CyberheistNews Vol 14 #11 | March 12th, 2024
Microsoft and OpenAI Team Up to Block Threat Actor Access to AI
Analysis of emerging threats in the age of AI provides insight into exactly how cybercriminals are leveraging AI to advance their efforts.
When ChatGPT first came out, there were some rudimentary security policies to avoid it being misused for cybercriminal activity. But threat actors quickly found ways around the policies and continued to use it for malicious purposes.
According to new published research by both Microsoft and OpenAI, the two companies have joined forces to detect, terminate and block malicious access to services provided by OpenAI. Some examples of how specific threat groups were misusing OpenAI include:
- Charcoal Typhoon researched various companies and cybersecurity tools, debugged code, generated scripts and created content for use in phishing campaigns
- Salmon Typhoon translated technical papers, retrieved publicly available information on intelligence agencies, built malicious code and researched common ways processes could be hidden on a system
- Crimson Sandstorm obtained scripting support related to app and web development, generated content for spear-phishing campaigns, and researched common ways malware could evade detection
- Emerald Sleet identified experts and organizations focused on cyber defense in the Asia-Pacific region, gathered detail on publicly available vulnerabilities, obtained help with basic scripting tasks, and drafted content that could be used in phishing campaigns
According to the research, the access was terminated and new safety protocols were adopted to help stop these types of access. What this detail does show is that the misuse of AI is no longer a hypothetical.
I've already pointed to research that establishes a high likelihood that phishing content is being written by AI. And now with the research from Microsoft and OpenAI, we can conclude that these same services are indeed being used to make cyberattacks more sophisticated and successful.
You'll note that in many of the examples provided above by OpenAI, writing phishing content is a consistent theme. So, stepping up your organization's ability to spot malicious phishing emails is going to be critical moving forward; users need to be educated via new-school security awareness training to be vigilant, be skeptical, and be the last line of defense in phishing attacks.
Blog post with links:
https://blog.knowbe4.com/microsoft-openai-team-block-threat-actor
Customer Spotlight: MESA's Strategy for Building a Strong Security Culture and Email Defense
In a world where digital threats grow more sophisticated by the day, gaining firsthand knowledge from those who have successfully bolstered their organization's defenses is invaluable.
Hear from a fellow IT pro who is just like you — navigating security awareness programs, crafting potent anti-phishing strategies and steering their orgs towards a stronger security culture.
Join us for this webinar featuring KnowBe4 customer Sarfraz Shaikh, IT Director at MESA and Erich Kron, Security Awareness Advocate at KnowBe4. The discussion will focus on the practical and actionable strategies you can implement now to build a strong security culture.
You'll learn:
- Top security awareness initiatives that get measurable results
- Real-life examples of anti-phishing measures that have succeeded (and some that haven't)
- How MESA saves nearly seven weeks' time annually for the IT team by automatically investigating, quarantining and removing malicious emails
- How to strengthen your organization's security culture and increase your IT team's productivity
- Three key takeaways every organization need to consider when kicking off security awareness program
Plus, earn continuing professional education (CPE) credits for attending!
Date/Time: TOMORROW, Wednesday, March 13, @ 2:00 PM (ET)
Can't attend live? No worries — register now and you will receive a link to view the presentation on-demand afterwards.
Save My Spot!
https://info.knowbe4.com/customer-spotlight-security-culture?partnerref=CHN
Phishers Abusing Legitimate but Neglected Domains To Pass DMARC Checks
By Roger Grimes
A recent great article by BleepingComputer about domain hijacking and DMARC abuse reminded me that many companies and people do not understand DMARC well enough to understand what it does and how it helps to prevent phishing.
And look-alike and neglected domains challenge its protective value to unknowledgeable email recipients. This article is about how to understand and proactively use DMARC.
First, a quick little intro to DMARC for readers not familiar with it. Domain-based Message Authentication, Reporting and Conformance (DMARC), Sender Policy Framework (SPF), and DomainKeys Identified Mail (DKIM) are three related global anti-phishing standards that allow email recipients to verify if an email that claims to be from a particular sending domain is really from the domain it claims.
In short, it helps to prevent email domain spoofing. For example, if an email claims to be from microsoft[.com], is it really from microsoft[.com]? DMARC operations rely heavily on DNS from both a sender's and receiver's configuration and use.
[CONTINUED AT]:
https://blog.knowbe4.com/phishers-abusing-neglected-domains-pass-dmarc
RIP Malicious Emails With KnowBe4's PhishER Plus
RIP malicious emails out of your users' mailbox with KnowBe4's PhishER Plus!
It's time to supercharge your phishing defenses using these two powerful features:
1) Automatically blocking malicious emails that your filters miss
2) Being able to RIP malicious emails before your users click on them
With PhishER Plus you can:
- Use crowdsourced intelligence from more than 13 million users to block known threats before you're even aware of them
- Automatically isolate and "rip" malicious emails from your users' inboxes that have bypassed mail filters
- Simplify your workflow by analyzing links and attachments from a single console with the CrowdStrike Falcon Sandbox integration
- Leverage the expertise of the KnowBe4 Threat Research Lab to analyze tens of thousands of malicious emails reported by users around the globe per day
- Automate message prioritization by rules you set and cut through your Incident Response inbox noise to respond to the most dangerous threats quickly
Join us for a live 30-minute demo of PhishER Plus, the #1 Leader in the G2 Grid Report for SOAR Software, to see it in action.
Date/Time: Wednesday, March 20, @ 2:00 PM (ET)
Save My Spot:
https://info.knowbe4.com/phisher-demo-3?partnerref=CHN
AI and Ransomware Top the List of Mid-Market IT Cyber Threats
A recent report reveals a significant discrepancy in the priorities of mid-market IT departments when it comes to addressing cyber threats.
It's somewhat ironic that IT professionals find themselves entangled in a logical paradox when responding to surveys, as demonstrated by Node4's Mid-Market IT Priorities Report 2024. This report sheds light on the fact that two of the top three cyber threats concerning mid-market IT departments are AI-based threats and ransomware, with insider threats ranking as the primary concern this year.
Let's break these two down a bit:
- AI-Related Threats: Nearly every example of AI used for malicious purposes by cybercriminals is in the form of helping write phishing content, scripts and finding intelligence about or vulnerabilities within specific technologies. See above's example list from OpenAI of actions taken by threat groups. So, if the output of AI use is phishing emails and malicious scripts, it stands to reason that phishing is likely going to be a big problem in the future, right?
- Ransomware: With such a material portion of ransomware attacks starting with phishing, it seems like the best course of action is to try to prevent it. And as a secondary strategy, have an ability to quickly recover operations. Now play those two forward for the IT pro: what should they be doing next to prepare for their top perceived threats?
Probably solid protection around phishing, great detection on endpoints and servers, and a lock-tight disaster recovery strategy, right? But then the report goes on to highlight the cybersecurity offerings in place to "tackle" the threats.
Take a look at the chart on the blog: [CONTINUED]
https://blog.knowbe4.com/ai-and-ransomware-top-list-of-mid-market-it-cyber-threat
Does Your Domain Have an Evil Twin?
Since look-alike domains are a dangerous vector for phishing and other social engineering attacks, it's a top priority that you monitor for potentially harmful domains that can spoof your domain.
Our Domain Doppelgänger tool makes it easy for you to identify your potential "evil domain twins" and combines the search, discovery, reporting and risk indicators, so you can take action now. Better yet, with these results, you can now generate a real-world online assessment test to see what your users are able to recognize as "safe" domains for your organization.
With Domain Doppelgänger, you can:
- Search for existing and potential look-alike domains
- Get a summary report that identifies the highest to lowest risk attack potentials
- Generate a real-world "domain safety" quiz based on the results for your end users
Domain Doppelgänger helps you find the threat before it is used against you.
Learn more now!
https://info.knowbe4.com/domain-doppelganger-chn
[BOOK REVIEW] Fighting Phishing By Roger Grimes
Ben Rothke's "Book of the Month" blog said: "'In Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing' (Wiley), author Roger Grimes has written a practical and valuable piece on how to do that. Phishing and wrong-number text scams are brilliantly simple but highly effective attack vectors.
"In this very practical and actionable guide, Grimes details in depth what firms need to do to mount a fighting chance against phishing attacks. In this very practical and actionable guide, Grimes details in depth what firms need to do to mount a fighting chance against phishing attacks.
"Part one of the book is Introduction to Social Engineering Security, with parts two through four on Policies, Technical Defenses, and Creating a Great Security Awareness Program. In truth, only part one is about phishing, while the rest of the book can be applied to effective information security practices.
"The lesson is that a good phishing defense has to be built on a good foundation of effective information security controls.
"The Ponemon Institute reported in their 2021 Cost of Phishing study that the average cost of a business email compromise attack was close to $6 million. The cost of this book is $28. You do the math."
Ben Rothke's full Review:
https://www.rsaconference.com/library/blog/bens-book-of-the-month-fighting-phishing
Get your copy at Amazon:
https://www.amazon.com/Fighting-Phishing-Everything-Social-Engineering/dp/1394249209/
Let's stay safe out there.
Warm Regards,
Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.
PS: [BUDGET AMMO] By yours truly at Fastcompany: "Businesses beware: You can be sued for online scams":
https://www.fastcompany.com/91045602/businesses-beware-you-can-be-sued-for-online-scams
PPS: Elon Musk: "I've never seen any technology advance faster than AI compute is currently, and we are on the edge of the biggest technology revolution ever.":
https://www.instagram.com/reel/C4AM3fMJIGs/?igsh=MXBka3ZrNGdxY25zOQ%3D%3D
- Aleksandr Solzhenitsyn - Russian Novelist, Nobel Prize Winner, and fierce critic of the Soviet regime. (1918 - 2008)
- Publius Syrus - 1st century BC, Roman Republic
You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-14-11-microsoft-and-openai-team-up-to-block-threat-actor-access-to-ai
[FBI ALERT] 2023 U.S. Cybercrime Loss Up 22% to $12.5 Billion
Americans lost $12.5 billion to cybercrime in 2023, according to a new report from the FBI's Internet Crime Complaint Center (IC3). This represents a 22% increase in reported losses compared to the previous year. $2.9 billion of the losses in 2023 were due to business email compromise attacks.
"In 2023, the IC3 received 21,489 BEC complaints with adjusted losses over 2.9 billion," the report says. "BEC is a sophisticated scam targeting both businesses and individuals performing transfers of funds. The scam is frequently carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
"These BEC schemes historically involved compromised vendor emails, requests for W-2 information targeting of the real estate sector, and fraudulent requests for large amounts of gift cards. More recently, the IC3 data suggests fraudsters are increasingly using custodial accounts held at financial institutions for cryptocurrency exchanges or third-party payment processors, or having targeted individuals send funds directly to these platforms where funds are quickly dispersed."
The FBI stresses the importance of implementing security best practices, including multifactor authentication, to thwart these attacks. "With these increased tactics of funds going directly to cryptocurrency platforms and third-party payment processors or through a custodial account held at a financial institution, it emphasizes the importance of leveraging two-factor or multi-factor authentication as an additional security layer," the Bureau says.
"Procedures should be put in place to verify payments and purchase requests outside of email communication and can include direct phone calls but to a known verified number and not relying on information or phone numbers included in the email communication. Other best practices include carefully examining the email address, URL, and spelling used in any correspondence and not clicking on anything in an unsolicited email or text message asking you to update or verify account information."
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
The FBI has the story:
https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf
Chicago Man Sentenced to Eight Years in Prison for Phishing Scheme
A 30-year-old man from Chicago, Joseph Alexander Valdez, has been sentenced to eight years in prison for conducting a Snapchat phishing scheme that victimized more than 700 women, CBS News reports.
The U.S. Attorney's Office for the Northern District of Florida said in a press release, "Court documents reflect that between June 2021, and December 2022, Valdez identified college-aged females located throughout the United States— including two students at Florida State University and one student at the University of Florida—to deceive them into providing their Snapchat passwords."
The press release adds, "Once he accessed the victims' Snapchat accounts, Valdez took screenshots of the victims' subscriber information—such as their name, phone number, email address—and downloaded their saved photographs, including private, nude photographs. In other instances, Valdez communicated in online chatrooms and forums with other individuals who used a similar scheme to unlawfully obtain the victims' private, nude photographs stored on the victims' Snapchat accounts and other social media platforms. These other individuals traded and shared photographs with Valdez."
Acting Special Agent in Charge Mark Dargis of the FBI Jacksonville Division stated, "Every day, thousands of unsuspecting social media users fall victim to online scammers, who are using a variety of sophisticated guises and techniques to collect personal information about their victims.
"This sentencing exemplifies the commitment of the FBI to protect Americans and investigate and pursue those who seek to exploit them. We encourage anyone who believes they are a victim of an online scam or fraud to immediately report the incident to the FBI's Internet Crime Complaint Center at www.ic3.gov."
New school security awareness training can give your organization an essential layer of defense against social engineering attacks.
CBS News has the story:
https://www.cbsnews.com/chicago/news/chicago-man-snapchat-phishing-scheme/
What KnowBe4 Customers Say
"Hey Stu, thanks for all the articles and materials you have shared with me. Now, I am glad to share with you that from today we in México are KnowBe4 customers, and we are confident that KnowBe4 will help us to improve our security posture from the awareness and training of users' perspective.
I also want to let you know that we have received an extraordinary accompaniment from Elena F., who has been working with our partners to make sure we receive an integral proposal to ensure our success with implementation."
- C.M., Gerente de Seguridad de la Información y Ciberseguridad
- Marc Andreessen says OpenAI is the 'security equivalent of Swiss cheese' and a tempting target for Chinese espionage:
https://fortune.com/2024/03/04/openai-elon-musk-marc-andreessen-china-espionage/ - Ukraine claims it hacked Russian Ministry of Defense servers:
https://www.bleepingcomputer.com/news/security/ukraine-claims-it-hacked-russian-ministry-of-defense-servers/ - Cyberattack forces Canada's financial intelligence agency to take systems offline:
https://therecord.media/canada-fintrac-cyberattack-systems-offline - Spoofed Zoom, Google & Skype Meetings Spread Corporate RAT:
https://www.darkreading.com/cyberattacks-data-breaches/spoofed-zoom-google-skype-meetings-spread-corporate-rats - 86% of CIOS have implemented formal AI policies:
https://www.securitymagazine.com/articles/100475-86-of-cios-have-implemented-formal-ai-policies - Russia's chief propagandist leaks intercepted German military Webex conversation:
https://therecord.media/german-air-force-conversation-leaked-russia - Microsoft 2023 Threat Intelligence Year in Review: Key Insights and Developments:
https://www.microsoft.com/en-us/security/business/security-insider/threat-briefs/2023-threat-intelligence-year-in-review-key-insights-and-development/ - WIRED: "Russian Hackers Stole Microsoft Source Code—and the Attack Isn't Over":
https://www.wired.com/story/russia-hackers-microsoft-source-code/ - Switzerland: Play ransomware leaked 65,000 government documents:
https://www.bleepingcomputer.com/news/security/switzerland-play-ransomware-leaked-65-000-government-documents/ - Change Healthcare confirms BlackCat/ALPHV ransomware attack:
https://www.bleepingcomputer.com/news/security/ransomware-gang-claims-they-stole-6tb-of-change-healthcare-data/
- Your Virtual Vaca This Week is to the Majestic and Incredible India:
https://www.youtube.com/watch?v=p8mXAQ6cPxg - Second virtual Vaca to the unique Marble Caves, Chile in 4K:
https://youtu.be/hIfurpJHW7s - A compilation of awesome women doing amazing things by 'People Are Awesome' - in celebration of the International Women's Day 2020:
https://www.flixxy.com/women-are-awesome-international-womens-day.htm?utm_source=4 - Melchstuhl Base jump in Switzerland:
https://youtu.be/i-Pvp4MMOEA - LockPickingLawyer picks a Diebold 175-70 Safe Deposit Lock:
https://youtu.be/WF9lvzYVlt0 - The $2.8BN Tunnel Dividing London:
https://youtu.be/iTbIPNDy7wI - Witness the magic mastery of Chris Capehart as he leaves Penn and Teller in awe with a self-working card trick:
https://www.flixxy.com/chris-capehart-fools-penn-and-teller-with-mind-blowing-magic.htm?utm_source=4 - Travis Rice Presents: A Good Winter:
https://youtu.be/Gm2gLbsahB8 - Climbing Hell's Revenge with Cybertrucks. Impressive:
https://www.youtube.com/watch?v=-aTXUrmmLdo - Why would you use 100-year-old, noisy, stinky technology to power a drone? I still have no idea:
https://newatlas.com/aircraft/wave-engine-corp-j1-uav-test-flight/ - For Da Kids #1 - Husband shocked when wife brought this dog home:
https://youtu.be/5fjMszdtjpM - For Da Kids #2 - Elephant Runs To Her Favorite Person Every Time He Calls Her Name:
https://youtu.be/y6aA4gjIM5U - For Da Kids #3 - Couple Brings Their Two Rescue Dogs Camping In A Vineyard For A Night:
https://youtu.be/JD72pT9ZRxo - For Da Kids #4 - What It is Like Growing Up With A Dog BFF:
https://youtu.be/yz-ePrXCjRs - For Da Kids #5 - Guy Finds A Stray Cat Living At Starbucks:
https://youtu.be/Hn5l5brvPus
