CyberheistNews Vol 13 #10 | March 7th, 2023
[Eye Opener] BusinessWeek: The Satellite Hack Everyone Is Finally Talking About
This week, Bloomberg News pointed at a brand-new article at BusinessWeek, one of their media properties. This is an excellent article that exposes the vulnerabilities when communications systems are not secure by design. It is an excellent wake-up call for your C-level execs and powerful budget ammo.
They started out with: "As Putin began his invasion of Ukraine, a network used throughout Europe—and by the Ukrainian military—faced an unprecedented cyberattack that doubled as an industrywide wake-up call. What they refer to is the Viasat hack. The KnowBe4 blog initially reported on this hack on March 24, 2022 here: https://blog.knowbe4.com/wired-a-mysterious-satellite-hack-has-victims-far-beyond-ukraine and in our CyberheistNews May 17, 2022 here: https://blog.knowbe4.com/cyberheistnews-vol-12-20-heads-up-now-you-need-to-watch-out-for-spoofed-vanity-urls.
The article continues to describe how a large number of Viasat customers lost connectivity. Here is a quote: "Viasat staffers in the U.S., where the company is based, were caught by surprise, too. Across Europe and North Africa, tens of thousands of internet connections in at least 13 countries were going dead.
"Some of the biggest service disruptions affected providers Bigblu Broadband PLC in the U.K. and NordNet AB in France, as well as utility systems that monitor thousands of wind turbines in Germany. The most critical affected Ukraine: Several thousand satellite systems that President Volodymyr Zelenskiy's government depended on were all down, making it much tougher for the military and intelligence services to coordinate troop and drone movements in the hours after the invasion."
"Industry was caught flat-footed," says Gregory Falco, a space cybersecurity expert who has advised the U.S. government. "Ukrainians paid the price. The war is really just revealing the capabilities," says Erin Miller, who runs the Space Information Sharing and Analysis Center, a trade group that gathers data on orbital threats. Cyberattacks affecting the industry, she says, have become a daily occurrence. The Viasat hack was widely considered a harbinger of attacks to come."
For many end-users, the frustrating thing about the Viasat hack is that, unlike with a phishing attack, there was nothing they could have done to prevent it. But the Russians (this smells like GRU) would have to know a lot of detail about Viasat's systems to execute an attack like this. They probably had compromised the Viasat networks for months or years. And highly likely their initial attack vector was social engineering.
Blog post with (many) links, including the BusinessWeek article:
https://blog.knowbe4.com/eye-opener-businessweek-the-satellite-hack-everyone-is-finally-talking-about
Apparently Viasat got the message and they are now offering security service to the industry: "Viasat Launches Cybersecurity Service Using Classified Threat Intelligence to Help Protect U.S. Businesses and Critical Infrastructure."
Link to press release:
https://www.prnewswire.com/news-releases/viasat-launches-cybersecurity-service-using-classified-threat-intelligence-to-help-protect-us-businesses-and-critical-infrastructure-301760638.html
A Master Class on Cybersecurity: Roger A. Grimes Teaches Data-Driven Defense
Even the world's most successful organizations have significant weaknesses in their cybersecurity defenses, which today's determined hackers can exploit at will. There's even a term for it: Assume Breach.
But assuming you'll be hacked isn't an option for you. Your organization can't afford a loss of assets or downtime. And nobody knows this more than Roger A. Grimes, Data-Driven Defense Evangelist at KnowBe4.
With 30+ years of experience as an IT security consultant, instructor, and award-winning author, Roger has dedicated his life to making sure you're prepared to defend against quickly-evolving cybersecurity threats. He wrote the book on it, literally - A Data-Driven Computer Security Defense.
Join Roger A. Grimes for this thought-provoking webinar where he'll share the most common reasons for data breaches and a data-driven approach to determining your organization's specific weaknesses.
You'll walk away from this session understanding:
- What most organizations are doing wrong and how to fix it
- How to build an action plan to improve your cybersecurity effectiveness
- Why a strong human firewall is your best last line of defense
Start creating your data-driven defense plan today!
Date/Time: THIS WEEK, Wednesday, March 8 @ 1:00 PM (ET)
Can't attend live? No worries — register now and you will receive a link to view the presentation on-demand afterwards.
Save My Spot!
https://info.knowbe4.com/data-driven-defense-mc?partnerref=CHN2
Thousands of NPM Packages Used to Spread Phishing Links
Researchers at Checkmarx warn that attackers uploaded more than 15,000 packages to NPM, the open-source repository for JavaScript packages, to distribute phishing links. The packages themselves weren't malicious, but they contained README text files with links to phishing sites.
"The attackers used a large number of packages with names related to hacking, cheats, and free resources to promote their phishing campaign," the researchers write. "Some of the package names included 'free-tiktok-followers,' 'free-xbox-codes,' and 'instagram-followers-free.'
"These names were designed to lure users into downloading the packages and clicking on the links to the phishing sites. The descriptions of all the packages we found contained links to phishing sites."
The websites attempt to steal credentials before directing the users to legitimate retail websites, which generates referral rewards for the scammers.
"The messages in these packages attempt to entice readers into clicking links with promises of game cheats, free resources, and increased followers and likes on social media platforms like TikTok and Instagram," the researchers write. "The phishing campaign linked to many unique URLs across many domains, with each domain hosting multiple phishing webpages under different paths.
The phishing pages are convincing, and sometimes contain phony chatbots that will respond to users. Checkmarx has notified NPM's security team about the campaign. "The deceptive webpages are well-designed and, in some cases, even include fake interactive chats that appear to show users receiving the game cheats or followers they were promised," the researchers write.
"These chats will even respond to messages if the reader chooses to participate, but these are all automated and fabricated. This highlights the need for caution when interacting with links in packages and the importance of only using trusted sources."
New-school security awareness training teaches your employees to recognize social engineering tactics so they can avoid falling for phishing attacks.
Blog post with links:
https://blog.knowbe4.com/npm-packages-spread-phishing-links
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blocklist
Now there's a super easy way to keep malicious emails away from all your users through the power of the KnowBe4 PhishER platform!
The new PhishER Blocklist feature lets you use reported messages to prevent future malicious email with the same sender, URL or attachment from reaching other users. Now you can create a unique list of blocklist entries and dramatically improve your Microsoft 365 email filters without ever leaving the PhishER console.
Join us Wednesday, March 15, @ 2:00 PM (ET) for a live 30-minute demo of PhishER, the #1 Leader in the G2 Grid Report for SOAR Software. With PhishER you can:
- NEW! Immediately add user-reported email threats to your Microsoft 365 blocklist from your PhishER console
- Easily search, find, and remove email threats with PhishRIP, PhishER's email quarantine feature for Microsoft 365 and Google Workspace
- Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
- Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
- Easy integration with KnowBe4's email add-in button, Phish Alert, or forwarding to a mailbox works too!
Find out how adding PhishER can be a huge time-saver for your Incident Response team!
Date/Time: Wednesday, March 15, @ 2:00 PM (ET)
Save My Spot!
https://info.knowbe4.com/phisher-demo-march-2023?partnerref=CHN
Business Email Compromise Gang Gets Jail Time for Stealing Millions
An international cybercriminal operation responsible for millions of dollars in business email compromise (BEC) scams has finally been dismantled.
According to Europol, "Five action days took place between January 2022 and 2023 in France and Israel, leading to eight house searches and eight arrests, including the alleged Israeli gang leader."
This group primarily targeted victims in France, with one particular case stealing over $500,000 via wire transfer. Per Europol, the investigation revealed that money mules were operating for the gang in various sections of Europe.
We've previously discussed how BEC attacks are one of the most costly types of attacks for organizations, with one example of a group responsible for stealing nearly $12 million from 12 companies via BEC scams.
The genesis of these types of attacks start with social engineering. Hackers will do everything in their power to trick your users into sharing confidential information with them. That's why training your end-users is so important. The sooner your users learn how to spot these types of attacks, the less risk your organization could face.
Blog post with links:
https://blog.knowbe4.com/business-email-compromise-gang-gets-jail-time-for-stealing-millions
Incredible Email Hacks You'd Never Expect and How You Can Stop Them
If you think the only way your network and devices can be compromised via email is phishing, think again!
A majority of data breaches are caused by attacks on the human layer, but email hacking is much more than phishing and launching malware. From code execution and clickjacking to password theft and rogue forms, cybercriminals have more than enough email-based tricks that mean trouble for your InfoSec team.
In this on-demand webinar, Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist and security expert with over 30-years of experience, explores many ways hackers use social engineering and phishing to trick your users into revealing sensitive data or enabling malicious code to run.
Roger shows you how hackers compromise your network. You'll also see incredible demos including a (pre-filmed) hacking demo by Kevin Mitnick, the World's Most Famous Hacker and KnowBe4's Chief Hacking Officer.
Roger teaches you:
- How remote password hash capture, silent malware launches and rogue rules work
- Why rogue documents, establishing fake relationships and tricking you into compromising your ethics are so effective
- The ins and outs of clickjacking
- Actionable steps on how to defend against them all
Email is still a top attack vector cybercriminals use. Don't leave your network vulnerable to these attacks.
Watch Now!
https://info.knowbe4.com/incredible-email-hacks-chn
The U.S. National Cybersecurity Strategy Is Out; "Ransomware Attacks Upgraded to National Security Threat"
The White House Thursday morning released the National Cybersecurity Strategy, intended by the executive branch to "secure the full benefits of a safe and secure digital ecosystem for all Americans," in a fact sheet also released Thursday. The strategy refocuses roles, responsibilities, and resource allocations in the digital ecosystem, with a five pillar approach.
The strategy is intended to prioritize defensibility, resiliency, and values alignment. It has five core tenets: critical infrastructure defense, disruption of threat actors, shaping of market forces, investments in future resiliency, and international collaboration.
For more on the U.S. National Cybersecurity Strategy, see this link at CyberWire Pro:
https://thecyberwire.com/stories/fc4550c4929a45549b7c6b64d6e94e84/the-us-national-cybersecurity-strategy-is-out
Ransomware Features Heavily In The Strategy
Anne Neuberger, the deputy national security adviser for cyber and emerging technology, said one of the biggest changes was a shift to declaring the ransomware issue a "national security threat."
In a press briefing, she said ransomware was something they had "already begun to tackle through domestic work targeting the most virulent ransomware actors." She touted the recent FBI action taken to dismantle infrastructure used by the Hive ransomware group and highlighted the International Counter Ransomware Initiative, which involves the U.S. and 36 countries.
More at The Record:
https://therecord.media/national-cyber-strategy-to-push-mandatory-regulations-more-offensive-cyber-action/
White House Fact Sheet:
Biden-Harris Administration Announces National Cybersecurity Strategy Fact Sheet:
https://www.whitehouse.gov/briefing-room/statements-releases/2023/03/02/fact-sheet-biden-harris-administration-announces-national-cybersecurity-strategy/
Let's stay safe out there.
Warm Regards,
Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.
PS: Your KnowBe4 Fresh Content Updates from February 2023:
https://blog.knowbe4.com/your-knowbe4-fresh-content-updates-from-february-2023
- William Arthur Ward - Writer (1921 - 1994)
- Vernon Law - American former baseball pitcher (1930 - )
You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-13-10-eye-opener-businessweek-the-satellite-hack-everyone-is-finally-talking-about
CISA Red Team Assessment Demonstrates the Effectiveness of Phishing Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) conducted a red team assessment for a critical infrastructure organization with the goal of gaining access to the organization's sensitive business systems. The red team began with open-source reconnaissance to set up spearphishing attacks targeting the organization's employees.
"The team first conducted open-source research to identify potential targets for spearphishing," CISA said in its summary of the operation. "Specifically, the team looked for email addresses as well as names that could be used to derive email addresses based on the team's identification of the email naming scheme.
"The red team sent tailored spearphishing emails to seven targets using commercially available email platforms. The team used the logging and tracking features of one of the platforms to analyze the organization's email filtering defenses and confirm the emails had reached the target's inbox."
Two out of the seven targeted employees fell for the phishing emails
After making contact with these employees, the red team convinced them to join a virtual meeting and tricked them into downloading a file. "The team built a rapport with some targeted individuals through emails, eventually leading these individuals to accept a virtual meeting invite," the agency said.
"The meeting invite took them to a red team-controlled domain with a button, which, when clicked, downloaded a 'malicious' ISO file. After the download, another button appeared, which, when clicked, executed the file."
After gaining access, the team was then able to move within the network undetected. "After gaining access and leveraging Active Directory (AD) data, the team gained persistent access to a third host via spearphishing emails," CISA said. "From that host, the team moved laterally to a misconfigured server, from which they compromised the domain controller (DC).
"They then used forged credentials to move to multiple hosts across different sites in the environment and eventually gained root access to all workstations connected to the organization's mobile device management (MDM) server."
The red team was finally thwarted by multifactor authentication measures just before gaining access to the organization's sensitive business systems. CISA noted, however, that "[d]espite having a mature cyber posture, the organization did not detect the red team's activity throughout the assessment, including when the team attempted to trigger a security response."
CISA recommends that, among other things, organizations should provide employees with regular phishing awareness training, stating that phishing "accounts for the majority of initial access intrusion events."
Note that industrial and other infrastructure organizations aren't immune to social engineering. New-school security awareness training gives your org an essential last layer of defense by teaching your employees how to thwart social engineering attacks.
CISA has the story:
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a
Phishing With Hotel Reservations From "Booking.com"
The Singapore Police Force has warned of a phishing campaign that's impersonating employees from the hotel reservation service Booking.com, Stomp reports.
"The Police have observed a trend of hotel-related phishing scams where the victims had made reservations for rooms via Booking.com," the Singapore police said in a statement. "Scammers would pose as representatives from the hotels and ask victims for their banking details. Since the start of 2023, the Police have received at least five reports of such scams, with reported total losses amounting to at least $8,800."
The scammers would call or message victims asking them to confirm their reservations by providing their personal and financial information.
"In this variant, victims who have made hotel reservations on Booking.com would receive a call or message via WhatsApp from scammers who claim to be representatives of the hotels," the police stated. "They would request the victims to provide personal details via a link to confirm the reservation.
"Upon clicking on the link, the victims would be re-directed to fraudulent websites to key in personal and banking details (e.g. One-Time Passwords (OTPs), passwords, or credit card numbers). In some cases, the fraudulent websites would prompt the victims to make payments to confirm the reservation.
"Victims would only realize that they had been scammed when they contact the hotel or Booking.com or when they discovered unauthorized transactions on their bank accounts/credit cards."
The Singapore police offer the following recommendations to help people avoid falling for these attacks:
- "Always verify the authenticity of the information with the hotels through the official contact details listed on the hotels' webpages
- "Do not click on URL links provided in unsolicited messages. Look out for tell-tale signs of a phishing website
- "Never disclose your personal or Internet banking details and OTPs to anyone
- "Report any fraudulent transactions to your bank immediately"
Note that these incidents are cases of impersonation, and don't involve any compromise of Bookings.com. New-school security awareness training enables your employees to recognize phishing and other social engineering attacks.
Stomp has the story:
https://stomp.straitstimes.com/singapore-seen/victims-lose-88k-to-phishing-scams-linked-to-reservations-on-bookingcom-since-start
What KnowBe4 Customers Say
"Hello Stu, Thanks for reaching out! We are very happy with the training, the testing experience, and the customer service. We are very happy campers here. 😊
"The overall reception of the testing and training program has been very positive, and we are very pleased with the PAB and PhishER functionality as well. We just wrapped up our baseline phishing campaign last week, and we are very excited to start doing regular phishing campaigns and trainings.
As an added bonus, everyone I have met from KnowBe4 has been a pleasure to work with - sales, customer success, billing, and technical support ~ they have all been wonderful!"
- V.J., InfoSec Analyst
"Hello Stu,
"How pleasant it is to see senior management following up on a new customer. But then this is consistent with the quality we have experienced with the KnowBe4 product to date.
"It is still early days for us but it has been an impressive ride so far. I would want to especially acknowledge our account contact, Darlene M. While she has met expectations in knowledge and communication, there was one particular event of note.
"We were getting ready to start our first survey/training campaign, and kind-of last minute emailed a key question that would have a large impact on dissemination of the campaign material.
"Apparently Darlene was in a meeting yet (she apparently reads her email in meetings as do most of us) she broke free long enough to ask a co-worker(?) to call and assist us in configuring the product.
"Frankly, in our experience, support tends to be more land turtle than rabbit. Her actions were a delight and the caller ability to communicate a some-what complicated procedure was the feel good victory of the day.
"I've also noticed in the bi-weekly meetings of our management group that there is a growing trust in the software. Non-IT stake holders are reaching a level of comfort where they have started asking advanced questions and speculating on future development of the program.
"There was a wall at first about the whole concept of phishing testing and training but that lays in ruins now. If you don't mind, I'd like to share with you my quote of late, "KnowBe4 is a Training program with assessment, not a Testing program with training."
"I guess, in the end, we should just say that we are pleased with the software and look forward to a protracted relationship."
- A.D., I.T. Technician
- News Corp says state hackers were on its network for two years:
https://www.bleepingcomputer.com/news/security/news-corp-says-state-hackers-were-on-its-network-for-two-years/ - Tech manufacturers are leaving the door open for Chinese hacking, CISA Easterly warns:
https://therecord.media/tech-manufacturers-are-leaving-the-door-open-for-chinese-hacking-easterly-warns/ - As Social Engineering Attacks Skyrocket, Evaluate Your Security Education Plan:
https://www.darkreading.com/endpoint/as-social-engineering-attacks-skyrocket-evaluate-your-security-education-plan - How the Ukraine War Opened a Fault Line in Cybercrime, Possibly Forever:
https://www.darkreading.com/analytics/ukraine-war-fault-line-cybercrime-forever - U.S. Marshals Service leaks 'law enforcement sensitive information' in ransomware incident:
https://www.theregister.com/2023/02/28/us_marshals_ransomware_data_exfiltration/ - Senior DOJ official warns lapse of surveillance law would harm cyber investigations:
https://therecord.media/senior-doj-official-warns-lapse-of-surveillance-law-would-harm-cyber-investigations/ - CISA releases free 'Decider' tool to help with MITRE ATT&CK mapping:
https://www.bleepingcomputer.com/news/security/cisa-releases-free-decider-tool-to-help-with-mitre-attandck-mapping/ - Sale of Stolen Credentials and Initial Access Dominate Dark Web Markets:
https://www.darkreading.com/threat-intelligence/sale-of-stolen-credentials-and-initial-access-dominate-dark-web-markets - HardBit Ransomware Offers to Set Ransom Based on Victim's Cyberinsurance:
https://www.securityweek.com/hardbit-ransomware-offers-to-set-ransom-based-on-victims-cyberinsurance/ - The Time to Deploy Ransomware Drops 94%:
https://www.infosecurity-magazine.com/news/time-taken-to-deploy-ransomware/
- Your Virtual Vaca to Jordan. Petra at Night, Bubble Tents, Dead Sea, Wadi Rum Desert:
https://www.youtube.com/watch?v=Pxt7_VQAiig - Ultimate Skydiving Compilation | People Are Awesome:
https://www.flixxy.com/people-are-awesome-skydiving-edition.htm?utm_source=4 - Man Does Kayak Zip Line Through Jungle:
https://www.flixxy.com/people-are-awesome-best-of-february-2023.htm?utm_source=4 - Meet the Voice Behind Your GPS:
https://www.youtube.com/watch?v=hOLRWJVIseY - Testing $1,400 AI-Powered Electric Shoes In NYC:
https://www.youtube.com/watch?v=34k7UI-DR_8 - Lockpicking Lawyer: The MojoBox was simply SLAPPED Open!
https://www.youtube.com/watch?v=k3bS1oLEbIM - Why Architects Put Trees on Buildings (just fast forward the ads):
https://www.youtube.com/watch?v=wFNDfSa7Ak8 - Penn & Teller Fool US - Jo De Rijck returns with a mind reading Dolphin!:
https://www.youtube.com/watch?v=IdPTurhb9Hk - For Da Kids #1 - Baby beaver has uncanny object recognition:
https://www.youtube.com/watch?v=gdwDeJpweiU - For Da Kids #2 - I Hatched A Supermarket Egg... Again!" Super Cute Kid Fave:
https://www.youtube.com/watch?v=bMQ99Y64t90 - For Da Kids #3 - Elephant Shows Rhino Who's Boss!:
https://www.youtube.com/watch?v=NuDtiurkLu8 - For Da Kids #4 - Sea Turtle Shares His Jellyfish With A Diver:
https://www.youtube.com/watch?v=vsvujLNB37c - For Da Kids #5 - Behind the scenes of a meerkat photography project in Botswana. Super Cute:
https://www.youtube.com/watch?v=kJ4CYbCGhLA