CyberheistNews Vol 11 #40 [Heads Up] The New James Bond Movie Is Cybercriminals Shiniest Phishbait




CyberheistNews Vol 11 #40
[Heads Up] The New James Bond Movie Is Cybercriminals Shiniest Phishbait

Cybercriminals are using the new James Bond movie, No Time to Die, as phishbait. Researchers at Kaspersky warn that malicious ads and phishing sites are claiming, falsely, to offer free access to the full movie. The sites display the beginning of the movie, and then ask users to enter their credit card information to continue watching.

“When users visit a website in the hope of watching the long-awaited No Time to Die movie, they will be asked to register their details after seeing the first few minutes of the latest film. During the registration, victims would be required to enter their credit card information. However, after registration is complete, the user might not be able to continue watching. Money is debited from their card and the payment data ends up in the fraudster’s hands.”

Tatyana Shcherbakova, a security expert at Kaspersky, stated that phishing campaigns commonly use popular movie releases as phishing material.

“With the premieres of new films and TV series moving online, this has fueled interest not only for cinephiles but also among scammers and fraudsters. Inevitably, such a long-awaited premiere as ‘No Time to Die’ causes a stir,” Shcherbakova said. “Users should be alert to the pages they visit, not download files from unverified sites and be careful with who they share personal information.”

Blog post with link:
https://blog.knowbe4.com/new-james-bond-movie-is-cybercriminals-shiniest-phishbait
5 Things You Need To Know About Ransomware Before It's Too Late

Cybercriminals have become thoughtful about ransomware attacks; taking time to maximize your organization’s potential damage and their payoff. And few organizations are prepared to address this growing threat. How can you make sure you aren’t caught off guard when, not if, ransomware gangs put your organization in their sights?

Join us for this thought-provoking webinar hosted by Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist. He’ll teach you what you can do now to help prevent, detect, and mitigate ransomware threats.

In this session you’ll learn:
  1. What are the root causes of ransomware?
  2. Who really are the ransomware gangs?
  3. Is it even legal to pay the ransom?
  4. How can you best prevent your data from being exfiltrated?
  5. What can you expect from cyber insurance coverage?
Earn CPE credit for attending. Get the information you need to know now before it’s too late!

Date/Time: TOMORROW, Wednesday, October 13 @ 2:00 PM (ET)

Save My Spot!
https://event.on24.com/wcc/r/3449909/EF349313F4676ED6D85A26C36C09EA50?partnerref=CHN2
Telecom Company Responsible for Routing Billions of Text Messages Annually Acknowledges Multi-Year Breach

Mentioned in passing as part of a Securities and Exchange Commission (SEC) filing, Syniverse admits to hackers having access for five years, potentially impacting millions of mobile phone users worldwide.

In the middle of a recent 837-page SEC filing, telecom company Syniverse mentioned to shareholders of a 2016 data breach that was only discovered earlier this year. Under the topic of how breaches, lapses in data privacy, and other damages to IT operations could impact Syniverse’s business operations, Syniverse acknowledged the 2016 breach flippantly, presenting it merely as “an example.” From the filing (emphasis is mine):

For example, in May 2021, Syniverse became aware of unauthorized access to its operational and information technology systems by an unknown individual or organization (the “May 2021 Incident”). Promptly upon Syniverse’s detection of the unauthorized access, Syniverse launched an internal investigation, notified law enforcement, commenced remedial actions and engaged the services of specialized legal counsel and other incident response professionals. Syniverse has conducted a thorough investigation of the incident.

The results of the investigation revealed that the unauthorized access began in May 2016. Syniverse’s investigation revealed that the individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (“EDT”) environment was compromised for approximately 235 of its customers. All EDT customers have been notified and have had their credentials reset or inactivated, even if their credentials were not impacted by the incident. All customers whose credentials were impacted have been notified of that circumstance.


It’s not clear exactly how hackers were able to compromise the Syniverse network, but, for perspective, I’ve covered how the average dwell time for recent ransomware attacks is 13 days – whereas the Syniverse breach lasted 5 years (1825 days)! The filing does mention “All customers whose credentials were impacted have been notified of that circumstance,” which denotes that credentials were compromise and lateral movement is likely.

The potential access gained, data exfiltrated, systems misused, and damage done is incalculable – despite Syniverse’s claims that “there was no attempt to monetize the unauthorized activity.” Cyber forensics is only as good as the logging that exists and whether the threat actor worked to delete their trail.

This attack is a reminder that the best position in a data breach is to be so well-protected the breach never happens. And, given it took Syniverse’s IT team 5 years to even identify the attack, it’s also a reminder that your security strategy needs to include detection and remediation, in addition to prevention and protection.

Blog post:
https://blog.knowbe4.com/telecom-company-responsible-for-routing-billions-of-text-messages-annually-acknowledges-multi-year-breach
[New PhishER Feature] Turn the Tables on the Cybercriminals With PhishFlip

Cybercriminals are always coming up with new, devious phishing techniques to trick your users. PhishFlip is a new PhishER feature that allows you to respond in real time and turn the tables on these threat actors. With PhishFlip, you can now immediately ‘flip’ a dangerous attack into an instant real-world training opportunity for your users.

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. You can now combine your existing PhishRIP email quarantine capability with the new PhishFlip feature which automatically replaces active phishing threats with a new defanged look-alike back into your users’ mailbox.

The new PhishFlip feature is included in PhishER—yes you read that right, no extra cost— so now you can turn the tables on these threat actors and flip targeted phishing attacks into a simulated phishing test for all users. This new feature dramatically reduces data breach risk and the burden on your IT and InfoSec teams.

See how you can best manage your user-reported messages.

Join us Wednesday, October 20 @ 2:00 PM (ET) for a live 30-minute demonstration of the PhishER product including our new PhishFlip feature. With PhishER you can:
  • NEW! Automatically flip active phishing attacks into safe simulated phishing campaigns with PhishFlip. You can even replace active phishing emails with safe look-alikes in your user’s inbox.
  • Easily search, find, and remove email threats with PhishRIP, PhishER’s email quarantine feature for Microsoft 365 and G Suite
  • Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
  • Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
  • Easy integration with KnowBe4’s email add-in button, Phish Alert, or forwarding to a mailbox works too!
Find out how adding PhishER can be a huge time-saver for your Incident Response team!

Date/Time: Wednesday, October 20 @ 2:00 PM (ET)

Save My Spot!
https://event.on24.com/wcc/r/3380629/7FD1E91262E518711A539EDD24457D8D?partnerref=CHN
Framing the Social Engineering Risk in Business Terms

C-suite employees need to understand the risk posed by social engineering attacks, according to CSO. Terry Thompson, adjunct instructor in cybersecurity at Johns Hopkins University, told CSO that business email compromise (BEC) can expose an organization to “ransomware, email spoofing, and related threats.”

Alex Holden, founder and CISO at Hold Security, told CSO that executives are particularly valuable targets since their accounts are more likely to hold sensitive information.

“In many cases of BEC, the cybercriminals would find critical/confidential data inside the emails of C-suite victims,” Holden said. Holden added that executives needed to be even more vigilant than regular employees.

“C-suite members are not regular employees; they are the most prominent employees,” Holden said. “They are role models and not above the rules. They are supposed to be the most protected individuals in the company. They may need more reminders to lead the cyber security initiatives by example and not to be the exception.”

Holden added that despite this, executives sometimes tend to take security shortcuts, putting themselves (and their organizations) at risk.

“[C-suite executives] are more likely to change technology and more likely to insist on breaking the rules,” Holden said. “They are also more prominent and therefore easier to target and imitate for abuse.”

Michael Del Giudice, principal in the consulting group at Crowe, told CSO that a defense-in-depth strategy is essential for preventing these attacks. In addition to training employees to be on the lookout for social engineering attacks, organizations should also require multi-factor authentication in case an attacker manages to get their hands on a password.

“Complementing that with technical controls, implementing things like MFA on email so even if they do get credentials it will still prevent them from authenticating,” Del Giudice said.

Executives and boards understand business risk. Cyber threats that operate through social engineering can be pigeonholed as matters of personal risk. But in fact they represent a clear business risk, and often the kind of business risks that an organization’s leaders are well-positioned to manage.

Framing the risk of social engineering as a business risk is an important first step in managing that risk. New-school security awareness training for executives will help them avoid falling for targeted social engineering attacks.

Blog post with links:
https://blog.knowbe4.com/framing-the-social-engineering-risk-in-business-terms
Can You Be Spoofed?

Are you aware that one of the first things hackers try is to see if they can spoof the email address of someone in your own domain?

Now they can launch a "CEO fraud" spear phishing attack on your organization, and that type of attack is very hard to defend against, unless your users are highly ‘security awareness’ trained. KnowBe4 can help you find out if this is the case with our free Domain Spoof Test.

Find out now if your email server is configured correctly, many are not!
  • This is a simple, non-intrusive "pass/fail" test.
  • We will send a spoofed email "from you to you".
  • If it makes it through into your inbox, you know you have a problem.
  • You'll know within 48 hours!
Try to Spoof Me!
https://info.knowbe4.com/domain-spoof-test-1-chn

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

PS: Here are your 52 KnowBe4 Fresh Content Updates from September:
https://blog.knowbe4.com/your-knowbe4-fresh-content-updates-from-september



Quotes of the Week
"Reflect upon your present blessings - of which every man has many - not on your past misfortunes, of which all men have some."
- Charles Dickens - Writer (1812 - 1870)


"The key to success is going to bed a little smarter each day."
- Warren Buffett - Investor (1930 - )



Thanks for reading CyberheistNews

Security News
Social Engineering Campaign Impersonates Amnesty International

Researchers at Cisco Talos have found a malicious website that’s impersonating Amnesty International to deliver the Sarwent remote access Trojan. The convincingly spoofed website offers a phony antivirus product that purports to protect users against NSO Group’s Pegasus spyware, which Amnesty International has recently spoken out against.

“Sarwent contains the usual abilities of a remote access tool (RAT) — mainly serving as a backdoor on the victim machine — and can also activate the remote desktop protocol on the victim machine, potentially allowing the adversary to access the desktop directly,” the researchers write.

“We believe this campaign has the potential to infect many users given the recent spotlight on the Pegasus spyware. In addition to Amnesty International's report, Apple also had to recently release a security update for iOS that patched a vulnerability attackers were exploiting to install Pegasus. Many users may be searching for protection against this threat at this time.”

The researchers don’t know if the website is being shared through phishing or if it’s intended to act as a watering-hole site. “It is clear the actor is attempting to deceive concerned users into downloading and installing the fake anti-virus,” Cisco Talos says. “However, we haven't yet seen a malicious advertisement or phishing campaign to promote the fake, and have no information currently on how the actor intends to attract targets to the fraudulent website they are using to distribute the malware.”

The researchers also aren’t sure who’s behind the campaign or what they’re after. They observe that since Pegasus is used exclusively by governments, it’s possible that a state-sponsored actor is using this website to target people who are concerned about being targeted by the spyware.

“Given the available data, we remain uncertain about the intentions of the actor,” the researchers write. “The use of Amnesty International's name, an organization whose work often puts it at odds with governments around the world, as well as the Pegasus brand, a malware that has been used to target dissidents and journalists on behalf of governments, certainly raises concerns about who exactly is being targeted and why.

However our investigation has not found any other supporting data to make clear whether this is a financially motivated actor using headlines to gain new access, or a state supported actor going after targets who are rightfully concerned about the threat Pegasus presents to them.”

Cisco Talos has the story:
https://blog.talosintelligence.com/2021/09/fakeantipegasusamnesty.html
Phishing: Low- Middle- and High-Level Sophistication

Phishing attacks have varying levels of technical sophistication, according to Mark Nicholls from Redscan. In an article published by ITProPortal, Nicholls explains that the lowest level of phishing attacks are simple emails designed to rope a victim into a scam.

“The most basic phishing emails are designed to establish a relationship with the target,” Nicholls says. “There are no links or malicious attachments to open. The phish is simply a primer for future communications, such as requests for payment. Messages are typically plain text and sent via widely used email services such as Gmail, which means they are very likely to bypass mail filters rather than be marked as spam. The sender’s name used is often a senior person within an organization, such as the CEO.”

More sophisticated phishing campaigns involve setting up spoofed websites and luring victims into entering sensitive information or downloading malware. “To conduct mid-level phishing campaigns, attackers use basic hacking tactics, techniques and procedures,” Nicholls says. “A very common technique involves cybercriminals purchasing a private domain and using it to host a landing page that is cloned from a legitimate website.

It’s a more sophisticated version of copy and paste, but with the right know-how is quick to perform. With a cloned site set-up, an attacker will email their target, share a link to the fake page and lure them into entering their details.”

The most sophisticated and damaging attacks are highly targeted phishing operations that involve a great deal of preparation and intelligence gathering on specific organizations and employees. “Highly skilled cybercriminals use similar techniques to mid-level attackers,” Nicholls writes. “However, they are more skillful and better-resourced, making their attacks increasingly challenging to safeguard against.

The professionals that create and leverage advanced phishing campaigns such as Business Email Compromise (BEC) attacks conduct extensive open-source intelligence gathering on their targets. This involves profiling individuals but also the organizations they work for. Job advertisements are often a good source of information, disclosing details about the types of systems, apps and security tools organizations use.”

Blog post with links:
https://blog.knowbe4.com/phishing-low-middle-and-high-level
What KnowBe4 Customers Say

"I just wanted to let you know the reasons why we decided to go with (you) KnowBe4. After going over the final two companies that we were testing. It came down to just one thing that made you get the contract for us. You were able to be competitive with pricing but you still cost more. You had very similar abilities with training, content and platforms.

But where you were hands down the best choice for me was Customer Service. If it were not for your driving force and all of the help and follow-through, and with your customer support team, we would have gone in a different direction. I just wanted to say thank you and look forward to working with you for years to come. Have a great day."
- C.B., IT System Administrator
The 10 Interesting News Items This Week
    1. NSA director expects to still be facing ransomware attacks 'every single day' in five years:
      https://thehill.com/policy/cybersecurity/575386-nsa-director-expects-to-be-facing-ransomware-attacks-every-single-day-in

    2. Rep. Katko introduces bill that would prioritize security for key US critical infrastructure:
      https://www.cyberscoop.com/katko-sici-cisa-cyberspace-solarium-commission/

    3. UK plans to invest £5 billion in retaliatory cyber-attacks:
      https://www.bleepingcomputer.com/news/security/uk-plans-to-invest-5-billion-in-retaliatory-cyber-attacks/

    4. New Python ransomware targets virtual machines, ESXi hypervisors to encrypt disks:
      https://www.zdnet.com/article/new-python-ransomware-targets-virtual-machines-esxi-hypervisor-to-encrypt-disks/

    5. Bipartisan Senate committee drops new FISMA reform bill:
      https://fcw.com/articles/2021/10/04/peters-portman-fisma-update-cyber.aspx

    6. Dark Reading: North American Orgs Hit With an Average of 497 Cyberattacks per Week:
      https://www.darkreading.com/attacks-breaches/north-american-orgs-experience-497-attacks-per-week-on-average-currently

    7. CISA aims to fill all 50 statewide cyber coordinator posts by year’s end:
      https://therecord.media/cisa-aims-to-fill-all-50-statewide-cyber-coordinator-posts-by-years-end/

    8. Deputy Attorney General Lisa Monaco promised to use an existing law to go after contractors that don't follow required cybersecurity standards:
      https://www.nextgov.com/cybersecurity/2021/10/doj-hit-government-contractors-very-hefty-fines-if-they-fail-disclose-data-breaches/185894/

    9. Microsoft: Russia Dominates State-Sponsored Attacks:
      https://www.infosecurity-magazine.com/news/microsoft-russia-dominates-attacks/

    10. Offshore havens and hidden riches of world leaders and billionaires exposed in unprecedented leak:
      https://www.icij.org/investigations/pandora-papers/global-investigation-tax-havens-offshore/
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2021 KnowBe4, Inc. All rights reserved.

Subscribe To Our Blog


Cybersecurity Awareness Month Resource Kit




Get the latest about social engineering

Subscribe to CyberheistNews