CyberheistNews Vol 13 #34 [Must Know] Cybercriminals May Already Have Hacked Your LinkedIn Account. How to Secure.

Cyberheist News

CyberheistNews Vol 13 #34  |   August 22nd, 2023

[Must Know] Cybercriminals May Already Have Hacked Your LinkedIn Account. How to Secure.Stu Sjouwerman SACP

New reports show many LinkedIn users have reported complaints about accounts being taken over by bad actors. In a statement from Cyberint researcher Coral Tayar, "Some have even been pressured into paying a ransom to regain control or faced with the permanent deletion of their accounts."

5,000% increase in the last few months of search terms for LinkedIn hack or recover record

The reported complaints are on other social media forum platforms such as Reddit, Microsoft, and X with users expressing frustration due to the lack of response from the LinkedIn support team. Per Cyberint they have also seen an increase of 5,000% in the last few months of search terms for "LinkedIn hack" or "recover record."

The access points cybercriminals are taking to infiltrate are through leaked credentials and/or brute-force to attempt to access a large number of LinkedIn accounts.

A high percentage of your C-level positions are using LinkedIn

If a user used strong passwords and/or two-factor authentication, it would only result in a temporary account lock. If your account was poorly protected, then cybercriminals can be able to quickly swap your listed email so then you can no longer have access. When a high percentage of your C-level positions are using LinkedIn—and almost everyone is—this hack could pose a huge risk for your org's reputation if the attack is successful.

It is highly recommended to enable 2FA, and tell your employees it's time to update their LinkedIn password to something unique and long, ideally a pass-phrase of 25 characters or more. New-school security awareness training teaches your users how to spot the red flags and provides frequent education that they can use to secure their social platforms.

Blog post with links:

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Join us Thursday, September 7, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.

Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.

  • NEW! Callback Phishing allows you to see how likely users are to call an unknown phone number provided in an email and share sensitive information
  • NEW! Content Manager lets you easily customize your training content preferences including branding, adjustable passing score, test out and more
  • NEW! 2023 Phish-prone™ Percentage Benchmark By Industry lets you compare your percentage with your peers
  • Executive Reports helps you create, tailor and deliver advanced executive-level reports
  • See the fully automated user provisioning and onboarding

Find out how 60,000+ organizations have mobilized their end-users as their human firewall.

Date/Time: Thursday, September 7, @ 2:00 PM (ET)

Save My Spot!

AI's Role in the Next Financial Crisis: A Warning from SEC Chair Gary Gensler

TL;DR - The future of finance is intertwined with AI, and according to SEC Chair Gary Gensler, it's not all positive. In fact, Gensler warns in a 2020 paper—when he was still at MIT—that AI could be at the heart of the next financial crisis, and regulators might be powerless to prevent it.

AI's Black Box Dilemma: AI-powered "black box" trading algorithms are a significant concern. Imagine several traders using similar algorithms, all deciding to sell at the same time. It's like a stampede at a market, causing a crash. This risk is amplified by the "apprentice effect," where people trained together tend to think alike.

Regulatory Challenges: Regulating AI is like trying to catch smoke with your bare hands. If regulators try to control AI, they might inadvertently create a situation where all AI models act the same, increasing the risk of a synchronized failure. Gensler's words ring clear: "If deep learning predictions were explainable, they wouldn't be used in the first place."

Discrimination and Unpredictability: AIs are like mysterious judges, assessing creditworthiness and other financial decisions. But their opacity makes it hard to tell if they're acting in a discriminatory manner. An AI that was fair yesterday might become biased today, and there's no way to predict or prevent that.

Systemic Risks and Regulatory Gaps: Deep learning in finance is like a growing storm, likely to increase systemic risks. Regulators might try to slow it down by increasing capital requirements or implementing "sniff tests" from more explainable models, but Gensler admits these measures are "insufficient to the task."

The Data Conundrum: AI's hunger for data is like an unquenchable thirst. Models built on the same datasets may act in lockstep, leading to crowding and herding. This convergence can create monopolies and "single points of failure" that threaten the entire network. Think of Lehman Brothers' failure, but on a data-driven scale.

Incomplete and Dangerous Data: Even the largest datasets are like incomplete puzzles, lacking enough historical information to cover a full financial cycle. This gap can lead to devastating consequences, as seen during the financial crisis.

Global Risks: Developing economies might end up using AIs trained on foreign data, like trying to navigate a local market with a map of a different city. The risks here are even larger.

The Bottom Line: AI's unknowns are its most dangerous aspect. The intertwining of AI and finance is a complex dance, and as Gensler warns, one misstep could lead to a crisis.

Blog post with links:

Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods

Inadequate authentication measures leave your digital identity vulnerable to cybercriminals. Tools like multi-factor authentication, biometrics, passwords, PINs, and tokens are all more vulnerable to attacks and social engineering than you realize. And one wrong move leaves you and your organization powerless in the face of cyber threats.

In this webinar, Roger Grimes, Data-Driven Defense Evangelist for KnowBe4, takes you through the ins and outs of authentication hacking.

He'll share:

  • A deep dive into the authentication process and why strong authentication is vital to your organization's security
  • Detailed explanations of authentication vulnerabilities for biometrics, MFA, passwords, and more
  • Real-world examples of man-in-the-middle attacks, MFA bypasses, rogue recoveries and others
  • How to empower your end users to become your best, last line of defense

Your digital identity is the gateway to your organization's most valuable assets. Watch this webinar now to learn now to keep your fortress secure, and earn CPE for attending!

Date/Time: Wednesday, September 13, @ 2:00 PM (ET)

Can't attend live? No worries — register now and you will receive a link to view the presentation on-demand afterwards.

Save My Spot!

Ransomware Distributed by Fake Tripadvisor Reviews

The Knight ransomware-as-a-service offering (formerly known as "Cyclops") is using phony TripAdvisor complaints to deliver its malware, BleepingComputer reports.

"A newer version of this campaign spotted and analyzed by BleepingComputer now includes an HTML attachment named 'TripAdvisor-Complaint-[random].PDF[dot]htm,'" BleepingComputer says. "When the HTML file is opened, it will use Mr.D0x's Browser-in-the-Browser phishing technique to open what appears to be a browser window to TripAdvisor.

"This fake browser window pretends to be a complaint submitted to a restaurant, asking the user to review it. However, clicking the 'Read Complaint' button will download a malicious XLL file: TripAdvisor_Complaint-Possible-Suspension"

The Excel file attempts to trick the user into enabling an add-in, which will trigger the ransomware.

"When you open the XLL, Microsoft Excel will detect the Mark of the Web (MoTW), added to files downloaded from the Internet, including email," BleepingComputer says. "If it detects the MoTW, it will not enable the .NET add-in built into the Excel document, nullifying the attack unless a user unblocks the file.

"However, if there is no MoTW flag on the file, Excel will prompt the user as to whether they want to enable the add-in....Enabling the add-in will cause the Knight Lite ransomware encryptor to be injected into a new explorer[DOT] exe process and begin to encrypt the files on your computer."

BleepingComputer notes that in the ransomware's current iteration, the threat actors won't be able to tell which victims have paid the ransom, so it's doubtful that they have any intention of sending decryption keys.

"The ransomware will create a ransom note named 'How To Restore Your Files.txt' in each folder on the computer," BleepingComputer says. "The ransom note in this campaign demands $5,000 be sent to a listed Bitcoin address and also contains a link to the Knight Tor site.

"However, every ransom note in this campaign seen by BleepingComputer utilizes the same Bitcoin address which would make it impossible for the threat actor to determine which victim paid a ransom."

New-school security awareness training helps prevent ransomware from getting onto your systems in the first place by teaching your employees to recognize phishing attacks.

Blog post with links:

Re-Check Your Email Attack Surface Now. (We Are Always Adding New Breaches)

Your users are your largest attack surface. Data breaches are getting larger and more frequent. Cybercriminals are getting smarter every year. Add it all up and your organization's risk skyrockets with the amount of your users' credentials that are exposed.

It's time to re-check your email attack surface.

Find out your current email attack surface now with KnowBe4's Email Exposure Check Pro. EEC Pro identifies your at-risk users by crawling business social media information and now also thousands of breach databases.

EEC Pro leverages one of the largest and most up-to-date breach data sources to help you find even more of your users' compromised accounts that have been exposed in the most recent data breaches - fast.

Do this complimentary test now!

Get your EEC Pro Report in less than five minutes. It's often an eye-opening discovery. You are probably not going to like the results...

Get Your Report:

Bloomberg Reports: Stealth QR Code Phishing Attack on Major U.S. Energy Company

During my two years as the CEO of a public company, Bloomberg became one of my go-to sources for financial news. I am still subscribed and today found an interesting story from Drake Bennett in New York.

He reported on a story in Bleeping Computer—which we link to often—that revealed a QR code phishing attack discovered by Cofense, one of the players in our space.

He wrote this opinion piece that clearly describes a new phishing problem that we have been warning about for a while. I suggest you send this link to your C-Level execs. Excellent budget ammo because it explains the urgent need for frequent awareness training reinforcement and creating a strong security culture.

[CONTINUED] Blog post with links:

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: Gartner Places Generative AI on the Peak of Inflated Expectations on the 2023 Hype Cycle for Emerging Technologies:

Quotes of the Week  
"Yesterday's the past, tomorrow's the future, but today is a gift. That's why it's called the present."
- Bil Keane - Cartoonist (1922 - 2011)

"Yesterday is gone. Tomorrow has not yet come. We have only today. Let us begin."
- Mother Teresa (1910 - 1997)

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog

Security News

Beware of Clickbait PDF Phishing Attacks Lurking in Search Results

By Martin Kraemer

We previously reported independently on PDF-based phishing attacks skyrocketing and the rise of SEO attacks. A recent research study found that the combination of both is quite common. Most worryingly, PDF-based SEO attacks are poorly detected by common defense mechanisms such as blocklists, ad blockers or even crowdsourced antivirus services such as VirusTotal.

PDF-based attacks can be anything from a website embedded in a PDF file to an email. Attackers exploit any visual reminiscent of familiar interfaces to trick victims into believing they are visiting the real thing and not a PDF.

SEO attacks optimize combinations of keywords to "poison" SEO algorithms into ranking the malicious website, PDF file or any other link. Attackers may search the web for common but unsolved technical issues and mask their malware as the new solution. Other approaches leverage "data voids", i.e., rare combinations of popular search terms. Any website using these terms will automatically rank high. Either way, the search results wait for victims to find them.

The combination of clickbait PDF and SEO attack is then not exactly surprising. It is yet another attack vector for social engineering attacks. A recent research study identifies Clickbait PDFs not only as attachments to phishing emails, but also lurking on popular search engines. The attacks come in two main flavors: credential phishing and malware downloads, both potentially wreaking havoc on individuals and organizations alike.

The researchers find that most clickbait PDFs in their dataset reside outside emails, and instead form large clusters. Notably, three prominent clusters have been detected: reCAPTCHA, ROBLOX Text, and ROBLOX Picture. These clusters require interconnected PDF files, forming intricate networks for distribution through SEO tactics.

While blocklists do provide a level of protection (up to 15%), they fall short of offering comprehensive security against this new breed of threats.

Traditional ad blockers prove effective against malicious advertisements and data harvesting, but prove inadequate against other forms of attack. A significant portion of these clickbait clusters have also managed to evade detection by established antivirus solutions (e.g., VirusTotal). The researchers also suggest that these documents escape the security mechanisms of well-known hosting providers – Cloudflare, AWS and Google Cloud Platform.

Hence, we must empower people to spot social engineering attempts and act appropriately. It does not matter whether the attack is a phishing email or a clickbait PDF delivered through search engine results. The new attack pattern once more highlights the need for new-school security awareness training to enable humans as the last line of defense.

Blog post with links:

Gootloader Uses Social Engineering to Target Law Firms (Or Their Clients)

Law firms are being targeted by a large number of social engineering attacks involving the Gootloader malware delivery tool, according to researchers at Trustwave.

"Recently, we've seen a noticeable surge in malware cases linked to a malicious payload delivery system known as Gootloader," the researchers write. "The group behind this malware is believed to operate a malware-as-a-service operation, exclusively providing a malware delivery service for other threat actors.

"This malware has gained notoriety due to its exploitation of compromised WordPress sites for malware distribution and its utilization of SEO (Search Engine Optimization) poisoning techniques to achieve high rankings in web search results."

Trustwave found that 46% of these attacks are against law firms, due to the attackers' tendency to use legal documents as bait.

"We collected a bunch of search queries that lead to the compromised websites and identified the keywords utilized by this malware group, revealing a predominant SEO keyword focus on legal documents such as 'agreements,' 'contracts,' and 'forms,'" the researchers write.

"This watering hole strategy theme appears to be successful - most cases we receive related to this malware are from our clients in law offices and legal firms. These are some of the SEO search terms utilized in this campaign. While the majority of the keywords are in English, the campaign also targets the French, Spanish, Portuguese, German, and South Korean languages."

Gootloader is installed after a user is tricked into visiting one of the malicious sites and downloading a document.

"When visiting a poisoned link from the search engine result, the user will be directed to a page that mimics a forum," Trustwave says. "This fake forum page employs social engineering tactics to entice the user to click on a direct download link for the desired document file.

"As the compromised WordPress website is under the control of malicious actors, a cloaking mechanism is employed to prevent loading for non-target users like security researchers, and other prying eyes."

Blog post with links:

What KnowBe4 Customers Say

"Hi Stu, I wanted to reach out real quick to let you know how pleased we are with KnowBe4 recently. Brian and I have had several calls with Caveeta P. and she has been incredible. The platform is a bit of a learning curve, but Caveeta has made this SO smooth. After our last call my boss Brian said "I wish all our platforms were like KnowBe4."

Just thought I'd give you guys a quick shout out! Appreciate everything you guys do."

- T.J., IT Support Analyst

The 10 Interesting News Items This Week
  1. DefCon: Hackers red-teaming A.I. are 'breaking stuff left and right:'

  2. CISA expects upcoming industry rules to show 'scope and scale' of ransomware problem:

  3. SEC cyber rules ignite tension between reputation and security risk:

  4. BEC and VEC Attacks on the Rise in 2023:

  5. CISA publishes plan for remote monitoring tools after nation-state, ransomware exploitation:

  6. AI use rising in influence campaigns online, but impact limited – U.S. cyber firm:

  7. Hackers figured out 3 separate ways to break into U.S. Air Force satellites, and won up to $50K for doing it:

  8. Chinese spies who read State Dept. email also hacked GOP congressman:

  9. Cyber Defenders Lead the AI Arms Race for Now:

  10. China to disclose secret U.S. 'global reconnaissance system,' claims official:

Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

Topics: Cybercrime, KnowBe4

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews