CyberheistNews Vol 11 #33
Cybercriminals and nation-state actors continue to launch new smishing attacks to steal credentials and distribute malware, according to Michael Marriott, Senior Strategy and Research Analyst at Digital Shadows. Marriott describes a new Android banking Trojan called “AbereBot” that’s being sold on cybercrime forums. Since the Trojan targets mobile devices, it’s distributed via text messages.
“This is just one recent example, and barely a month goes by without another Android malware making news headlines,” Marriott says. “Back in January, for example, FluBot was reported to have spread quickly and significantly across targets. This malware was installed by SMS, in this case purporting to be from a delivery company providing a package tracking link.
Users were prompted to download an application that would enable them to track the package, however, the malicious application enabled the attacker to capture banking credentials.”
Marriott cites advice from the UK’s National Cyber Security Centre (NCSC) on how to avoid falling for these scams:
- “Only download apps from App Stores, such as the Android Play Store.
- “If you suspect you have clicked on a malicious link, reset your device to factory settings and reset credentials of any accounts that you have entered since the infection.
- “Even non-Android users should be cautious of clicking on links that may be attempting to capture credentials.
- “Beware of unsolicited texts using high-pressure tactics that introduce urgency, such as closing accounts or transferring funds, for example. When in doubt, go to the full website of the company and check notifications for your accounts there.
- “Beware of anything that forces you to log in to unrelated services, such as entering banking credentials to receive a package.
- “Always treat a message offering ‘something for nothing,’ such as winning money or prizes, as suspect, especially when you need to provide financial or other sensitive information.”
Blog post with links:
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us Wednesday, September 8 @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at new features and see how easy it is to train and phish your users.
- NEW! AI-Driven phishing and training recommendations based on your users' phishing and training history.
- NEW! Brandable Content feature gives you the option to add branded custom content to select training modules.
- NEW! Security Awareness Proficiency Assessment Benchmarks let you compare your organization’s proficiency scores with other companies in your industry.
- Did You Know? You can upload your own SCORM training modules into your account for home workers.
- Active Directory Integration to easily upload user data, eliminating the need to manually manage user changes.
Date/Time: Wednesday, September 8 @ 2:00 PM (ET)
Save My Spot!
A phishing campaign is using morse code to encode malicious attachments in order to slip past security filters, according to researchers at Microsoft. The phishing emails contain HTML attachments designed to steal credentials.
These attackers moved from using plaintext HTML code to employing multiple encoding techniques, including old and unusual encryption methods like Morse code, to hide these attack segments. Some of these code segments are not even present in the attachment itself. Instead, they reside in various open directories and are called by encoded scripts.”
(Morse code is not, of course, really encryption. It’s just another alphabetical system, but nowadays only old-school ham radio fists are likely to be fluent in Morse. And so it can function like a cipher for those not in the know.) This technique gives the emails a better chance of bypassing security technologies, since the filters are less likely to recognize the attachments as malicious.
“In effect, the attachment is comparable to a jigsaw puzzle: on their own, the individual segments of the HTML file may appear harmless at the code level and may thus slip past conventional security solutions,” the researchers write. “Only when these segments are put together and properly decoded does the malicious intent show.”
You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments and third-party vendor risk is a continuous problem.
KCM GRC is a SaaS-based platform that includes Compliance, Risk, Policy and Vendor Risk Management modules. KCM was developed to save you the maximum amount of time getting GRC done.
Join us Wednesday, September 8 @ 1:00 PM (ET), for a 30-minute live product demonstration of KnowBe4's KCM GRC platform. Plus, get a look at new compliance management features we've added to make managing your compliance projects even easier!
- NEW! Control guidance feature provides in-platform suggestions to help you create controls to meet your specific scopes and requirements.
- Vet, manage and monitor your third-party vendors' security risk requirements.
- Simplify risk management with an intuitive interface and simple workflow based on the well-recognized NIST 800-30.
- Quick implementation with pre-built compliance requirements and policy templates for the most widely used regulations.
- Dashboards with automated reminders to quickly see what tasks have been completed, not met, and past due.
Save My Spot!
We recently attended Black Hat USA 2021 this year and Erich Kron, Security Awareness Advocate for KnowBe4, sat down with Cybersecurity Ventures to give words of advice for all organizations.
The major theme of Erich's imparting wisdom was, "Don't just worry about technology, you need to worry about humans." He also mentioned that nothing has changed in the last 30 years, and that the primary target will always be employees. Erich recommends that security teams need to take additional measures such as new-school security awareness training to educate your employees.
The interview also discussed the growing threat of ransomware. Erich mentioned that backups were the only source of cybersecurity protection before ransomware started targeting larger organizations. While he recommends better email gateways to reduce phishing attacks, educating humans on the latest cyber security threats should remain the top priority.
Watch the full interview with Erich at the KnowBe4 Blog. 8 minutes, great for a break:
With email still a top attack vector, do you know if hackers can get through your mail filters? Spoofed domains, malicious attachments and executables to name a few...
Email filters have an average 7-10% failure rate where enterprise email security systems missed spam, phishing and malware attachments.
KnowBe4’s Mailserver Security Assessment (MSA) is a complimentary tool that tests your mailserver configuration by sending 40 different types of email message tests that check the effectiveness of your mail filtering rules.
Here's how it works:
- 100% non-malicious packages sent
- Select from 40 automated email message types to test against
- Saves you time! No more manual testing of individual email messages with MSA's automated send, test, and result status
- Validate that your current filtering rules work as expected
- Results in an hour or less!
Bleepingcomputer reported: "The US Cybersecurity and Infrastructure Security Agency (CISA) has released guidance to help government and private sector orgs prevent data breaches resulting from ransomware double extortion schemes.
CISA's fact sheet includes best practices for preventing ransomware attacks and protecting sensitive information from exfiltration attempts.
The federal agency issued these recommendations in response to most ransomware gangs using data stolen from their victims' networks as leverage in ransom negotiations under the threat of publishing the stolen info on dedicated leak sites.
"Ransomware is a serious and increasing threat to all government and private sector organizations, including critical infrastructure organizations," CISA said.
"All organizations are at risk of falling victim to a ransomware incident and are responsible for protecting sensitive and personal data stored on their systems."
How To Block Ransomware And Protect Data
CISA encourages organizations to implement recommendations shared in the info sheet published on Wednesday that are designed to streamline the process of preventing and responding to ransomware-caused data breaches.
Among the advice included to prevent ransomware attacks, CISA says that at-risk orgs should: (Note Bullet 4)
- Maintain offline, encrypted backups of data and regularly test backups
- Create, maintain, and exercise a basic cyber incident response plan, resiliency plan, and associated communications plan
- Mitigate internet-facing vulnerabilities and misconfigurations to reduce the attack vector
- Reduce the risk of phishing emails from reaching end users by enabling strong spam filters and implementing user awareness and training programs
- Practice good cyber hygiene (use up-to-date anti-malware solutions and application allow listing, enable MFA, and limit the number of privileged accounts)
- Implementing physical security best practices
- Implementing cybersecurity best practices (don't store sensitive data on Internet-exposed devices, encrypt sensitive info at rest and in transit, use firewalls, use network segmentation)
- Ensure your cyber incident response and communications plans include response and notification procedures for data breach incidents
Blog post with links:
Let's stay safe out there.
Founder and CEO
PS: October is Cybersecurity Awareness Month. Help your users defend against cybercrime from anywhere. Get Your Free Resource Kit Here:
- Leonardo da Vinci - Artist (1452 - 1519)
"It is only with the heart that one can see rightly; what is essential is invisible to the eye."
- Antoine de Saint-Exupéry - Novelist (1900 - 1944)
Thanks for reading CyberheistNews
Researchers at Abnormal Security have spotted a social engineering campaign in which an attacker tries to convince employees to install ransomware within their companies’ networks in exchange for a cut of the pay.
“In this latest campaign, the sender tells the employee that if they’re able to deploy ransomware on a company computer or Windows server, then they would be paid $1 million in bitcoin, or 40% of the presumed $2.5 million ransom,” the researchers write.
“The employee is told they can launch the ransomware physically or remotely. The sender provided two methods to contact them if the employee is interested, an Outlook email account and a Telegram username.”
Abnormal Security notes that this technique is unusual but potentially effective if an employee goes along with the scheme.
“Historically, ransomware has been delivered via email attachments or, more recently, using direct network access obtained through things like unsecure VPN accounts or software vulnerabilities,” the researchers write. “Seeing an actor attempt to use basic social engineering techniques to convince an internal target to be complicit in an attack against their employer was notable.”
The researchers responded to the actor to see what he would say, and determined that the crook was fairly unskilled and was using an open-source strain of ransomware. He also explained that he gathered employees’ contact information from LinkedIn.
“Throughout the conversation, the actor repeatedly tried to alleviate any hesitations we may have had by ensuring us that we wouldn’t get caught, since the ransomware would encrypt everything on the system,” the researchers write. “According to the actor, this would include any CCTV (closed-circuit television) files that may be stored on the server.
The actor also instructed us to dispose of the .EXE file and delete it from the recycle bin. Based on the actor’s responses, it seems clear that he
- expects an employee to have physical access to a server, and
- he’s not very familiar with digital forensics or incident response investigations.”
The volume of phishing attacks has increased 22% this year compared to the first half of 2020, according to researchers at PhishLabs.
“Phishing continues to be one of the top threats to enterprises with attack volume outpacing the first half of 2020 by 22%,” the researchers write. “It is the primary method used by threat actors to steal credentials, hijack accounts, and compromise organizations.
While phishing continues to thrive, social media is increasingly being used for impersonation, fraud, and other cyber threats. Threats targeting enterprises via social media grew 47% in the first half of 2021, demonstrating its emergence as a top threat vector.”
The researchers found that fraud-related attacks were the most common form of phishing on social media, while payment services and the healthcare industry were highly targeted by these attacks.
“Payment Services and Healthcare experienced the steepest increases in social media attacks per business in Q2,” the researchers write. “Payment Services, which ranked the highest of all industries, increased threat activity by over 500% when compared to Q1. Healthcare experienced the second highest increase in activity from Q1 to Q2, moving up in rank from 17th to 10th, due to a 188% increase in attacks per business in Q2.”
Crypto Attacks Grew Tenfold
PhishLabs also found that the amount of cryptocurrency-related phishing attacks grew tenfold in Q2 2021 compared to the previous quarter. Additionally, attacks targeting single sign-on (SSO) solutions rose by 40% in Q2 compared to Q1.
BEC Attacks Pose Greatest Risk
The researchers add that credential phishing and targeted attacks are the most likely to bypass security filters. “Credential theft phishing and response-based attacks, such as BEC, pose the greatest risk to corporate email users, accounting for 96% of threats found in enterprise inboxes,” PhishLabs says.
“These threats continue to evade email security controls at a high rate.” New-school security awareness training with realistic simulated phishing emails can enable your employees to thwart social engineering attacks.
PhishLabs has the story:
Lax security policies, a lack of security measures and solutions in place, and an expectation that Microsoft will address any security issues is putting organizations at risk.
Microsoft has gone to great lengths to ensure their Microsoft 365 platform offers modern security measures to keep their customers' data safe. But according to new data from cloud email security provider Hornet Security, 25% of organizations have reported a known email-based security breach, and it begs the question “why?”
According to Hornet Security, a lot of the issue resides with organizations not taking advantage of security features – whether from Microsoft or a third-party:
- 33% of organizations are not using Microsoft’s multi-factor authentication (MFA)
- Of those using MFA, 55% of organizations are not using Conditional Access which scrutinizes connection requests beyond just providing credentials and additional authentication factors
- Only 43% leverage Microsoft’s data loss prevention policies to keep data from leaving the organization
- 68% of organizations expect Microsoft to keep email safe from threats
"I am a very happy camper! You have an amazing product, great employees, our experience from sales to implementation has been flawless."
- L.N. Information Technology Manager
"Yes, it is going great. First test we had 34% failure. We are already on the 4th test and now under 6%. And on our third week of training. Watching the videos has been great. I am loving the system and the instant feedback I get. Thank you for reaching out!"
- K.M. Information Technology Director
- An undeclared war is breaking out in cyberspace. The Biden administration is fighting back:
- Senate includes over $1.9 billion for cybersecurity in infrastructure bill:
- Ransomware gangs are working with Russian intelligence services, report claims:
- Conti ransomware prioritizes revenue and cyber insurance data theft:
- Operation Secondary Infektion (sic) Continues Targeting Democratic Institutions and Regional Geopolitics:
- Malware campaign uses clever 'captcha' to bypass browser warning:
- FBI to Silicon Valley firms: your Chinese and Russian workers are spying on you:
- Half of US Hospitals Had Downtime Due to Ransomware:
- The T-Mobile Data Breach Is Much Worse Than It Had To Be:
- Hacking humans using AI as a service [VIDEO From DEFCON]:
- Your Virtual Vaca to Zermatt Switzerland Beautiful Alpine Panorama:
- Your Virtual Vaca to The World's Scariest Hike in Malaga, Spain:
- 20 Moments You Wouldn't Believe If They Weren't Recorded:
- Night BASE Jump off Burj Khalifa in Dubai:
- "PERFECT TIMING From Level 1 to Level 100". These are awesome:
- New Video: Atlas Robot Partners in Parkour:
- Inside the lab: How does Atlas work?:
- The lock-picking Lawyer breaks in again “Bank-Level Technology” vs. Magnet:
- Brutus -- The world’s most dangerous car:
- The Space Junk That Threatens Future Missions:
- Top 10 Fastest F1 Pit Stops Of 2021 So Far:
- 130 Famous Actors Next To Their Stunt Doubles. Some Look So Alike, They Could Be Their Twin:
- For Da Kids #1 - Donkey Mom Is SO Excited To See Her Baby Again:
- For Da Kids #2 - Baby Chimp Falls Asleep In Pilot's Lap While They Fly To Safety:
- For Da Kids #3 - Rescued Circus Lions Touch Grass For The First Time: