CyberheistNews Vol 14 #06 [New Threat] Attackers Are Now Using MS Teams to Phish Your Users

Cyberheist News

CyberheistNews Vol 14 #06  |   February 6th, 2024

[New Threat] Attackers Are Now Using MS Teams to Phish Your UsersStu Sjouwerman SACP

Attackers are abusing Microsoft Teams to send phishing messages, according to researchers at AT&T Cybersecurity.

"While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector," the researchers write.

"Most Teams activity is intra-organizational, but Microsoft enables External Access by default, which allows members of one organization to add users outside the organization to their Teams chats. Perhaps predictably, this feature has provided malicious actors a new avenue by which to exploit untrained or unaware users."

In the case observed by AT&T Cybersecurity, the attackers used a compromised domain to send the messages.

"An important detail to note here is the ".onmicrosoft[.]com" domain name," the researchers write. "This domain, by all appearances, is authentic and most users would probably assume that it is legitimate.

"OSINT research on the domain also shows no reports for suspicious activity, leading the MDR SOC team to believe the username (and possibly the entire domain) was likely compromised by the attackers prior to being used to launch the phishing attack."

In this case, the attackers sent users a malicious file with a double extension designed to trick users into thinking it is a PDF file. This file, when opened, would install the DarkGate malware.

"The MDR SOC team continued to drill down on the phished users to determine the precise nature of the attack," the researchers explain. "They subsequently discovered three users who had downloaded a suspicious double extension file. The file was titled 'Navigating Future Changes October 2023[dot]pdf[dot]msi.'

"Double extension files are commonly used by attackers to trick users into downloading malicious executables, as the second extension, .msi in this case, is usually hidden by the filesystem. The user believes they are downloading a PDF for business use, but instead receives a malicious installer."

Blog post with links:

[New Features] Ridiculously Easy Security Awareness Training and Phishing

Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Join us TOMORROW, Wednesday, February 7, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.

Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.

  • NEW! Callback Phishing allows you to see how likely users are to call an unknown phone number provided in an email and share sensitive information
  • NEW! Content Manager lets you easily customize your training content preferences including branding, adjustable passing score, test out and more
  • NEW! 2023 Phish-prone™ Percentage Benchmark By Industry lets you compare your percentage with your peers
  • Executive Reports helps you create, tailor and deliver advanced executive-level reports
  • See the fully automated user provisioning and onboarding

Find out how 65,000+ organizations have mobilized their end users as their human firewall.

Date/Time: TOMORROW, Wednesday, February 7, @ 2:00 PM (ET)

Save My Spot!

Forget Deepfake Audio and Video. Now There's AI-Based Handwriting!

Researchers have developed AI technology that can mimic someone's handwriting with only a few paragraphs of written content. Experts worry about the possibility of misuse.

The Mohamed bin Zayed University of Artificial Intelligence (MBZUAI) in Abu Dhabi announced they have developed handwriting AI based on a neural network designed to learn context and meaning in sequential data.

Legitimate uses for such technology could help those that have lost the ability to use their hands to continue to be able to write, analyze and decode traditionally illegible doctor handwriting, or create personalized advertising.

But the researchers at MBZUAI purposely haven't released the technology to ensure precautions and tools are in place to ensure its proper use.

The implications for this kind of technology being used for nefarious purposes is concerning. How about a signed contract selling your house without you ever knowing? Or identity theft where someone signs up for a credit card in your name.

Even our Data-Driven Defense Evangelist Roger Grimes raised these similar concerns about AI handwriting in his recent blog post.

I'm glad the creators of this technology are seeing the potential for misuse and are looking for ways to minimize it before the public gets their hands on it. I just hope they're successful in doing so, because the last thing we need is yet "another" type of impersonation.

Blog post with links:

How to Fight Long-Game Social Engineering Attacks

Sophisticated cybercriminals are playing the long game. Unlike the typical hit-and-run cyber attacks, they build trust before laying their traps.

They create a story so believable and intertwined with trust that even the most careful individuals can get caught in a trap set over time. Are your users prepared to confront such calculated attacks?

Join this webinar where Roger A. Grimes, Data-Driven Defense Evangelist at KnowBe4, walks you through the ins and outs of long-game social engineering advanced techniques.

During the webinar, you'll:

  • Dive deep into the shadowy strategies of long-game social engineering, such as non-threatening conversations used to build trust over time
  • Explore chilling, true stories where bad actors spun elaborate webs of trust
  • Learn how to recognize the sneaky clues of long-game engineering scams, such as excessive flattery, feigned common interests and efforts to quickly transition conversations away from email
  • Discover tools to enhance your security awareness training program and defend against long-game phishing and other malicious attacks

Don't get caught in the trap of long-game social engineering! Learn how to spot these attacks before they happen and earn continuing professional education (CPE) credit for attending!

Date/Time: Wednesday, February 14 @ 2:00 PM (ET)

Can't attend live? No worries — register now and you will receive a link to view the presentation on-demand afterwards.

Save My Spot:

Bravo Host Andy Cohen Scammed Out of a 'Sizable' Amount of Money by Fraudsters Posing as the Bank

Bravo host Andy Cohen tells how he became the victim of an impersonation scam that gave scammers access to control his bank account.

While specific details are limited, Cohen told host of NBC's Today Show that he recently was the victim of a scam that he was duped by scammers with some pretty fortuitous timing. According to Cohen, he lost his debit card and scammers who posed as bank employees offered to help via a mix of phone calls and text messages.

During the scam, Cohen followed a scammer-provided link that involved having him log onto his online banking portal. Once the scammers had access to his account, they convinced Cohen to make a number of large money transfers.

The scammers also somehow activated call forwarding on Cohen's mobile phone so that any inbound calls from the bank would be rerouted to the scammers. Once Cohen went to a physical bank, he was able to understand what really transpired and the severity of the situation.

This story has many parallels with banking fraud scams where the communications are controlled using a medium where the victim believes the impersonated identity of the fraudster is real. It's only when the victim uses another medium does the reality come to light. In Cohen's case, it was too late.

Organizations looking to avoid being victims of digital fraud need to educate users on how these scams work through new-school security awareness training and create processes to check the validity of inbound communications claiming to be a financial authority.

Blog post with link to the video which is excellent to share with your users!

Download Your Ransomware Hostage Rescue Manual

Free your files! Get the most informative and complete hostage rescue manual on ransomware. This manual is packed with actionable info that you need to prevent infections, and what to do when you are hit with ransomware. You will also receive a Ransomware Attack Response Checklist and Ransomware Prevention Checklist.

You will learn more about:

  • What is ransomware?
  • Am I infected?
  • I'm infected, now what?
  • Protecting yourself in the future
  • Resources

Don't be taken hostage by ransomware. Download your rescue manual now!

Download Now:

The Percentage of Organizations Globally Struck by Ransomware Hits an All-Time High

Check Point's review of ransomware shows that the percent of organizations worldwide hit by this greatest of cyberthreats rose by a whopping 33% in 2023.

In 2022, 1 in 13 organizations globally had been the victim of a ransomware attack. According to the latest Check Point Research, that ratio worsened to just 1 in 10 in 2023. That represents 60,000 attempted attacks per organization throughout the year.

The highest percentage of organizations that experienced ransomware was in the Asia-Pacific region, reaching 11%. But it's organizations in the Americas region that jumped from 5% in 2022 to 9% in 2023 an increase of 80% in just one year.

The top industries targeted were education/research (with 22% of organizations experiencing ransomware attacks), government/military (16%) and healthcare (12%).

Check Point recommends the following precautions:

  • Robust (and secure) backups
  • Up-to-date patching
  • Strong user authentication
  • Anti-ransomware protection
  • Threat prevention
  • And, my personal favorite, security awareness training

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Blog post with links:

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: [BUDGET AMMO] Yours Truly in Inc Mag: How to Stop Disinformation From Targeting Your Business:

PPS: NEW: Tracker for cybersecurity incidents reported in a Public Company's 8K SEC reports:

Quotes of the Week  
"Property may be destroyed and money may lose its purchasing power; but, character, health, knowledge and good judgment will always be in demand under all conditions."
- Roger Babson - Educator (1875 - 1967)

"Education is the most powerful weapon which you can use to change the world."
- Nelson Mandela - Political and Social Leader (1918 - 2013)

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog

Security News

81% of Underwriters Expect 2024 Cyber Insurance Premiums To Increase as Risk Is Expected To Soar

New data from cyber insurance underwriters shows what they think the biggest threats will be in 2024 and what organizations should do about it.

Because insurance underwriters analyze lots of risk data to make decisions about insurance premiums and policies, it makes sense to hear their perspective on 2024's outlook will be.

According to insurer Woodruff Sawyer's Cyber Looking Ahead Guide 2024, there's some good news and some bad news. Let's start with the bad news to keep things in context:

  • 100% of underwriters believe cyber risk will increase, with over half of them believing it will increase "greatly" this year
  • 63% believe ransomware will be the number one threat
  • 50% believe that organizations aren't as aware as they should be about cyber risk

If we believe the underwriters, this year is going to be chock full of attacks, most will be ransomware, and a material portion of organizations aren't as prepared as they should be.

Now the good news (sort of):

  • None of the underwriters believe cyber insurance premiums will increase "greatly," but 81% believe there will be a "slight" increase
  • Only 13% believe that cyber coverages will decrease this year

So, in the end, organizations will have the same levels of coverage and won't be paying significantly more. However, the crucial query here is how to prevent the necessity of relying on an insurance policy from the start. I have reported numerous instances where enterprises became a victim of an attack, made a claim but were rejected.

According to insurance experts, the risk management method that organizations should concentrate most on is the enhancement of their processes and procedures.

While I know this includes changes we've talked about here, such as confirming banking account changes via a second medium (e.g., phone call), but I'm going to stretch this mitigation strategy to include the need for security awareness training.

This change alone would have a significant impact on the level of risk within organizations. Remember, underwriters are predicting that there's going to be a ton more cyber attacks, preventative actions are going to be far more impactful than just relying on your cyber insurance policy.

Blog post with links:

FBI Cyber Alert: Tech Support Scams Steal Cash or Precious Metals

The U.S. Federal Bureau of Investigation (FBI) has issued an alert that scammers are tricking victims into converting their savings into cash or precious metals, then sending couriers to pick up the items for safekeeping.

The scammers then steal the goods and cut contact with the victims. The FBI says victims lost more than $55 million to these scams between May and December 2023.

"Scammers pose as tech support or US government officials," the Bureau says. "Scammers sometimes use a multi-layered approach, posing, in succession, as a technology company, a financial institution, and a U.S. government official.

"Scammers inform victims their financial accounts were hacked or are at risk of being hacked, and, as a result, their funds need to be protected. Scammers instruct victims to liquidate their assets into cash and/or purchase gold, silver, or other precious metals. Sometimes, scammers instruct victims to wire funds to a metal dealer who will ship the precious metals to victims' homes.

"Once victims obtain the cash and/or precious metals, the scammers send couriers to retrieve the items at victims' homes or public locations."

The FBI offers the following advice to help users avoid falling for these types of scams:

  • "The U.S. Government and legitimate businesses will never request you purchase gold or other precious metals
  • Protect your personal information. Never disclose your home address or agree to meet with unknown individuals to deliver cash or precious metals
  • Do not click on unsolicited pop-ups on your computer, links sent via text messages, or email links and attachments
  • Do not contact unknown telephone numbers provided in pop-ups, texts, or emails
  • Do not download software at the request of unknown individuals who contact you
  • Do not allow unknown individuals access to your computer"

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Blog post with links:

What KnowBe4 Customers Say

"Ahoy Stu, I am just another grunt at just another organization but I wanted to send you an email about one of your employees whom I appreciate and value as a team member. Although I am just a grunt, I have been a grunt for many years and have dealt with a very large number of customer success role individuals. Brent stands out.

Brent B. is excellent in attitude, support, and ability to understand what is needed and implement it quickly and efficiently with minimal translation. These traits are hard to come by in any individual and I want to make sure that you know they exist in the Brent human in abundance.

Brent really knows your product and is able to translate my customer needs as an organization into action on the platform quickly! This has resulted in some marked gains in our Phish Proneness and is translating into real world protection for us as an organization in what is a very important attack vector, arguably the most important, our Humans. Thank you for your valuable time and Happy Monday Funday!"

- N.N. IT Security Analyst

The 10 Interesting News Items This Week
  1. AI-Powered 'Live Voice Conversion' Raises Deepfake Concerns and Misinformation Risks:

  2. New Ransomware Gangs Rise with the Rust and Golang languages:

  3. Phil Venables: "Risk & Cybersecurity Leadership Transitions - 10 Steps for Success":

  4. Fortune Mag: "Cisco's head of security thinks that we're headed into an AI phishing nightmare":

  5. Senate Panel Hears Plea for Action on Bank Spoofing Scams:

  6. FBI director Christopher Wray says the Chinese government is targeting U.S. critical infrastructure:

  7. Microsoft CEO Satya Nadella worries hackers could cause a 'breakdown of world order':

  8. Russian spies impersonating Western researchers in ongoing hacking campaign:

  9. Russia's Midnight Blizzard abused OAuth apps in Microsoft attack:

  10. The U.S. government disrupts a botnet belonging to China's Volt Typhoon threat actor:

Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

Topics: Cybercrime, KnowBe4

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews