CyberheistNews Vol 11 #38 [EYE OPENER] Over 100 Million Lost to Romance/Crypto Scams in First Seven Months

CyberheistNews Vol 11 #38
[EYE OPENER] Over 100 Million Lost to Romance/Crypto Scams in First Seven Months

People in the US lost $133,400,000 to romance scams between January 1st and July 31st of 2021, according to the FBI. The average amount lost was in the tens of thousands of dollars. The scammers trick the victims into thinking they’re investing in cryptocurrencies.

“The scammer's initial contact is typically made via dating apps and other social media sites,” the FBI says. “The scammer gains the confidence and trust of the victim—through establishing an online relationship—and then claims to have knowledge of cryptocurrency investment or trading opportunities that will result in substantial profits.

The scammer directs the victim to a fraudulent website or application for an investment opportunity. After the victim has invested an initial amount on the platform and sees an alleged profit, the scammers allow the victim to withdraw a small amount of money, further gaining the victim's trust.”

The FBI explains that once the scammer has a victim on the hook, they’ll keep coming up with more reasons for the victim to send them money.

“After the successful withdrawal, the scammer instructs the victim to invest larger amounts of money and often expresses the need to ‘act fast,’” the Bureau says. “When the victim is ready to withdraw funds again, the scammers create reasons why this cannot happen. The victim is informed additional taxes or fees need paid, or the minimum account balance has not been met to allow a withdrawal.

This entices the victim to provide additional funds. Sometimes, a ‘customer service group’ gets involved, which is also part of the scam. Victims are not able to withdraw any money, and the scammers most often stop communicating with the victim after they cease to send additional funds.”

The FBI offers the following advice to help people avoid falling for these scams:
  • “Never send money, trade, or invest per the advice of someone you have solely met online
  • “Do not disclose your current financial status to unknown and untrusted individuals
  • “Do not provide your banking information, Social Security Number, copies of your identification or passport, or any other sensitive information to anyone online or to a site you do not know is legitimate
  • “If an online investment or trading site is promoting unbelievable profits, it is most likely that—unbelievable
  • “Be cautious of individuals who claim to have exclusive investment opportunities and urge you to act fast”
Blog post with links:
[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Join us Wednesday, October 6 @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.

Get a look at new features and see how easy it is to train and phish your users.
  • NEW! AI-Driven phishing and training recommendations based on your users' phishing and training history
  • NEW! Brandable Content feature gives you the option to add branded custom content to select training modules
  • NEW! Security Awareness Proficiency Assessment Benchmarks let you compare your organization’s proficiency scores with other companies in your industry
  • Did You Know? You can upload your own SCORM training modules into your account for home workers
  • Active Directory Integration to easily upload user data, eliminating the need to manually manage user changes
Find out how 40,000+ organizations have mobilized their end-users as their human firewall.

Date/Time: Wednesday, October 6 @ 2:00 PM (ET)

Save My Spot!
[HEADS UP] Why You Should Steer Clear of Social Media Quizzes

The seemingly benign quizzes asking personal details take advantage of individuals’ willingness to share and could be used to establish passwords, password hints, and more.

We’ve all seen them – quizzes on Facebook asking everything from which Harry Potter character are you, to what state were you born in, to what was your first pet’s name. It seems that none of the people answering these questions saw the scene in the movie "Now You See Me" where the main characters tricked Arthur Tressler into divulging personal information to be used later against him.

According to security vendor Avast, the new wave of social media quizzes may very well be intent on doing the same thing. “They’re meant to seem so light and fluffy that anyone looking for a boredom-killer might be amused by them. And that’s the point. The creators of these quizzes want them to appear meaningless and harmless. They want everyone to engage whimsically with them. Because in truth, many are phishing attempts at your personal data.”

Because of the seemingly innocent (and entertaining) nature of the quizzes, threat actors using such tactics can easily capture information that is often used as the source of passwords or password reset questions.

New-school security awareness training will help keep your users vigilant against such social engineering tactics.

Blog post with links:
See How You Can Get Audits Done in Half the Time, Half the Cost and Half the Stress

You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments and third-party vendor risk is a continuous problem.

KCM GRC is a SaaS-based platform that includes Compliance, Risk, Policy and Vendor Risk Management modules. KCM was developed to save you the maximum amount of time getting GRC done.

Join us Wednesday, October 6 @ 1:00 PM (ET), for a 30-minute live product demonstration of KnowBe4's KCM GRC platform. Plus, get a look at new compliance management features we've added to make managing your compliance projects even easier!
  • NEW! Control guidance feature provides in-platform suggestions to help you create controls to meet your specific scopes and requirements
  • Vet, manage and monitor your third-party vendors' security risk requirements
  • Simplify risk management with an intuitive interface and simple workflow based on the well-recognized NIST 800-30.
  • Quick implementation with pre-built compliance requirements and policy templates for the most widely used regulations
  • Dashboards with automated reminders to quickly see what tasks have been completed, not met, and past due
Date/Time: Wednesday, October 6 @ 1:00 PM (ET)

Save My Spot!
Newest iPhone Launch Is Now a Scammer's Advantage

Scammers are taking advantage of the launch of iPhone 13, according to researchers at Zscaler. The launch event was streamed live last week on Apple’s official YouTube channel, and scammers set up phony channels that impersonated Apple’s broadcast. One of these fraudulent channels had 1.3 million subscribers and over 16,000 live viewers, which added legitimacy to the scam.

The channel had a link to a phishing page, stating, “Special Event for you taking place NOW: www.2021apple[.]org.”

The link leads to a convincingly spoofed version of Apple’s website, with a page that says, “Hurry, and take part in our giveaway of 1,000 BTC! Apple have allocated a total of 1,000 BTC to be given away. Learn how to participate, and don’t miss out on your chance to get some!”

If the user clicks the button to participate, they’ll be asked to send between 0.1 BTC and 20 BTC to a Bitcoin address in order to receive double in return. The site says that 819 BTC have already been given away, which adds urgency to the scam. Zscaler notes that this scam alone was very successful before it was taken down.

“This wallet has received 1.48299884 bitcoins till now (worth around $69K),” the researchers write. “Currently, the site is taken down, and we believe it to be a short-lived attack. The huge sum collected in the bitcoin wallet in such a short period of time shows a sophisticated and highly successful attempt by the scammers.

Scammers are becoming smart and observant, and whenever such hyped events happen, they try to take advantage of this to target mass audiences. Stay away from such unofficial giveaways and do not fall for such hype-driven scams.”

Blog Post with link:
Open Source Intelligence (OSINT): Learn the Methods Bad Actors Use To Hack Your Organization

The digital age has unleashed massive amounts of personal and organizational data on the internet. No breaking through firewalls or exploiting vulnerabilities required.

It is shockingly easy to gather detailed intelligence on individuals and organizations. Everything cybercriminals need to specifically target your end users is out there for the taking. Password clues, tech stack details, and banking/credit card accounts can be found easily and through public resources. There’s even a name for it: Open Source Intelligence (OSINT).

No one knows OSINT techniques and how bad actors use them better than Rosa Smothers, former CIA Cyber Threat Analyst and Technical Intelligence Officer, now KnowBe4’s SVP of Cyber Operations and James McQuiggan, KnowBe4’s Security Awareness Advocate.

Watch Rosa and James in this on-demand webinar where you will gain insights on how to leverage OSINT to defend your organization and outthink cybercriminals!

In this webinar you’ll learn:
  • How to use OSINT techniques to gather the details you need for effective investigations
  • What specific apps and analytic techniques can enhance your research and data interpretation
  • Demonstrations of OSINT gathering techniques you can use before the cybercriminals do
  • How training your users to understand OSINT and their digital footprint can protect your organization
Learn how to use the cybercriminals’ best techniques before they do!

Watch Now!
NIST Issues Cybersecurity Framework for Ransomware Risk Management

The National Law Review has a good article about this recent addition to the NIST collection of frameworks. It pleased me to no end that "Educate employees about social engineering" was in the Top 10 recommended mitigations.

Here is an excerpt with a link to the full article below: "The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) recently issued a Ransomware Profile* identifying steps organizations can take to prevent, respond to and recover from ransomware events.

According to the profile, its “purpose…is to help organizations identify and prioritize opportunities for improving their security and resilience against ransomware attacks.” NIST encourages organizations to use the document as a guide for profiling the state of their own readiness and to identify gaps to achieve their goal.

Modeled on NIST’s Cybersecurity Framework Version 1.1, the profile provides practical guidance to organizations to protect against the ransomware threat, including the following “basic preventative steps”:
  • Use antivirus software at all times
  • Keep computers fully patched, including scheduled checks and installation of patches “as soon as feasible”
  • Segment
  • Continuously monitor directory services (and other primary user stores) for indicators of compromise or active attack
  • Use products or services to block access to server names, IP addresses, or ports and protocols that are known to be malicious or suspected to be indicators of malicious system activity
  • Allow only authorized applications—including establishing processes for reviewing, adding or removing authorized applications—on an allowlist
  • Use standard user accounts versus accounts with administrative privileges whenever possible
  • Restrict personally owned devices on work networks
  • Avoid using personal apps—like email, chat and social media—from work computers
  • Educate employees about social engineering and
  • Assign and manage credential authorization for all enterprise assets and software, and periodically verify that each account has the appropriate access only
The profile outlines steps that organizations “can take now” to help recover from a future ransomware event.

CONTINUED at Nat. Law Review:
Five Super Popular Links You May Want To Check Out

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

Quotes of the Week
"I am still learning."
- Michelangelo - Artist (1475 - 1564)

"Nobody can give you wiser advice than yourself."
- Marcus Tullius Cicero - Orator and Statesman (106 - 43 BC)

Thanks for reading CyberheistNews

Security News
[ALERT] Millions of Malicious Emails Will Slip Past Security Filters in Q4

Researchers at Tessian have published a report looking at recent trends in spear phishing attacks. The researchers found that 45% of employees said that they clicked on a phishing email while they were distracted, and 52% admitted that they make more mistakes when they’re stressed. They also determined that most phishing emails are sent in the afternoon.

“The most malicious emails are delivered around 2PM and 6PM, with very little fluctuation day-to-day (except over the weekend),” the researchers write. “This isn’t an accident. Since employees are more likely to make mistakes when they’re stressed, tired, and distracted, the second half of the workday is a bad actor’s best bet.

This is reinforced by the fact that employees are most likely to mark an email as malicious between 9AM and 1PM, before the afternoon slump. We then see a steady decline starting at 2PM, right when the bad guys are ramping up.”

The report hints that cyber criminals are doing all they can to catch their victims - most of the emails were sent during the holiday season in Q4 2020, with the last three months of the year seeing 45% more malicious emails compared to the quarter before.

The researchers also found that organizations of different sizes offer different pros and cons for attackers: larger organizations can provide a larger payout, while smaller ones are often easier to break into.

“In terms of company size, bad actors will take whatever they can get,” the researchers write. “Wondering why they don’t focus exclusively on the ‘big fish’ (i.e. enterprise)? Because smaller companies – who generally have less money to spend on cybersecurity – are often easier to infiltrate. This can be a foothold for lateral movement, especially for companies with large supply chains.”

Tessian adds that attackers have a wealth of resources at their disposal to craft targeted social engineering attacks. “Between social media, OOO messages, and (free) online tools, it’s impossibly easy for bad actors to research their targets,” Tessian says. “Armed with information about a person’s company, colleagues, and personal life, they’ll be able to craft personalized, convincing, and effective email campaigns to trick them into handing over sensitive information or transferring funds.”

Blog post with links:
Microsoft Uncovers Giant Phishing-as-a-Service Operation:

Researchers at Microsoft have identified a large phishing-as-a-service operation called “BulletProofLink” that's used more than 300,000 unique phishing domains. “With over 100 available phishing templates that mimic known brands and services, the BulletProofLink operation is responsible for many of the phishing campaigns that impact enterprises today,” Microsoft says.

“BulletProofLink (also referred to as BulletProftLink or Anthrax by its operators in various websites, ads, and other promotional materials) is used by multiple attacker groups in either one-off or monthly subscription-based business models, creating a steady revenue stream for its operators.”

Phishing-as-a-service allows inexperienced criminals to launch large-scale, sophisticated phishing campaigns. “Similar to ransomware-as-a-service (RaaS), phishing-as-a-service follows the software-as-a-service model, which requires attackers to pay an operator to wholly develop and deploy large portions or complete phishing campaigns from false sign-in page development, website hosting, and credential parsing and redistribution,” the researchers explain.

Also like some ransomware-as-a-service operations, BulletProofLink offers extensive customer support and operates like a legitimate business.

“The phishing operators list an array of services on their site along with the corresponding fees,” the researchers write. “As other researchers noted, the monthly service costs as much as $800, while other services cost about $50 dollars for a one-time hosting link. We also found that Bitcoin is a common payment method accepted on the BulletProofLink site.

In addition to communicating with customers on site accounts, the operators display various methods of interacting with them, which include Skype, ICQ, forums, and chat rooms. Like a true software business dedicated to their customers, the operators provide customer support services for new and existing customers.”

Microsoft notes that BulletProofLink uses “infinite subdomain abuse” to avoid detection by security companies. “An interesting aspect of the campaign that drew our attention was its use of a technique we call ‘infinite subdomain abuse,’ which happens when attackers compromise a website’s DNS or when a compromised site is configured with a DNS that allows wildcard subdomains,” Microsoft says.

“‘Infinite subdomains’ allow attackers to use a unique URL for each recipient while only having to purchase or compromise one domain for weeks on end.”

New-school school security awareness training can enable your employees to avoid falling for social engineering attacks.

Microsoft has the story:
From The Inside Man Creators. A Brand-New Live Action Series: "Clickbait!"

How would you like to be able to tell your users that we just released a brand new series from our partners at Twist & Shout, creators of The Inside Man?

Well, guess what? You Can! Today! The only thing better than a lunch and learn is a laugh and learn with Twist & Shout. Now live in the ModStore: a new series of 6 video modules from Twist & Shout. The name of the series is Clickbait:

From the twisted minds that brought you "Restricted Intelligence," Clickbait is the comedy sketch show that takes Information Security to a whole new multi-level universe. From a medieval castle to a shopping channel for hackers to NASA Mission Control. Confused? Just imagine a deranged toddler has got hold of the TV remote and is flicking between the channels. Was that a troll? Yes … it was. The episode names are:
  • Clickbait: Season 1 Episode 1 - Physical Security
  • Clickbait: Season 1 Episode 2 - CEO Fraud
  • Clickbait: Season 1 Episode 3 - Passwords
  • Clickbait: Season 1 Episode 4 - Ransomware
  • Clickbait: Season 1 Episode 5 - Remote Working
  • Clickbait: Season 1 Episode 6 - Phishing
Go to the ModStore in your KnowBe4 account and preview them now. :-D
What KnowBe4 Customers Say

"My name is Jeremy and I manage the Security Awareness program in my company. I'm writing to you because two of your employees deserve considerable recognition and praise for going above and beyond to meet my needs as a customer.

These employees are: TimC, a superstar CSM, and JeffG, an absolute rockstar of a support engineer.

First off, for some background: Tim has put up with me working to improve/configure our security awareness program for a while now. I'm talking about multiple calls and lots of tickets. He has been responsive every single time and done his best to make sure my issues get triaged/escalated as needed. This alone has been valuable.

More recently, I needed a considerable amount of Tim's assistance as we had a big issue regarding our user provisioning that caused a bunch of support tickets to be opened up internally at DataRobot. This is what I would consider a "high impact" issue, as it affected all 1700+ end users, and caused me a great deal of stress/concern, since to solve the issue we had to migrate our existing user base.

There were many areas of concern about the migration, that I couldn't find answers to in the documentation alone. I let Tim know this. He diligently took notes about my concerns, reassured me that we'd get this figured out, and after a few emails back and forth, from stage left, entered Jeff Gelinas.

Jeff hopped on multiple calls with both my IAM Administrator and myself, to allay my concerns, respond to my questions, and to ultimately solve the problem thus completing a very successful migration! He went above and beyond, staying outside of business hours to complete the test migration, AND he kept TimC aware of the migration status along the way.

Bottom line: he went above and beyond to make sure the migration was completed and that it resolved our existing user issues….and he did all of this with a bright smile and energy that made “work” feel like I was chatting with a friend.

Example - we were waiting while the user provisioning changes propagated into my KMSAT console, and I saw he had his CISSP certification, which is a certification I am studying for, myself. Without hesitation, he shared with me a particular resource for training that he used! That meant a lot and is something I have not experienced with ANY other SaaS vendor!

All-in-all: With Tim helping me get the right resources to solve our issues and with Jeff's expertise and demeanor, we not only solved the user provisioning issue, but did so with great ease. As Tim and Jeff can tell you, I left this interaction with a bright beaming smile on my face, and an extremely positive impression of KnowBe4!

Takeaway for Leadership at KnowBe4: In an era of many companies attempting to emulate Zappos level of customer service, I was fortunate enough to experience the same level of customer service and care, at a SaaS vendor... which in my years of experience with SaaS vendors, is absolutely unheard of.

As leaders you should be proud for encouraging these types of interactions, and if you're wondering whether or not you should keep Tim & Jeff - the answer is wholeheartedly, YES! They deserve some recognition and promotion! Please reach out if you would like to know more."
- R.J. Information Security Coordinatory
The 10 Interesting News Items This Week
    1. FBI, CISA, and NSA Warn Of Escalating Conti Ransomware Attacks:

    2. Windows default hidden file extension feature used in real world by advanced attacker:

    3. How to Protect Against Deepfake Attacks and Extortion:

    4. Republican Governors Association email server breached by state hackers:

    5. After Biden Warning, Hackers Define ‘Critical’ as They See Fit:

    6. Europol Breaks Open Extensive Mafia Cybercrime Ring:

    7. The US Treasury issued its first-ever sanctions against a crypto exchange for aiding ransomware attacks:

    8. Report: FBI Had Ransomware Decryption Key For Weeks Before Giving It To Victims:

    9. Why Cybersecurity Awareness Must Include The Entire Web Supply Chain:

    10. How internet pioneer Vint Cerf illuminated Google’s misinformation mess:
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2021 KnowBe4, Inc. All rights reserved.

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews