CyberheistNews Vol 14 #04 'Swatting' Becomes the Latest Extortion Tactic in Ransomware Attacks

CyberheistNews Vol 14 #04 | January 23rd, 2024

'Swatting' Becomes the Latest Extortion Tactic in Ransomware Attacks Stu Sjouwerman SACP

Rather than stick to traditional ransomware extortion methods that revolve around the attack itself, a new form of extortion known as "swatting" puts the focus on the victim organization's customers.

A somewhat unexpected mode of extortion appears to be popping up in attacks targeting medical institutions. According to Dark Reading, cybercriminals are making repeat prank calls to police about individuals that are patients impacted by a data breach of a medical facility they are a customer of.

By notifying the victim organization of the intent to "swat" their patients, the organizations will pay. I'm not so convinced. But that doesn't mean these threat actors won't continue the tactic.

But this small evolution in extortion tactics does signal that ransomware gangs are realizing that organizations are aware of and are preparing themselves for the "traditional" tactics and their impacts. This is why "swatting" makes sense; it's out of left field, really.

It's something the organization cannot truly prepare for, as these attacks could expose medical organizations to lawsuits, as victim patients will be able to demonstrate in court that they have been harmed by the repeat harassment and potential trauma of armed police visits.

This latest mode of extortion is a great example of why it's critical to put the greatest emphasis on stopping an attack from ever happening — something new-school security awareness training helps to accomplish. No matter how prepared you are, the cybercriminal is going to think of something you haven't.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Blog post with links:
https://blog.knowbe4.com/swatting-latest-tactic-in-ransomware

[NEW FEATURE] PhishER Plus and CrowdStrike Falcon Sandbox Integration

KnowBe4's PhishER Plus provides an easy way to protect your users against malicious emails! PhishER Plus includes the following capabilities that can save you and your team precious time managing malicious emails.

With PhishER Plus you can:

Use crowdsourced intelligence from more than 10 million users to block known threats before you're even aware of them
Automatically isolate and "rip" malicious emails from your users' inboxes that have bypassed mail filters
Simplify your workflow by analyzing links and attachments from a single console with the CrowdStrike Falcon Sandbox integration
Leverage the expertise of the KnowBe4 Threat Research Lab to analyze tens of thousands of malicious emails reported by users around the globe per day
Automate message prioritization by rules you set and cut through your incident response inbox noise to respond to the most dangerous threats quickly

Join us for a live 30-minute demo of PhishER Plus, the #1 Leader in the G2 Grid Report for SOAR Software, to see it in action.

Date/Time: TOMORROW, Wednesday, January 24, @ 2:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/phisher-demo-1?partnerref=CHN2

Analysis of Phishing Emails Shows High Likelihood They Were Written by AI

It's no longer theoretical; phishing attacks and email scams are leveraging AI-generated content based on testing with anti-AI content solutions.

I've been telling you since the advent of ChatGPT's public availability that we'd see AI's misuse to craft compelling and business-level email content. According to cybersecurity vendor Abnormal Security's latest report, "AI Unleashed: 5 Real-World Email Attacks Likely Generated by AI in 2023," the likelihood of emails today being written by AI is very high.

According to the report, "the Abnormal platform determines the probability that an attack was AI-generated by utilizing ChatGPT—a newly-launched tool that leverages a suite of open-source large language models (LLMs) to analyze how likely it is that a generative AI model created the message."

They provide some color-coded examples, like the one below to make the case.

The color coding indicates just how predictable the next word would be based on its context to the left. The green words represent that each one was one of the top 10 predicted words to come from AI. Yellow words are from the top 100 most predicted words, and red, the top 1000.

The green coloring is pretty damning, as it's unlikely that a human would be so predictable as to match LLM-based AI tools. The report also notes the lack of typos and grammatical errors, meaning that these emails will be more compelling and more difficult to identify as being written by a hacker (because they weren't).

While we're just talking about text content, there's no reason why an AI tool can't be trained to look at legitimate email content from known brands to craft near-perfect emails that will fool just about anyone.

It's why we need users to remain vigilant — something taught via new-school security awareness training — to be always on the lookout for any kind of email that is unexpected and treat it with scrutiny.

Blog post with color-coded screenshot:
https://blog.knowbe4.com/analysis-ai-generated-phishing-email-content

Build Your Security Awareness Program in 5 Easy Steps

Unsure how to start when creating your robust security awareness program? Don't sweat it. We're here to help!

Our free Automated Security Awareness Program (ASAP) Walkthrough provides you with a personalized step-by-step toolkit, enhanced with guidance from a dedicated security awareness expert. The expert will work alongside you to understand your organization's unique needs and objectives, and guide you through building your customized training plan. We've eliminated the guesswork, empowering you to build a customized security awareness program with ease.

Here's how it works:

Fill out the form to request your ASAP step-by-step walkthrough
A skilled security awareness training expert will schedule a meeting to set up your personalized training program
Answer seven quick questions about your organization's goals, compliance needs and culture
Our automated builder will recommend a customized training plan based on your answers including a detailed calendar and task list
You'll get a built-out awareness program in minutes

Find out what your customized security awareness program will look like! There's no cost... start ASAP!

Start ASAP:
https://info.knowbe4.com/asap-chn-1

Russian Hackers Win Big: Microsoft's Senior Exec Team Emails Breached

In a Friday regulatory filing, Microsoft has reported that its corporate email accounts were compromised by a Russian state-sponsored hacking group known as Midnight Blizzard, also identified as Nobelium or APT29. Microsoft's disclosure aligns with new U.S. requirements for reporting cybersecurity incidents. The attack was detected on January 12th, 2024, but it appears to have started in November 2023.

The attack involved Russian hackers using a password spray attack to access a legacy non-production test tenant account at Microsoft. Password spraying is a brute force technique where attackers attempt to log in using a list of potential usernames and passwords.

This indicates that the breached account did not have two-factor authentication (2FA) or multi-factor authentication (MFA) enabled, a security practice recommended by Microsoft. Once the hackers gained access to the test account, they used it to access a "small percentage" of Microsoft's corporate email accounts over a month.

Notably, the targeted email accounts included members of Microsoft's leadership team, as well as employees in cybersecurity and legal departments. Microsoft emphasized that this breach was due to a brute force password attack and not a vulnerability in their products or services.

This incident underscores the importance of robust cybersecurity practices, including enabling 2FA/MFA, to protect against password-based attacks. And you might also train your users to create strong pass-phrases...

Blog post with links:
https://blog.knowbe4.com/russian-hackers-win-big-microsofts-senior-exec-team-emails-breached

KnowBe4 Ranked as the #1 Security Awareness Training Platform for the 18th Consecutive Quarter

The latest G2 Grid Report compares Security Awareness Training (SAT) vendors based on user reviews, customer satisfaction, popularity and market presence. Based on 1,455 G2 customer reviews, KnowBe4 is the top ranked security awareness training platform with 98% of users rating 4 or 5 stars. The KnowBe4 platform also received a 93% customer recommendation rating, 92% ease of use and 94% quality of support score. KnowBe4 has the largest market presence and G2 score among all vendors rated in the report.

KnowBe4 empowers the workforce of over 65,000 organizations worldwide to make smarter security decisions every day. Using world-class training and simulated phishing, we help customers to improve their security posture, mitigate risk, and manage the ongoing problem of social engineering.

In this comprehensive G2 Grid Report on the SAT market, you'll get:

Stack rankings of SAT vendors based on validated reviews from customers
Detailed profiles and customer ratings of the vendors in the category on G2
Customer scores based on ease of use, likelihood to recommend, support and more

Download Your Complimentary Copy of the Report Now!
https://www.knowbe4.com/g2-grid-report-for-security-awareness-training-chn

Get Ready for KB4-CON, Where the Worlds of Cybersecurity and AI Converge!

There is still time to register for KB4-CON! Join us March 4-6, 2024, at the beautiful Gaylord Palms Resort and Convention Center in sunny Orlando, Florida.

KB4-CON is KnowBe4's premier annual conference, bringing together KnowBe4 customers, channel partners, security advocates, keynote speakers and industry professionals for three days of learning, sharing and growing your cybersecurity knowledge.

What can you expect at KB4-CON 2024?

Get ready for a great experience with more breakout sessions, providing you an opportunity to delve deeper into the world of cybersecurity. Plus, we've extended KB4 Lab hours, fostering connections with KnowBe4 product experts and exhibitors.

It's more than just sessions and keynotes; we're crafting an exciting journey into the cutting-edge world where cybersecurity and AI converge.

Plus, gain an exclusive peek under the hood of the platform behind KnowBe4's products. This is your opportunity to explore the future with product roadmaps, engage in product-specific sessions, and elevate your security awareness training program.

What are you waiting for? Save your spot today!
https://knowbe4.cventevents.com/xr7kQr?RefId=emwhyattpart

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: Yours Truly in Dark Reading: "CISA's Road Map: Charting a Course for Trustworthy AI Development":
https://www.darkreading.com/vulnerabilities-threats/cisa-s-ai-road-map-charting-a-course-for-trustworthy-ai-development

PPS: [SURVEY] I need your help, I'm super interested to know what your current preferences are related to licensing and pricing models for security software. You may love or hate particular models and I'm dying to know what you actually like the best.:
https://blog.knowbe4.com/2024-security-software-pricing-preference-survey

Quotes of the Week

"You can tell more about a person by what he says about others than you can by what others say about him."
- Audrey Hepburn - Actress (1929 - 1993)

"A man sees in the world what he carries in his heart."
- Johann Wolfgang von Goethe (1749-1832)

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-14-04-swatting-becomes-the-latest-extortion-tactic-in-ransomware-attacks

Security News

Ninety-Four Percent of Organizations Sustained Phishing Attacks Last Year

A survey by Egress has found that 94% of organizations were hit by phishing attacks in 2023, Infosecurity Magazine reports.

Additionally, 91% of firms experienced data loss and exfiltration. The three most common causes of data loss were reckless behavior, human error and malicious exfiltration.

"The negative effects of a data loss incident are varied," Egress says. "Businesses can suffer a loss of clients, reputation damage, litigation, and in more serious cases, have to cease operations altogether. In fact, according to our survey, 58% of organizations had to cease operations following breaches of internal information barriers by email.

"More organizations are being negatively impacted by security incidents caused by data loss and exfiltration this year than last year. 94% of the organizations surveyed reported being adversely affected, which is an increase of 8% from last year's report."

The researchers found that 79% of account takeovers were due to phishing attacks.

"Phishing is the most common tactic for credential harvesting and account takeover," Egress writes. "These emails will often contain a link to a credential-harvesting site, like this Netflix impersonation campaign we highlighted last year. Account takeover is understandably one of the top stressors for Cybersecurity leaders.

"Once threat actors have access to an employee's account, they use it to move laterally, sell credentials to other cybercriminals, and send phishing emails that are difficult for traditional security to detect, as the threat is coming from a trusted domain."

Jack Chapman, VP of threat intelligence at Egress, stated, "Organizations continue to face vulnerabilities when it comes to advanced phishing attacks, human error, and data exfiltration, and analyzing emerging trends will be key to bolstering defenses."

Blog post with links:
https://blog.knowbe4.com/ninety-four-percent-of-organizations-sustained-phishing-attacks-last-year

Scammers Target Owners of Missing Pets

Some particularly cold-hearted scammers are targeting users of lost pet forums with phony ransom demands, the BBC reports. "A BBC North West investigation found scammers have targeted scores of dog and cat lovers with threatening calls," the BBC says. "They prey on owners by claiming to have their lost pets before demanding cash.

"One victim, from Greater Manchester, said a man claiming to have found her Yorkshire terrier wanted £2,000 and said she would never see her dog again if she went to the police. Detectives in Cumbria have also told the BBC they are dealing with claims from more than 200 victims across the UK."

Another woman named Emma posted online asking if anyone had seen her missing cat and was contacted by a man demanding a ransom for her cat's safe return.

"A week went by and then we got the phone call," Emma told the BBC. "This man just said, 'I've got Ziggy - I want £500.' I said I don't have that kind of money and his voice got more aggressive and he said, 'if you don't pay me £500 your cat's gone', at this point I was hysterical."

Last year, a man named Brandon Woolveridge received three years in prison for running these types of scams. Woolveridge was accused of calling owners of missing pets and threatening to shoot the pets if he didn't receive £1,000.

Detective Inspector Amanda Sykes advises users to be wary of people who claim to have found missing pets, especially if they ask for money before returning the animal.

"Be very careful about any information that you give them and if you agree to meet them, agree to meet them in a public place and have somebody with you," she says. "If you wish to give reward money, please do not give it until you have sight of your much loved pet."

Blog post with link to BBC story:
https://blog.knowbe4.com/scammers-target-owners-of-missing-pets

What KnowBe4 Customers Say

"Hi Stu, good day. I wanted to take a moment to express my sincere appreciation for the exceptional customer service one of your team Sophie M. has provided me during my recent interaction. Her dedication to excellence did not go unnoticed, and I felt compelled to acknowledge her outstanding efforts.

Sophie's professionalism and willingness to go the extra mile truly set a remarkable standard for customer service. The way she handled my questions and requirements and timeliness in replies was nothing short of exceptional. In a world where exceptional service is often rare, Sophie's exemplary performance stands out, and it has undoubtedly left a positive impression on me.

Sophie, thank you for your unwavering commitment to excellence. It is employees like you who contribute significantly to building a positive and lasting relationship between customers. I will certainly share my positive experience with others and continue to choose KnowBe4."

- E.D., IT Security and Infrastructure Lead

The 10 Interesting News Items This Week