CyberheistNews Vol 13 #02 [Bad Taste] There Is a New Trend in Social Engineering With a Disgusting Name; 'Pig-butchering'



Cyberheist News

CyberheistNews Vol 13 #02  |   January 10th, 2023

[Bad Taste] There Is a New Trend in Social Engineering With a Disgusting Name; 'Pig-butchering'Stu Sjouwerman SACP

The technique began in the Chinese underworld, and it amounts to an unusually protracted form of social engineering. The analogy is with fattening up a pig, then butchering it for all it's worth. In this case the analogy is a bit off, since the criminal doesn't really fatten up the pig, not that much, anyway, but it works at least this far: they develop their marks slowly, and they get the marks to fatten up the fraudulent accounts they ultimately drain.

It begins with a cold call, without there necessarily being any other preparation. "Scammers cold-contact people on SMS texting or other social media, dating, and communication platforms," Wired writes. "Often they'll simply say 'Hi' or something like 'Hey Josh, it was fun catching up last week!'"

And an act of common courtesy, telling the caller in effect they've got the wrong number, sets the social engineering in train. "If the recipient responds to say that the attacker has the wrong number, the scammer seizes the opportunity to strike up a conversation and guide the victim toward feeling like they've hit it off with a new friend. After establishing a rapport, the attacker will introduce the idea that they have been making a lot of money in cryptocurrency investing and suggest the target consider getting involved while they can."

Like any classic confidence game, pig-butchering works by developing rapport with the victim. That rapport may be rooted in loneliness (a lot of pig-butchering begins with contact on dating sites) or it may be rooted in a desire for financial gain.

That second motive is often derided as "greed," but that seems unfair–it's as often as not a desire for financial security, and the criminals use the trust the victims develop for them over time to induce them to move funds into bogus financial services accounts that the criminals can eventually access, drain and close out.

"Next, the scammer gets the target set up with a malicious app or web platform that appears trustworthy and may even impersonate the platforms of legitimate financial institutions," Wired explains. "Once inside the portal, victims can often see curated real-time market data meant to show the potential of the investment. And once the target funds their 'investment account,' they can start watching their balance 'grow.'

"Crafting the malicious financial platforms to look legitimate and refined is a hallmark of pig butchering scams, as are other touches that add verisimilitude, like letting victims do a video call with their new 'friend' or allowing them to withdraw a little bit of money from the platform to reassure them. The latter is a tactic that scammers also use in traditional Ponzi schemes."

[CONTINUED] at the KnowBe4 blog:
https://blog.knowbe4.com/there-is-a-new-trend-in-social-engineering-with-a-disgusting-name-pig-butchering

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Join us TOMORROW, Wednesday, January 11, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.

Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.

  • NEW! KnowBe4 Mobile Learner App - Users Can Now Train Anytime, Anywhere!
  • NEW! Security Culture Benchmarking feature lets you compare your organization's security culture with your peers
  • NEW! AI-Driven phishing and training recommendations for your end users
  • Did You Know? You can upload your own SCORM and video training modules into your account for home workers
  • Active Directory or SCIM Integration to easily upload user data, eliminating the need to manually manage user changes

Find out how 50,000+ organizations have mobilized their end users as their human firewall.

Date/Time: TOMORROW, Wednesday, January 11, @ 2:00 PM (ET)

Save My Spot!
https://event.on24.com/wcc/r/4054183/88BA0B2BA080B14CBD5BD0884CE0BA18?partnerref=CHN3

Using AI Large Language Models to Craft Phishing Campaigns

Researchers at Check Point have shown that Large Language Models (LLMs) like OpenAI's ChatGPT can be used to generate entire infection chains, beginning with a spear phishing email. The publicly available AI can be asked to write a targeted phishing email with perfect grammar. The researchers generated two emails, one of which directed the recipient to click on a link. The other email asked the user to download a malicious document.

"Note that while OpenAI mentions that this content might violate its content policy, its output provides a great start," the researchers write. "In further interaction with ChatGPT we can clarify our requirements: to avoid hosting an additional phishing infrastructure we want the target to simply download an Excel document. Simply asking ChatGPT to iterate again produces an excellent phishing email."

Check Point then used another AI platform, Codex, to write a working malicious macro that could be embedded in an Office document and used to download a reverse shell on the compromised machine.

Check Point notes that the AI is a neutral platform, and OpenAI has done extensive work to prevent it from being used for malicious purposes. The researchers conclude, however, that the platform can be abused to lower the bar for aspiring cybercriminals to launch phishing campaigns.

"This is just an elementary showcase of the impact of AI research on cybersecurity. Multiple scripts can be generated easily, with slight variations using different wordings," the researchers write. "Complicated attack processes can also be automated as well, using the LLMs APIs to generate other malicious artifacts.

"Defenders and threat hunters should be vigilant and cautious about adopting this technology quickly, otherwise, our community will be one step behind the attackers."

Blog post with links:
https://blog.knowbe4.com/using-ai-large-language-models-to-craft-phishing-campaigns

Other interesting recent topics intersecting AI and social engineering:

This AI cloned my voice using just three minutes of audio:
https://www.digitaltrends.com/computing/ai-voice-clone-ces-acapela/

This Artificial Intelligence (AI) Research Demonstrates How Large Language Models (LLMs) are Capable of Self-Improving:
https://www.marktechpost.com/2023/01/05/this-artificial-intelligence-ai-research-demonstrates-how-large-language-models-llms-are-capable-of-self-improving/

Defensive vs. offensive AI: Why security teams are losing the AI war:
https://venturebeat.com/security/defensive-vs-offensive-ai-why-security-teams-are-losing-the-ai-war/

The Good, the Bad and the Truth About Password Managers

We strongly recommend that you use a password manager to reduce password reuse and improve complexity, but you may be wondering if it's really worth the risk. Is it safe to store all of your passwords in one place? Can cybercriminals hack them? Are password managers a single point of failure?

Join Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist, for this new webinar where he'll walk you through these questions and more. He'll also share a new password manager hacking demo from Kevin Mitnick, KnowBe4's Chief Hacking Officer, that will reveal the real risks of weak passwords.

In this session you'll learn:

  • What your password policy should be
  • Features you should be looking for in a password management tool
  • The real risks password managers pose
  • How hackers can exploit password manager weaknesses
  • Why password management is key to building a strong security culture

Date/Time: Wednesday, January 18, @ 2:00 PM (ET)

Can't attend live? No worries — register now and you will receive a link to view the presentation on-demand afterwards.

Register Now!
https://info.knowbe4.com/truth-about-password-managers?partnerref=CHN

These Grim Figures Show That the Ransomware Problem Isn't Going Away

ZDNet summarized the problem as follows: "Up to 1,981 schools, 290 hospitals, 105 local governments and 44 universities and colleges were hit with ransomware in the US alone during 2022, demonstrating how ransomware attacks remain a significant cyber threat to the public sector and civil society.

"The figures on the number of government, education and healthcare sector organizations hit by ransomware attacks have been detailed by cybersecurity researchers at security company Emsisoft, who analyzed disclosure statements, press reports, and information posted to the dark web."

The full article (link below) noted that: "In total, 105 state and municipal government agencies disclosed that they were affected by ransomware attacks encrypting files and servers during 2022, an increase from 2021 where there were 77 reported attacks on government."

However, this may very well be just the tip of the iceberg, because the data is largely based on publicly available reports and a large percentage of victims do not disclose these incidents publicly.

We strongly suggest you watch: "A Master Class on IT Security: Roger Grimes Teaches Ransomware Mitigation" as soon as you can.

Blog post with links:
https://blog.knowbe4.com/these-grim-figures-show-that-the-ransomware-problem-isnt-going-away

Get Your Automated Security Awareness Program, ASAP!

Many IT pros don't exactly know where to start when it comes to creating a security awareness training and culture program that will work for their organization.

We've taken away all the guesswork with our Free Automated Security Awareness Program builder (ASAP). ASAP is a revolutionary tool for IT professionals that helps you build a customized Security Awareness Program for your organization. ASAP will show you the steps needed to create a fully mature training program in just a few minutes!

The program includes actionable tasks, helpful tips, training content suggestions and a task management calendar. You also have the ability to export the full program as a detailed or executive summary version in PDF format. This is great ammo to help you secure budget for your program and report out to management.

Here's how it works:

  • Answer seven questions about your organization's goals, compliance needs and culture
  • ASAP recommends suggested training content based on your answers
  • See a detailed calendar with a customized task list to get your program started
  • Easily export detailed and executive summary PDF versions of your program
  • Get a fully mature awareness program ready in five minutes

Find out what YOUR program will look like. There is no cost.

Start ASAP:
https://info.knowbe4.com/asap-chn-1

[DID YOU KNOW?] There's a Powerful New Feature in KMSAT Diamond Level

Last month our Product Team released the PasswordIQ feature for KMSAT.

PasswordIQ was inspired by the KnowBe4 password tools that IT pros use to check their Active Directory to see if their users are using shared, weak or compromised passwords.

PasswordIQ can now continuously monitor your org for any detected password vulnerabilities in the Active Directory. It checks to see if users are currently using passwords that are shared, weak, or show up in publicly available data breaches.

PasswordIQ combines multiple password tools into one easy-to-use system that organizes this data on an intuitive dashboard within your KnowBe4 console. With PasswordIQ, administrators can establish a baseline of password issues and better manage the ongoing problem of password risk across users.

PasswordIQ is included--at no charge--with your full Diamond level subscription.

More info, including a video at our support site:
https://support.knowbe4.com/hc/en-us/sections/4415492283667-PasswordIQ

[MUST-SEE VIDEO] New York Times Bestseller Red Notice, Bill Browder Speaks

Following his explosive New York Times bestseller "Red Notice," Bill Browder returns with another gripping thriller chronicling how he became Vladimir Putin's number one enemy by exposing Putin's campaign to steal and launder hundreds of billions of dollars and kill anyone who stands in his way.

Get the chance to meet your favorite author or discover your next big read at the Atlanta History Center:
https://www.youtube.com/watch?v=nsszNUSQFs8


Let's stay safe out there.

Warm Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS:[BUDGET AMMO] Ukraine War and Upcoming SEC Rules Push Boards to Sharpen Cyber Oversight:
https://www.wsj.com/articles/ukraine-war-and-upcoming-sec-rules-push-boards-to-sharpen-cyber-oversight-11671723827

Quotes of the Week  
"In character, in manner, in style, in all things, the supreme excellence is simplicity."
- Henry Wadsworth Longfellow, Poet (1807-1882)

"A vocabulary of truth and simplicity will be of service throughout your life."
- Sir Winston Churchill, Statesman (1874–1965)

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-13-02-bad-taste-there-is-a-new-trend-in-social-engineering-with-a-disgusting-name-pig-butchering

Security News

Phishing Campaigns Impersonate the U.K. Government

The U.K.'s National Cyber Security Centre (NCSC) has outlined the top six most impersonated U.K. government agencies in 2022. The most impersonated entity was the National Health Service (NHS), followed by TV Licensing, HM Revenue & Customs, Gov.uk, DVLA, and Ofgem.

"Cyber criminals often seek to exploit topical events to make their phishing attempts more convincing," the NCSC said. "In 2022, the NCSC saw scammers exploit the rising cost of living with Ofgem energy bill support scams and HMRC tax rebate scams, while scammers continued to take advantage of the coronavirus pandemic to attempt PCR test scams."

Sarah Lyons, NCSC Deputy Director for Economy and Society Resilience, stated, "We know cyber criminals try to exploit trends and current affairs to make their scams seem convincing and sadly our latest data shows 2022 was no exception. By shining a light on these scams we want to help people more easily spot the common tricks fraudsters use, so that ultimately they can stay safer online.

"There is much more advice on the NCSC's website about spotting suspicious messages, along with our Cyber Aware guidance to help people protect their devices."

The NCSC offers the following advice to help users defend themselves against these attacks:

  • "Choose carefully where you shop: Research online retailers, particularly if you haven't bought from them before, to check they're legitimate. Read feedback from people or organisations that you trust, such as consumer websites.
  • "Pay securely: Use a credit card when shopping online, if you have one. Most major credit card providers protect online purchases and are obliged to refund you in certain circumstances. Using a credit card (rather than a debit card) also means that if your payment details are stolen, your main bank account won't be directly affected. Also consider using a payment platform, such as PayPal, Google or Apple Pay. And whenever you pay, look for the closed padlock in the web address bar – it means your connection is secure."

New-school security awareness training enables your employees to recognize social engineering attacks.

Blog post with links:
https://blog.knowbe4.com/phishing-campaigns-impersonate-the-uk-government

GhostWriter Returns, with Phishing as Russian Espionage

The Polish government has issued a statement warning of an increase in Russian cyberattacks. Russian threat actors have been launching phishing attacks to steal data and money.

"False structures are also used for aggressive actions, such as websites impersonating real websites," the statement says. "In the first days of December, the CSIRT GOV Team received information about the registration of a phishing website impersonating the website in the government domain gov[dot]pl.

"The content of the fake website suggested that the President of the Republic of Poland signed a decree on compensation for Polish residents, financed from European funds. The 'I'd like to know' link led through a phishing process and then redirected to a phishing payment card page under the guise of charging a verification fee to pay compensation.

"Thanks to the intervention of the Internal Security Agency, the website was blocked. This is a typical operation aimed at sowing chaos, undermining the state, but also collecting personal data and extorting money."

The government also calls out GhostWriter, a Russian cyberespionage campaign that's been targeting Eastern European countries since 2017. "Every attack in cyberspace pursues complex objectives and has various implications – social, political or financial ones," the statement says.

"More and more often cyberattacks are used in order to spread Russian disinformation and serve Russian special services to gather data and vulnerable information. The operation that is carried out using both of these methods simultaneously is the 'GhostWriter' campaign.

"It consists in attacking email addresses and accounts in social media of public figures in the CEE countries, mainly in Poland. The authors of this campaign are trying to seize information resources for the purposes of Russian disinformation. In recent months this operation has been focused on actions against Poland."

New-school security awareness training enables your employees to make smarter security decisions every day.

The Polish Government has the story:
https://www.gov.pl/web/special-services/russian-cyberattacks

What KnowBe4 Customers Say

"Good morning Stu, Thank you for reaching out, I actually reached out to our account manager Hope M. to see if this was a test, considering how your emails are slightly different.

"I was pleased to know that this was a legitimate email, and appreciate your check-in. So far, we are very happy with KnowBe4. Here is a summary of bullet points with the highlights of our experience with KnowBe4:

  • "The training modules are easy to navigate/understand
  • "Hope, our account manager, has ensured we are taken care of every step of the process
  • "Support is quick to respond and helpful
  • "The training templates/tests are great for training our users in what phishing attacks look like

"Thank you again for checking in with us."

- P.T., Desktop Support Admin

The 10 Interesting News Items This Week
  1. Poland warns of pro-Kremlin cyberattacks aimed at destabilization:
    https://therecord.media/poland-warns-of-pro-kremlin-cyberattacks-aimed-at-destabilization/

  2. Five reasons why cybersecurity training is important in 2023:
    https://www.cybersecurity-insiders.com/five-reasons-why-cybersecurity-training-is-important-in-2023

  3. UK's Guardian contacts data protection regulator after suspected ransomware incident:
    https://therecord.media/the-guardian-contacts-data-protection-regulator-after-suspected-ransomware-incident/

  4. Ongoing Flipper Zero phishing attacks target infosec community:
    https://blog.knowbe4.com/new-crypto-scam-targets-flipper-zero-buyers-impersonating-legitimate-shops

  5. December 2022 BlackFog Global Ransomware Report [PDF]:
    https://www.blackfog.com/wp-content/uploads/2023/01/BlackFogRansomwareReport-Dec-2022.pdf

  6. Cyberattacks against governments jumped 95% in last half of 2022, CloudSek says:
    https://www.csoonline.com/article/3684668/cyberattacks-against-governments-jumped-95-in-last-half-of-2022-cloudsek-says.html

  7. Ukrainian Steals Bitcoin From Russian Darknet Market, Donates to Charity:
    https://news.bitcoin.com/ukrainian-steals-bitcoin-from-russian-darknet-market-donates-to-charity/

  8. North Korean Hackers Created 70 Fake Bank, Venture Capital Firm Domains:
    https://www.securityweek.com/north-korean-hackers-created-70-fake-bank-venture-capital-firm-domains

  9. BitRAT malware campaign uses stolen bank data for phishing:
    https://www.bleepingcomputer.com/news/security/bitrat-malware-campaign-uses-stolen-bank-data-for-phishing/

  10. Space Race: Defenses Emerge as Satellite-Focused Cyberattacks Ramp Up:
    https://www.darkreading.com/ics-ot/space-race-defenses-satellite-cyberattacks

Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

Topics: Cybercrime, KnowBe4



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews