CyberheistNews Vol 13 #07 [Scam of the Week] The Turkey-Syria Earthquake



Cyberheist News

CyberheistNews Vol 13 #07  |   February 14th, 2023

[Scam of the Week] The Turkey-Syria EarthquakeStu Sjouwerman SACP

Just when you think they cannot sink any lower, criminal internet scum is now exploiting the recent earthquake in Turkey and Syria.

Less than 24 hours after two massive earthquakes claimed the lives of tens of thousands of people, cybercrooks are already piggybacking on the horrible humanitarian crisis. You need to alert your employees, friends and family... again.

Just one example are scammers that pose as representatives from a Ukrainian charity foundation that seeks money to help those affected by the natural disasters that struck in the early hours of Monday.

There are going to be a raft of scams varying from blood drives to pleas for charitable contributions for victims and their families. Unfortunately, this type of scam is the worst kind of phishbait, and it is a very good idea to inoculate people before they get suckered into falling for a scam like this.

I suggest you send the following short alert to as many people as you can. As usual, feel free to edit:

[ALERT] "Lowlife internet scum is trying to benefit from the Turkey-Syria earthquake. The first phishing campaigns have already been sent and more will be coming that try to trick you into clicking on a variety of links about blood drives, charitable donations, or "exclusive" videos.

"Don't let them shock you into clicking on anything, or open possibly dangerous attachments you did not ask for! Anything you receive about this recent earthquake, be very suspicious. With this topic, think three times before you click. It is very possible that it is a scam, even though it might look legit or was forwarded to you by a friend -- be especially careful when it seems to come from someone you know through email, a text or social media postings because their account may be hacked.

"In case you want to donate to charity, go to your usual charity by typing their name in the address bar of your browser and do not click on a link in any email. Remember, these precautions are just as important at the house as in the office, so tell your friends and family."

It is unfortunate that we continue to have to warn against the bad actors on the internet that use these tragedies for their own benefit. For KnowBe4 customers, we have a few templates with this topic in the Current Events. It's a good idea to send one to your users this week.

Blog post with links:
https://blog.knowbe4.com/scam-of-the-week-the-turkey-syria-earthquake

[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist

Now there's a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform!

The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever leaving the PhishER console.

Join us TOMORROW, Wednesday, February 15, @ 2:00 PM (ET) for a live 30-minute demonstration of PhishER, the #1 Leader in the G2 Grid Report for SOAR Software.

With PhishER you can:

  • NEW! Immediately add user-reported email threats to your Microsoft 365 Blocklist from your PhishER console
  • Easily search, find, and remove email threats with PhishRIP, PhishER's email quarantine feature for Microsoft 365 and Google Workspace
  • Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
  • Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
  • Easy integration with KnowBe4's email add-in button, Phish Alert, or forwarding to a mailbox works too!

Find out how adding PhishER can be a huge time-saver for your Incident Response team!

Date/Time: TOMORROW, Wednesday, February 15, @ 2:00 PM (ET)

Save My Spot!
https://info.knowbe4.com/phisher-demo-february-2023?partnerref=CHN2

Spear Phishing Attacks Increase 127% As Use of Impersonation Skyrockets

Impersonation of users, domains and brands is on the rise, as is the use of malicious links, in response to security vendors improving their ability to detect malicious attachments.

I talk often about the back-and-forth that exists between cybercriminal groups and security vendors. Security solutions improve their detection capabilities, and threat actors work tirelessly to find new ways to evade detection. New data found in GreatHorn's 2023 State of Email Security report shows that this is exactly what's been happening in the last 12 months.

Let me paint the picture for you – according to the report, in 2022:

  • Microsoft and Google have improved their attachment scanning capabilities
  • Spear phishing increases 127% to focus specific scam themes on specific targets
  • Executive Impersonation jumps 344% making the attack seemingly come from a trusted source
  • 43% of all potentially dangerous emails are now impersonation emails
  • All of the top 20 malicious links used were from compromised domains with positive reputation scores to bypass native scanning controls, such as those used by various Google services

In essence, the cybercriminals now realize they can't really use malicious attachments, so they're realizing they need to find a balance between great social engineering against targeted victims, use of impersonation, and the use of legitimate sites to host the malicious payload to achieve this next evolution of attacks.

According to GreatHorn, most attacks take between one and four steps to get the victim user to interact with the malicious payload.

This means you have a bunch of users that unwittingly follow a set of unusual and unnecessary clicks that they should know better than to follow – something they learn very quickly if they are enrolled in new-school security awareness training. Attackers will continue to evolve their craft, so your users need to stay up to date on the latest attacks.

Blog post with links:
https://blog.knowbe4.com/spear-phishing-impersonation-attacks-increase-127-percent

Are Your Users Making Risky Security Mistakes? Deliver Real-Time Coaching in Response to Risky User Behavior with SecurityCoach

Do you need an easy, automated way to provide real-time feedback the moment your users make risky mistakes to help reinforce the training campaigns you manage today?

SecurityCoach is a new offering from KnowBe4 designed to help you develop a strong security culture by enabling real-time security coaching of your users in response to their risky security behavior.

Based on alerts generated by your existing security stack products, SecurityCoach analyzes and identifies detected threat events to send your users a contextual, real-time SecurityTip at the moment risky behavior occurs.

Join us Wednesday, February 22, @ 2:00 PM (ET) for a demonstration of how SecurityCoach enables real-time security coaching of your users in response to risky security behavior.

What SecurityCoach Means for You:

  • Coach users in real-time based on their own real-world behavior, reinforcing comprehension and retention of your security training, best practices, and established security policies
  • Build custom campaigns for high-risk users or roles that are considered a valuable target for cybercriminals
  • Measure and report on improved real-world security behavior across your organization, providing justification for continued investment
  • Reduce the burden on the SOC and improve efficacy through automation and reducing alert noise caused by users repeating risky security behaviors
  • Gain additional value from your existing security stack by integrating with common security products and services

See how SecurityCoach can help you to develop a strong security culture by enabling real-time security coaching of your users in response to their risky security behavior.

Date/Time: Wednesday, February 22, @ 2:00 PM (ET)

Save My Spot!
https://event.on24.com/wcc/r/4117873/342D6A8F51B1C1D7CF96908518CB0F28?partnerref=CHN

Thinking Critically About Your Online Behavior

Employees need to adjust their mindsets in order to defend themselves against social engineering attacks, according to Jonathon Watson at Clio. In an article for Dark Reading, Watson explains that security training should emphasize that employees should build habits to follow security practices in their personal and professional lives.

"In addition to mandatory and routine training and security tools, the best way to ensure employees are vigilant about potential risks is to help them reframe their online mindset while encouraging them to leverage critical thinking in evaluating and defending against internal and external threats," Watson says.

"Helping employees develop a healthier understanding of what's at stake when they engage online — and the value of the information they interact with once there — can strengthen digital habits and build more mindful, proactive thinking when faced with a threat or even before one occurs."

Organizations should also have a process for their employees to report suspicious activity.

"When people realize the value of their data, they're more vigilant and protective of it," Watson says. "But your employees should also feel encouraged to proactively ask questions about risks and formulate better ways to protect themselves. For example, your teams should have access to and familiarity with a standardized communication plan for when they receive phishing texts or emails."

This type of training can give your organization an essential layer of defense by giving your employees a healthy sense of suspicion.

"When employees understand how their day-to-day behaviors — no matter how small — can expose sensitive data, they're less likely to introduce risk in the first place," Watson writes. "While you strive to train employees on how to protect data in every scenario, building a habit of vigilance reduces the amount of reactive problem-solving required in the first place.

"Improving your employees' fundamental understanding and respect for the value of data shields your organization from digital threats. But without reinforcing this understanding through ongoing mindset shifts, the status quo and security theater of repetitive privacy notifications will make employees feel more complacent."

New-school security awareness training enables your employees to follow security best practices so they can thwart social engineering attacks.

Blog post with links:
https://blog.knowbe4.com/thinking-critically-about-your-online-behavior

[NEW WHITE PAPER] 10 Tips to Run a Successful Compliance Training Program

Has compliance training been a continuous challenge to get right? You're not alone. Many organizations have struggled with implementing compliance training that is effective, easy to deliver and something that their users get excited about.

In our whitepaper, John Just, KnowBe4's Chief Learning Officer, shares his top 10 tips to make compliance training easier for you and more effective for your organization.

In this whitepaper you'll learn:

  • Common obstacles organizations run into with compliance training programs
  • Ten tips you can apply to get the most out of your program
  • Strategies your peers have implemented to improve their compliance training

Find out how to keep your users on their toes with compliance, risk and workplace safety top of mind!

Download Now:
https://info.knowbe4.com/wp-10-tips-successful-compliance-training-program-chn


Let's stay safe out there.

Warm Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: Check out this new Buyer's Guide: Using SOAR in Your Automated Incident Response Plan:
https://info.knowbe4.com/wp-buyers-guide-using-soar-your-automated-incident-response-plan

Quotes of the Week  
"Pleasure in the job puts perfection in the work."
- Aristotle - Philosopher (384 - 322 BC)

"If you don't know where you are going, any road will take you there."
- Lewis Carroll - Writer (1832 - 1898)

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-13-07-scam-of-the-week-the-turkey-syria-earthquake

Security News

Do Not Fall Victim to Cyber Attacks – Find Out What the Latest Hiscox Report Reveals!

By Javvad Malik

Insurance provider Hiscox has published its fifth annual cyber readiness report, which has some eye-opening statistics.

Over the last five years, the percentage of companies that have been attacked has bounced around from 43% to a high of 61%, making it the most common threat for U.K. businesses.

Company size does not matter, as even companies with annual profits of $100,000 to $500,000 are experiencing as many cyber attacks as those that earn $1m to $9m – making cyber threat prevention all the more important.

As is to be expected, the COVID-19 pandemic has only made the situation worse, with 36% of businesses citing remote working as a risk factor. The reports show that ransomware incidents have increased from 17% to 19%, often spread through phishing emails and malware.

The Financial Services and TMT (Technology, Media, and Telecom) industries have been in the top spots for reporting at least one cyber attack for the last three years, with Energy also appearing in the top three for the last two years.

An interesting part of the report is what organizations invested in after a cyber attack. Around two out of five experts said they had put additional cybersecurity and audit requirements in place (41%), stepped-up employee training (39%) and improved preparations for cyber attacks (39%).

It is clear that phishing emails are a major cause of security incidents, and many organizations are investing in new-school security awareness training after the fact. But why not take a proactive approach and focus on building a strong cybersecurity culture from the start? Doing so can help lessen the chances of a successful attack and save you from costly incidents down the line.

Blog post with links:
https://blog.knowbe4.com/do-not-fall-victim-to-cyber-attacks-hiscox-report

Your Untrained Users Are Opening BEC Emails at High Rates

Researchers at Abnormal Security have found that 28% of business email compromise (BEC) attacks are opened by users, and 15% are replied to. Sales employees had the highest rate of open rates due to their vendor- and customer-facing roles.

"It's not surprising to see that employees in sales-oriented roles are more likely to read and respond to malicious emails," the researchers write. "These positions rely heavily on email correspondence, are usually among the most public-facing in an organization, and often involve interacting with a variety of different departments and vendors—not to mention customers.

"Additionally, the roles are traditionally commission-based, which means employees are financially motivated to be helpful, respond to inquiries quickly, and resolve issues promptly."

The researchers also found that only 2% of malicious emails are reported by employees. "Some employees may believe that as long as they don't engage with the attacker, they have fulfilled their obligation to the organization," the researchers write. "But security professionals know that opting to just delete the email without reporting it can be almost as damaging since it eliminates the opportunity for the security team to warn other employees about the attack.

"Employees need to understand that a message that they immediately recognize as a phishing attack or attempted invoice fraud may not raise any red flags for a colleague. And if they don't report it, the threat actor can move on to their next target.

"The report notes that large organizations are more likely to be targeted by supply chain BEC attacks. While the likelihood of any organization being targeted by a supply chain compromise attack has risen over time, we saw a notable increase in the second half of 2022," the researchers write.

"For an organization with 5,000-10,000 employees, the probability of experiencing an attack grew by 26%, from 53% to 67%, between Q3 and Q4. Similarly, for an organization with more than 10,000 employees, the likelihood jumped by 22%, from 57% to 70%.

"Because threat actors know that companies are closing out their books at the end of the year, they tend to ramp up their attacks at the start of Q4. This is likely due to the fact that not only do organizations tend to be busier and thus more distracted, but there is also typically an increase in legitimate financial requests during this time period."

New-school security awareness training can enable your employees to follow security best practices so they can thwart social engineering attacks.

Abnormal Security has the story:
https://abnormalsecurity.com/resources/h1-2023-report-employee-open-rates

What KnowBe4 Customers Say

"I'll share our PhishER stats with you, out of 12,566 reported emails, 900 were ACTUAL Threats. That's 900 that made it through gateway end protection! KnowBe4 products & the PAB [Phish Alert Button] have proven their value to me time and again and shows everything working as it should!"

- Source withheld upon request :-D

The 10 Interesting News Items This Week
  1. Foreign states already using ChatGPT maliciously, U.K. IT leaders believe:
    https://www.csoonline.com/article/3687089/foreign-states-already-using-chatgpt-maliciously-uk-it-leaders-believe.html

  2. New cybersecurity data reveals persistent social engineering vulnerabilities:
    https://www.techrepublic.com/article/persistent-social-engineering-vulnerabilities/

  3. U.S., U.K. Sanction 7 Russians for Running Infamous Trickbot Malware:
    https://www.pcmag.com/news/us-uk-sanction-7-russians-for-running-infamous-trickbot-malware

  4. U.K. Politician's Email Hacked by Suspected Russian Threat Actors:
    https://www.infosecurity-magazine.com/news/uk-politician-email-hacked-russian/

  5. Upcoming Hulu Series on the mystery of the Ashley Madison Breach. This should be interesting:
    https://krebsonsecurity.com/2023/02/krebsonsecurity-in-upcoming-hulu-series-on-ashley-madison-breach/

  6. Microsoft accuses Iran's government of operation against Charlie Hebdo:
    https://therecord.media/charlie-hebdo-hacking-iran-microsoft/

  7. Russian hackers using new Graphiron information stealer in Ukraine:
    https://www.bleepingcomputer.com/news/security/russian-hackers-using-new-graphiron-information-stealer-in-ukraine/

  8. Russian man pleads guilty to laundering Ryuk ransomware money:
    https://www.bleepingcomputer.com/news/security/russian-man-pleads-guilty-to-laundering-ryuk-ransomware-money/

  9. Customizable new DDoS service already appears to have fans among pro-Russia hacking groups:
    https://therecord.media/passion-botnet-customizable-pro-russia-hackers/

  10. Supply Chain Attack by New Malicious Python Package, "web3-essential":
    https://www.fortinet.com/blog/threat-research/supply-chain-attack-by-new-malicious-python-package-web3-essential

Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

Topics: Cybercrime, KnowBe4



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews