CyberheistNews Vol 12 #38 [HEADS UP] New Uber Security Breach 'Looks Bad', Caused by Social Engineering

Cyberheist News

CyberheistNews Vol 12 #38  |   September 20th, 2022

[HEADS UP] New Uber Security Breach 'Looks Bad', Caused by Social EngineeringStu Sjouwerman SACP

It was all over the news, but ZDNet's Eileen Yu was one of the first:

"Hacker is believed to have breached Uber's entire network in a social engineering attack, which one security vendor says is more extensive than the company's 2016 global data breach and access logs potentially altered."

The article continues: "A hacker on Thursday was believed to have breached multiple internal systems, with administrative access to Uber's cloud services including on Amazon Web Services (AWS) and Google Cloud (GCP).

"The attacker is claiming to have completely compromised Uber, showing screenshots where they're full admin on AWS and GCP," Sam Curry wrote in a tweet. The security engineer at Yuga Labs, who corresponded with the hacker, added: "This is a total compromise from what it looks like."

Uber since had shut down online access to its internal communications and engineering systems, while it investigated the breach, according to a report by The New York Times (NYT), which broke the news. The company's internal messaging platform, Slack, also was taken offline.


"I was spamming employee with push auth for over an hour. I then contacted him on WhatsApp and claimed to be from Uber IT, told him if he wants it to stop he must accept it. And well, he accepted and I added my device."


With the employee's password, the hacker was able to get into the internal VPN, said Acronis' CISO Kevin Reed in a LinkedIn post. The hacker then gained access to the corporate network, found highly privileged credentials on network file shares, and used these to access everything, including production systems, corporate EDR (endpoint detection and response) console, and Uber's Slack management interface."

Quote from WIRED: "One independent security engineer described the OneLogin account access the Uber hacker seems to have had access to as "the golden ticket jackpot. That's God—they own that there's nothing they can't access," the security engineer added. "It's Disneyland. It's a blank check at the candy shop and Christmas morning all rolled up together. But sure, customer ride data wasn't impacted. OK."

Don't let this happen to you. Train your users.

Blog post with links - this is a continuing story:

[New PhishER Feature] Turn the Tables on the Cybercriminals With PhishFlip

Cybercriminals are always coming up with new, devious phishing techniques to trick your users. PhishFlip is a new PhishER feature that allows you to respond in real time and turn the tables on these threat actors. With PhishFlip, you can now immediately "flip" a dangerous attack into an instant real-world training opportunity for your users.

Your users are likely already reporting potentially dangerous emails in some fashion within your organization. You can now combine your existing PhishRIP email quarantine capability with the new PhishFlip feature that automatically replaces active phishing threats with a new defanged look-alike back into your users' mailbox.

The new PhishFlip feature is included in PhishER—yes you read that right, no extra cost— so now you can turn the tables on these threat actors and flip targeted phishing attacks into a simulated phishing test for all users. This new feature dramatically reduces data breach risk and the burden on your IT and InfoSec teams.

See how you can best manage your user-reported messages.

Join us Wednesday, September 21 @ 2:00 PM (ET) for a live 30-minute demonstration of PhishER, the #1 Leader in the G2 Grid Report for SOAR Software. With PhishER you can:

  • NEW! Automatically flip active phishing attacks into safe simulated phishing campaigns with PhishFlip. You can even replace active phishing emails with safe look-alikes in your user's inbox.
  • Easily search, find, and remove email threats with PhishRIP, PhishER's email quarantine feature for Microsoft 365 and Google Workspace
  • Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
  • Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
  • Easy integration with KnowBe4's email add-in button, Phish Alert, or forwarding to a mailbox works too!

Find out how adding PhishER can be a huge time-saver for your Incident Response team!

Date/Time: Wednesday, September 21 @ 2:00 PM (ET)

Save My Spot!

The Online Scams Exploiting Queen Elizabeth's Death Are Here

The UK Sun just reported that experts are sending a warning about online scams in relation to Queen Elizabeth's passing. These threat actors are utilizing social engineering tactics by using phony Twitter accounts to offer tickets to the funeral. The link to the tickets takes you instead to a fraudulent website that asks for your bank login.

There's also another scam identified from email and social media scams that the Queen has left behind large sums of money for the taking. Javvad Malik, KnowBe4's Security Awareness Advocate, had this to say to the Sun, "Criminals are swift to capitalize on public events, whether it be a natural disaster, a sporting event, or the death of a prominent person. With the passing of the Queen, people should be vigilant of scammers trying to exploit the situation."

Current event scams are not going anywhere, and it's important for your users to stay up-to-date on the latest phishing trends. New-school security awareness training can ensure your users are reporting any suspicious activity in their day-to-day job operations.

Blog post with links:

[New KB4-CON Europe Event] Kevin Mitnick Keynote Highlight at Virtual KB4-CON EMEA

Cybercriminals have become very adept at manipulating unsuspecting targets without them even realizing it. In addition to having advanced technology and techniques at their fingertips, hackers are taking more time to research what their target is working on, familiar with, and how to spur an emotional response and a subsequent damaging click. So, how can you keep abreast of the ever-changing threat landscape?

Kevin Mitnick, KnowBe4's Chief Hacking Officer and The World’s Most Famous Hacker, has knowledge and insight very few others have. In this session, on 6 October, he will:

  • Share the latest hacking strategies and techniques bad actors are using
  • Show the "hacker’s perspective" through live demonstrations
  • Educate you on how you can protect your organization from the latest threats

You don't want to miss this special presentation in addition to two other keynote sessions from Keren Elazari, Security Analyst, Author & Researcher, and Perry Carpenter, KnowBe4's Chief Evangelist & Strategy Officer. You will receive a certificate for continuing education credits immediately following the event on 6 October.

Date: Thursday, 6 October, 2022

Save My Spot!

Ransomware Gangs Improve Attack Speed and Evade Detection With New "Intermittent Encryption" Tactic

As ransomware gangs look for new ways to improve their execution, this relatively new encryption tactic has been gaining popularity in multiple ransomware families.

If you were a developer of ransomware software, what would your two biggest improvement goals be for your software that help achieve greater success in receiving a ransom payment? I'd guess avoiding detection and a faster encryption speed – all to ensure the maximum amount of data is encrypted before any incident response efforts can take place.

According to the security researchers at Sentinel Labs, a tactic first seen in mid-2021 has been growing in adoption among ransomware gangs. Called Intermittent Encryption, this tactic only encrypts a portion of a file, but just enough to render it useless. There are three modes seen in the wild:

  • Skip-Step – this "steps" through and encrypts a certain number of MBs, and then "skips" another number of MBs
  • Percent – like Skip-Step, but skipping a percent of the file, rather than a specific number of MBs
  • Fast – Encrypts the first X MBs of a file

A number of ransomware families have recently adopted this method, including Qyick, Agenda, BlackCat, PLAY, and Black Basta.


Can You Be Spoofed?

Are you aware that one of the first things hackers try is to see if they can spoof the email address of someone in your own domain?

Now they can launch a "CEO fraud" spear phishing attack on your organization, and that type of attack is very hard to defend against, unless your users are highly 'security awareness' trained.

KnowBe4 can help you find out if this is the case with our free Domain Spoof Test. It's quick, easy and often a shocking discovery.

Find out now if your email server is configured correctly, many are not!

  • This is a simple, non-intrusive "pass/fail" test.
  • We will send a spoofed email "from you to you".
  • If it makes it through into your inbox, you know you have a problem.
  • You'll know within 48 hours!

Try to Spoof Me!

[BUDGET AMMO] PwC: "More Frequent Cyber Attacks Tops the List of Business Risk for Executives"

New data from PwC provides insight into what aspects of the business are executives focused on, worried about, and seeing as future challenges as they look to manage business risk.

While the majority (83%) of executives are focusing their business strategy on growing the business, the latest data from PwC's Pulse Survey: Managing Business Risks shows cybersecurity remains a material risk to achieving the desired growth.

According to the report:

  • Cybersecurity risk was seen as the #1 business risk, with 40% of executives citing it as a serious risk and another 38% calling it a moderate risk
  • 51% of board members cited cybersecurity as a serious risk, indicating that boards may be increasingly aware of the problem and seeing addressing it as part of the overall business strategy
  • 49% of executives say their organization is increasing investments in cybersecurity and privacy, with only 5% planning on decreasing investments

The overall outcome for cybersecurity from this report's findings is that businesses are aware and are making strategic investments. At the same time, 70% of organizations are looking at ways to expand permanent remote work options – something we’ve seen also brings with it bad cyber habits and additional cyber risk – making it necessary for organizations to invest in Security Awareness Training to ensure, even while working at home, users remain vigilant against increased cyberattacks.

Blog post with links:

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: MSSP Cybersecurity Report: Average Data Breach in U.S. Costs $9.4 Million:

PPS: Hardware With Built-In Security Could Be More Secure Than Software, Experts Say. But Can It?:

Quotes of the Week  
"In any moment of decision, the best thing you can do is the right thing, the next best thing is the wrong thing, and the worst thing you can do is nothing."
- Theodore Roosevelt (1858 – 1919)

"Friendship improves happiness and abates misery, by the doubling of our joy and the dividing of our grief."
- Marcus Tullius Cicero - Orator and Statesman (106 - 43 BC)

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog

Security News

[HUMOR] Unconventional Security Awareness Advice

By Javvad Malik.

October is Cybersecurity Awareness Month, and you are undoubtedly being bombarded with some fantastic advice on how to stay cyber safe.

All the advice means well, but simply put, it all becomes a bit same-y after a while. Hover over links, verify who sent you the email, don't send $2k worth of gift cards to a recently departed relative you didn't know existed.

While all of this and more is good advice, I'm a firm believer in teaching principles as opposed to lists of things to do and to not do. These are the principles I believe can help anyone become more security savvy, and perhaps a more successful individual overall.


Scammer Continues Phishing From Prison

Dutch authorities have announced that an imprisoned scammer was running a phishing operation from his jail cell, Cybernews reports. The crook used four mobile phones to post malicious ads on Marktplaats, a popular Dutch classifieds site.

The Northern Netherlands District Prosecutor's Office said in a statement that the scammer targeted more than a thousand people over the course of a few months.  "In the summer of 2021, a few months after the 23-year-old suspect from Groningen was sentenced to 42 months in prison for large-scale cybercrime, the Public Prosecution Service was informed that a telephone had been found in his cell," the statement said.

"This investigation shows that this suspect from the PI was engaged in exactly the same offenses for which he was convicted: phishing and fraud. That same summer, another device was found in the suspect's cell. And shortly afterwards device three that was found in his bird's food and some time later a fourth device.

"All the phones found in the suspect's cell contain the same thing: phishing and fraud. On his phone were more than 1000 conversations that he had on marktplaats, trying to get people to click on a link." The authorities have also accused a 22-year-old man from the Netherlands of assisting in the campaign.

Blog post with links:

What KnowBe4 Customers Say

"KnowBe4 introduced us to their security culture experts, which was game changing for us. As far as I’m concerned, Perry Carpenter from KnowBe4 is the most important person in information security today because he is such an authority on transforming how people see security, identifying their behaviors about it and understanding how they react to it. Because of KnowBe4, we changed the name of what we do. We no longer run a security program. We run a security awareness, behavior and culture program."

- J.R., CIO / CISO

"I have had the distinct privilege of working with Bill B. during our implementation of KnowBe4 (wonderful product btw) at our Hospital.

"At this time I would like to commend Bill for his professionalism, in-depth technical knowledge, timely communication and availability to always jump on a call to answer questions and provide guidance on best-practice solutions based on experience that really work well.

"I have found Bill to be extremely charming throughout our engagement, with a great sense of humor and a personal approach that instantly makes everyone feel at ease. Bill has made the entire process easy and smooth and it is always a pleasure talking with him.

"I consider him, for all the reason noted above, to be a major asset to KnowBe4 and someone who really embodies and exemplifies the title "Customer Success"   Manager. He helped us succeed and continues to be an invaluable contact and I have no doubt he has and will help everyone else succeed he works with! Bill you are amazing! Many thanks in advance."

- D.L., Technical Analyst Servers

"We have been very pleased w/ the KnowBe4 platform and are extremely happy we switched from a different provider. More importantly, the KnowBe4 team has done an exceptional job and have been terrific to work with. Those team members who have helped us include Cristina P., Wes B. and Rodolfo C. Thanks for reaching out and I hope you have a great weekend."

- S.B., VP of IT

The 10 Interesting News Items This Week
  1. Security Awareness Training Must Evolve to Align With Growing E-Commerce Security Threats:

  2. Scammers Leveraging Microsoft Team GIFs in Phishing Attacks:

  3. Chinese gov't hackers using 'diverse' toolset to target Asian prime ministers, telecoms:

  4. Cyberattacks Are Now Increasingly Hands-On, Break Out More Quickly:

  5. Russian hackers use new info stealer malware against Ukrainian orgs:

  6. U-Haul discloses data breach exposing customer driver licenses:

  7. Fears grow of Russian spies turning to industrial espionage:

  8. Gartner Survey Shows 75% of Organizations Are Pursuing Security Vendor Consolidation in 2022:

  9. Say Hello to Crazy Thin 'Deep Insert' ATM Skimmers:

  10. North Korea's Lazarus hackers are exploiting Log4j flaw to hack U.S. energy companies:

Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

Topics: Cybercrime, KnowBe4

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews