Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    CyberheistNews Vol 13 #28 [Beware] Microsoft Teams Exploit Uses Social Engineering to Spread Malware

    Cyberheist News
    CyberheistNews Vol 13 #28  |   July 11th, 2023

    [Beware] Microsoft Teams Exploit Uses Social Engineering to Spread MalwareStu Sjouwerman SACP

    If your organization uses Microsoft Teams, then you definitely want to hear about a new way bad actors are exploiting this newly discovered cyber attack tool. "TeamsPhisher," a new tool recently discovered on GitHub, gives cyber criminals a new way to deliver malicious files directly to any Teams user.

    The genesis of this new cyber attack tool was published by the U.S. Navy Red Team due to a recently discovered vulnerability in Microsoft Teams. "TeamsPhisher" can also be used in internal or external environments.

    In an updated statement from Microsoft: "We're aware of this report and have determined that it relies on social engineering to be successful. We encourage customers to practice good computing habits online, including exercising caution when clicking on links to web pages, opening unknown files, or accepting file transfers."

    I want to emphasize that this tool relies on social engineering. One definition of social engineering is, "the art of manipulating, influencing, or deceiving you in order to gain control over your computer system." It only takes one wrong judgment call from one user to let bad actors leverage this cyber attack tool and impact your entire organization.

    Start taking steps within your organization now with new-school security awareness training. With continual end user education, your users will learn how to spot and report any suspicious activity if they ever encounter a suspicious Microsoft Teams meeting.

    Blog post with links to the original DarkReading article with technical details and how to remove the Insecure Direct Object Reference (IDOR) technique that allows this to begin with:
    https://blog.knowbe4.com/microsoft-teams-exploit-social-engineering

    [Live Demo] Ridiculously Easy Security Awareness Training and Phishing

    Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

    Join us TOMORROW, Wednesday, July 12, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.

    Get a look at FOUR NEW FEATURES and see how easy it is to train and phish your users.

    • NEW! June 2023 Phish-prone Benchmark By Industry lets you compare your percentage with your peers
    • NEW! Executive Reports - Create, tailor and deliver advanced executive-level reports
    • NEW! KnowBe4 Mobile Learner App - Users can now train anytime, anywhere!
    • NEW! use PasswordIQ to find which users are sharing passwords and which ones have weak passwords
    • See the fully automated user provisioning and onboarding

    Find out how 60,000+ organizations have mobilized their end-users as their human firewall.

    Date/Time: Wednesday, July 12, @ 2:00 PM (ET)

    Save My Spot!
    https://event.on24.com/wcc/r/4260900/2D5B5766C2EB5E51B2C0280BBCE3C996?partnerref=CHN4

    [2023 Threat Alert] Protect Your Users from 464% Hike in Social Engineering Attacks

    Email-based social engineering attacks have risen by 464% this year compared to the first half of 2022, according to a report by Acronis. Business email compromise (BEC) attacks have also increased significantly.

    "One out of 76, or 1.3%, of the received emails were malicious," the researchers write. "Phishing remains the number one threat, with these attacks making up 73% of the total. However, the business email compromise (BEC)/social engineering category has increased by 7.5 times compared to the same period of time last year, and now takes second place, moving malware — which has dropped in percentage twice — into third."

    The report summarizes several phishing campaigns that have targeted users this year, including one that posed as the IRS in order to distribute the Emotet banking Trojan. "We observed a new phishing campaign that targets U.S. taxpayers by impersonating W-9 tax forms allegedly sent by the Internal Revenue Service and companies you work with," the researchers write.

    "This campaign spreads Emotet, a malware threat that was previously distributed via malicious macros embedded in Microsoft Word and Excel documents, but now is delivered primarily via Microsoft OneNote files.

    "Tax forms are usually sent as PDF documents. If the victim clicks the 'View' button in the received One Note file and continues, despite a system warning that the file might be malicious, a VBScript will be launched to download the Emotet DLL. The subsequently installed malware is capable of stealing emails and contacts, and downloading further payloads to the device."

    Another campaign is impersonating the cryptocurrency wallet provider Trezor.

    "A new phishing campaign has been targeting users of the cryptocurrency hardware wallet firm Trezor," the researchers write. "The campaign starts with an SMS message to the Trezor user, warning that Trezor has suffered a data breach and urging them to visit a hyperlink to secure their devices.

    "Upon clicking the link, the user will be directed to a fake version of the Trezor website, notifying them that their assets might be at risk and displaying a field for the user can enter their recovery seed to 'secure' them. Entering the recovery seed on this phishing page provides cybercriminals with full access to the victim's wallet."

    New-school security awareness training gives your organization an essential last layer of defense by enabling your employees to thwart phishing and other social engineering attacks.

    Blog post with links:
    https://blog.knowbe4.com/social-engineering-and-business-email-compromise-attacks-increased

    New Phishing Benchmarks Unlocked: Is Your Organization Ahead of the Curve in 2023

    Cybercriminals continue to rely on proven attack methods while developing new ways to infiltrate digital environments and break through your human defense layer.

    But how can you reduce your organization's attack surface? We looked at 12.5 million users across 35,681 organizations to find out.

    In this webinar Perry Carpenter, KnowBe4's Chief Evangelist and Strategy Officer, and Joanna Huisman, KnowBe4's Senior Vice President of Strategic Insights and Research, review our 2023 Phishing By Industry Benchmarking Study findings and best practices.

    You will learn more about:

    • New phishing benchmark data for 19 industries
    • Understanding who's at risk and what you can do about it
    • How organizations radically lowered their Phish-prone™ Percentage
    • Actionable tips to create your "human firewall"
    • The value of new-school security awareness training

    Do you know how your organization compares to your peers? Watch this webinar to find out and earn CPE credit for attending!

    Date/Time: Wednesday, July 19, @ 2:00 PM (ET)

    Can't attend live? No worries — register now and you will receive a link to view the presentation on-demand afterward.

    Save My Spot!
    https://info.knowbe4.com/pib-2023?partnerref=CHN2

    Amazon Prime Day Alert: Beware of Fake Logins, Gift Card Scams

    A new threat alert from ConsumerAffairs and TrendMicro proves more than just shoppers will take advantage of Amazon's upcoming Prime Day.

    As Prime Day is here, July 11-12, ConsumerAffairs reports on a variety of scams bad actors are expected to use to take advantage of online shoppers looking for a good deal:

    Trend Micro's research team identified:

    • SMS messages from scammers say that due to your account security issue, you need to log in via the fake URLs on the message. The victims might share their phone numbers or emails with scammers since they were asked to use these kinds of personal information to retrieve their accounts.
    • The top five states being targeted are Texas, Florida, Tennessee, Pennsylvania and Virginia.
    • Scammers pretend to celebrate Amazon Prime Day and then invite users to sign-up and get free shipping benefits in order to steal victims' personal information.
    • The top five states being targeted are Washington, Ohio, Minnesota, Virginia and Missouri.
    • Scammers are utilizing a $100 Amazon gift card as a reward to attract email receivers to click the mail or even to redirect them to other suspicious websites. Trend Micro found 15 logs on July 2.
    • Scammers are impersonating Amazon to give special discounts on some houseware and redirect victims to buy those on fake shopping sites. Trend Micro found 10 logs on July 1."

    ConsumerAffairs quoted TrendMicro VP of Threat Intelligence Jon Clay, "Consumers should be wary of unsolicited communications via text or email where they are offered great deals but then are asked to provide personal information about themselves or give their financial information like credit card info to the solicitor. On Amazon Prime Day, we advise consumers to go to the Amazon site themselves instead of via any solicitation they receive."

    This year's Prime Day scams, spanning far longer than the two-day event itself, gel with past years' tactics. As our own Erich Kron wrote, keeping a keen eye while deleting or ignoring these sorts of scams is the best course of action:

    "If it's an email or text message, simply deleting it is the wisest course. If it's a phone call, simply tell them that you will go to the website and look into whatever the issue is. You can also tell them you will call the customer service number from the website directly, and ask for their extension and name. Any legitimate caller from Amazon's customer service department will understand."

    The TrendMicro alert also called out DHL shipping scams and bad actors impersonating well-known brands as popular recent threats to be on the watch for.

    Blog posts with links:
    https://blog.knowbe4.com/prime-day-heads-up-fake-logins-gift-card-scams

    Ransomware Awareness Month Resource Kit

    July is Ransomware Awareness Month, so we created this free resource kit to help you this month and beyond. Request your kit now to learn how ransomware has evolved, what new attack vectors you need to be prepared for, and our best advice on how to protect your organization.

    Here is what you'll get:

    • Access to our on-demand Ransomware Master Class webinar featuring Roger Grimes, KnowBe4's Data-Driven Defense Evangelist
    • Our most popular whitepaper: Ransomware Hostage Rescue Manual and supplemental Attack Response and Prevention Checklists
    • A 7-minute video that explains The Evolution and Future of Ransomware
    • A new infographic on The Global Cost of Ransomware
    • Posters and digital signage to remind users about what to watch out for

    Get Your Free Ransomware Awareness Month Resources Now!
    https://www.knowbe4.com/ransomware-resource-kit-chn

    New Training Module: AI Chatbots - Understanding Their Use, Risks, and Limitations in the Workplace

    In this new 14-minute module, employees will learn what an AI chatbot is, when and how it is appropriate to use, what the security and privacy risks of using AI chatbots are, and how to identify when an AI chatbot provides biased or inaccurate information.

    This module covers Natural Language Processing (NLP) / Generative AI chatbots, such as ChatGPT, Bard or Bing. We also released an accompanying security document titled "What Are AI Chatbots?" Initially available in English (U.S.) and at the Gold subscription level and above.


    Let's stay safe out there.

    Warm Regards,

    Stu Sjouwerman, SACP
    Founder and CEO
    KnowBe4, Inc.

    PS: Free Unsolicited Smartwatch in the Mail and I'm in the Military? What Could Possibly Go Wrong???:
    https://blog.knowbe4.com/free-smart-watch-mail-military-scam

    PPS: [BUDGET AMMO] "Why We Get Scammed And What To Do About It" - WSJ feature:
    https://www.wsj.com/articles/why-we-get-scammed-and-what-to-do-about-it-442c2b01?st=ouggfzieggigosd&reflink=desktopwebshare_permalink

    Quotes of the Week  
    "I look only to the good qualities of men. Not being faultless myself, I won't presume to probe into the faults of others."
    - Mahatma Gandhi - Leader (1869 - 1948)
    "Quality is not an act, it is a habit."
    - Aristotle - Greek Philosopher (383 BC - 322 BC)
    Thanks for reading CyberheistNews

    You can read CyberheistNews online at our Blog
    https://blog.knowbe4.com/cyberheistnews-vol-13-28-beware-microsoft-teams-exploit-uses-social-engineering-to-spread-malware

    Security News

    The Better Business Bureau Warns of Process-Server Phishbait

    The Better Business Bureau (BBB) has warned of a scam in which attackers pose as process servers in order to steal information and commit identity theft.

    "You receive a call from an unknown or blocked number from a person claiming to be a process server," the Bureau says. "They might say there is a lien on your home or someone is taking you to court over unpaid medical bills. In other cases, the scammer may be secretive, saying they can't reveal details until your papers are served.

    "Next, they'll ask you to 'confirm' sensitive personal information, such as your date of birth and Social Security number. When you're hesitant to give out this information, they stress the urgency of the matter – after all, you're being taken to court! If you ask too many questions about who is making a complaint or what company the process server works for, the scammer will get angry."

    The BBB provides the following advice to help users thwart these scams:

    • "Be wary of scare tactics. Scammers love to threaten people with legal action or hefty fines, scaring them into giving up their personal information. They hope fear will make you act without thinking. Always remember representatives of a reputable business or legal office will be polite and civil, even in a serious situation. They won't pressure you to act immediately 'or else.'
    • "Search your local court website. If you think there's a chance someone has filed a lawsuit against you, check your local court's website. Search your name to see if any lawsuit has been filed. If nothing comes up, you're in the clear.
    • "The scammer may have some personal information. Don't give them more. Scammers may have some of your personal information already from a previous phishing scam, a data breach, or some other source. They may use these stolen details to get even more information from you. For example, they might read your Social Security number and then ask you to 'confirm' your date of birth. Even if someone already has a few details, don't give them any further information unless you are sure you're dealing with someone you trust."

    New-school security awareness training can give your employees a healthy sense of suspicion so they can avoid falling for social engineering attacks.

    Blog post with links:
    https://blog.knowbe4.com/process-server-phishbait

    Threat Actors are Using Image-Based Phishing Emails to Lure Victims

    Attackers are increasingly using images in phishing to evade text-based security filters, according to researchers at INKY.

    "Secure Email Gateways (SEGs) and similar security systems are designed to detect basic textual clues that signal phishing," the researchers write. "One way around that is to design an email without text. In this case, the examples… actually contain no text. That's right, no text. Instead, the text is embedded in an image and attached to the phishing email.

    "This works because most email clients automatically display the image file directly to the recipient rather than delivering a blank email with an image attached. As a result, recipients don't know that they are looking at a screenshot of text instead of HTML code with text and since there are no links or attachments to open, the email feels safe."

    The researchers observed a phishing campaign that used QR codes instead of text-based links. "INKY decoded a malicious QR code to see where it was taking recipients," the researchers write. "As predicted, victims scanning the QR code are unknowingly taken to a phishing site so that their credentials can be stolen.

    "They're quickly made to feel comfortable because malicious links embedded in QR codes contain the recipient's email address as a URL parameter to prefill personal data once the phishing site loads. In short, things feel familiar."

    INKY offers the following recommendations to help users avoid falling for these attacks:

    • "Recipients should use a different means of communication to confirm whenever they are requested to complete a new task.
    • "Carefully inspect the sender's email address. In these cases, emails claim to come from Microsoft and the recipient's employer but the sender's domain has no relation to these entities.
    • "Don't scan QR codes from unknown sources. Websites reached by QR codes might host malicious code that exploits vulnerabilities or steals sensitive data.
    • "Be cautious when entering financial and personal information on a site reached with a QR code."

    New-school security awareness training can help your employees stay ahead of new social engineering tactics.

    PS: We just released a new QR-code phishing test you can run. Blog post with links:
    https://blog.knowbe4.com/image-based-phishing

    What KnowBe4 Customers Say

    "Hey Stu, it's a pleasure to virtually meet you! Appreciate you taking the time to reach out and see how things are going!

    First off, I wanted to say this is my first time working hands-on with KnowBe4. Before joining here, I worked for an MSP that recommended clients subscribe to KnowBe4 and heard many great things about the company. Since getting hands-on with KnowBe4 and experiencing it hands-on, I can confidently say I agree with them and am very happy our organization signed up!

    My team and I haven't fully explored the capabilities of our subscription yet due to multiple simultaneous projects going on at the moment, but we do have a campaign up and running right now. I just reached out to our account rep, who has been very helpful and communicative with me since we joined.

    He seems to be doing a great job of checking in on us and has offered additional assistance in helping us get the most out of our KnowBe4 subscription, which I am definitely looking forward to!

    I also wanted to let you know that I love the Cyberheist newsletters that you send out. There are some very fantastic and interesting news/analytics data that you send out that we appreciate seeing! I wish I knew as much about these trends as you and your team do, but that's why you guys are the experts... Thank you again for reaching out!"

    - R.M., IT Manager

    The 10 Interesting News Items This Week
    1. Breaking GPT-4 Bad: Check Point Research Exposes How Security Boundaries Can Be Breached as Machines Wrestle with Inner Conflicts:
      https://blog.checkpoint.com/artificial-intelligence/breaking-gpt-4-bad-check-point-research-exposes-how-security-boundaries-can-be-breached-as-machines-wrestle-with-inner-conflicts/

    2. Employees worry less about cybersecurity best practices in the summer:
      https://www.helpnetsecurity.com/2023/06/30/summer-byod-policies/

    3. Chinese hackers target European embassies with HTML smuggling technique:
      https://therecord.media/html-smuggling-china-espionage-europe

    4. Celebrities Use AI to Take Control of Their Own Images:
      https://www.wsj.com/amp/articles/ai-deepfakes-celebrity-marketing-brands-81381aa6

    5. Microsoft Teams Exploit Tool Auto-Delivers Malware:
      https://www.darkreading.com/perimeter/microsoft-teams-exploit-toll-autodeliver-malware

    6. 'Shadow' AI use becoming a driver of insider cyber risk:
      https://www.computerweekly.com/news/366542890/Shadow-AI-use-becoming-a-driver-of-insider-cyber-risk

    7. EV Charger Hacking Poses a 'Catastrophic' Risk:
      https://www.wired.com/story/electric-vehicle-charging-station-hacks/

    8. Dutch counterterrorism agency says Generative AI is posing new cyber threats:
      https://nltimes.nl/2023/07/03/dutch-counterterrorism-agency-says-generative-ai-posing-new-cyber-threats

    9. Nagoya Port Faces Disruption After Ransomware Attack:
      https://www.infosecurity-magazine.com/news/nagoya-port-disruption-ransomware/

    10. Hackers claim to take down Russian satellite communications provider:
      https://therecord.media/hackers-take-down-russian-satellite-provider

    Cyberheist 'Fave' Links
    This Week's Links We Like, Tips, Hints and Fun Stuff

     

    Return To KnowBe4 Security Blog

    Topics: Cybercrime, KnowBe4

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews