CyberheistNews Vol 13 #44 [Don't Get Trapped] The Dark History of Phishing and More Social Engineering



Cyberheist News

CyberheistNews Vol 13 #44  |   October 31st, 2023

[Don't Get Trapped] The Dark History of Phishing and More Social EngineeringStu Sjouwerman SACP

Social engineering attacks have a very long history, though the Internet has made it easier to launch these attacks en masse, according to Sean McNee at DomainTools. McNee points to an advance-fee scam from 1924, in which a crook sent a letter pretending to be trapped in a Spanish debtors' prison.

The sender requested that the recipient send a check for $36,000 to pay off his debt. After the sender is freed, he promises to pay the recipient back, with an extra $12,000 for the trouble. Criminals still use this scam today, often posing as Nigerian princes.

Here are some best practice DomainTools offers to help users avoid falling for social engineering attacks:

  • "Look out for unsolicited emails, messages, or phone calls, especially if they request sensitive information or immediate action. Phishing messages can create a sense of urgency or fear to pressure recipients into quick responses."
  • "If an offer seems too good to be true, it most likely is. Scammers use enticing offers to lure victims."
  • "Ask someone else for their opinions on a specific email or interaction. Sometimes a second review on a suspicious interaction can help you see the scam for what it is."
  • "Use multifactor authentication (MFA) for your accounts online, especially accounts with sensitive personal information such as your finances or email. Never give your MFA code to anyone who asks for it, only to the service webpage you are actively logging into."
  • "If you're part of a critical business process, such as approving wire transfers, establish a secondary out-of-band process to validate these transactions. If you are in the same physical office, for example, agree to talk to the other approver face-to-face. If you're remote, create a second communications channel, like text messaging, phone calls, or Slack, for approvals."

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Blog post with links:
https://blog.knowbe4.com/brief-history-phishing-social-engineering

And then there is the article at CNBC about how a 77-year-old widow lost $661,000 in a common tech scam: 'I realized I had been defrauded of everything'. Share this:
https://www.cnbc.com/2023/10/08/how-one-retired-woman-lost-her-life-savings-in-a-common-elder-fraud-scheme.html

[Live Demo] Ridiculously Easy Security Awareness Training and Phishing

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Join us TOMORROW, Wednesday, November 1, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.

Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.

  • NEW! Callback Phishing allows you to see how likely users are to call an unknown phone number provided in an email and share sensitive information
  • NEW! Content Manager lets you easily customize your training content preferences including branding, adjustable passing score, test out and more
  • NEW! 2023 Phish-prone™ Percentage Benchmark By Industry lets you compare your percentage with your peers
  • Executive Reports helps you create, tailor and deliver advanced executive-level reports
  • See the fully automated user provisioning and onboarding

Find out how 65,000+ organizations have mobilized their end users as their human firewall.

Date/Time: TOMORROW, Wednesday, November 1, @ 2:00 PM (ET)

Save My Spot!
https://info.knowbe4.com/kmsat-demo-2?partnerref=CHN2

FBI Warns Against 10 Red Flags About Hiring of North Korean "IT Workers." [Share With HR]

The U.S. Federal Bureau of Investigation and South Korea's Ministry of Foreign Affairs have issued an advisory offering guidance to "the international community, the private sector, and the public to better understand and guard against the inadvertent recruitment, hiring, and facilitation" of North Korean "IT workers".

The advisory explains that "the hiring or supporting of DPRK IT workers continues to pose many risks, ranging from theft of intellectual property, data, and funds, to reputational harm and legal consequences, including sanctions under U.S., ROK, and United Nations (UN) authorities."

North Korean government operatives frequently use social engineering to conduct cyber espionage and financial theft.

The advisory outlines 10 important red flags associated with potential North Korean IT workers:

  1. "Unwillingness or inability to appear on camera, conduct video interviews or video meetings; inconsistencies when they do appear on camera, such as time, location, or appearance."
  2. "Undue concern about requirements of a drug test or in person meetings and having the inability to do so."
  3. "Indications of cheating on coding tests or when answering employment questionnaires and interview questions. These can include excessive pausing, stalling, and eye scanning movements indicating reading, and giving incorrect yet plausible-sounding answers."
  4. "Social media and other online profiles that do not match the hired individual's provided resume, multiple online profiles for the same identity with different pictures, or online profiles with no picture."
  5. "Home address for provision of laptops or other company materials is a freight forwarding address or rapidly changes upon hiring."
  6. "Education on resume is listed as universities in China, Japan, Singapore, Malaysia, or other Asian countries with employment almost exclusively in the United States, the Republic of Korea, and Canada."
  7. "Repeated requests for prepayment; anger or aggression when the request is denied."
  8. "Threats to release proprietary source codes if additional payments are not made."
  9. "Account issues at various providers, change of accounts, and requests to use other freelancer companies or different payment methods."
  10. "Language preferences are in Korean but the individual claims to be from a non-Korean speaking country or region."

Here is the blog post with links. Share this with your HR Team.
https://blog.knowbe4.com/fbi-warns-of-north-korean-social-engineering

The Role of AI in Email Security and How Real-Time Threat Intelligence Can Supercharge Your SOC Team

In response to improved email security measures, cybercriminals have pivoted to more advanced attack methods, namely artificial intelligence (AI), that bypass existing protections. But security defenders are also using AI in remarkable new ways to fortify their networks.

Join Erich Kron, Security Awareness Advocate for KnowBe4, and Michael Sampson, Principal Analyst at Osterman Research, as they dig into the findings of our latest joint report on "The Role of AI in Email Security". They'll share tips on how your SOC team can identify and use AI to supercharge your anti-phishing defense.

In this webinar, you'll learn:

  • How cybercriminals employ AI to circumnavigate traditional email security tools
  • The remarkable ways AI enhances detection accuracy
  • Top AI-driven security features IT buyers seek in email security products
  • Strategies to implement real-time threat intelligence data to stay ahead of ever-evolving threat actors
  • The incredible tools, such as crowdsourced threat intelligence and AI-powered blocklisting, that can stop phishing emails before they ever hit your users' inboxes

Stay ahead of cybercriminals. Learn how to use AI to stay one step ahead of them!

Date/Time: Wednesday, November 8 @ 2:00 PM (ET)

Can't attend live? No worries — register now and you will receive a link to view the presentation on-demand afterwards.

Save My Spot:
https://info.knowbe4.com/osterman-ai-email-security?partnerref=CHN

Latest Example of "Site Hopping" To Bypass Security Scanners

A new technique is becoming increasingly common as a way to bypass security scanners. The challenge is that the specific execution is constantly evolving, making it difficult to detect, but not impossible to spot.

In an earlier time when trains served as the primary mode of long-distance transportation, individuals without tickets would often run alongside moving trains and hop onto the last train car to hitch a ride until it suited their needs. They would then transition to the next train and repeat the process until they reached their desired destination.

This practice — called "train hopping" — constituted the misuse of a legitimate service, serving the interests of the 'traveler' as long as it met their needs.

I've noticed a similarity concerning cyber attacks, where legitimate web services are momentarily misused within a cyber attacker attack. As a result, I've decided to introduce a new cybersecurity term — "site hopping."

This term describes when an attacker exploits several website's legitimate functions to obscure the final web destination to which victims of a phishing scam are directed.

We've recently observed in-the-wild examples of this, including the misuse of the Salesforce website. The objectives of site hopping seem to be twofold: either to take advantage of the 'hopped' site's legitimacy or to exploit the site's technology in a way that hinders security solutions from effectively performing their tasks.

While I don't know if it will take off beyond this blog, you heard it here first!

[CONTINUED] At the KnowBe4 Blog:
https://blog.knowbe4.com/functionality-misuse-legitimate-company-websites-example-of-site-hopping

Does Your Domain Have an Evil Twin?

Since look-alike domains are a dangerous vector for phishing and other social engineering attacks, it's a top priority that you monitor for potentially harmful domains that can spoof your domain.

Our Domain Doppelgänger tool makes it easy for you to identify your potential "evil domain twins" and combines the search, discovery, reporting, and risk indicators, so you can take action now. Better yet, with these results, you can now generate a real-world online assessment test to see what your users are able to recognize as "safe" domains for your organization.

With Domain Doppelgänger, you can:

  • Search for existing and potential look-alike domains
  • Get a summary report that identifies the highest to lowest risk attack potentials
  • Generate a real-world "domain safety" quiz based on the results for your end users

Domain Doppelgänger helps you find the threat before it is used against you.

Find out now!
https://info.knowbe4.com/domain-doppelganger-chn

[Exciting News] Registration for KB4-CON USA Is Now Open!

Join us March 4-6, 2024 at the beautiful Gaylord Palms Resort and Convention Center in sunny Orlando, Florida.

KB4-CON is KnowBe4's premier annual conference, bringing together KnowBe4 customers, channel partners, security advocates, keynote speakers, and industry professionals for three days of learning, sharing, and growing your cybersecurity knowledge.

What can you expect at KB4-CON 2024?

Get ready for an amplified experience with more breakout sessions, providing you an opportunity to delve deeper into the world of cybersecurity. Plus, we've extended KB4 Lab hours, fostering connections with KnowBe4 product experts, the channel team and alliance vendors. It's more than just sessions and keynotes; we're crafting an exciting journey into the cutting-edge world where cybersecurity and AI converge.

Plus, giving you the playbook to seize the security culture market opportunity faster. The best part? Take advantage of the early bird pricing, available through December 15, 2023. Be part of the journey for just $129!

What are you waiting for? Register today!
https://knowbe4.cventevents.com/owbn8D?RefId=emregoptr

Bed Bugs in Paris: An Odd Case of Russian Disinformation.

The recent overreaction in France and elsewhere to reports of a bedbug infestation may in significant part be due to the planting and amplification of bogus news stories by Russian trolls. The Telegraph reports that French intelligence services have traced the craze to Russian doppelganger trolling.

Fake articles that misrepresented themselves as having been prepared by trusted media were circulated in social media. Case zero of this cognitive infestation seems to have been a bogus article said to have appeared in the regional newspaper La Montagne, which claimed (falsely) that the bugs were surging because effective insecticides had been blocked from France by the country's embargo on Russian chemical imports.

Other phony articles of similar bent were misattributed to the left-wing paper Libération and the right-wing paper Le Figaro. They're all forgeries, the bed bugs were never a big deal, and in any case they were around long before France imposed any wartime embargoes on Russia. The campaign seems to have been opportunistic: the trolls saw some stories about bed bugs and decided to pick up the theme and run for daylight.


Let's stay safe out there. #FightThePhish!

Warm Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

P.S.: Your KnowBe4 Fresh Content Updates from October 2023:
https://blog.knowbe4.com/knowbe4-content-updates-october-2023

P.P.S.: Spiceworks Article: Cybersecurity's Soft Underbelly — The Threat From Social Engineering:
https://www.spiceworks.com/it-security/cyber-risk-management/articles/social-engineering-still-rampant/

Quotes of the Week  
"The beginning of wisdom is the definition of terms."
- Socrates — Philosopher (469 - 399 BC)

"The limits of my language mean the limits of my world."
- Ludwig Wittgenstein — Philosopher (1889 - 1951)

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-13-44-dont-get-trapped-the-dark-history-of-phishing-and-more-social-engineering

Security News

A Look at AI-Generated Phishing Emails

Red teamers at IBM X-Force warn that AI-generated phishing emails are nearly as convincing as human-crafted ones, and can be created in a fraction of the time. The researchers tricked ChatGPT into quickly crafting a phishing lure, then tested the lure against real employees.

Stephanie Carruthers, Chief People Hacker for IBM X-Force Red, wrote in a blog post, "With only five simple prompts we were able to trick a generative AI model to develop highly convincing phishing emails in just five minutes — the same time it takes me to brew a cup of coffee. It generally takes my team about 16 hours to build a phishing email, and that's without factoring in the infrastructure set-up.

"So, attackers can potentially save nearly two days of work by using generative AI models. And the AI-generated phish was so convincing that it nearly beat the one crafted by experienced social engineers, but the fact that it's even that on par, is an important development."

The researchers found that the human-crafted phish was only three percent more successful than the AI-generated one. "Humans may have narrowly won this match, but AI is constantly improving," Carruthers says.

"As technology advances, we can only expect AI to become more sophisticated and potentially even outperform humans one day. As we know, attackers are constantly adapting and innovating. Just this year we've seen scammers increasingly use voice clones generated by AI to trick people into sending money, gift cards or divulge sensitive information."

The researchers add that organizations should teach employees that AI-generated phishing emails may have flawless grammar and spelling. "Dispel the myth that phishing emails are riddled with bad grammar and spelling errors," Carruthers writes. "AI-driven phishing attempts are increasingly sophisticated, often demonstrating grammatical correctness."

"That's why it's imperative to re-educate our employees and emphasize that grammatical errors are no longer the primary red flag. Instead, we should train them to be vigilant about the length and complexity of email content. Longer emails, often a hallmark of AI-generated text, can be a warning sign."

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

IBM SecurityIntelligence has the story:
https://securityintelligence.com/x-force/ai-vs-human-deceit-unravelling-new-age-phishing-tactics/

Fake LinkedIn Job Postings Used To Deliver Malware

Several cybercriminal groups based in Vietnam are using fake job postings to trick users into installing malware, according to researchers at WithSecure. The researchers are tracking several related malware campaigns, including "DarkGate" and "Ducktail."

"Vietnamese cybercrime groups are using multiple different Malware as a Service (MaaS) infostealers and Remote Access Trojans (RATs) to target the digital marketing sector," the researchers write. "These actors greatly value Facebook business accounts and hijacking these accounts appears to be one of their primary goals."

"The targeting and methods of these groups heavily overlap to an extent that suggests that they are a closely related cluster of operators/groups. It is possible to identify campaigns carried out by these groups through non-technical indicators, such as their lure topics, lure files, and associated metadata."

The crooks use LinkedIn messages to distribute links to the malicious documents, which impersonate job descriptions.

"Analysis of browser history on a victim device identified that the initial vector was a LinkedIn message which directed the victim to a compromised website, which then redirected the victim to a file hosted on Google Drive," the researchers write.

"The initial infection vector being via a LinkedIn message is a typical method seen by WithSecure Intelligence in Ducktail campaigns, and Ducktail appears to be used by a cluster of different yet related Vietnamese threat actors."

The criminals are focused on information theft and compromising Facebook Business accounts. "The Ducktail related DarkGate campaigns have a very similar initial infection route, but the function of the payloads differs greatly," WithSecure says. "Ducktail is a dedicated infostealer, it is in no way stealthy, and upon execution it will rapidly steal credentials and session cookies from the local device and send them back to the attacker."

WithSecure has the story:
https://labs.withsecure.com/publications/darkgate-malware-campaign

What KnowBe4 Customers Say

"Hi Stu, I own an MSP in NE Ohio. I wanted to tell you two things:

1) I have been a reseller with KnowBe4 since 2016. My MSP's growth has essentially mimicked your amazing growth of KnowBe4 in the last seven years. Every time I login to our portal I am flabbergasted by the insane amount of useful additions that I can sell to my customers thus increasing my revenue. Thank you for that.

2) I wanted to talk about John B. He is amazing. He has over three decades experience in the technology industry across many different roles. When I talk to him for our regular QBRs he is not "salesy" or trying to upsell me. It is just an open-ended dialog about what is going on in my business. So refreshing! He is an incredible asset to your company."

- B.M., Owner/CEO


"Hello, I wanted to pass along my thanks and feedback about my experience with Dillon D.

From the moment I reached out about security awareness training, I knew I was in good hands when I first spoke with Dillon. He was calm and curious, not at all pushy or overzealous. He genuinely seemed to want to understand our company's needs and see if KnowBe4 would be a good fit.

He helped me to understand the full capability of the platform and discover features I did not know existed that would greatly benefit our company.

Our organization tends to take a very long time to review and approve new software, which can understandably be frustrating for anyone in sales. At every point along the way, Dillon was happy to check in, resurface quotes, provide additional demos, get me up to speed on new offerings—for anything I needed, he was a phone call away. Never once did I sense frustration or negativity—he was always genuinely happy to help.

Once our CEO finally approved the contract a full year and a half after I first spoke with Dillon, he made the process extremely easy and seamless. As excited as I am to begin using the KnowBe4 console, it is bittersweet because I will no longer be working alongside Dillon, which is a testament to how wonderful it was to interact with him.

I hope this feedback provides insight into what a fantastic team member you have and that he can receive any accolades you may be able to extend. He truly deserves it. If you have any additional questions about our experience, I am happy to provide more context."

- F.A., Operations Specialist

The 10 Interesting News Items This Week
  1. Meet Octo Tempest, 'Most Dangerous Financial' English-speaking Hackers:
    https://www.databreachtoday.com/meet-octo-tempest-most-dangerous-financial-hackers-a-23397

  2. A stern glance at China from all Five Eyes:
    https://thecyberwire.com/stories/b9135676d48340ed84cde1416281e0ff/a-stern-glance-from-all-five-eyes

  3. D.C. Board of Elections: Hackers may have breached entire voter roll:
    https://www.bleepingcomputer.com/news/security/dc-board-of-elections-hackers-may-have-breached-entire-voter-roll/

  4. Spain arrests 34 cybercriminals who stole data of 4 million people:
    https://www.bleepingcomputer.com/news/security/spain-arrests-34-cybercriminals-who-stole-data-of-4-million-people/

  5. 'Log in With...' Feature Allows Full Online Account Takeover for Millions:
    https://www.darkreading.com/remote-workforce/oauth-log-in-full-account-takeover-millions

  6. U.S. energy firm shares how Akira ransomware hacked its systems:
    https://www.bleepingcomputer.com/news/security/us-energy-firm-shares-how-akira-ransomware-hacked-its-systems/

  7. Why GPT-4 is vulnerable to multimodal prompt injection image attacks:
    https://venturebeat.com/security/why-gpt-4-is-vulnerable-to-multimodal-prompt-injection-image-attacks/

  8. Ukraine cyber officials warn of a 'surge' in Smokeloader attacks on financial, government entities:
    https://therecord.media/surge-in-smokeloader-malware-attacks-targeting-ukrainian-financial-gov-orgs

  9. Hackers backdoor Russian state, industrial orgs for data theft:
    https://www.bleepingcomputer.com/news/security/hackers-backdoor-russian-state-industrial-orgs-for-data-theft/

  10. France says Russian state hackers breached numerous critical networks:
    https://www.bleepingcomputer.com/news/security/france-says-russian-state-hackers-breached-numerous-critical-networks/

Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

Topics: Cybercrime, KnowBe4



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews