CyberheistNews Vol 12 #03
FBI: Beware of a New Google Voice Authentication Scam – Even if You Don’t Use Google Voice! 
A new advisory warns of a scam that can affect literally anyone designed as a precursor to additional vishing scams and/or to perform Gmail account takeovers.
If you’re unfamiliar with Google Voice, it is a service where Google provides you with a virtual phone number so you can make and receive calls and texts. Assuming you are unfamiliar with it, you may be wondering what’s all the excitement about?
According to a new FBI advisory entitled “Building a Digital Defense Against Google Voice Authentication Scams,” the FBI outlines a scam that involves a threat actor responding to a personal ad – they use the example of selling a couch on craigslist or some other site – and says they want to make sure you are legitimate so they don’t get scammed by sending you an authentication code from Google.
What’s really happening is the scammer is setting up Google Voice using your phone number as the primary number and using you to assist them with Google’s authentication process during setup.
Blog post with more details and links:
https://blog.knowbe4.com/fbi-beware-of-a-new-google-voice-authentication-scam-even-if-you-dont-use-google-voice
A new advisory warns of a scam that can affect literally anyone designed as a precursor to additional vishing scams and/or to perform Gmail account takeovers.
If you’re unfamiliar with Google Voice, it is a service where Google provides you with a virtual phone number so you can make and receive calls and texts. Assuming you are unfamiliar with it, you may be wondering what’s all the excitement about?
According to a new FBI advisory entitled “Building a Digital Defense Against Google Voice Authentication Scams,” the FBI outlines a scam that involves a threat actor responding to a personal ad – they use the example of selling a couch on craigslist or some other site – and says they want to make sure you are legitimate so they don’t get scammed by sending you an authentication code from Google.
What’s really happening is the scammer is setting up Google Voice using your phone number as the primary number and using you to assist them with Google’s authentication process during setup.
Blog post with more details and links:
https://blog.knowbe4.com/fbi-beware-of-a-new-google-voice-authentication-scam-even-if-you-dont-use-google-voice
Nuclear Ransomware 3.0: We Thought It Was Bad and Then It Got Even Worse
We thought it was bad enough when traditional ransomware started to steal data in its second generation of evolution, now dubbed "double extortion." The third stage of ransomware is beginning to happen now and will make us wish for the good, old days of Ransomware 2.0.
Attend this presentation to learn how ransomware is evolving to inflict maximum damage and more importantly how to protect yourself and your organization.
Roger A. Grimes, Data-Driven Defense Evangelist at KnowBe4, was among the first to warn the world about Nuclear Ransomware 2.0 - the almost accidental attacks that became a storm.
Here is his latest early warning.
In this webinar you'll learn:
Date/Time: TOMORROW, Wednesday, January 19 @ 2:00 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/3595333/3318DFF1679F8E5CA7545BAE970CC43D?partnerref=CHN2
Can't attend live? No worries — register now and you will receive a link to view the presentation on-demand afterwards.
We thought it was bad enough when traditional ransomware started to steal data in its second generation of evolution, now dubbed "double extortion." The third stage of ransomware is beginning to happen now and will make us wish for the good, old days of Ransomware 2.0.
Attend this presentation to learn how ransomware is evolving to inflict maximum damage and more importantly how to protect yourself and your organization.
Roger A. Grimes, Data-Driven Defense Evangelist at KnowBe4, was among the first to warn the world about Nuclear Ransomware 2.0 - the almost accidental attacks that became a storm.
Here is his latest early warning.
In this webinar you'll learn:
- How ransomware is evolving beyond double extortion, what's coming next
- The likely end-state of ransomware and how it will extract maximum value from each victim
- Proven best practice defenses that you need to follow to avoid becoming a victim
- How to empower your users to be the best, last line of defense when everything else fails
Date/Time: TOMORROW, Wednesday, January 19 @ 2:00 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/3595333/3318DFF1679F8E5CA7545BAE970CC43D?partnerref=CHN2
Can't attend live? No worries — register now and you will receive a link to view the presentation on-demand afterwards.
KB4-CON, Knowbe4’s Annual User Conference, Returns To In-Person Learning for 2022!
From the seemingly overnight transition to all-virtual events to the evolution of hybrid conferences (both virtual and limited in-person attendance), events and conferences have had an odd couple of years given the global pandemic, much like everything else.
And while there is clearly value to virtual events, specifically the accessibility of events to everyone and everywhere, what’s really been missed is the engagement and human connection that we get with in-person events.
Within that context, we’ve made the decision to bring back our annual KnowBe4 user conference to be a fully in-person experience taking place April 20-22 at the beautiful Gaylord Palms Resort & Convention Center in Orlando, Florida.
Our KB4-CON Keynote will be Nicole Perlroth, who has covered cybersecurity and digital espionage for The New York Times for over a decade. She recently released The New York Times bestseller, This Is How They Tell Me The World Ends. She will share thrilling stories of the cyberweapons market – the most secretive, invisible, government-backed market on earth – and a terrifying first look at a new kind of global warfare.
You’ll also hear from top-notch speakers such as:
https://knowbe4.cventevents.com/o75l1V
Learn more about the event:
https://www.knowbe4.com/kb4-con
From the seemingly overnight transition to all-virtual events to the evolution of hybrid conferences (both virtual and limited in-person attendance), events and conferences have had an odd couple of years given the global pandemic, much like everything else.
And while there is clearly value to virtual events, specifically the accessibility of events to everyone and everywhere, what’s really been missed is the engagement and human connection that we get with in-person events.
Within that context, we’ve made the decision to bring back our annual KnowBe4 user conference to be a fully in-person experience taking place April 20-22 at the beautiful Gaylord Palms Resort & Convention Center in Orlando, Florida.
Our KB4-CON Keynote will be Nicole Perlroth, who has covered cybersecurity and digital espionage for The New York Times for over a decade. She recently released The New York Times bestseller, This Is How They Tell Me The World Ends. She will share thrilling stories of the cyberweapons market – the most secretive, invisible, government-backed market on earth – and a terrifying first look at a new kind of global warfare.
You’ll also hear from top-notch speakers such as:
- Kevin Mitnick, The World’s Most Famous Hacker and KnowBe4’s Chief Hacking Officer, will deliver a demonstration of some of the latest hacking methods and exploits
- Robert Bigman, the CIA’s first-ever CISO, will share lessons learned from four decades worth of cyber battles and his experience with the CIA
https://knowbe4.cventevents.com/o75l1V
Learn more about the event:
https://www.knowbe4.com/kb4-con
[New PhishER Feature] Turn the Tables on the Cybercriminals with PhishFlip
Cybercriminals are always coming up with new, devious phishing techniques to trick your users. PhishFlip is a new PhishER feature that allows you to respond in real time and turn the tables on these threat actors. With PhishFlip, you can now immediately ‘flip’ a dangerous attack into an instant real-world training opportunity for your users.
Your users are likely already reporting potentially dangerous emails in some fashion within your organization. You can now combine your existing PhishRIP email quarantine capability with the new PhishFlip feature which automatically replaces active phishing threats with a new defanged look-alike back into your users’ mailbox.
The new PhishFlip feature is included in PhishER—yes you read that right, no extra cost— so now you can turn the tables on these threat actors and flip targeted phishing attacks into a simulated phishing test for all users. This new feature dramatically reduces data breach risk and the burden on your IT and InfoSec teams.
See how you can best manage your user-reported messages.
Join us Wednesday, January 26 @ 2:00 PM (ET) for a live 30-minute demonstration of the PhishER product including our new PhishFlip feature. With PhishER you can:
Date/Time: Wednesday, January 26 @ 2:00 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/3576188/FA09F0A5C2F096098B9041A69E43FDB8?partnerref=CHN
Cybercriminals are always coming up with new, devious phishing techniques to trick your users. PhishFlip is a new PhishER feature that allows you to respond in real time and turn the tables on these threat actors. With PhishFlip, you can now immediately ‘flip’ a dangerous attack into an instant real-world training opportunity for your users.
Your users are likely already reporting potentially dangerous emails in some fashion within your organization. You can now combine your existing PhishRIP email quarantine capability with the new PhishFlip feature which automatically replaces active phishing threats with a new defanged look-alike back into your users’ mailbox.
The new PhishFlip feature is included in PhishER—yes you read that right, no extra cost— so now you can turn the tables on these threat actors and flip targeted phishing attacks into a simulated phishing test for all users. This new feature dramatically reduces data breach risk and the burden on your IT and InfoSec teams.
See how you can best manage your user-reported messages.
Join us Wednesday, January 26 @ 2:00 PM (ET) for a live 30-minute demonstration of the PhishER product including our new PhishFlip feature. With PhishER you can:
- NEW! Automatically flip active phishing attacks into safe simulated phishing campaigns with PhishFlip. You can even replace active phishing emails with safe look-alikes in your user’s inbox.
- Easily search, find, and remove email threats with PhishRIP, PhishER’s email quarantine feature for Microsoft 365 and G Suite
- Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
- Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
- Easy integration with KnowBe4’s email add-in button, Phish Alert, or forwarding to a mailbox works too
Date/Time: Wednesday, January 26 @ 2:00 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/3576188/FA09F0A5C2F096098B9041A69E43FDB8?partnerref=CHN
U.S. Government Warns of More Cyberattacks Targeting Critical Infrastructure
A new joint cybersecurity advisory from CISA, the FBI, and the NSA cautions organizations against Russian-based attacks and provides mitigations to be implemented.
It’s one thing to see an advisory that simply says “hey, we’re seeing bunch more attacks.” But when you also see eight pages of recommended security measures and a statement encouraging “the cybersecurity community—especially critical infrastructure network defenders—to adopt a heightened state of awareness and to conduct proactive threat hunting,” you know they know something you don’t.
This is exactly what is in yesterday’s cybersecurity advisory entitled “Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure.”
While the advisory isn’t focused on a specific threat, it does begin with some general statements of what’s been observed:
Blog post with full CISA advisory, recommendations and links:
https://blog.knowbe4.com/u.s.-government-warns-of-more-cyberattacks-targeting-critical-infrastructure
A new joint cybersecurity advisory from CISA, the FBI, and the NSA cautions organizations against Russian-based attacks and provides mitigations to be implemented.
It’s one thing to see an advisory that simply says “hey, we’re seeing bunch more attacks.” But when you also see eight pages of recommended security measures and a statement encouraging “the cybersecurity community—especially critical infrastructure network defenders—to adopt a heightened state of awareness and to conduct proactive threat hunting,” you know they know something you don’t.
This is exactly what is in yesterday’s cybersecurity advisory entitled “Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure.”
While the advisory isn’t focused on a specific threat, it does begin with some general statements of what’s been observed:
“Historically, Russian state-sponsored advanced persistent threat (APT) actors have used common but effective tactics—including spearphishing, brute force, and exploiting known vulnerabilities against accounts and networks with weak security—to gain initial access to target networks.
Russian state-sponsored APT actors have also demonstrated sophisticated tradecraft and cyber capabilities by compromising third-party infrastructure, compromising third-party software, or developing and deploying custom malware. The actors have also demonstrated the ability to maintain persistent, undetected, long-term access in compromised environments—including cloud environments—by using legitimate credentials.”Even if you’re not a “critical infrastructure” organization, this advisory is solid reading. It offers real-world examples of Russia-based attacks, vulnerabilities used, observed tactics and techniques mapped to the MITRE ATT&CK Framework, and practical guidance to shore up your Detection, Incident Response, and Mitigation efforts.
Blog post with full CISA advisory, recommendations and links:
https://blog.knowbe4.com/u.s.-government-warns-of-more-cyberattacks-targeting-critical-infrastructure
KnowBe4 Named a 2021 Gartner® Peer Insights™ Customers’ Choice for Security Awareness Computer-Based Training
KnowBe4 is excited to announce that we have been recognized as an overall Customers’ Choice in the December 2021 Gartner Peer Insights ‘Voice of the Customer’: Security Awareness Computer-Based Training Report. KnowBe4 also received two additional category distinctions across Company Size and Deployment Region, including Customers’ Choice Midsize Enterprise and Customers’ Choice North America.
We believe that being named a “Customers’ Choice” for Security Awareness Computer-Based Training (CBT) represents the commitment we have towards our customers in providing a world-class product with an outstanding customer experience to support it.
With over 1800 customer reviews*, the largest volume in the Security Awareness CBT category on the Gartner Peer Insights review site, we believe that being named a Customers’ Choice vendor validates this commitment to our customers and ability to carry out our mission. We enable organizations and their users to make smarter security decisions – every day.
Read the Gartner Peer Insights ‘Voice of the Customer’: Security Awareness Computer-Based Training report to see what customers have to say about using KnowBe4.
Download Your Complimentary Copy of the Report Now!
https://info.knowbe4.com/gartner-peer-insights-voice-of-customer-security-awareness-cbt-chn
KnowBe4 is excited to announce that we have been recognized as an overall Customers’ Choice in the December 2021 Gartner Peer Insights ‘Voice of the Customer’: Security Awareness Computer-Based Training Report. KnowBe4 also received two additional category distinctions across Company Size and Deployment Region, including Customers’ Choice Midsize Enterprise and Customers’ Choice North America.
We believe that being named a “Customers’ Choice” for Security Awareness Computer-Based Training (CBT) represents the commitment we have towards our customers in providing a world-class product with an outstanding customer experience to support it.
With over 1800 customer reviews*, the largest volume in the Security Awareness CBT category on the Gartner Peer Insights review site, we believe that being named a Customers’ Choice vendor validates this commitment to our customers and ability to carry out our mission. We enable organizations and their users to make smarter security decisions – every day.
Read the Gartner Peer Insights ‘Voice of the Customer’: Security Awareness Computer-Based Training report to see what customers have to say about using KnowBe4.
Download Your Complimentary Copy of the Report Now!
https://info.knowbe4.com/gartner-peer-insights-voice-of-customer-security-awareness-cbt-chn
*Reviews are current as of December 29, 2021 Gartner Peer Insights ‘Voice of the Customer’: Security Awareness Computer-Based Training, Peer Contributors, 24th December 2021
Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.
The GARTNER PEER INSIGHTS CUSTOMERS’ CHOICE badge is a trademark and service mark of Gartner, Inc., and/or its affiliates, and is used herein with permission. All rights reserved. Gartner Peer Insights Customers’ Choice constitute the subjective opinions of individual end-user reviews, ratings, and data applied against a documented methodology; they neither represent the views of, nor constitute an endorsement by, Gartner or its affiliates.
“Information Disorder”: Giving a Name to One of the Most Impactful Parts of Phishing Scams
At the core of every phishing scam is a combination of a bunch of lies and (sometimes) a few truths. A new focus on better defining the misuse of information provides insight into why phishing works.
We’ve long known that phishing scams are all based on the sender pretending they are someone they’re not, asking for something they don’t need, sent to someone they don’t know. Add in spear phishing and some of the “truths” begin to show up – seemingly legitimate requests being appropriately made of the right person within an organization. Add in BEC attacks and you might even see the “truth” of the phishing email coming from the sender’s actual email account.
In the world of phishing, this misuse of information is what makes these attacks so effective. But it’s tough to attack something that is more a concept. So, I loved it when I saw that the Council of Europe has provided some definitions around what they call “Information Disorder.” There are three types of information disorder, of which two apply in the work of cyber attacks:
Blog post with more information and links:
https://blog.knowbe4.com/information-disorder-giving-a-name-to-one-of-the-most-impactful-parts-of-phishing-scams
Let's stay safe out there.
At the core of every phishing scam is a combination of a bunch of lies and (sometimes) a few truths. A new focus on better defining the misuse of information provides insight into why phishing works.
We’ve long known that phishing scams are all based on the sender pretending they are someone they’re not, asking for something they don’t need, sent to someone they don’t know. Add in spear phishing and some of the “truths” begin to show up – seemingly legitimate requests being appropriately made of the right person within an organization. Add in BEC attacks and you might even see the “truth” of the phishing email coming from the sender’s actual email account.
In the world of phishing, this misuse of information is what makes these attacks so effective. But it’s tough to attack something that is more a concept. So, I loved it when I saw that the Council of Europe has provided some definitions around what they call “Information Disorder.” There are three types of information disorder, of which two apply in the work of cyber attacks:
- Mis-information - when false information is shared, but no harm is meant
- Dis-information - when false information is knowingly shared to cause harm
- Mal-information - when genuine information is shared to cause harm, often by moving information designed to stay private into the public sphere
Blog post with more information and links:
https://blog.knowbe4.com/information-disorder-giving-a-name-to-one-of-the-most-impactful-parts-of-phishing-scams
Let's stay safe out there.
Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc
PS: I am happy to share with you that KnowBe4's thought leadership is now on the United Nations website!
https://meetings.unoda.org/section/oewg-ict-2021_ngo-information_16382_ngo-information_16633/
Quotes of the Week
"Times and conditions change so rapidly that we must keep our aim constantly focused on the future."
- Walt Disney - Animator (1901 - 1966)
"The important thing is not to stop questioning. Curiosity has its own reason for existing."
- Albert Einstein - Physicist (1879 - 1955)
Thanks for reading CyberheistNews
- Walt Disney - Animator (1901 - 1966)
"The important thing is not to stop questioning. Curiosity has its own reason for existing."
- Albert Einstein - Physicist (1879 - 1955)
Thanks for reading CyberheistNews
The 7 Interesting News Items This Week
- Inside a Ransomware Hit at Nordic Choice Hotels:
https://www.wsj.com/articles/inside-a-ransomware-hit-at-nordic-choice-hotels-11641983406 - “[Security] Culture Eats Strategy For Breakfast” - What Does it Mean?:
https://www.thealternativeboard.com/blog/culture-eats-strategy - Ukranian police arrests ransomware gang that hit over 50 firms:
https://www.bleepingcomputer.com/news/security/ukranian-police-arrests-ransomware-gang-that-hit-over-50-firms/ - A month in the life of a UK social engineer – part two:
https://www.itpro.co.uk/security/social-engineering/361940/month-in-the-life-of-social-engineer-week-two - FCC Chair Proposes Updating Data Breach Reporting Requirements:
https://www.nextgov.com/cybersecurity/2022/01/fcc-chair-proposes-updating-data-breach-reporting-requirements/360683/ - Senate passes cyber bills to address supply chain security, aid state and local governments:
https://www.scmagazine.com/analysis/legislation/senate-passes-cyber-bills-to-address-supply-chain-security-aid-state-and-local-governments - Iranian intel cyber suite of malware uses open source tools:
https://www.cyberscoop.com/u-s-cyber-command-iranian-hacking-malware-virustotal/
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff
- Interesting Virtual Tour "What is This in the Mississippi River? | Secrets of St. Louis":
https://www.youtube.com/watch?v=dTVAPSmTn7M - Virtual Vaca to Hong Kong. Strap yourself in, this one is intense!:
https://www.youtube.com/watch?v=ApZZItip7Uk&t=3s - A 1:30 Virtual Vaca to the gorgeous and ancient island of Sicily!:
https://www.youtube.com/watch?v=hvNHTQ4DU2E - GoPro: 'Playing Gravity' awesome snowboarding with Elias Elhardt:
https://www.youtube.com/watch?v=W3PZBndImwY - And one more minute of fabulous snowboarding in Switzerland with Candide Thovex:
https://www.youtube.com/watch?v=7XCZf6jUnOQ - Amazon’s #1 Best Seller Deadbolt Really is Junk:
https://www.youtube.com/watch?v=2yl-EIEJhgs - Andi Gladwin FOOLS Penn & Teller 9:45:
https://www.youtube.com/watch?v=aZpA1k-sDcg - Biggest car news of CES 2022:
https://www.youtube.com/watch?v=laQP9GxzKTs - China's Skyscraper Boom is Officially Over:
https://www.youtube.com/watch?v=PilJj0TR_xk - Eleanor Rigby performed by Göran Söllscher on an 11-string alto guitar. Curious:
https://boingboing.net/2022/01/12/eleanor-rigby-performed-by-goran-sollscher-on-an-11-string-alto-guitar.html? - E-ink on a car. Color Changing BMW of the Future:
https://www.youtube.com/watch?v=wKP7QpZHwvE - For Da Kids #1 - Sir David Attenborough Witnesses a Magical Moment | The Green Planet | BBC Earth:
https://www.youtube.com/watch?v=8jXskEwYcfQ - For Da Kids #2 - Baby Husky Grows Up With Baby Girl And They Do Everything Together | The Dodo Soulmates:
https://www.youtube.com/watch?v=N_0eAGBNuio - For Da Kids #3 - Orangutan driving golf cart like it's miami vice:
https://www.youtube.com/watch?v=YdSqfFZ_i24 - For Da Kids #4 - Tadpole Shrimp Are Coming For Your Rice | Deep Look:
https://www.youtube.com/watch?v=T2xnXaX7r3g - For Da Kids #5 - This Hawaiian Cat Loves Surfing With His Parents | The Dodo:
https://www.youtube.com/watch?v=-vBUxmWeoc0
