CyberheistNews Vol 14 #06 | February 6th, 2024
[New Threat] Attackers Are Now Using MS Teams to Phish Your Users
Attackers are abusing Microsoft Teams to send phishing messages, according to researchers at AT&T Cybersecurity.
"While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector," the researchers write.
"Most Teams activity is intra-organizational, but Microsoft enables External Access by default, which allows members of one organization to add users outside the organization to their Teams chats. Perhaps predictably, this feature has provided malicious actors a new avenue by which to exploit untrained or unaware users."
In the case observed by AT&T Cybersecurity, the attackers used a compromised domain to send the messages.
"An important detail to note here is the ".onmicrosoft[.]com" domain name," the researchers write. "This domain, by all appearances, is authentic and most users would probably assume that it is legitimate.
"OSINT research on the domain also shows no reports for suspicious activity, leading the MDR SOC team to believe the username (and possibly the entire domain) was likely compromised by the attackers prior to being used to launch the phishing attack."
In this case, the attackers sent users a malicious file with a double extension designed to trick users into thinking it is a PDF file. This file, when opened, would install the DarkGate malware.
"The MDR SOC team continued to drill down on the phished users to determine the precise nature of the attack," the researchers explain. "They subsequently discovered three users who had downloaded a suspicious double extension file. The file was titled 'Navigating Future Changes October 2023[dot]pdf[dot]msi.'
"Double extension files are commonly used by attackers to trick users into downloading malicious executables, as the second extension, .msi in this case, is usually hidden by the filesystem. The user believes they are downloading a PDF for business use, but instead receives a malicious installer."
Blog post with links:
https://blog.knowbe4.com/microsoft-teams-phishing-attacks
[New Features] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, February 7, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.
- NEW! Callback Phishing allows you to see how likely users are to call an unknown phone number provided in an email and share sensitive information
- NEW! Content Manager lets you easily customize your training content preferences including branding, adjustable passing score, test out and more
- NEW! 2023 Phish-prone™ Percentage Benchmark By Industry lets you compare your percentage with your peers
- Executive Reports helps you create, tailor and deliver advanced executive-level reports
- See the fully automated user provisioning and onboarding
Find out how 65,000+ organizations have mobilized their end users as their human firewall.
Date/Time: TOMORROW, Wednesday, February 7, @ 2:00 PM (ET)
Save My Spot!
https://info.knowbe4.com/kmsat-demo-2?partnerref=CHN2
Forget Deepfake Audio and Video. Now There's AI-Based Handwriting!
Researchers have developed AI technology that can mimic someone's handwriting with only a few paragraphs of written content. Experts worry about the possibility of misuse.
The Mohamed bin Zayed University of Artificial Intelligence (MBZUAI) in Abu Dhabi announced they have developed handwriting AI based on a neural network designed to learn context and meaning in sequential data.
Legitimate uses for such technology could help those that have lost the ability to use their hands to continue to be able to write, analyze and decode traditionally illegible doctor handwriting, or create personalized advertising.
But the researchers at MBZUAI purposely haven't released the technology to ensure precautions and tools are in place to ensure its proper use.
The implications for this kind of technology being used for nefarious purposes is concerning. How about a signed contract selling your house without you ever knowing? Or identity theft where someone signs up for a credit card in your name.
Even our Data-Driven Defense Evangelist Roger Grimes raised these similar concerns about AI handwriting in his recent blog post.
I'm glad the creators of this technology are seeing the potential for misuse and are looking for ways to minimize it before the public gets their hands on it. I just hope they're successful in doing so, because the last thing we need is yet "another" type of impersonation.
Blog post with links:
https://blog.knowbe4.com/ai-based-handwriting
How to Fight Long-Game Social Engineering Attacks
Sophisticated cybercriminals are playing the long game. Unlike the typical hit-and-run cyber attacks, they build trust before laying their traps.
They create a story so believable and intertwined with trust that even the most careful individuals can get caught in a trap set over time. Are your users prepared to confront such calculated attacks?
Join this webinar where Roger A. Grimes, Data-Driven Defense Evangelist at KnowBe4, walks you through the ins and outs of long-game social engineering advanced techniques.
During the webinar, you'll:
- Dive deep into the shadowy strategies of long-game social engineering, such as non-threatening conversations used to build trust over time
- Explore chilling, true stories where bad actors spun elaborate webs of trust
- Learn how to recognize the sneaky clues of long-game engineering scams, such as excessive flattery, feigned common interests and efforts to quickly transition conversations away from email
- Discover tools to enhance your security awareness training program and defend against long-game phishing and other malicious attacks
Don't get caught in the trap of long-game social engineering! Learn how to spot these attacks before they happen and earn continuing professional education (CPE) credit for attending!
Date/Time: Wednesday, February 14 @ 2:00 PM (ET)
Can't attend live? No worries — register now and you will receive a link to view the presentation on-demand afterwards.
Save My Spot:
https://info.knowbe4.com/long-game-social-engineering?partnerref=CHN
Bravo Host Andy Cohen Scammed Out of a 'Sizable' Amount of Money by Fraudsters Posing as the Bank
Bravo host Andy Cohen tells how he became the victim of an impersonation scam that gave scammers access to control his bank account.
While specific details are limited, Cohen told host of NBC's Today Show that he recently was the victim of a scam that he was duped by scammers with some pretty fortuitous timing. According to Cohen, he lost his debit card and scammers who posed as bank employees offered to help via a mix of phone calls and text messages.
During the scam, Cohen followed a scammer-provided link that involved having him log onto his online banking portal. Once the scammers had access to his account, they convinced Cohen to make a number of large money transfers.
The scammers also somehow activated call forwarding on Cohen's mobile phone so that any inbound calls from the bank would be rerouted to the scammers. Once Cohen went to a physical bank, he was able to understand what really transpired and the severity of the situation.
This story has many parallels with banking fraud scams where the communications are controlled using a medium where the victim believes the impersonated identity of the fraudster is real. It's only when the victim uses another medium does the reality come to light. In Cohen's case, it was too late.
Organizations looking to avoid being victims of digital fraud need to educate users on how these scams work through new-school security awareness training and create processes to check the validity of inbound communications claiming to be a financial authority.
Blog post with link to the video which is excellent to share with your users!
https://blog.knowbe4.com/host-scammed-out-of-a-sizable-amount-of-money-by-fraudsters
Download Your Ransomware Hostage Rescue Manual
Free your files! Get the most informative and complete hostage rescue manual on ransomware. This manual is packed with actionable info that you need to prevent infections, and what to do when you are hit with ransomware. You will also receive a Ransomware Attack Response Checklist and Ransomware Prevention Checklist.
You will learn more about:
- What is ransomware?
- Am I infected?
- I'm infected, now what?
- Protecting yourself in the future
- Resources
Don't be taken hostage by ransomware. Download your rescue manual now!
Download Now:
https://info.knowbe4.com/ransomware-hostage-rescue-manual-chn
The Percentage of Organizations Globally Struck by Ransomware Hits an All-Time High
Check Point's review of ransomware shows that the percent of organizations worldwide hit by this greatest of cyberthreats rose by a whopping 33% in 2023.
In 2022, 1 in 13 organizations globally had been the victim of a ransomware attack. According to the latest Check Point Research, that ratio worsened to just 1 in 10 in 2023. That represents 60,000 attempted attacks per organization throughout the year.
The highest percentage of organizations that experienced ransomware was in the Asia-Pacific region, reaching 11%. But it's organizations in the Americas region that jumped from 5% in 2022 to 9% in 2023 — an increase of 80% in just one year.
The top industries targeted were education/research (with 22% of organizations experiencing ransomware attacks), government/military (16%) and healthcare (12%).
Check Point recommends the following precautions:
- Robust (and secure) backups
- Up-to-date patching
- Strong user authentication
- Anti-ransomware protection
- Threat prevention
- And, my personal favorite, security awareness training
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Blog post with links:
https://blog.knowbe4.com/organizations-globally-hit-by-ransomware-hits-an-all-time-high
Let's stay safe out there.
Warm Regards,
Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.
PS: [BUDGET AMMO] Yours Truly in Inc Mag: How to Stop Disinformation From Targeting Your Business:
https://www.inc.com/inc-masters/hot-to-stop-disinformation-from-targeting-your-business.html
PPS: NEW: Tracker for cybersecurity incidents reported in a Public Company's 8K SEC reports:
https://www.board-cybersecurity.com/incidents/tracker/
- Roger Babson - Educator (1875 - 1967)
- Nelson Mandela - Political and Social Leader (1918 - 2013)
You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-14-06-new-threat-attackers-are-now-using-ms-teams-to-phish-your-users
81% of Underwriters Expect 2024 Cyber Insurance Premiums To Increase as Risk Is Expected To Soar
New data from cyber insurance underwriters shows what they think the biggest threats will be in 2024 and what organizations should do about it.
Because insurance underwriters analyze lots of risk data to make decisions about insurance premiums and policies, it makes sense to hear their perspective on 2024's outlook will be.
According to insurer Woodruff Sawyer's Cyber Looking Ahead Guide 2024, there's some good news and some bad news. Let's start with the bad news to keep things in context:
- 100% of underwriters believe cyber risk will increase, with over half of them believing it will increase "greatly" this year
- 63% believe ransomware will be the number one threat
- 50% believe that organizations aren't as aware as they should be about cyber risk
If we believe the underwriters, this year is going to be chock full of attacks, most will be ransomware, and a material portion of organizations aren't as prepared as they should be.
Now the good news (sort of):
- None of the underwriters believe cyber insurance premiums will increase "greatly," but 81% believe there will be a "slight" increase
- Only 13% believe that cyber coverages will decrease this year
So, in the end, organizations will have the same levels of coverage and won't be paying significantly more. However, the crucial query here is how to prevent the necessity of relying on an insurance policy from the start. I have reported numerous instances where enterprises became a victim of an attack, made a claim but were rejected.
According to insurance experts, the risk management method that organizations should concentrate most on is the enhancement of their processes and procedures.
While I know this includes changes we've talked about here, such as confirming banking account changes via a second medium (e.g., phone call), but I'm going to stretch this mitigation strategy to include the need for security awareness training.
This change alone would have a significant impact on the level of risk within organizations. Remember, underwriters are predicting that there's going to be a ton more cyber attacks, preventative actions are going to be far more impactful than just relying on your cyber insurance policy.
Blog post with links:
https://blog.knowbe4.com/81-of-underwriters-expect-cyber-insurance-premiums-to-increase
FBI Cyber Alert: Tech Support Scams Steal Cash or Precious Metals
The U.S. Federal Bureau of Investigation (FBI) has issued an alert that scammers are tricking victims into converting their savings into cash or precious metals, then sending couriers to pick up the items for safekeeping.
The scammers then steal the goods and cut contact with the victims. The FBI says victims lost more than $55 million to these scams between May and December 2023.
"Scammers pose as tech support or US government officials," the Bureau says. "Scammers sometimes use a multi-layered approach, posing, in succession, as a technology company, a financial institution, and a U.S. government official.
"Scammers inform victims their financial accounts were hacked or are at risk of being hacked, and, as a result, their funds need to be protected. Scammers instruct victims to liquidate their assets into cash and/or purchase gold, silver, or other precious metals. Sometimes, scammers instruct victims to wire funds to a metal dealer who will ship the precious metals to victims' homes.
"Once victims obtain the cash and/or precious metals, the scammers send couriers to retrieve the items at victims' homes or public locations."
The FBI offers the following advice to help users avoid falling for these types of scams:
- "The U.S. Government and legitimate businesses will never request you purchase gold or other precious metals
- Protect your personal information. Never disclose your home address or agree to meet with unknown individuals to deliver cash or precious metals
- Do not click on unsolicited pop-ups on your computer, links sent via text messages, or email links and attachments
- Do not contact unknown telephone numbers provided in pop-ups, texts, or emails
- Do not download software at the request of unknown individuals who contact you
- Do not allow unknown individuals access to your computer"
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Blog post with links:
https://blog.knowbe4.com/tech-support-scams-steal-cash
What KnowBe4 Customers Say
"Ahoy Stu, I am just another grunt at just another organization but I wanted to send you an email about one of your employees whom I appreciate and value as a team member. Although I am just a grunt, I have been a grunt for many years and have dealt with a very large number of customer success role individuals. Brent stands out.
Brent B. is excellent in attitude, support, and ability to understand what is needed and implement it quickly and efficiently with minimal translation. These traits are hard to come by in any individual and I want to make sure that you know they exist in the Brent human in abundance.
Brent really knows your product and is able to translate my customer needs as an organization into action on the platform quickly! This has resulted in some marked gains in our Phish Proneness and is translating into real world protection for us as an organization in what is a very important attack vector, arguably the most important, our Humans. Thank you for your valuable time and Happy Monday Funday!"
- N.N. IT Security Analyst
- AI-Powered 'Live Voice Conversion' Raises Deepfake Concerns and Misinformation Risks:
https://www.digitalinformationworld.com/2024/01/bytedance-unveils-streamvoice-ai.html - New Ransomware Gangs Rise with the Rust and Golang languages:
https://thehackernews.com/2024/01/albabat-kasseika-kuiper-new-ransomware.html - Phil Venables: "Risk & Cybersecurity Leadership Transitions - 10 Steps for Success":
https://www.philvenables.com/post/leadership-transitions-10-steps-for-success - Fortune Mag: "Cisco's head of security thinks that we're headed into an AI phishing nightmare":
https://fortune.com/2024/01/29/cisco-head-of-security-jeetu-patel-ai-phishing-scams-increase/ - Senate Panel Hears Plea for Action on Bank Spoofing Scams:
https://www.bankinfosecurity.com/senate-panel-hears-plea-for-action-on-bank-spoofing-scams-a-24245 - FBI director Christopher Wray says the Chinese government is targeting U.S. critical infrastructure:
https://www.npr.org/2024/01/31/1228153857/wray-chinese-hackers-national-security - Microsoft CEO Satya Nadella worries hackers could cause a 'breakdown of world order':
https://www.businessinsider.com/microsoft-ceo-satya-nadella-worried-about-breakdown-world-order-2024-1 - Russian spies impersonating Western researchers in ongoing hacking campaign:
https://therecord.media/russian-campaign-impersonating-western-researchers-academics - Russia's Midnight Blizzard abused OAuth apps in Microsoft attack:
https://www.microsoft.com/en-us/security/blog/2024/01/25/midnight-blizzard-guidance-for-responders-on-nation-state-attack/ - The U.S. government disrupts a botnet belonging to China's Volt Typhoon threat actor:
https://www.reuters.com/world/us/us-disabled-chinese-hacking-network-targeting-critical-infrastructure-sources-2024-01-29/
- Virtual Vaca #1 to the Arctic Auroras - 8K Ultra HD Northern Lights Timelapse Compilation from Fort Yukon, Alaska:
https://youtu.be/oJDzh2mVBms - Virtual Vaca #2 Kuala Lumpur, Malaysia in 8K HDR ULTRA HD 60 FPS Dolby Vision(tm) Drone Video:
https://youtu.be/8anfrIEXf30?si=fdR20bVlzAyEE3xz - Top 10 Things to Do in Ecuador - Travel Guide:
https://youtu.be/Nry1SO45RT4 - Jeffrey Wang's Mind-Bending Fool Us Act Leaves Viewers Spellbound:
https://www.flixxy.com/jeffrey-wang-mind-bending-fool-us-act-leaves-viewers-spellbound.htm?utm_source=4 - Hawaii's $10BN Railway Across Paradise:
https://youtu.be/3xnrhm1KcB4 - This is a super fun little Arduino project on Insta:
https://www.instagram.com/reel/C2hjGRLMSuF/?igsh=cmQ2OG4wMTZ2eGR3 - Watch in awe as Jo De Rijck - two-time fooler on 'Penn and Teller Fool Us' - stuns the audience with his latest magical feat:
https://www.flixxy.com/belgian-magician-resurrects-a-dead-hamster-using-the-egyptian-god-osiris.htm - Inside Nissan's Self Parking ARIYA EV (feels like a GTR):
https://youtu.be/S5bi4mTHhZc - AT&T Predicted The Future In 1993 with uncanny precision:
https://www.flixxy.com/att-predicted-the-future-in-1993.htm?utm_source=4 - DUNE 2 Final Trailer 4 (NEW 2024):
https://youtu.be/Y9Goiz3H7Wk - For Da Kids #1 - Dog With Wings For Fur Is So Floofy Now:
https://youtu.be/Olq6_fg8cOQ - For Da Kids #2 - Sad Goose Needed A Friend. This Huge Pup Changed Everything:
https://youtu.be/tBj6Uw-fySc - For Da Kids #3 - LION REUNION - Kevin Richardson's Unique Bond | The Lion Whisperer:
https://youtu.be/kOuS67XK5E0 - For Da Kids #4 - This woman fed a crow. In return, he gave her money:
https://youtu.be/rS57A_2yWg4 - For Da Kids #5 - Baby Sloths Being Sloths - FUNNIEST Compilation:
https://youtu.be/qYKrqd9VacY