CyberheistNews Vol 13 #48 Bloomberg Crypto Channel Hack Exposes Discord Users to Phishing Attacks

CyberheistNews Vol 13 #48 | November 28th, 2023

Bloomberg Crypto X Bio Link Exposes Discord Users to Phishing Attacks Stu Sjouwerman SACP

Scammers used an outdated link found in an X (formerly Twitter) account belonging to Bloomberg Crypto to send users to a phishing site designed to steal Discord credentials, BleepingComputer reports.

"As first spotted by crypto fraud investigator ZachXBT, the profile contained a link to a Telegram channel with 14,000 members, further pushing visitors to join a fake Bloomberg Discord server with 33,968 members," BleepingComputer says.

"According to ZachXBT, Bloomberg previously maintained an older Telegram channel under the username @BloombergNewsCrypto, a detail shared on X/Twitter in August 2023."

A message on the compromised Telegram channel states, "If you are interested, please head over to, our official and only discord server for more information on how to start an application: discord[.]gg/bloomberg. Join the Bloomberg Crypto Discord Server! Check out the Bloomberg Crypto community on Discord - hang out with 33975 other members and enjoy free voice and text chat."

The scammers use a typosquatting domain to trick users into handing over their Discord credentials.

"Rather than linking to the legitimate altdentifier[.]com address, it presents a link to a deceptive page using an altered domain (altdentifiers[.]com) with an extra 's' at the end of the original domain name," BleepingComputer says.

"The 'Bloomberg Crypto' staff team gives visitors 30 minutes to go to this site and complete the verification process. After clicking the link to 'verify' their account, the potential victims are prompted by the AltDentifiers phishing website to verify with Discord, aiming to steal their Discord login credentials."

The link has since been taken down, but users should continue to be on the lookout for cryptocurrency scams. "The malicious link was removed from the Bloomberg Crypto X/Twitter account 30 minutes after ZachXBT's initial tweet," BleepingComputer writes. "As many crypto communities reside on Discord, threat actors commonly attempt to steal credentials for accounts that frequent such servers.

"These hijacked accounts can then be used to promote cryptocurrency scams designed to steal users' cryptocurrency assets while appearing to be from a legitimate source."

Update: This post has been revised to reflect that Bloomberg's Crypto account as not compromised, rather it pointed to an abandoned Telegram account which was then hijacked as part of a phishing scheme.

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Blog post with links:
https://blog.knowbe4.com/compromised-bloomberg-crypto-channel-discord-phishing

[New Features] Ridiculously Easy Security Awareness Training and Phishing

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Join us Wednesday, December 6, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.

Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.

NEW! Callback Phishing allows you to see how likely users are to call an unknown phone number provided in an email and share sensitive information
NEW! Content Manager lets you easily customize your training content preferences including branding, adjustable passing score, test out and more
NEW! 2023 Phish-prone™ Percentage Benchmark By Industry lets you compare your percentage with your peers
Executive Reports helps you create, tailor and deliver advanced executive-level reports
See the fully automated user provisioning and onboarding

Find out how 65,000+ organizations have mobilized their end-users as their human firewall.

Date/Time: Wednesday, December 6, @ 2:00 PM (ET)

Save My Spot!
https://info.knowbe4.com/kmsat-demo-3?partnerref=CHN2

With Expected Increases of Holiday Sales Comes Similar Expectations of More Cyber Scams

If increases in cyber attacks this year are any indication of what to expect in the next six weeks of holiday shopping, we should expect a massive uptick in holiday-related scams.

The expectation by the National Retail Foundation for this year's holiday shopping is that we will see 4% more spending than last year. This is a slight year over year decrease (as last year saw a 5.4% increase over 2021), but still indicates increases in spending.

And all that spending means lots of time spent online, checking emails, looking for packages that haven't arrived yet, and charitable opportunities for those in the giving spirit — just what cyber scammers are planning on taking advantage of.

Whether we're talking about specific notable holiday dates like Black Friday, Cyber Monday and Giving Tuesday or are simply realizing that these days more reflect the general spending and giving mood this time of year, the opportunities for cyber scams will once again abound.

Some of the general themes to warn your users against:

Holiday specials (that are too good to be true)
Shipping issues with one of "your" packages
Fake invoices or notifications for purchases you actually never made
Heavily discounted gift cards (see "Holiday Specials" above)
Fake charity websites and emails seeking your donations

In all these scams, the first step is to check to see if the brand claimed within the email or website (e.g., Amazon, UPS, Apple, etc.) is legitimate by looking at the sender address in emails and the URL of any involved websites.

Second, you can further put a potential scam to the test by going to the known-good domain for the claimed brand and validating the claim made in the scam (e.g., visiting Amazon's official website and looking at your orders to see if that invoice for a $3500 105" TV is really a purchase on your account).

There will no doubt be plenty of other scam themes I haven't listed above; the important thing is to remain vigilant and err on the side of caution, believing any exceptional good or bad news related to the holiday season is assumed to be a scam first until proven to be legitimate.

Blog post with links:
https://blog.knowbe4.com/holiday-sales-cyber-scams-increase

Re-Check Your Email Attack Surface Now. (We Are Always Adding New Breaches)

Your users are your largest attack surface. Data breaches are getting larger and more frequent. Cybercriminals are getting smarter every year. Add it all up and your organization's risk skyrockets with the amount of your users' credentials that are exposed.

It's time to re-check your email attack surface.

Find out your current email attack surface now with KnowBe4's Email Exposure Check Pro. EEC Pro identifies your at-risk users by crawling business social media information and now also thousands of breach databases.

EEC Pro leverages one of the largest and most up-to-date breach data sources to help you find even more of your users' compromised accounts that have been exposed in the most recent data breaches — fast.

Do this complimentary test now!

Get your EEC Pro Report in less than 5 minutes. It's often an eye-opening discovery. You are probably not going to like the results...

Get Your Report:
https://info.knowbe4.com/email-exposure-check-pro-chn-2

73% of Organizations Affected by Ransomware Attacks Globally in 2023, According to Statista

I recently wrote about how 1 in 34 organizations globally has experienced an attempted ransomware attack. But that statistic doesn't provide enough context around the impact felt by the organizations that do business in one form or another with those that are attacked.

According to statistics company Statista, the annual share of organizations affected by ransomware attacks is nearly three-quarters (72.7%). That's up only slightly from last year's 71%, but is a significant 31% increase when compared to just five years earlier.

What's also interesting is comparing the percentage of organizations impacted against the number of annual ransomware attempts globally. In 2022, there was a material drop in the overall number of attacks, and yet, referring back to the graph in the blog post, the percentage of organizations affected actually rose.

It feels like it may be due to the attacks that were successful being far more widespread within the organization, having a greater impact on an organization's ability to be resilient, causing the aforementioned ripple effect that causes the "affected" chart above to keep increasing.

Playing this forward, it says to me that ransomware attacks are only going to become more pervasive within an organization, possibly including specific tactics to find ways to cause those with whom your organization does business to also be impacted.

I know it's pure speculation, but when ransomware first started, who thought we'd have triple, quadruple, and quintuple extortion on top of basic ransomware encryption?

The only way to ensure your organization and those organizations that could be impacted is to avoid being a victim altogether. And the latest initial access data in ransomware attacks still points to phishing playing a dominant role — something that can only effectively be mitigated with new-school security awareness training.

Blog post with links:
https://blog.knowbe4.com/ransomware-attacks-affect-majority-organizations-2023

Whitepaper: Building a Compliance Training Roadmap With KnowBe4's Compliance Plus

Gone are the days where once-per-year compliance training is considered best practice for building a culture of compliance in your organization.

Ensuring your organization is meeting regulatory requirements and actually increasing employees' knowledge requires a "new-school" approach that leverages engaging content, robust training campaigns and automation.

All this and more is possible with KnowBe4's Compliance Plus training library! This whitepaper gives the strategies and actionable guidance to help you make it happen.

Key considerations to keep in mind when building your own year-round compliance training initiative
The three pillars behind a successful compliance training program
Tips for measuring results to ensure your efforts are working

Bonus: Two free year-long training roadmaps are included!

Download Now:
https://info.knowbe4.com/wp-building-compliance-training-roadmap-cmp-chn

Black Friday Phishing Emails Soared 237%

Security researchers have warned of triple-digit increase in the volume of phishing emails designed to trick shoppers. For the past few years, the Amazon-inspired event has signaled the unofficial start of the busy shopping season running through to the end of December.

However, it also represents a major opportunity for scammers to trick users into handing over logins and personal/financial information or clicking on malicious links or attachments.

Between November 1 and November 14 this year, security vendor Egress detected a 237% increase in phishing emails relating specifically to Black Friday and Cyber Monday, versus the period September 1-October 31.

InfosecMag has the story:
https://www.infosecurity-magazine.com/news/phishing-emails-soar-237-black/

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: Want to red-team high-risk people in your own org? I wrote: "Here's Five OSINT Tools Organizations Can Use To Mitigate Social Engineering Attacks":
https://www.forbes.com/sites/forbestechcouncil/2023/11/20/five-osint-tools-organizations-can-use-to-mitigate-social-engineering-attacks/

PPS: [BUDGET AMMO] Approach Cybersecurity Awareness Training by Engaging People at All Levels:
https://www.cpomagazine.com/cyber-security/approach-cybersecurity-awareness-training-by-engaging-people-at-all-levels/

Quotes of the Week

"If you would be a real seeker after truth, it is necessary that at least once in your life you doubt, as far as possible, all things."
- René Descartes - Philosopher (1596 - 1650)

"Love is that condition in which the happiness of another person is essential to your own."
- Robert A. Heinlein - Writer (1907 - 1988)

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-13-48-bloomberg-crypto-channel-hack-exposes-discord-users-to-phishing-attacks

Security News

[FBI & CISA Alert]: Cybercrime Group 'Scattered Spider' is a Social Engineering Threat

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have released a joint Cybersecurity Advisory describing the Scattered Spider cybercriminal gang's activities. The group, believed to be unusual both for the relative youth of its members and their native proficiency in English, was responsible for this summer's compromises of MGM Resorts and Caesars Entertainment. It also excels at social engineering.

"Scattered Spider (also known as Starfraud, UNC3944, Scatter Swine, and Muddled Libra) engages in data extortion and several other criminal activities," the joint advisory said. "Scattered Spider threat actors are considered experts in social engineering and use multiple social engineering techniques, especially phishing, push bombing, and subscriber identity module (SIM) swap attacks, to obtain credentials, install remote access tools, and/or bypass multi-factor authentication (MFA)."

The threat actor targets large companies, and has "been known to utilize BlackCat/ALPHV ransomware alongside their usual TTPs." The joint advisory represents a call for information sharing as much as it does a warning against the activities of this particular threat group. Scattered Spider has taken an unusual interest in its victims' internal corporate communication channels like Slack, Microsoft Teams and Microsoft Exchange.

Their social engineering is an ongoing effort, and not merely a way of obtaining initial access to their targets. They look for signs their victims have detected Scattered Spider intrusions, and they've been caught trying to join conversations about remediation efforts.

The FBI has for several months known the identities of about a dozen members of Scattered Spider, and some observers have wondered why the Bureau hasn't been more aggressive in making arrests. "If you look at some of the things that we've been doing over the last year, from Hive, to Genesis Market, to BreachForums and the arrest that we had, then to Quakbot, just because you don't see actions being taken, it doesn't mean that there aren't actions that are being taken," the senior FBI officials said during a media availability. "So there's a lot of things that we do behind the scenes."

New-school security awareness training gives your organization a critical layer of defense against social engineering attacks.

Blog post with link:
https://blog.knowbe4.com/scattered-spider-is-social-engineering-threat

A Look at Disaster Fraud

Threat actors frequently exploit natural disasters to launch social engineering attacks, according to Joel Burleson-Davis, SVP of Worldwide Engineering at Imprivata. In an interview with Cybernews, Burleson-Davis explained that scammers take advantage of people's willingness to send money to charities.

Victims of this type of fraud often don't realize they've been scammed, since they don't expect to receive anything back after sending a donation.

"It's like I gave $1,000 to this thing," Burleson-Davis says. "You never expect to hear back. You don't go check up on whoever that is – like the $1,000 that you gave me, these are the things I bought or whatever, right? There's no feedback mechanism or information flow to say yes, check the box, that's the right thing that happened. There's no audit of the activities that happened after you helped."

In addition to stealing money, threat actors can exploit this sense of urgency to steal data or gain access to systems.

"Think of natural disasters and federal money flowing or organizations coming to help, you can exploit that same dynamic," Burleson-Davis says. "It's not particularly hard: 'Hey, I've emailed you. It happens to be from my personal account, but I'm really a Red Cross worker. Can you send me x, y, z?'

"Someone's like, 'Yes, I need help, I'm tired. Sure, I'll send that to you.' And then suddenly you have a malicious actor into whatever you've sent them."

Burleson-Davis added that supply chains that are set up in response to natural disasters are particularly vulnerable to exploitation by fraudsters. "What's often the most exploited piece of a normal organization — it's their supply chain," Burleson-Davis said.

"Well, the interesting thing that happens with natural disasters is you create all sorts of ad hoc supply chains, right? If you can break a long-standing chain from an organization because that's still the weakest link, just imagine how fragile these chains are."

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Cybernews has the story:
https://cybernews.com/editorial/natural-disaster-online-fraud-social-engineering/

What KnowBe4 Customers Say

"Hi Stu, Thanks for the note. Yes, happy campers so far. I've been quite impressed with the functionality of the platform and the general interoperability of the data within the system (i.e. dynamic groups, seamlessly adding people to groups and then having them drop off after completing an action, the proficiency assessment tying directly to relevant training, and the international features, to name a few).

Everything makes sense and is integrated. Also, the customization and agility is robust but not overwhelming. Sadly, these traits are not common in software these days. Looking forward to continuing using the KnowBe4 platform to improve the security proficiency of our growing team."

- R.M., Head of Operations

"Stu, It was helpful that you said this was not an automated email - much appreciated. Thus far, we are very happy campers. Krissy S. has been excellent in keeping up focused and on track with our goals. Having Krissy be that proactive piece to make sure we get full use of our purchase is something other vendors could learn from."

- C.T., CGCIO. Director of Information Technology

The 10 Interesting News Items This Week