CyberheistNews Vol 13 #51 Phishing Is Still the No. 1 Attack Vector, With Huge 144% Malicious URL Spike

Cyberheist News

CyberheistNews Vol 13 #51  |   December 19th, 2023

Phishing Is Still the No. 1 Attack Vector, With Huge 144% Malicious URL SpikeStu Sjouwerman SACP

Analysis of nearly a year's worth of emails brings insight into exactly what kinds of malicious content are being used, who's being impersonated, and who's being targeted.

I love data built on statistically relevant data samples, as the larger the data set, the more relevant and representative of an entire industry, country or world it is.

One such report is Hornetsecurity's just released Cyber Security Report 2024. They analyzed 45 billion emails sent in 2023 to see exactly which techniques cybercriminals are using to infiltrate your network.

First, the seemingly "good" news: according to Hornetsecurity, only 3.6% of all emails were considered malicious. At first glance, this seems rather small. But when you consider that we're still talking about 1.6 billion emails that are putting organizations at risk, this is actually horrible news.

Phishing was the most common email-based attack method, representing 43.3% of attacks (other email attack methods included advanced-fee scams, extortion, impersonation, etc.). And within those emails, malicious URLs was the top technique used at 30.5% (a 144% growth from last year). For those emails with attachments, HTML files were most popular – found in 37.1% of cases.

Using a "threat index," Hornetsecurity listed the top 20 industries based on risk; research, entertainment, manufacturing, media and healthcare topped the list in this very interesting infographic. [link below]

Regardless of the specific technique(s) used, it takes a user falling for the social engineering used and engaging with a link, attachment, or phone number to keep an attack moving forward. By enrolling users in new-school security awareness training, organizations reduce that risk, thereby lowering the likelihood of successful attack via phishing.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Blog Post with links and infographic:

[NEW FEATURE] PhishER Plus and CrowdStrike Falcon Sandbox Integration

Now there's a new, super easy way to protect your users against malicious emails through the power of KnowBe4's PhishER Plus!

PhishER Plus gives you extremely effective capabilities:

Global PhishRIP, a cutting-edge email quarantine feature that automatically removes malicious email before your user is exposed to the threat, and Global Blocklist, an active global threat feed from over 10 million trained users for Microsoft 365.

These are real-world phishing threats, triple-vetted by humans and AI-validated. The result? Your Microsoft 365 email filters get a significant boost, all from within your PhishER console.

With the PhishER Plus and CrowdStrike Falcon Sandbox integration you can streamline your workflow to further analyze user-reported malicious emails without risking your organization's environment.

Join us for a live 30-minute demo of the Plus features of PhishER, the #1 Leader in the G2 Grid Report for SOAR Software.

With PhishER Plus you can:

  • New! Use crowdsourced intelligence from more than 10 million users to block known threats before you're even aware of them
  • New! Automatically isolate and "rip" malicious emails from your users' inboxes that have bypassed mail filters
  • New! Simplify your workflow by analyzing links and attachments with the CrowdStrike Falcon Sandbox integration from a single console
  • New! Leverage the expertise of the KnowBe4 Threat Research Lab to analyze tens of thousands of malicious emails reported by users around the globe per day
  • Automate message prioritization by rules you set and cut through your incident response inbox noise to respond to the most dangerous threats quickly

Find out how adding PhishER Plus can be a huge time-saver for your Incident Response team while ensuring your users are safe!

Date/Time: TOMORROW, Wednesday, December 20, @ 2:00 PM (ET)

Save My Spot:

WSJ: 'A Hidden Risk in the Municipal Bond Market: Hackers'

The Wall Street Journal has an interesting perspective on K-12 Public schools suffering ransomware attacks. The number doubles between 2021 and 2022 to almost 2,000 a year. Here are a few paragraphs with a link to the full article:

"Hacks are on the rise across all industries, but the public sector's weak protections make it an increasingly attractive target for cybercriminals. Cybercrime has left schools, hospitals and utilities from Baltimore to Los Angeles struggling to pay ransom, restore services and boost security. Finances have suffered, threatening credit ratings.

"The number of K-12 public schools suffering ransomware attacks almost doubled between 2021 and 2022 to almost 2,000 a year, according to a report by Emsisoft, a cybersecurity company. The growing use of technology in education, which was accelerated by the Covid-19 pandemic, as well as healthcare's reliance on IT infrastructure, has made schools and hospitals particularly vulnerable, according to analysts.

"This year alone, we've seen a lot more of these attacks compared to prior years, and it's a concern that has come up in almost every discussion that we have with issuers," said Li Yang, lead analyst at S&P Global Ratings.

"Cyberattacks on the Los Angeles Unified School District, the nation's second-largest school system, caused problems including the release of confidential student data. Superintendent Alberto M. Carvalho said officials convened a task force of cybersecurity experts to begin modernizing the district's technology. This year the school district sold hundreds of millions of dollars of debt and plans to use $72 million to secure its technology infrastructure, according to a spokesperson."

Read the full article here and forward this to your own network:

Blog post with links:

Got (Bad) Email? IT Pros Are Loving This Tool: Mailserver Security Assessment

With email still a top attack vector, do you know if hackers can get through your mail filters? Spoofed domains, malicious attachments and executables to name a few...

Email filters have an average 7-10% failure rate where enterprise email security systems missed spam, phishing and malware attachments.

KnowBe4's Mailserver Security Assessment (MSA) is a complementary tool that tests your mailserver configuration by sending 40 different types of email message tests that check the effectiveness of your mail filtering rules.

Here's how it works:

  • 100% non-malicious packages sent
  • Select from 40 automated email message types to test against
  • Saves you time! No more manual testing of individual email messages with MSA's automated send, test, and result status
  • Validate that your current filtering rules work as expected
  • Results in an hour or less!

Find out now if your mailserver is configured correctly, many are not!

How To Fight Long-Game Social Engineering

By Roger Grimes.

CISA sent out a warning about a Russian advanced persistent threat (APT) called Star Blizzard warning about their long-game social engineering tactics.

They create fake email and social media accounts, contact their potential victims, talk about a non-threatening subject to gain the victim's confidence, and wait to launch their malicious attack. I call this long-game social engineering.

In the course of my 35-year computer security career, I have had the unfortunate opportunity to be the target of more than a few APT long-game social engineering campaigns from different nation-states; mostly from the Russians and Chinese, but I am sure other countries have tried.

I do not know why I have been targeted by professional nation-state hackers. Perhaps it is just a normal expectation after writing for decades on how to fight cybercrime. Perhaps it is because I have frequently publicly criticized various nation-states (e.g., Russia, China, Iran, Korea, etc.) for their cybercriminal activity.

Their crime today goes far beyond traditional nation-state activities, focusing on causing operational interruption of regular businesses, privacy invasions, and intellectual property theft.

Perhaps it is because I worked for Microsoft and other cybersecurity orgs in the past, and by compromising me, they can figure out what me or my organization is up to. I do not know. All I can tell is that for sure I have been targeted by multiple nation-state actors over the years (some identified in the press or by the Department of Justice later on).

I do not think I have ever successfully been compromised by them (although no one can disprove a negative). Most have been easy to spot. Some harder. Either way, when they begin asking me to click on links, open documents, or start asking me to talk about particular non-public vendor technologies, I get suspicious.

[CONTINUED] Blog post with links:

[Whitepaper] The Security Culture How-to Guide

Improving the security culture of your organization can seem daunting.

An entire culture sounds almost too big to influence. But influencing security culture is possible with the right plan, buy-in and content.

With the right culture supporting them, your users will be better equipped to identify potentially devastating cyber attacks and social engineering threats before they affect your network.

This how-to guide will walk you through how to build a step-by-step plan, helping you understand the fundamentals of security culture and what you can do to move the culture needle in your organization.

You'll learn:

  • The fundamental ABCs of culture change and how each builds off each other
  • A seven-step cycle for improving your security culture
  • Advice and best practices for making the most out of each step in the process

Download this guide today!

Four News Items You May Have Missed:

  1. Investing in Security Awareness Training Arms Employees as the Last Line of Defense Against Cyberattacks:
  2. Have 10 hours? IBM will train you in AI fundamentals - for free:
  3. AI-generated news anchors show off superhuman abilities. This is scary:[…]
  4. He's Wanted for Wirecard's Missing $2 Billion. He's Now Suspected of Being a Russian Spy:

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: [NEW VIDEO] Check Out The KnowBe4 SecurityCoach Intro [1:45] at Vimeo:

Quotes of the Week  
"The five most efficient cyber defenders are: Anticipation, Education, Detection, Reaction, and Resilience. Do remember: 'Cybersecurity is much more than an IT topic'".
- James Scott, a Senior Fellow at the Institute for Critical Infrastructure Technology

"If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked."
- Richard Clarke, former National Coordinator for Security, Infrastructure Protection, and Counter-terrorism for the United States

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog

Security News

How To Fight Long-Game Social Engineering

Researchers at Nisos warn that North Korean threat actors are impersonating skilled job seekers to obtain remote employment at U.S. companies.

"The identified personas claim to have highly sought-after technical skills and experience and often represent themselves as U.S.-based teleworkers, but Nisos investigators found indications that they are based abroad," the researchers write.

"Boasting expert-level skills in mobile and web-based applications as well as a number of programming languages, the personas also list significant remote work experience which can be difficult to verify. The personas further obfuscate their identities by impersonating U.S.-based individuals' identities and/or copying resume content from publicly visible profiles of unassociated individuals, further increasing the difficulty of identifying the personas."

The researchers note that the threat actors have crafted phony personas on job-seeking platforms.

"Nisos investigators found that although the personas are often active on professional networking sites, IT industry-specific freelance contracting platforms, software development platforms, and common messaging applications, they are usually not active on social media platforms," the researchers write.

"Nisos assesses that the accounts were created solely for the purpose of acquiring employment. Investigators found instances of several accounts, associated with a persona, using the same picture but different names; other accounts lacked profile photos. Investigators also found that many of the accounts are only active for a short period of time before they are disabled.

"Nisos assesses the accounts remained active only for a short period of time because they were created in support of an application for a specific position or were flagged for fraudulent behavior and removed by the platform provider."

Nisos explains that hiring these individuals is a violation of U.S. and UN sanctions, since they "provide a critical stream of revenue that helps fund the DPRK regime's highest economic and security priorities, such as its weapons development program, and may also leak intellectual property (IP) and other sensitive information to the DPRK."

Blog post with links:

Who's Calling? Spam, Scams and Wasted Time

First ever insight into those annoying spam calls provides enlightening detail into how many calls are there, where are they coming from, and how much time is wasted dealing with them.

It's sort of the new normal — never answer your phone if you don't know the caller and let it go to voicemail. Why? Because of the proliferation of spam calls that nobody wants to receive.

But just how bad is it? Global communications provider, Truecaller, released its' first Monthly U.S. Spam and Scam Report, and there are some interesting bits of detail that give you an idea of just how much effort is being put into these calls that are riddled with scams:

  • Americans receive 2.1 billion spam calls each month
  • The average American individually gets 5.6 spam calls a month
  • The average spam call is 3.36 minutes long

What's interesting is where these come from. 90.7% of the calls originate from within the U.S. But of the other nearly 10% of calls, the majority of them (84.5%) originate in India.

I've written about Americans being scammed out of hundreds of millions of dollars by India-based call center scams. So the Truecaller data fits what we're seeing over here at KnowBe4.

These spam calls are scams. Individuals need to be made aware of the types of scams — similar to how users within an organization should be enrolled in new-school security awareness training. This will lower the effectiveness of these scams and thus undermine these cybercriminal organizations.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Blog post with links:

What KnowBe4 Customers Say

"Love the "not an automated email" which, would be even better, if that was part of the automated message. Regardless, ya we're doing well. Vanessa V. has been a stellar customer success manager. The offices are seeing value and I'm slowly but surely (with Vanessa's help), escalating the campaigns and looking at expanding to physical media tests etc. Thanks for the check in."

- D.D., Security Administrator

"Hi Stu, thank you for getting in touch, I'm pleased with KnowBe4 and we are utilizing phishing campaigns and training to enhance user awareness. I would like to express how fantastic [our CSM] Sarah has been - She's been incredibly helpful in resolving numerous inquiries. I truly appreciate her dedication and expertise in helping us navigate through various issues."

- A.Z. - Senior Security Engineer

The 10 Interesting News Items This Week
  1. Russian Cyber Actors are Exploiting a Known Vulnerability with Worldwide Impact:

  2. White House Cyber Czar confirmed in Senate:

  3. Ukrainian Civilians Endure Combined Russian Missile- and Cyberattack that disrupts Mobile Phone, Internet, and Air-Raid System:

  4. Meet Taylor Swift's Pro-Russia "Disinformation Doppelganger":

  5. MITRE: New Threat Model Framework for Critical Infrastructure:

  6. Washington Post: "China's cyber army is invading critical U.S. services":

  7. Police Arrest Hundreds of Human Traffickers Linked to Cyber Fraud:

  8. Microsoft disrupts cybercrime gang behind 750 million fraudulent accounts:

  9. UK at high risk of 'catastrophic ransomware attack', Parliamentary committee report says:

  10. How a social engineering hack turned these Facebook pages into a dumping ground for spam:

Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

Topics: Cybercrime, KnowBe4

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews