CyberheistNews Vol 12 #33 [Eye Opener] Recent Cisco Hack by Ransomware Group Started Because of a Phishing Attack



Cyberheist News

CyberheistNews Vol 12 #33  |   August 16th, 2022

[Eye Opener] Recent Cisco Hack by Ransomware Group Started Because of a Phishing AttackStu Sjouwerman SACP

In a recent Forbes article, Cisco confirmed that they were hacked by a ransomware group as the group of cybercriminals published a partial list of files that were claimed to be exfiltrated.

The major networking company were first made aware of the compromise back in May, that was then confirmed by the Cisco Security Incident Response team that it was a network breach. Ironically, ransomware group Yanluowang published a partial list of those files that were stolen the same day.

While there was no ransomware deployed during the attack, the Security Incident Response Team noted that the initial attack vector was through a successful phishing attempt of an employee's personal Google account. This in turn, led to the compromise of the company's credentials and access to their VPN.

One user's honest mistake can potentially have a major impact on your organization. If an attack is successful, your organization can be severely damaged due to the financial loss. We highly recommend implementing frequent phishing tests and new-school security awareness training to your users. Remember - the stronger the human firewall, the stronger your organization is at stopping these types of attacks in the future!

Blog post with links:
https://blog.knowbe4.com/recent-cisco-hack-by-ransomware-group-started-because-of-a-phishing-attack

ITWorld Canada Article: "Cisco report on MFA hack backs up Black Hat conference presentation:"
https://www.itworldcanada.com/article/cisco-report-on-mfa-hack-backs-up-black-hat-conference-presentation/497585

Hacking the Hacker: Assessing and Addressing Your Organization’s Cyber Defense Weaknesses

Cybercriminals are out there, watching and waiting for the perfect opportunity. They are gathering information about your organization and users, devising the perfect plan to infiltrate your defenses.

But with a strategic approach to cyber defense you can hack the hacker before they strike! In this session, we'll share insights into their strategies and their motivations. You'll learn how to use that understanding, along with simple strategies to make your organization a hard target.

Join Roger A. Grimes, Data-Driven Defense Evangelist at KnowBe4, for this new webinar as he exposes the mind of a hacker to help you see your cyber risks from the outside in.

In this session you’ll learn:

  • How hackers collect "private" details about your organization and your users
  • The most common root causes that lead to damaging cyber attacks
  • Common mistakes made when designing cyber defenses and how to fix them
  • Data-driven strategies for mitigating your biggest weaknesses
  • Why a strong human firewall is your best, last line of defense

Get the details you need to know now to outsmart cybercriminals before you become their next victim. And earn CPE credit for attending.

Choose the date and time that works best for you!

Wednesday, August 17 @ 2:00 PM (ET):
https://info.knowbe4.com/hacking-the-hacker-webinar?utm_campaign=CHN2

Thursday, August 18 @ 2:00 PM (AEST):
https://info.knowbe4.com/hacking-the-hacker-webinar-apac?utm_campaign=CHN2

Thursday, August 18 @ 12:00 PM (GMT):
https://info.knowbe4.com/hacking-the-hacker-webinar-emea?utm_campaign=CHN2

U.S. Government Warns of Increased Texting Scams as Mobile Attacks Are Up 100%

Cyberattacks via SMS messaging are on the rise, and are having such an impact, the Federal Communications Commission has released an advisory on robotext phishing attacks (or smishing).

According to Verizon’s 2022 Mobile Threat Index, 45% of organizations have suffered a mobile compromise in 2022 – that's double the percentage of orgs in 2021. If you're wondering if it's purely a shift in tactics on the cybercriminal's part, think again.

According to Verizon:

  • 58% of orgs have more users using mobile devices than the prior 12 months
  • Mobile users in 59% of orgs are doing more today with their mobile device than the prior 12 months
  • Users using mobile devices in 53% of orgs have access to more sensitive data than a year ago

And keep in mind that while there are plenty of security solutions designed to secure mobile endpoints, we're talking about personal devices that are used as a mix of corporate and personal life. This makes for a very unprotected target by cybercriminals.

So, it shouldn't come as any surprise that the FCC has put out an advisory warning about the increased use of robotexting-based phishing scams targeting mobile users, commonly called "smishing".

Some of their warning signs include:

  • Unknown numbers
  • Misleading information
  • Misspellings to avoid blocking/filtering tools
  • 10-digit or longer phone numbers
  • Mysterious links
  • Sales pitches
  • Incomplete information

We've seen smishing scams impersonating T-Mobile, major airlines, and even the U.K. Government. So, consumers and corporate users alike need to be aware of the dangers of text-based phishing attacks – something reinforced through continual security awareness training.

Blog post with links:
https://blog.knowbe4.com/u.s.-government-warns-of-increased-texting-scams-as-mobile-attacks-are-up-100

[New PhishER Feature] Turn the Tables on the Cybercriminals with PhishFlip

Cybercriminals are always coming up with new, devious phishing techniques to trick your users. PhishFlip is a new PhishER feature that allows you to respond in real time and turn the tables on these threat actors. With PhishFlip, you can now immediately "flip" a dangerous attack into an instant real-world training opportunity for your users.

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. You can now combine your existing PhishRIP email quarantine capability with the new PhishFlip feature that automatically replaces active phishing threats with a new defanged look-alike back into your users' mailbox.

The new PhishFlip feature is included in PhishER—yes you read that right, no extra cost— so now you can turn the tables on these threat actors and flip targeted phishing attacks into a simulated phishing test for all users. This new feature dramatically reduces data breach risk and the burden on your IT and InfoSec teams.

See how you can best manage your user-reported suspicious emails.

Join us for a live 30-minute demo of PhishER, the #1 Leader in the G2 Grid Report for SOAR Software.

With PhishER you can:

  • NEW! Automatically flip active phishing attacks into safe simulated phishing campaigns with PhishFlip. You can even replace active phishing emails with safe look-alikes in your user's inbox.
  • Easily search, find, and remove email threats with PhishRIP, PhishER’s email quarantine feature for Microsoft 365 and Google Workspace
  • Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
  • Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
  • Easy integration with KnowBe4's email add-in button, Phish Alert, or forwarding to a mailbox works too!

Find out how adding PhishER can be a huge time-saver for your Incident Response team!

Choose the date and time that works best for you!

Wednesday, August 24 @ 2:00 PM (ET)
https://info.knowbe4.com/phisher-demo-august-2022?utm_campaign=CHN

Thursday, August 25 @ 2:00 PM (AEST)
https://info.knowbe4.com/phisher-apac-demo-august-2022?utm_campaign=CHN

Did You Know? The Top 8 Most Common Types of DNS Records From a Total of 90(!)

This article is a good technical overview of DNS that can help you prevent spoofing. This is a cross-post from the EasyDMARC blog, a new KnowBe4 Ventures portfolio company.

What is a DNS record?

A Domain Name System record is a database record used to translate domain names to IP addresses. Also known as a resource record or a DNS query type, it consists of text files stored on DNS servers, which helps users connect their website to the internet.

What is a DNS Lookup?

Well, when you enter a domain name in your browser, a DNS query is sent from your device to a DNS server to confirm if the domain name has an IP address.

DNS records also encompass several syntaxes and commands telling the server how to handle a client request. By knowing the common types of DNS records, you can better understand your network activity.

So, how many types of DNS records are there? Officially, there are about 90 unique types, each corresponding to a different task or request. If these are misconfigured or used incorrectly, it can negatively affect your website’s performance or even indicate DNS spoofing.

These are the top 8 most common types of DNS record:

  • A Record
  • AAAA Record
  • CNAME Record
  • DNS PTR Record
  • NS Record
  • MX Record
  • SOA Record
  • TXT Record

Read on to discover what they all do. Blog post with links:
https://blog.knowbe4.com/the-top-8-most-common-types-of-dns-records

October Is Cybersecurity Awareness Month. Are You Prepared?

Get the resources you need to help your users defend against cybercrime from anywhere.

In today's hybrid work environment, your users are more susceptible than ever to attacks like phishing and social engineering. Cybercriminals know this and are constantly changing tactics to exploit new vulnerabilities. We've put together these resources so you can keep your users on their toes with security top of mind. Request your kit now to help your users defend against cybercrime whether they are fully remote, back in the office, or a combination of both.

Here is what you'll get:

  • Access to free resources for you including our most popular on-demand webinar and whitepaper
  • Resources to help you plan your activities, including your Cybersecurity Awareness Month Guide and Cybersecurity Awareness Weekly Planner
  • New featured interactive training module for your users: "2022 Social Engineering Red Flags," plus three additional interactive training modules, all available in multiple languages
  • Resources to share with your users including training videos, security docs, tip sheets, security hints and tips newsletters, plus posters and digital signage assets
  • All assets are printable and available digitally, so they can be delivered to your users no matter where they are working from

Get Your Free Cybersecurity Awareness Month Resource Kit Now!
https://www.knowbe4.com/cybersecurity-awareness-month-resource-kit-chn


Let's stay safe out there.

Warm Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: Budget Ammo by yours truly in Forbes: "Why MFA Falls Short And What Can Be Done About It":
https://www.forbes.com/sites/forbestechcouncil/2022/08/11/why-mfa-falls-short-and-what-can-be-done-about-it/?

PPS: Interesting article - How AI neural network research proves that the mind and the brain are different things:
https://mindmatters.ai/2022/08/how-ai-neural-networks-show-that-the-mind-is-not-the-brain/

Quotes of the Week  
"By failing to prepare, you are preparing to fail."
- Benjamin Franklin - American Politician (1706 - 1790)

"Education is not preparation for life; education is life itself."
- John Dewey - American Philosopher (1859 - 1952)

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-12-33-eye-opener-recent-cisco-hack-by-ransomware-group-started-because-of-a-phishing-attack

Security News

Marks Wanted: Social Engineering in the Classifieds

Researchers at Group-IB warn of a major phishing campaign that's targeting customers of companies around the world. The campaign is particularly focused on classified ad websites in Asia, the Middle East, and Europe.

The researchers call this campaign "Classiscam," and note that the campaign is using "Telegram bots and chats to coordinate operations and create phishing and scam pages in seconds."

"After initial contact with the legitimate seller, the scammers generate a unique phishing link that confuses the sellers by displaying the information about the seller’s offer and imitating the official classified's website and URL," the researchers write. "Scammers claim that payment has been made and lure the victim into either making a payment for delivery or collecting the payment."

After the victim has entered their information, they'll be asked to enter a one-time password (OTP). The phishing site will automatically enter their credentials into the victim's real bank account and then enter the OTP, allowing the scammers access to the victim's funds.

Group-IB explains that this is an organized criminal operation that's selling the platform to automate the process for other criminals. Thus it's a criminal-to-criminal, C2C, play in the underworld market.

"The hierarchy of the Classiscam groups operates in a pyramid formation," the researchers write. "A team of administrators is on top of the chain and responsible for recruiting new members, automating the creation of scam pages, registering new accounts, and providing assistance when the bank blocks the recipient's card or the transaction.

"The administrator's share is about 20-30 percent of the stolen sum. 'Workers' receive 70-80 percent of the stolen sum for communicating with victims and sending them phishing URLs. All details of deals made by workers (including the sum, payment number, and username) are displayed in a Telegram bot."

Group-IB has the story:
https://www.group-ib.com/media/classiscam-singapore-global-scam-operation/

Cybercriminals Go to College with New Phishing Attacks

The summer is winding up, and the traditional academic year is approaching. And amid the welcomes from the deans of students, the activities coordinators, the academic advisors and so on, the new crop of undergraduates can also expect to be greeted by phishing scams. Inevitably these will all find expression online.

The Better Business Bureau is offering some advice for students to think about before they depart for campus and the new academic year. There are some impostor scams they can expect. Students should, for example, view with suspicion emails or texts they receive that purport to be from their school's "Financial Department."

If those communications invite the recipient to click on a link and provide their student login information, then the recipient should double down on the suspicion. There are also some foreseeable scams new undergraduates can expect to encounter. The Better Business Bureau outlines five genres.

  • Fake credit card offers. This is a time in life when many young people are considering applying for their first credit card. Aside from the credit card serving as a standard temptation to fiscal improvidence (and that's more a spiritual than a security issue) the problem with the offers is that many of them are fraudulent, "phony offers designed to access personal information."
  • Deals on apartments that are "too good to be true." Students looking for off-campus housing can make easy marks for scammers offering a good location at an affordable rent. It's all too often a come-on designed to steal paycard information.
  • Identity theft. Just as the college years are a traditional time to pick up a credit card, they're also a good time to begin checking credit reports. Unusual activity can be a sign of identity fraud.
  • Bogus offers of scholarships and grants. Or scam offers of assistance with student loans. Do check these out with the institution's financial aid office, especially before providing any personal information.
  • e-Commerce scams. Students need stuff, and they're accustomed to shopping online. Again, be wary of offers that seem too good to be true, especially when buying unfamiliar items.

The forms of social engineering on display as the academic year opens are familiar tunes in a new key. New school security awareness training can help on campus as much as it can in the workplace.

Blog post with links:
https://blog.knowbe4.com/cybercriminals-go-to-college-with-new-phishing-attacks

What KnowBe4 Customers Say

"Thanks for reaching out. Really enjoying using your product, we're having a good time configuring phishing, user education and other experiences in your product. Our account team Kim, and Josh have been fantastic in exceeding our expectations. Have a great week."

- B.R., CISSP Senior Security Operations Engineer


"I wanted to drop you a quick note to let you know how much we appreciate Ashley F. as our Customer Success Manager! She helps us understand and maximize the various offerings of KnowBe4 and offers enhancements and solutions such as our recent expansion for PhishER.

"We look forward to our calls with her and how productive they are so we don't merely have a subscription to your services, but actively use it to test and train our employees. With employees like Ashley, we can understand why you are leading in this space.

"Please know that interactions like this are what makes for long-term partnerships and we appreciate Ashley’s approach and assistance. Thanks again."

- W.C., Senior Executive

The 10 Interesting News Items This Week
  1. Looking Back at 25 Years of Black Hat:
    https://www.darkreading.com/edge-articles/looking-back-at-25-years-of-black-hat

  2. Ex-CISA Chief's Advice at Black Hat: Make Security Valuable and Attacks Costly:
    https://therecord.media/cisa-should-split-from-dhs-or-made-part-of-broader-digital-agency-fmr-director-chris-krebs

  3. What Black Hat USA 2022 attendees are concerned about:
    https://www.helpnetsecurity.com/2022/08/08/what-black-hat-usa-2022-attendees-are-concerned-about/

  4. DEF CON 30 Preso: Russian Is Escalating, Diversifying Hacking of Ukraine, Research Says:
    https://gizmodo.com/black-hat-2022-russian-hackers-ukraine-putin-zelensky-1849405033

  5. Finland Parliament witnesses Cyber Attack:
    https://www.cybersecurity-insiders.com/finland-parliament-witnesses-cyber-attack/

  6. Treasury sanctions crypto service that laundered funds for North Koreans:
    https://www.washingtonpost.com/business/2022/08/08/treasury-crypto-sanctions-mixers/

  7. How to spot a deepfake? One simple trick is all you need:
    https://www.zdnet.com/article/how-to-spot-a-deepfake-one-simple-trick-is-all-you-need/

  8. U.S. govt will pay you $10 million for info on Conti ransomware members:
    https://www.bleepingcomputer.com/news/security/us-govt-will-pay-you-10-million-for-info-on-conti-ransomware-members/

  9. CISA director plans proactive cybersecurity for at-risk companies:
    https://www.axios.com/2022/08/10/cisa-director-jen-easterly-vision-for-jcdc

  10. FBI: Zeppelin ransomware may encrypt devices multiple times in attacks:
    https://www.bleepingcomputer.com/news/security/fbi-zeppelin-ransomware-may-encrypt-devices-multiple-times-in-attacks/

  11. BONUS: WSJ: "Buying Cyber Insurance Gets Trickier as Attacks Proliferate, Costs Rise":
    https://www.wsj.com/articles/buying-cyber-insurance-gets-trickier-as-attacks-proliferate-costs-rise-11659951000?

Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

Topics: Cybercrime, KnowBe4



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews