CyberheistNews Vol 14 #10 | March 5th, 2024
[SCARY] You Knew About OSINT, But Did You Know About ADINT?
WIRED just published a scary (long) article. I am summarizing it here and highly recommend you read the whole thing.
In 2019, technologist Mike Yeagley warned U.S. national security agencies that location data from apps like Grindr could reveal sensitive information about government employees.
Yeagley showed how he could use geofencing to identify devices likely belonging to Pentagon and intelligence agency staff by tracking their movements to and from sensitive facilities. This highlighted the massive privacy risks from vast troves of location data gathered by mobile advertising companies.
Yeagley was familiar with these risks because he had previously helped bring advertising location data into government use. While working for defense contractor PlanetRisk, Yeagley developed a tool called Locomotive in 2016 which allowed tracking of device locations worldwide using commercial data.
Locomotive was later renamed VISR and provided to special forces for intelligence work. Other government agencies also began using advertising location data.
The key insight was that while device IDs are anonymized, the specificity of individual movement patterns means identities can be uncovered. Vast volumes of location data are gathered from bid requests made when mobile apps request ads.
Companies like UberMedia sell this commercially, often with little oversight of buyers. Intelligence agencies realized they could simply purchase rich geospatial data rather than try to intercept it.
UberMedia and similar firms can track device locations over time with frequently updated data, in some cases nearing real-time. PlanetRisk found they could even identify phones likely belonging to Vladimir Putin's entourage by watching their coordinated movements with him. They also spotted U.S. special forces gathering at a previously secret Syrian base.
Social Engineering Bonanza
Other governments' intelligence agencies have access to this data as well. Several Israeli companies — Insanet, Patternz and Rayzone — have built similar tools and sell it to national security and public safety entities around the world, according to reports.
Rayzone has even developed the capability to deliver malware through targeted ads, according to Israeli newspaper Haaretz. Think about the highly targeted social engineering risks here.
This availability of highly sensitive location data to anyone willing to pay is an immense privacy threat. Intelligence agencies globally make use of it for surveillance. But it also risks revealing personal information about private citizens, with almost no transparency or control over how that data is used.
It makes you want to buy a Faraday Bag for your phone... :-(
Blog post with links:
https://blog.knowbe4.com/scary-you-knew-about-osint-but-did-you-know-about-adint
[New Features] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, March 6, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.
- NEW! Callback Phishing allows you to see how likely users are to call an unknown phone number provided in an email and share sensitive information
- NEW! Individual Leaderboards are a fun way to help increase training engagement by encouraging friendly competition among your users
- NEW! 2023 Phish-prone™ Percentage Benchmark By Industry lets you compare your percentage with your peers
- Smart Groups allows you to use employees' behavior and user attributes to tailor and automate phishing campaigns, training assignments, remedial learning and reporting
- Full Random phishing automatically chooses different templates for each user, preventing users from telling each other about an incoming phishing test
Find out how 65,000+ organizations have mobilized their end users as their human firewall.
Date/Time: TOMORROW, Wednesday, March 6, @ 2:00 PM (ET)
Save My Spot!
https://info.knowbe4.com/kmsat-demo-3?partnerref=CHN2
Face-Off: New Banking Trojan Steals Biometrics to Access Victims' Bank Accounts
VentureBeat had the scoop on a fresh Group-IB report. They discovered the first banking trojan that steals people's faces. Unsuspecting users are tricked into giving up personal IDs and phone numbers and are prompted to perform face scans. These images are then swapped out with AI-generated deepfakes that can easily bypass security checkpoints.
The method — developed by a Chinese-based hacking family — is believed to have been used in Vietnam earlier this month, when attackers lured a victim into a malicious app, tricked them into face scanning, then withdrew the equivalent of $40,000 from their bank account.
These hackers "have introduced a new category of malware families that specialize in harvesting facial recognition data," Sharmine Low, malware analyst in Group-IB's Asia-Pacific APAC threat intelligence team, wrote in a blog post.
"They have also developed a tool that facilitates direct communication between victims and cybercriminals posing as legitimate bank call centers."
A Whole New Fraud Technique
Face swap deepfake attacks increased by 704% between the first and second halves of 2023, according to a new iProov Threat Intelligence Report.
The biometric authentication company also discovered a 672% increase in the use of deepfake media being used alongside spoofing tools and a 353% increase in the use of emulators (which mimic user devices) and spoofing to launch digital injection attacks.
Furthermore, "cybercriminals are becoming increasingly creative and adept at social engineering," Low writes. "By exploiting human psychology and trust, bad actors construct intricate schemes that can deceive even the most vigilant users."
Blog post with links:
https://blog.knowbe4.com/face-off-banking-trojan-steals-biometrics-to-access-victims-bank-accounts
Customer Spotlight: MESA's Strategy for Building Strong Security Culture and Email Defense
In a world where digital threats grow more sophisticated by the day, gaining firsthand knowledge from those who have successfully bolstered their organization's defenses is invaluable.
Hear from a fellow IT pro who is just like you — navigating security awareness programs, crafting potent anti-phishing strategies and steering their orgs towards a stronger security culture.
Join us for this webinar featuring KnowBe4 customer Sarfraz Shaikh, IT Director at MESA and Erich Kron, Security Awareness Advocate at KnowBe4. The discussion will focus on the practical and actionable strategies you can implement now to build a strong security culture.
You'll learn:
- Top security awareness initiatives that get measurable results
- Real-life examples of anti-phishing measures that have succeeded (and some that haven't)
- How MESA saves nearly seven weeks' time annually for the IT team by automatically investigating, quarantining and removing malicious emails
- How to strengthen your organization's security culture and increase your IT team's productivity
- Three key takeaways every organization need to consider when kicking off security awareness program
Plus, earn continuing professional education (CPE) credits for attending!
Date/Time: Wednesday, March 13, @ 2:00 PM (ET)
Can't attend live? No worries — register now and you will receive a link to view the presentation on-demand afterwards.
Save My Spot!
https://info.knowbe4.com/customer-spotlight-security-culture?partnerref=CHN
Swiss Government Identified 10,000 Phishing Websites Impersonating 260 Brands
Attacks targeting Swiss residents increased 10% last year, according to newly-released data that shows a growth in not just phishing attacks, but brand impersonation at purely a national level.
The Swiss Federation's National Cyber Security Centre (NCSC) hosts a phishing site reporting tool where individuals and businesses can report suspicious websites and emails. They analyze and track reports, consolidating their findings annually into their Anti-Phishing Report.
According to the findings summarizing 2023, Switzerland saw a massive spike in the number of phishing websites created monthly in December of last year, jumping to 1380 — a number 65% higher than the monthly average observed last year.
Additionally, of the 260 impersonated brands, nearly two-thirds (61%) were Swiss brands known within the country. I found this interesting; it means that attackers know they have a better chance of tricking a potential victim with an in-country brand than a national brand.
The Swiss Post was the most-impersonated brand, at 21% of all attacks — a number that sits within a larger group of letter and parcel delivery companies, which represented 41% of all attacks.
What I found really interesting was one of the report's recommendations: be skeptical. It's a great way to put new-school security awareness training into practice and the need to be vigilant. The NCSC goes on to provide an example: "No bank or credit card institution will ever ask you to change passwords or verify credit card details by email or SMS."
When they put it like that, it sounds obvious. But it's not; which is why organizations and individuals need to "be skeptical" and stay informed on the latest attacks, scams and techniques.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Blog post with links:
https://blog.knowbe4.com/swiss-government-identify-10000-phishing-websites
[Free Phish Alert Button] Give Your Employees a Safe Way to Report Phishing Attacks with One Click!
Do your users know what to do when they receive a suspicious email?
Should they call the help desk or forward it? Should they forward to IT including all headers? Delete and not report it, forfeiting a possible early warning?
KnowBe4's Phish Alert add-in button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user's inbox to prevent future exposure. All with just one click!
And now, supports Outlook Mobile!
Phish Alert Button Benefits:
- Reinforces your organization's security culture
- Users can report suspicious emails with just one click
- Incident Response gets early phishing alerts from users, creating a network of "sensors"
- Email is deleted from the user's inbox to prevent future exposure
- Easy deployment via MSI file for Outlook, G Suite deployment for Gmail (Chrome)
Get the Phish Alert Button Now:
https://info.knowbe4.com/free-phish-alert-chn
Planning with Purpose: 10 Tips to Develop Your Year-Long Security and Compliance Training Program
A whopping 70-90% of successful hacking is due to social engineering, ~33% of successful hacks are due to unpatched software/firmware, and ~25% is due to weak logins, most of which (~80%) were stolen by social engineering. These three issues are absolutely 99% of your problem. How much of your day is spent focusing on resolving these three problems vs. everything else?
Roger Grimes commented that he just realized that the sentiment above has been the main message he has been trying to communicate to CISOs for over a decade. It drives him every day, and even wrote a book about it. And it's literally the most important 3 sentences that they could hear and learn.
I asked Dr John Just, our Chief Learning Officer: "How to get there?" His answer was: "Our team at KnowBe4 recently got together to talk about planning for annual security and compliance training. You might be thinking, "Aren't you a little late in planning for the year? It's March already..."
We are actually talking about 2025...
Not everyone trains tens of millions of learners all around the world like we do, so your planning for compliance and security training might be on a different timescale. But if you don't start thinking about how you will plan for next year soon, it can really sneak up on you.
That being said, I worked with our amazing team of Security and Compliance Content Specialists, who are talking to organizations every day and helping them plan, to come up with this list. If you have not connected with one of them, reach out through your KnowBe4 Customer Success Rep, and they will help you plan your program that combines compliance and cybersecurity training. Let's get into our list:
CONTINUED AT:
https://blog.knowbe4.com/10-tips-develop-security-and-compliance-training-program
Let's stay safe out there.
Warm Regards,
Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.
PS: [NEW BUDGET AMMO PDF] The Outstanding ROI of PhishER Plus:
https://www.knowbe4.com/hubfs/ROI-of-PhishERPlus-EN-US.pdf
PPS: Elon Musk: AI will run out of electricity and transformers in 2025:
https://newatlas.com/technology/elon-musk-ai/
- Albert Camus - Philosopher, Author (1913 - 1960)
- Mahatma Gandhi - Leader of Indian independence movement (1869 - 1948)
You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-14-10-scary-you-knew-about-osint-but-did-you-know-about-adint
Emails Are Responsible for 88% of Malicious File Deliveries
Emails are still the most common delivery method for malicious files, according to Check Point's Cyber Security Report for 2024.
"Email-based attacks continue to be the dominant initial infection vector," the report says. "Eighty-eight percent of all malicious file deliveries occur through email, with the remainder downloaded directly from the internet. Threat actors have adapted to email protection strategies and are exploring innovative delivery techniques.
"Following Microsoft's restrictions on Office VBA macros in files from external sources denoted with the Mark-of-the-Web (MotW), there was a sharp decrease in the prevalence of malicious Office files, from nearly 50% in 2022 to 2% in 2023.
"Notable alternative attack vectors include HTML files and various archive file types." Notably, the researchers observed a spike in the use of HTML files to deliver malicious content.
"In particular, the exploitation of HTML files saw a significant uptick," the researchers write. "HTML files comprise 69% of all malicious file attachments. Threat actors use HTML files in several ways. They are used in phishing schemes to imitate legitimate website login pages and steal user credentials.
They can include malicious JavaScripts or exploits to unpatched browser and browser-plugins. As demonstrated in recent Check Point Research, these tactics are not limited to low-level criminals but are also utilized by advanced APT actors.
"Other uses of HTML include HTML smuggling, or auto download for executables and redirections to other malicious URLs. Legitimate use cases of email-delivered HTML are unusual and therefore organizations should consider implementing restrictions."
Attackers are also using password-protected archives to avoid detection by security filters. "Utilization of various archive files has also been on the rise," Check Point says. "The contents of password-protected archives are hidden from many security services, thus forming an effective attack vector.
"Other formats like [dot]img and [dot]iso depend on the software used for their extraction to propagate the MotW functionality, which is used to prevent malicious attempts. While Microsoft has fixed this feature, other providers like 7-zip have opt-in policies, thus decreasing the effectiveness of the MotW protection mechanism."
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Check Point has the story:
https://research.checkpoint.com/2024/2024s-cyber-battleground-unveiled-escalating-ransomware-epidemic-the-evolution-of-cyber-warfare-tactics-and-strategic-use-of-ai-in-defense-insights-from-check-points-latest-security-re/
Savvy Seahorse Spreads Investment Scams on Facebook Using CNAME Records
Researchers at Infoblox warn that a threat actor dubbed "Savvy Seahorse" is using Facebook ads to spread investment scams.
"Savvy Seahorse is a DNS threat actor who convinces victims to create accounts on fake investment platforms, make deposits to a personal account, and then transfers those deposits to a bank in Russia," the researchers write. "This actor uses Facebook ads to lure users into their websites and ultimately enroll in fake investment platforms.
"The campaign themes often involve spoofing well-known companies like Tesla, Facebook/Meta, and Imperial Oil, among others."
The threat actor uses phony AI bots to trick users into handing over sensitive information. "Savvy Seahorse's campaigns are sophisticated," Infoblox says. "They involve advanced techniques such as incorporating fake ChatGPT and WhatsApp bots that provide automated responses to users, urging them to enter personal information in exchange for alleged high-return investment opportunities.
"These campaigns are known to target Russian, Polish, Italian, German, Czech, Turkish, French, Spanish, and English speakers, while specifically protecting potential victims in Ukraine and a handful of other countries."
Notably, the threat actor uses DNS CNAME records to control the distribution of its scams. "Savvy Seahorse abuses the Domain Name System (DNS) in an obscure way: they leverage DNS canonical name (CNAME) records to create a traffic distribution system (TDS) for sophisticated financial scam campaigns," the researchers explain.
"As a result, Savvy Seahorse can control who has access to content and can dynamically update the IP addresses of malicious campaigns. This technique of using CNAMEs has enabled the threat actor to evade detection by the security industry; to our knowledge, this is the first report to focus on the use of CNAMEs as a TDS engineered for malicious purposes."
Infoblox has the story:
https://blogs.infoblox.com/cyber-threat-intelligence/beware-the-shallow-waters-savvy-seahorse-lures-victims-to-fake-investment-platforms-through-facebook-ads/
What KnowBe4 Customers Say
"Hi Sophie, Just wanted to say thank you for the recent support you've given us in setting up KnowBe4 for our organization. You've added real value in guiding us around best practice and then setting up those configurations within the platform in a really clear, helpful and friendly way.
We work with a lot of software providers but you stand out as a great CSM; understanding what the customer's challenges are and then providing your expertise to help them achieve the most value out of the platform."
- C.P., VP, Information Security & Data Protection
- Russian hackers shift to cloud attacks, U.S. and allies warn:
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-057a - Now the 'most dangerous time I can remember,' warns British military's cyber general:
https://therecord.media/gen-jim-hockenhull-most-dangerous-time-national-security - What Companies & CISOs Should Know About Rising Legal Threats:
https://www.darkreading.com/cyber-risk/what-companies-cisos-should-know-about-rising-legal-threats - NIST releases Cybersecurity Framework 2.0:
https://www.nist.gov/news-events/news/2024/02/nist-releases-version-20-landmark-cybersecurity-framework - Russian hackers hijack Ubiquiti routers to launch stealthy attacks:
https://www.bleepingcomputer.com/news/security/russian-hackers-hijack-ubiquiti-routers-to-launch-stealthy-attacks/ - Public Ads selling Zero-Day Exploit Sales Surge 70% Annually:
https://www.infosecurity-magazine.com/news/ads-zeroday-exploit-sales-surge-70/ - Number of data breaches in the U.S. triples:
https://www.techspot.com/news/102040-number-data-breaches-falls-globally-triples-us.html - New POTUS executive order bans mass sale of personal data to China, Russia:
https://www.bleepingcomputer.com/news/security/new-executive-order-bans-mass-sale-of-personal-data-to-china-russia/ - Ransomware-as-a-Service Spawns Wave of Cyberattacks in Middle East:
https://www.darkreading.com/cyberattacks-data-breaches/ransomware-as-a-service-spawns-widespread-cyberattacks-in-mea - Highly targeted phishing attacks FCC staff with cloned agency login site:
https://www.nextgov.com/cybersecurity/2024/03/fcc-staff-targeted-phishing-attack-cloned-agency-login-site/394609/ - [BONUS] Malicious AI models on Hugging Face backdoor users' machines:
https://www.bleepingcomputer.com/news/security/malicious-ai-models-on-hugging-face-backdoor-users-machines/
- Your Virtual Vaca to Northern VIETNAM (2024) Beautiful Places To Visit:
https://youtu.be/CsvEx0HRBkc - Your 1896(!) Virtual Vaca Around The World to New York, London, Jerusalem, Paris:
https://www.flixxy.com/around-the-world-in-1896-colorized-4k-60fps-new-york-london-jerusalem-paris.htm?utm_source=4 - [SUPER FAVE] World's Fastest Camera Drone Vs F1 Car driven by Max Verstappen:
https://www.youtube.com/watch?v=9pEqyr_uT-k - Snow Vacation! Hitting The Slopes & More:
https://youtu.be/QwsYpIUmsqo - People Are Awesome Best Of The Month:
https://www.youtube.com/watch?v=53sj1IMxVQE - Another mindblowing Sora Video. Prompt: a scuba diver discovers a hidden futuristic shipwreck, with cybernetic marine life and advanced alien technology":
https://twitter.com/billpeeb/status/1761235907330400640? - OpenAI Sora: A Closer Look. This guy is an expert is Ray tracing. I learned something new!:
https://www.youtube.com/watch?v=8RbP4GlTM3o - Why Japan is Hollowing Out a Mountain:
https://youtu.be/aSYL0MHMwog - Henry Evans FOOLS Penn and Teller!:
https://www.flixxy.com/can-henry-evans-outsmart-penn-and-teller.htm - LockPickingLawyer: When visiting a friend in the hospital… I was unsurprised to find the drawer full of syringes and other medical supplies was set to the factory default (2+4, 3). It's not a terrible lock… the end user was the weak link.:
https://www.instagram.com/reel/CxtgnfFrAl4/ - Using a mug, a rope, and two helmets, Giancarlo Bernini exposes how Penn & Teller's Secret Code works, reveals the secrets to his own trick, and then still fools them!:
https://www.flixxy.com/magician-giancarlo-bernini-exposes-penn-and-teller-code-and-then-fools-them.htm?utm_source=4 - Sunrise Dream Wingsuit Flight - Pedra Da Gavea in Rio De Janeiro:
https://youtu.be/lreA5yR61P0 - One of the oldest and most famous illusions ever. Now the Masked Magician reveals the secrets of catching a speeding bullet in your teeth. It's not as dangerous as it looks when you know the trick:
https://youtu.be/c4XuRljV6ic - The prices of high-end watches over time are a fascinating thing to see over at the watchcharts site:
https://watchcharts.com/watches/brand_index/rolex - For Da Kids #1 - Cat scared of touch reacts to love:
https://youtu.be/PVGKP_iCdZE - For Da Kids #2 - Baby Elephant Is So Excited To Be Freed From Chains:
https://youtu.be/TjAOict_E7c - For Da Kids #3 - This rescued sparrow is convinced he's a dog:
https://youtu.be/7WQDu_L7TiI - For Da Kids #4 - Stray Lab Won't Come Near People Until This Dog Befriends Him:
https://www.youtube.com/watch?v=6ZkbhZdNwk8 - For Da Kids #5 - Cat blinks every time mom says I love you:
https://youtu.be/UhUZ0lFC6Xg