CyberheistNews Vol 12 #16 [Eye Opener] The Costliest Cybercrime: Business Email Compromise (BEC)



Cyberheist News

CyberheistNews Vol 12 #16  |   Apr. 19th., 2022
[Eye Opener] The Costliest Cybercrime: Business Email Compromise (BEC) Stu Sjouwerman SACP

Organizations in the U.S. lost $2.4 billion to business email compromise (BEC) scams (also known as CEO fraud) last year, according to Alan Suderman at Fortune.

"BEC scammers use a variety of techniques to hack into legitimate business email accounts and trick employees to send wire payments or make purchases they shouldn't," Suderman writes.

"Targeted phishing emails are a common type of attack, but experts say the scammers have been quick to adopt new technologies, like 'deep fake' audio generated by artificial intelligence to pretend to be executives at a company and fool subordinates into sending money."

Suderman cites a case from San Francisco, where a nonprofit lost more than half a million dollars to one of these scams.

"In the case of Williams, the San Francisco nonprofit director, thieves hacked the email account of the organization's bookkeeper, then inserted themselves into a long email thread, sent messages asking to change the wire payment instructions for a grant recipient, and made off with $650,000," Suderman says.

BEC actors also collaborate and share information with each other to improve their attacks. “Unlike ransomware operators who try to keep their communications private, BEC scammers often openly exchange services, share tips or show off their wealth on social media platforms like Facebook and Telegram, “ Suderman writes.

"A Facebook group called WireWire[.]com, which was until recently available to anyone with a Facebook account, acted as a message board for people to offer BEC-related services and other cybercrimes."

Suderman concludes that organizations of all sizes need to be wary of BEC scams.

"Almost every enterprise is vulnerable to BEC scams, from Fortune 500 companies to small towns," Suderman writes. "Even the State Department got duped into sending BEC scammers more than $200,000 in grant money meant to help Tunisian farmers, court records show."

New-school security awareness training helps your employees to make smarter security decisions every day.

Blog post with links:
https://blog.knowbe4.com/business-email-compromise-the-costliest-cybercrime

[New PhishER Feature] Turn the Tables on the Cybercriminals with PhishFlip

Cybercriminals are always coming up with new, devious phishing techniques to trick your users. PhishFlip is a new PhishER feature that allows you to respond in real time and turn the tables on these threat actors. With PhishFlip, you can now immediately “flip” a dangerous attack into an instant real-world training opportunity for your users.

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. You can now combine your existing PhishRIP email quarantine capability with the new PhishFlip feature that automatically replaces active phishing threats with a new defanged look-alike back into your users’ mailbox.

The new PhishFlip feature is included in PhishER—yes you read that right, no extra cost— so now you can turn the tables on these threat actors and flip targeted phishing attacks into a simulated phishing test for all users. This new feature dramatically reduces data breach risk and the burden on your IT and InfoSec teams.

See how you can best manage your user-reported messages.

Join us Wednesday, April 27 @ 2:00 PM (ET) for a live 30-minute demonstration of PhishER, the #1 Leader in the G2 Grid Report for SOAR Software. With PhishER you can:

  • NEW! Automatically flip active phishing attacks into safe simulated phishing campaigns with PhishFlip. You can even replace active phishing emails with safe look-alikes in your user's inbox.
  • Easily search, find, and remove email threats with PhishRIP, PhishER's email quarantine feature for Microsoft 365 and G Suite
  • Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
  • Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
  • Easy integration with KnowBe4's email add-in button, Phish Alert, or forwarding to a mailbox works too!

Find out how adding PhishER can be a huge time-saver for your Incident Response team!

Date/Time: Wednesday, April 27 @ 2:00 PM (ET)

Save My Spot!
https://event.on24.com/wcc/r/3714065/5BD9491A0AB0D7F3D6BC353B291E134C?partnerref=CHN2
Small and Medium Businesses Account For Nearly Half of All Ransomware Victim Organizations

As ransomware costs increase, along with the effectiveness and use of extortions, smaller businesses are paying the price, according to new data from Webroot.

Small businesses seem to be easy prey for ransomware gangs, according to Webroot's just-released BrightCloud Threat Report. Whether it’s an assumption (and possible realization) of less-than-adequate security and/or backups in place, or the growing presence of cyber insurance, the SMB is most definitely in the crosshairs of threat actors using ransomware to generate their profits.

According to the report:

  • 44% of all ransomware victim organizations were less than 100 employees
  • 82% of all ransomware attacks targeted organizations with less than 1,000 employees
  • Additionally, 34% of organizations with 21-100 employees experienced malware infections

To make matters worse for the SMB, the average ransom at the end of 2021 was $322K, with a median ransom of $117K – money most SMBs can’t easily get a hold of to address ransomware attacks.

According to the report, Webroot identified over 4 million *new* high-risk URLs, with just under two-thirds of them being utilized as part of phishing attacks. This reinforces the continual use of phishing as an initial attack vector for ransomware attacks, requiring users within organizations to play a role in helping to stop these attacks.

By implementing continual security awareness training, organizations can teach employees to be watchful for phishing attacks, stopping them by simply not engaging with malicious content in emails and on the web.

Blog post with links:
https://blog.knowbe4.com/smbs-account-for-half-of-ransomware-victim-organizations

[Hacking Multifactor Authentication] An IT Pro’s Lessons Learned After Testing 150 MFA Products

Multifactor Authentication (MFA) can be a highly effective way to safeguard your organization's data, but that doesn't mean it's unhackable. And nobody knows that better than award-winning author and Data-Driven Defense Evangelist at KnowBe4, Roger Grimes. While researching his recent book "Hacking Multifactor Authentication," Roger tested over 150 MFA solutions. And he wants to share what he learned with you!

Watch Roger, in this on-demand webinar, as he discusses the good, the bad, and the ugly lessons he learned from his research. He'll share with you what works, what doesn't, and what you should absolutely avoid.

In this webinar you'll learn about:

  • Differences between various MFA tools and why they matter
  • Real-world hacking techniques Roger used to expose MFA weaknesses
  • What makes MFA software weak or strong and what that means to you
  • Tips on choosing the best MFA software for your company
  • Why a strong human firewall is your best last line of defense

Get the details you need to know to become a better IT security defender.

Watch Now!
https://info.knowbe4.com/hacking-150-mfa-products-chn
New SEC Cyber Rules Promise Accountability at 'Highest-Levels'

Bloomberg reported: "Public companies are supposed to let investors know when they have been hit with a significant cyberattack, according to guidance from the U.S. Securities and Exchange Commission.

That hasn't worked out so well.

The SEC recognizes that current rules are not keeping pace with the cyber threats that are out there and proposed more robust rules.

"I worry that these judgments have too often erred on the side of nondisclosure, leaving investors in the dark – and putting companies at risk," said former SEC Commissioner Robert J. Jackson Jr. in 2018.

That may be about to change after the SEC issued a series of proposals that would require public companies to report on material cyber incidents within four days of discovery and report on several other cyber-related issues, such as company policies for managing cyber-risks and the cyber expertise, if any, of members of the board.

The report's authors said the SEC's actions and proposed initiatives make it clear that it intends to play an active role in strengthening cybersecurity for the companies that fall under its regulatory umbrella.

"I think this is kind of a watershed moment for the SEC and its cybersecurity oversight," said Sachin Bansal, chief business and legal officer of SecurityScorecard.

Full Article:
https://www.bloomberg.com/news/newsletters/2022-04-14/sec-cyber-rule-change-would-mark-major-shift

Give Your Employees a Safe Way To Report Phishing Attacks With One Click!

Do your users know what to do when they receive a suspicious email?

Should they call the help desk, or forward it? Should they forward to IT including all headers? Delete and not report it, forfeiting a possible early warning?

KnowBe4's complimentary Phish Alert add-in button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user's inbox to prevent future exposure. All with just one click! And now, supports Outlook Mobile!

Phish Alert Benefits:

  • Reinforces your organization's security culture
  • Users can report suspicious emails with just one click
  • Incident Response gets early phishing alerts from users, creating a network of "sensors"
  • Email is deleted from the user's inbox to prevent future exposure
  • Easy deployment via MSI file for Outlook, G Suite deployment for Gmail (Chrome)

I want my Free Phish Alert!
https://info.knowbe4.com/free-phish-alert-chn

[INFOGRAPHIC] Q1 2022 Report: Holiday-themed Phishing Emails Entice Employees To Click

Business, Online Services, and HR-Related Messages Get the Most Clicks

Business phishing emails remain the highest-clicked category around the world. This category contains typical communication that employees might receive. The subjects of these emails include fake invoices, purchase orders, requests for information, shared files, and more. Online Services includes messages that claim to be from well-known companies and most of the time contain spoofed domains of popular websites within the email copy.

HR-related messages could potentially affect daily work and spoof the users' own domain with an “HR” mailbox name. The common thread is that the emails convey a sense of urgency and entice users to take an action.

Holiday Schedule Changes and Gift Notifications Trigger an Emotional Response

In our latest quarterly phishing report, we found that holiday-themed emails were the most tempting for employees to click on. HR-related messages such as a change in the schedule for the holidays likely piqued interest from employees to see if they would receive an extra day off or shortened work schedule due to the holidays.

It is important to remember that cybercriminals utilize various tactics such as preying on people's emotions when executing their malicious scams. Remaining vigilant and adopting a heightened sense of suspicion around emails that trigger an emotional response can end up preventing a detrimental cybersecurity attack."

See the Full Infographic with Top Messages in Each Category for Last Quarter:
https://blog.knowbe4.com/q2-2022-phishing-results-holiday-emails-entice-employees


Let's stay safe out there.

Warm Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: [Interesting] The Tricky Aftermath of Source Code Leaks:
https://www.wired.com/story/source-code-leak-dangers/

PPS: Leaked documents show notorious ransomware group has an HR department, performance reviews and an 'employee of the month':
https://www.cnbc.com/2022/04/14/conti-ransomware-leak-shows-group-operates-like-normal-tech-company.html

Quotes of the Week
"The pessimist complains about the wind; the optimist expects it to change; the realist adjusts the sails."
- William Arthur Ward - Writer (1921 - 1994)


"People should pursue what they’re passionate about. That will make them happier than pretty much anything else."
- Elon Musk - Entrepreneur (born 1971)

 


Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-12-16-eye-opener-the-costliest-cybercrime-business-email-compromise

Security News
Microsoft Azure's Static Web Apps Service Becomes the New Home for Phishing Attacks

Taking advantage of the value of a legitimate web service, along with a valid SSL certificate, a new campaign of phishing attack targeting online Microsoft credentials is leveraging Azure.

Microsoft Azure's App Service empowers organizations to quickly create and deploy web-based apps. But a new use for this service was recently identified by the analysts at MalwareHunterTeam. On their Twitter account, they posted the finding of a set of threat actors using the service’s legitimacy to help get malicious content focused on stealing OneDrive, Microsoft 365, Outlook.com, Rackspace, AOL, and any other online mail platform’s credentials.

These attacks likely work in conjunction with a phishing attack that gets the victim to want to see the contents of a weblink, and then – using realistic spoofed logon pages – asks the victim to “logon” to steal their credentials.

These kinds of attacks are relatively simple to spot, if the user in question has undergone continual security awareness training that not only educates them on tactics like the ones used in this attack, but also elevates their sense of awareness so they will scrutinize logon pages like these and quickly come to the same conclusion that every IT pro does instantly when seeing it... it's a scam.

Blog post with screenshots:
https://blog.knowbe4.com/microsoft-azure-new-home-for-phishing-attacks

Supreme Court Phishbait

A phishing campaign is impersonating the U.S. Supreme Court and informing recipients that they’ll be arrested unless they appear in court at a specified date, according to Roger Kay at INKY. The emails contain a link to a phishing page that purportedly has more information about the bogus court case.

Kay notes that the attackers are taking advantage of the fact that the Supreme Court has been in the news lately with the appointment of Ketanji Brown Jackson.

"Phishers like to follow the news, particularly news that evokes strong emotions, and the high court has been very much in the news of late with the disputed nomination of Ketanji Brown Jackson," Kay writes. "People make mistakes when they're highly emotional, a condition that helps the phishers disorient them and get them to accept a sometimes-absurd lure, which, in the light of day, they might not otherwise fall for."

Kay adds that the emails themselves appear alarming, but there are a number of red flags that users could recognize. "There were a lot of things wrong with this message, starting from the fact that the Department of Justice doesn’t send out summonses on behalf of the Supreme Court, which itself rarely issues summonses to witnesses, and never to parties unrelated to a case," Kay says.

INKY has the story:
https://www.inky.com/en/blog/fresh-phish-supreme-court-lure-follows-phishing-precedent

What KnowBe4 Customers Say

"Hi Stu, thank you for checking in! I am quite pleased with KnowBe4 so far. Before signing up I had followed KnowBe4 for several years across 2 different jobs at 2 different companies. I always liked what I saw and finally had the opportunity to become a customer.

The vast selection of training materials (confession: I'm hooked on the Inside Man series almost as if it's a Hulu original!) and phishing templates will keep our small office of 12 employees occupied for years to come. Thank you for offering the best quality solution in the end user training space."

- M.R., Technical Director
 
 

"Hi Stu, so far, so good. We’re only getting started, but the platform has worked out well for us to date. I appreciate the console features, the content of the trainings, etc. It's a very comprehensive offering, and I'm glad we went with KnowBe4.

I should add that I'm particularly impressed with the onboarding experience, and more specifically the help that LesD, our CSM, has provided. He’s been a great resource and his experience with your product is evident in the way he’s been walking me through the platform, being particularly responsive to my questions and flexible with the options he provides.

Frankly, I expected a junior level staff member being guided by a script – I don’t see many in a role like his who posseses the technical background he has, and it’s refreshing."

- D.J., Director IT
The 10 Interesting News Items This Week
    1. WSJ: In Ukraine, a ‘Full-Scale Cyberwar’ Emerges:
      https://www.wsj.com/articles/in-ukraine-a-full-scale-cyberwar-emerges-11649780203

    2. Web3 Cyber Incident Database: Tracking over $62 Billion (!) Dollars' worth of cryptocurrency related incidents:
      https://www.oodaloop.com/archive/2022/04/14/web3-cyber-incident-database/

    3. Treasury updates Lazarus Group sanctions with digital currency address linked to the recent 600 Million Ronin Bridge hack:
      https://home.treasury.gov/news/press-releases/sm774

    4. Hackers use Conti's leaked ransomware to attack Russian companies:
      https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/

    5. LockBit ransomware gang lurked in a U.S. gov network for months:
      https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-lurked-in-a-us-gov-network-for-months/

    6. Russia's Sandworm Hackers Attempted a Third Blackout in Ukraine:
      https://www.wired.com/story/sandworm-russia-ukraine-blackout-gru/

    7. RaidForums hacking forum seized by police, owner arrested:
      https://www.bleepingcomputer.com/news/security/raidforums-hacking-forum-seized-by-police-owner-arrested/

    8. US warning: Hackers have built tools to attack these key industrial control systems:
      https://www.zdnet.com/article/us-warning-hackers-have-built-tools-to-attack-these-key-industrial-control-systems/#ftag=RSSbaffb68

    9. Follow CISA’s four best practices for staying safe against potential Russian cyberattacks:
      https://www.scmagazine.com/perspective/critical-infrastructure/follow-cisas-four-best-practices-for-staying-safe-against-potential-russian-cyberattacks%ef%bf%bc

    10. OldGremlin ransomware gang targets Russia with new malware:
      https://www.bleepingcomputer.com/news/security/oldgremlin-ransomware-gang-targets-russia-with-new-malware/
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff
FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2022 KnowBe4, Inc. All rights reserved.
 

Topics: Cybercrime, KnowBe4



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews