CyberheistNews Vol 13 #46 [Heads Up] Cybersecurity Expert: AI Lends Phishing Plausibility for Bad Actors

Cyberheist News

CyberheistNews Vol 13 #46  |   November 14th, 2023

[Heads Up] Cybersecurity Expert: AI Lends Phishing Plausibility for Bad ActorsStu Sjouwerman SACP

Cybersecurity experts expect to see threat actors increasingly make use of AI tools to craft convincing, highly targeted and sophisticated social engineering attacks, according to Eric Geller at the Messenger.

"One of AI's biggest advantages is that it can write complete and coherent English sentences," Geller writes. "Most hackers aren't native English speakers, so their messages often contain awkward phrasing, grammatical errors and strange punctuation. These mistakes are the most obvious giveaways that a message is a scam.

"With generative AI platforms like ChatGPT, hackers can easily produce messages in perfect English, devoid of the basic mistakes that Americans are increasingly trained to spot."

In addition to assisting in social engineering attacks, AI can be abused to write malware or help plan cyberattacks.

"Programs like ChatGPT can already generate speeches designed to sound like they were written by William Shakespeare, Donald Trump and other famous figures whose verbal and written idiosyncrasies are widely documented. With enough sample material, like press statements or social media posts, an AI program can learn to mimic a corporate executive or politician — or their child or spouse.

"AI could even help hackers plan their attacks by analyzing organizational charts and recommending the best targets — the employees who serve as crucial gatekeepers of information but might not be senior enough to constantly be on guard for scams."

It's still too early to foresee all the ways in which AI can be used for malicious purposes, but organizations should anticipate evolving social engineering tactics in the coming years.

"It's hard to predict the exact consequences of the AI revolution for phishing campaigns," Geller concludes. "Cybercriminals are unlikely to use AI's advanced analytical features for run-of-the-mill scams. But sophisticated criminal gangs might lean on some of those tools for major ransomware attacks, and government backed hacking teams will almost certainly adopt these capabilities for important intelligence-gathering missions against well-defended targets....

"And the easier it becomes to use AI for cyberattacks, the more likely it is that innovative attackers will come up with previously unimagined uses for the technology."

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Blog post with links:

[NEW FEATURE] PhishER Plus and CrowdStrike Falcon Sandbox Integration

Do you need a faster way to further analyze user-reported malicious emails without risking your organization's environment? Your incident response and security operations teams are swamped, and you can't afford to slow down to switch applications or manually triage every file and URL.

The new KnowBe4 PhishER Plus and CrowdStrike Falcon Sandbox integration allows you to investigate potentially malicious files faster, and more efficiently, all from a single console.

With the CrowdStrike Falcon Sandbox and PhishER Plus integration you get:

  • Automated Scans and Detonations: PhishER Plus rules and actions empower you to automate scans and detonations.
  • Streamlined Analysis: Simplify your workflow by analyzing links and attachments from a single, intuitive console: PhishER Plus. No more juggling multiple interfaces.
  • Maximized ROI: PhishER Plus seamlessly integrates with CrowdStrike Falcon Sandbox, amplifying its value and ensuring a higher return on your investment.
  • Effortless Triage and Reporting: Easily triage, analyze, and report on files or URLs found in malicious phishing emails.

Your time and expertise are valuable. The PhishER Plus integration with CrowdStrike Falcon Sandbox is designed to enhance both. Increase your operational efficiency, streamline your processes, and help your team stay on top of today's emerging threats.

CrowdStrike Falcon Sandbox Integration is available to KnowBe4 customers with a full PhishER Plus subscription.

Join us for a live 30-minute demo of the Plus features of PhishER and see this integration in action!

Date/Time: TOMORROW, Wednesday, November 15, @ 2:00 PM (ET)

Save My Spot:

[BUDGET AMMO] New State of Phishing Report 2023: An Alarming Surge in Phishing Threats

The fight against cyber threats remains a top priority for all organizations, including phishing attacks. SlashNext just released its much-anticipated annual "State of Phishing Report for 2023." This report sheds light on the alarming surge in phishing threats across email, web, and mobile channels. We will delve into the key findings and insights from the report, highlighting the growing influence of generative AI tools in cybercriminal activities.

The Phishing Landscape: A Disturbing Uptick

The report paints a grim picture of the current phishing landscape. The study analyzed billions of threats, including link-based threats, malicious attachments, and natural language messages in email, mobile, and browser channels during a 12-month period from Q4 2022 to Q3 2023.

The most alarming findings include:

  • A 1,265% Increase in Malicious Phishing Messages - Since Q4 2022, there has been an astonishing 1,265% increase in malicious phishing messages, signaling a significant escalation in cyber threats. On average, a staggering 31,000 phishing attacks were sent on a daily basis, demonstrating the relentless efforts of threat actors.
  • 967% Increase in Credential Phishing - Credential phishing, a method employed to steal login information and sensitive data, has surged by a worrying 967%. This steep increase highlights the success and persistence of cybercriminals in exploiting user vulnerabilities.
  • Business Email Compromise (BEC) Increases by 68% - A notable 68% of all phishing emails are text-based Business Email Compromise (BEC) attacks. BEC attacks often lead to substantial financial losses for organizations, making them a prime concern for cybersecurity professionals.
  • Cybersecurity Professionals are 77% of Threat Actors Targets - 77% of cybersecurity professionals polled reported being targets of phishing attacks, and 28% reported receiving those messages via text messages. This underscores the indiscriminate nature of phishing attacks and the need for enhanced cybersecurity measures.
  • The 39% Rise of Smishing - Mobile-based attacks, particularly SMS phishing (Smishing), have increased by 39%. Threat actors recognize the reduced protection on mobile devices compared to email, making it a prime target for attacks.

The Report goes on with: The Impact of Generative AI on Phishing

[CONTINUED] Blog post with links:

The Holiday Season is Here. How Are You Staying Cyber Safe?

Are your users aware of the holiday phishing scams cybercriminals will be sending them?

It's the busiest time of year for everyone, especially cybercriminals. They know surges in online shopping, holiday travel and time constraints can make it easier to catch users off their guard with relevant schemes. This makes one of the busiest times of year one of the most important times for your employees to stay vigilant against cybersecurity threats.

That's why put together this resource kit to help ensure no chunks of cyber-coal end up in your employees' stockings this season! Use these resources to help your users make smarter security decisions every day.

Here is what you'll get:

  • New! Holiday Cybersecurity World Passport interactive game
  • Two free holiday training modules, all available in multiple languages
  • Resources to share with your users, including an educational video, plus security documents and digital signage to reinforce the free modules included in the kit
  • Newsletters about holiday shopping and travel safety for your users
  • Access to resources for you to help with security planning for the upcoming year

Get Your Kit Now!

IT Admins Continue to Use Weak Passwords

In an analysis of web pages identified as admin portals, some incredibly weak passwords were identified – and some of them are going to really surprise you.

We all know the general drill with admin passwords – make them complex and long. Simple right?

But a new analysis of admin passwords shows that IT admins seem to not be vigilant around good password hygiene. According to an analysis of 1.8 million passwords by security vendor Outpost24, the top 20 passwords they found are really terribly bad:

  1. admin
  2. 123456
  3. 12345678
  4. 1234
  5. Password
  6. 123
  7. 12345
  8. admin123
  9. 123456789
  10. adminisp
  11. demo
  12. root
  13. 123123
  14. admin@123
  15. 123456aA@
  16. 01031974
  17. Admin@123
  18. 111111
  19. admin1234
  20. admin1

Note that the number one password is "admin." Seriously? In today's cybersecurity climate, IT pros are still using these passwords? This shows that even IT pros need to be enrolled in continual security awareness training so they are reminded of the need for good password hygiene – which includes the use of properly secure passwords.

4 Reasons Why SecurityCoach Helps Users Help Themselves

Your employees are your largest attack surface.

For too long the human component of cybersecurity has been neglected, leaving employees vulnerable and creating an easy target for cybercriminals to exploit.

But your users want to do the right thing. Rather than a hurdle to be overcome, organizations need to think of their employee base as an asset, once properly equipped.

In this whitepaper, learn how KnowBe4's SecurityCoach tool helps strengthen your security culture by enabling real-time coaching of your users in response to their risky security behavior. The real-time, focused, security awareness training is called coaching because these quick messaging opportunities are used to nudge users toward the right decisions and behaviors.

Read this whitepaper to learn how SecurityCoach can:

  • Deliver the right education where needed to maximize its impact
  • Encourage real-time learning with content provided when and where it will matter most
  • Provide critical insights to management to help determine where more focused training is needed

Download this whitepaper today!

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: Russian hackers caused an energy blackout in Ukraine—during a missile strike:

PPS: [By KnowBe4's CISO] What Do the Latest SEC Charges Against Solarwinds' CISO Mean for CISOs Everywhere?:

Quotes of the Week  
"Discipline is choosing between what you want now and what you want most."
- Abraham Lincoln (1809 – 1865)

"When a man is sufficiently motivated, discipline will take care of itself."
- Albert Einstein (1879 – 1955)

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog

Security News

Targeted Social Engineering on the Rise With Lowering Phishing-as-a-Service Costs

Targeted individuals were the most common victims of social engineering attacks in the second half of 2022 and the first half of 2023, according to researchers at AtlasVPN.

"During the observed period, around 31% of all social engineering attacks were aimed at targeted individuals, with the public administration sector following second at 18% of incidents," the researchers write.

AtlasVPN continues, "The 'all' category encompasses cybersecurity events that have a global effect across markets [and] was the third-most (7.97%) targeted sector in social engineering attacks. It reinforces the notion that cyber threats transcend the boundaries of specific industries or sectors.

"The banking and finance sector (5.49%) follows closely, while the postal and courier sector (5.22%) rounds out the top five social engineering victims. The difference in share percentages between first place and others is a testament to how threat actors view targeting individuals as the most profitable attack vector."

The researchers observed the following five trends in social engineering attacks in 2023:

  • "Phishing and Phishing-as-a-Service (PhaaS): Phishing remains a prevalent and influential tactic due to its time efficiency, with the emergence of PhaaS amplifying its reach."
  • "Availability and Affordability of Services: The availability and affordability — with prices reported as low as 15 USD — of PhaaS and similar services contribute to the proliferation of social engineering attacks."
  • "AI-Driven Innovations: The use of AI for crafting convincing phishing emails, deepfakes, and AI-driven data mining, is driving innovation in social engineering tactics."
  • "Changes in Threat Actor Behavior: Threat actors are adapting to overcome increased security measures, including multi-factor authentication, employing novel approaches like MFA fatigue attacks, adversary in the middle (AitM), and SIM swapping."
  • "Personal and Intimidating Approaches: Threat actors are using more personal and intimidating approaches, targeting individuals with personal threats and even involving their family members, marking a progression in the scope of social engineering attacks."

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Blog post with links:

.AI Domains Exploited for Phishing

Another top-level domain is figuring prominently in phishing attacks. This one is attractive because, in effect, it's a pun.

The .ai country code top-level domain (ccTLD) is increasingly being abused in phishing attacks, according to researchers at NetCraft. The .ai TLD, which belongs to the British Overseas Territory of Anguilla, is frequently used by legitimate technology companies due to the growing popularity of AI.

"The hype surrounding AI over the last few years perhaps explains why victims are ignoring long-established conventions of 'avoiding unknown links', and instead are willing to click on .ai URLs," the researchers write.

"In the past year, there have been numerous legitimate AI products created (mostly from new/generic brand names), which means victims are getting used to seeing (and clicking on) .ai brands and URLs. The increasing familiarity of seeing domains that end in .ai – coupled with a curiosity about AI fueled by months of media speculation – makes the .ai top level domain attractive for cybercriminals."

Criminals who get their hands on these domains are using them to launch phishing attacks and other social engineering scams. "Phishing attacks account for 67% of the malicious URLs we see on .ai domains, with survey scams accounting for another 11%," the researchers write.

"Survey scams are a type of affiliate marketing scam involving victims being tricked into thinking they've won a prize. After the survey is filled (with the results often not being sent anywhere), the victim is redirected to a destination site, which encourages them to sign up for a third-party service, typically a sweepstake with a very small chance of winning the advertised prize."

We often see affiliate marketing scams utilize .ai domains as redirects to other domains that host the scams. Consequently, these malicious .ai domains utilize a smaller range of IP addresses than other attacks. In September 2023, we blocked 845 URLs on 58 IP addresses using .ai domains, a steady increase over previous months that shows no signs of slowing down."

Netcraft has the story:

What KnowBe4 Customers Say

"Hey Tim, I just wanted to let you know that I got off a call with Albert just a few minutes ago. He is an absolute joy to work with and is extremely helpful!! I just wanted to share my appreciation for such helpful guidance during our POC and inform you Albert is awesome to work with! 😊 Thanks!"

- H.A., CDPP

"Hi Stu, Nice to virtually meet you and thanks for the personal touch. Much appreciated! We are indeed enjoying, yet still digging into, all that KnowBe4 has to offer. We have already had excellent, preliminary results thus far as our users are increasingly paranoid about failing the tests. Exactly as it should be. ;)

Thanks again for reaching out and for creating an excellent and much needed service. Not a single business should be without a service such as this."

- D.N., Director, Information Technology

The 10 Interesting News Items This Week
  1. In the First Known Combat Incident in Space, a Ballistic Missile is Shot Down By Israel:

  2. Russian hackers switch to LOTL (Living Off The Land) technique to cause power outage:

  3. FBI Warns of Emerging Ransomware Initial Access Techniques:

  4. 'Multi-stage social engineering' campaign against Israel tied to Iran-based group:

  5. Data brokers are selling U.S. service members' secrets, researchers find:

  6. OpenAI Wants Everyone to Build Their Own Version of ChatGPT:

  7. U.S. sanctions Russian who laundered money for Ryuk ransomware affiliate:

  8. Jailbreaking Black Box Large Language Models in Twenty Queries:

  9. The Scammers Waiting When Your Flight Gets Canceled:

  10. MGM and Caesars Attacks Highlight Social Engineering Risks:

  11. Bonus: Experts Expose Farnetwork's Ransomware-as-a-Service Business Model:

Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

Topics: Cybercrime, KnowBe4

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews