, from setting up the Phish Alert Button to running simulated phishing emails to test our employees.

Thus I would like to offer my gratitude for her efforts on our behalf. It is my request that we keep her as our CSM, but if that is not possible due to our contract requirements with our VAR, then I understand and wish her good luck with her other client accounts."
- S.J. Network Security Engineer
The 10 Interesting News Items This Week
    1. Putin Is Crushing Biden’s Room to Negotiate on Ransomware:

    2. [HUMOR] Huawei to America: "You're not taking cyber-security seriously until you let China vouch for us":

    3. BlackMatter ransomware gang rises from the ashes of DarkSide, REvil:

    4. U.S. senators target ransomware by targeting countries that allow it:

    5. New Chinese Spyware Being Used in Widespread Cyber Espionage Attacks:

    6. LockBit ransomware recruiting insiders to breach corporate networks:

    7. Gartner: "3 Actions Help You Train Employees to Be More Cybersecurity Conscious":

    8. More than 12,500 vulnerabilities disclosed in first half of 2021: Risk Based Security:

    9. Disgruntled ransomware affiliate leaks the Conti Ransomware gang’s technical manuals:

    10. WSJ: U.S. taps tech giants to bolster defenses against cyber threats after a string of high-profile cyberattacks:
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2021 KnowBe4, Inc. All rights reserved.

Subscribe To Our Blog

Cybersecurity Awareness Month Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews