Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    CyberheistNews Vol 14 #17 [HEADS UP] LastPass Warns of a 'CEO' Deepfake Phishing Attempt

    Cyberheist News
    CyberheistNews Vol 14 #17  |   April 23rd, 2024

    [HEADS UP] LastPass Warns of a 'CEO' Deepfake Phishing AttemptStu Sjouwerman SACP

    Password manager software developer LastPass warned that one of its employees was targeted by a social engineering attack that used an audio deepfake which impersonated the company's CEO.

    Fortunately, the (trained) employee grew suspicious and avoided falling for the attack. You can count on the fact that other password manager software companies are attacked as well. Tell your supply chain to train their staff.

    Mike Kosak, Senior Principal Intelligence Analyst at LastPass, explained in a blog post, "In our case, an employee received a series of calls, texts, and at least one voicemail featuring an audio deepfake from a threat actor impersonating our CEO via WhatsApp.

    "As the attempted communication was outside of normal business communication channels and due to the employee's suspicion regarding the presence of many of the hallmarks of a social engineering attempt (such as forced urgency), our employee rightly ignored the messages and reported the incident to our internal security team so that we could take steps to both mitigate the threat and raise awareness of the tactic both internally and externally."

    LastPass warns that the technology to create deepfakes is now widely available, so these types of attacks will likely continue to increase. Increasing awareness of these techniques is a crucial defense against these attacks.

    "Deepfakes use generative artificial intelligence to leverage existing audio and/or visual samples to create a new and unique recording of a targeted individual saying or doing whatever the creator has programmed the deepfake tool to fabricate," LastPass says.

    "Deepfakes are often associated with political misinformation and disinformation campaigns, but the combination of the increased quality of deepfakes and the increased availability of the technology used to create them (there are now numerous sites and apps openly available that allow just about anyone to easily create a deepfake) has long been a concern of the private sector as well."

    Blog post with links:
    https://blog.knowbe4.com/lastpass-warns-deepfake-phishing

    [New Features] Ridiculously Easy Security Awareness Training and Phishing

    Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

    Join us Wednesday, May 8, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.

    Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.

    • NEW! Callback Phishing allows you to see how likely users are to call an unknown phone number provided in an email and share sensitive information
    • NEW! Individual Leaderboards are a fun way to help increase training engagement by encouraging friendly competition among your users
    • NEW! 2023 Phish-prone™ Percentage Benchmark By Industry lets you compare your percentage with your peers
    • Smart Groups allows you to use employees' behavior and user attributes to tailor and automate phishing campaigns, training assignments, remedial learning and reporting
    • Full Random Phishing automatically chooses different templates for each user, preventing users from telling each other about an incoming phishing test

    Find out how 65,000+ organizations have mobilized their end users as their human firewall.

    Date/Time: Wednesday, May 8, @ 2:00 PM (ET)

    Save My Spot!
    https://info.knowbe4.com/kmsat-demo-2?partnerref=CHN

    Global Cybercrime Hotspot Countries Revealed: Secure Your Defenses

    In a groundbreaking study that spanned three years, an international research team, including experts from the University of Oxford and UNSW Canberra, has developed the first-ever World Cybercrime Index.

    This Index ranks nations based on their contribution to global cybercrime, offering unprecedented insights into the cyber threats emanating from specific countries.

    Published in the esteemed journal PLOS ONE, the World Cybercrime Index reveals that a few countries are the major players in the cybercrime arena.

    Russia, Ukraine, China, the U.S., Nigeria and Romania are at the forefront, housing the most significant cybercriminal threats globally, with the UK also making the top ten.

    Dr. Miranda Bruce, a co-author of the study, emphasized the utility of this Index in strategic resource allocation for combating cyber threats. By identifying major cybercrime hubs, both public and private sectors can optimize their cybersecurity efforts, focusing on regions posing the greatest threats and economizing on resources elsewhere.

    The study's methodology involved a comprehensive survey of 92 cybercrime experts worldwide, who assessed various countries across five major categories of cyber crime.

    These experts ranked countries based not only on the volume of cyber crime originating from these locations but also on the sophistication and skill levels of the perpetrators.

    Associate Professor Jonathan Lusthaus highlighted the challenges in tracking cybercriminals, who often conceal their locations behind digital masks and fake profiles. The Index, therefore, serves as a critical tool in peeling back these layers of anonymity, providing a clearer picture of the cybercrime landscape.

    Moreover, the research points to the potential for identifying emerging cybercrime hotspots, allowing for preemptive actions in countries at risk before they develop significant cybercrime issues. This proactive approach could be pivotal in curbing the global spread of cyber threats.

    Professor Federico Varese from Sciences Po in France further noted that the study is just the beginning of a more extensive investigation into the factors that foster cybercrime within specific national contexts.

    Future research will explore how variables like educational attainment, internet penetration, GDP, and corruption levels might correlate with cybercrime activities.

    The World Cybercrime Index marks a significant step in understanding and combating cybercrime globally. By pinpointing where these criminal activities are most concentrated, cybersecurity professionals can better prepare and respond to these evolving threats, ultimately making the digital world a safer place for everyone.

    Blog post with links:
    https://blog.knowbe4.com/heads-up-global-cybercrime-hotspot-countries-revealed-secure-your-defenses

    Check Out the Massive New Global 2024 Security Culture Report

    Dive into KnowBe4's largest Security Culture Report to date, with insights from over 800,000 employees in 4,077 organizations across 18 industries. See where your industry stands in a global comparison of security practices.

    This report represents a treasure trove of data-driven insights, brought to life with easy-to-understand graphics. Dive deep into how security measures affect not only your organization's policies, but also the daily actions and emotions of your team at work.

    As a business leader you can leverage this information to ensure necessary investment dollars are allocated to the most critical part of the security infrastructure: the human layer.

    Download the report today to explore:

    • NEW this year! Expanded analysis for six global regions plus an in-depth worldwide overview
    • Security culture trends over time and regional breakdowns of security culture around the world
    • The best and worst scoring industries (Banking topped the list while Education and Government struggled)
    • Best practice for your improving your organization's security culture

    Download Now:
    https://www.knowbe4.com/security-culture-research-report-chn

    A Look at Foreign Influence Operations Focused on the U.S. Elections

    Our friends at The Cyberwire wrote: "Microsoft has published a report on foreign influence operations focused on the 2024 U.S. elections, finding that 'Russian efforts are focused on undermining U.S. support for Ukraine while China seeks to exploit societal polarization and diminish faith in U.S. democratic systems.'

    Over the past two months, Microsoft has observed at least seventy Russian threat actors using traditional and social media to peddle disinformation surrounding the war in Ukraine.

    Microsoft also found that Russia, China and Iran have all used generative AI to support their influence campaigns, although "fears that sophisticated AI deepfake videos would succeed in voter manipulation have not yet been borne out."

    The researchers believe that simpler AI-enhanced content will be more effective than fully AI-generated content.

    Separately, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Office of the Director of National Intelligence (ODNI) issued an advisory yesterday on election interference.

    The advisory notes that "the People's Republic of China (PRC), the Russian Federation, and the Islamic Republic of Iran continue to be the primary nation-state actors leveraging influence operations exploiting perceived sociopolitical divisions to undermine confidence in U.S. democratic institutions and shaping public perception toward their interests."

    I strongly recommend you step your users through this training module that I personally contributed to:

    Spot and Stop the Spread of Disinformation

    Distinguishing real from made-up information, especially online, is getting more and more difficult. Disinformation is the intentional creation of false information and has far reaching consequences. This module explores disinformation, how to identify it, and how to protect yourself and your organization from it. ModStore Search term: "Disinformation"

    Link to Blog post:
    https://blogs.microsoft.com/on-the-issues/2024/04/17/russia-us-election-interference-deepfakes-ai/

    Do Users Put Your Organization at Risk with Browser-saved Passwords?

    Cybercriminals are always looking for easy ways to hack into your network and steal your users' credentials.

    Verizon's Data Breach Investigations Report shows that attackers are increasingly successful using a combo of phishing and malware to steal user credentials. In fact, password dumpers, which allow cybercriminals to find and "dump" passwords your users save in web browsers, took the top spot for malware in the Verizon report.

    Find out now if browser-saved passwords are putting your organization at risk.

    KnowBe4's Browser Password Inspector (BPI) is a complimentary IT security tool that allows you to analyze your organization's risk associated with weak, reused and old passwords your users save in Chrome, Firefox and Edge web browsers.

    BPI checks the passwords found in the browser against active user accounts in your Active Directory. It also uses publicly available password databases to identify weak password threats and reports on affected accounts so you can take action immediately.

    With Browser Password Inspector you can:

    • Search and identify any of your users that have browser-saved passwords across multiple machines and whether the same passwords are being used
    • Quickly isolate password security vulnerabilities in the browser and easily identify weak or high-risk passwords being used to access your organization's key business systems
    • Better manage and strengthen your organization's password hygiene policies and security awareness training efforts

    Get your results in a few minutes! They might make you feel like the first drop on a roller coaster!

    Find Out Now:
    https://info.knowbe4.com/browser-password-inspector-chn

    Book Review — 'Co-Intelligence: Living and Working with AI'

    Perry Carpenter, KowBe4's Chief Evangelist & Strategy Officer sent me:

    "In case you haven't come across this one yet. It's called, Co-Intelligence: Living and Working with AI. It's not a technical book, but it's really good about exploring the mindset people need to have and how to embrace where AI is going to change how we engage with everything.

    "I'd also recommend the audio version. Part of the uniqueness of the book is where he demonstrates different LLM outputs. The audio version uses AI voices for those outputs in ways that are pretty entertaining."

    At Amazon:
    https://www.amazon.com/Co-Intelligence-Living-Working-Ethan-Mollick/dp/059371671X


    Let's stay safe out there.

    Warm Regards,

    Stu Sjouwerman, SACP
    Founder and CEO
    KnowBe4, Inc.

    PS: [DEEPFAKE NIGHTMARE] Cool or creepy? Microsoft's VASA-1 is a new AI model that turns photos into 'talking faces,' but check the teeth:
    https://www.tomsguide.com/ai/ai-image-video/microsoft-wants-your-photos-to-talk-vasa-1-is-a-new-ai-model-to-turn-images-into-talking-faces

    PPS: My live blog comments during the Iran Drone Attack. "I don't have to say it, do I?":
    https://blog.knowbe4.com/i-dont-have-to-say-it-do-i

    Quotes of the Week  
    "I object to violence because when it appears to do good, the good is only temporary; the evil it does is permanent."
    - Mahatma Gandhi - Leader (1869 - 1948)
    "Wisdom, compassion, and courage are the three universally recognized moral qualities of men."
    - Confucius - Philosopher (551 - 479 BC)
    Thanks for reading CyberheistNews

    You can read CyberheistNews online at our Blog
    https://blog.knowbe4.com/cyberheistnews-vol-14-17-heads-up-lastpass-warns-of-a-ceo-deepfake-phishing-attempt

    Security News

    Phishing Frenzy: Microsoft and Google Most Mimicked Brands in Cyber Scams

    Microsoft and Google were the most frequently impersonated brands in phishing attacks during the first quarter of 2024, according to a report from Check Point.

    Microsoft-themed phishing attempts accounted for 38% of attacks in Q1 2024, while Google came in at a distant second with 11%. Notably, phishing attacks impersonating vacation rental company Airbnb have spiked over the past few weeks.

    "In a remarkable turn of events, Airbnb made its debut in the top brands list, securing the 10th position," the researchers write.

    "This impressive climb is likely influenced by the Easter season, a period associated with increased travel and holiday bookings. The seasonal surge in vacation planning could have amplified Airbnb's visibility and appeal, particularly among travelers seeking unique accommodations."

    Overall, most phishing attacks last quarter impersonated brands in the technology industry. "The Technology sector remained unchanged as the most impersonated industry in brand phishing, followed by Social Networks and Banking," Check Point says.

    "The technology brands lead in phishing attacks, likely due to their widespread usage in corporate and remote work environments, making them a lucrative entry point into company assets. In many cases they are used with the employee's internal credentials, and their exposure poses an even larger risk than the disclosure of an individual's personal details used in social media, shipping, or banking platforms."

    Check Point concludes, "In light of the persistent threat posed by brand impersonation, it is imperative for users to maintain a heightened level of vigilance and exercise caution when engaging with emails or messages purportedly from trusted brands.

    "By remaining vigilant and adopting proactive cybersecurity practices, individuals can mitigate the risk of falling victim to cybercriminal tactics."

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Blog post with links:
    https://blog.knowbe4.com/microsoft-and-google-most-mimicked-brands-in-cyber-scams

    Cisco Calls Out Organizations as Being 'Overconfident and Unprepared' for Cyber Attacks

    In a new report, Cisco says the cyber readiness of organizations is lacking despite having experienced multiple cyber attacks within the last year.

    The maturity of an organization's state of cyber readiness may very well dictate the outcome of an attack. It's one thing to have a bunch of solutions in place, and it's completely another to have the right solutions, policies, practices, and plans in place to address cyber risks.

    According to Cisco's 2024 Cybersecurity Readiness Index, most organizations simply aren't prepared, with the majority of organizations experiencing cyberattacks:

    • 54% have experienced a cybersecurity incident in the past year
    • And 73% believe they likely will experience a cybersecurity incident in the next 12-24 months

    So, you'd think organizations would realize this and step up their game, right? But Cisco points out, that just isn't the case. With 80% of companies feeling "moderately to very confident" in their ability to stay resilient against cyber attacks, organizations appear to think they have everything under control.

    And yet:

    • 46% have 10 or more unfilled cybersecurity roles
    • 80% admit their use of multiple point solutions is slowing down their ability to detect, respond to, and recover from incidents

    When measured against Cisco's cyber readiness maturity model, organizations definitely come up lacking:

    Only 3% are considered "mature," with the vast majority (71%) either just starting out or have "some level of deployment but are performing below average on cybersecurity readiness across a range of areas."

    In other words, "they're not ready."

    What was interesting in this report is that Cisco's readiness measurements focused on identity, endpoints, network, cloud and AI — there's no mention of the user being a cyber readiness factor in this report, despite 54% of organizations experiencing attacks.

    I believe, for an organization to be truly cyber ready, the users need to also be ready by means of continual security awareness training to ensure that any attacks that get past security controls are stopped by the user themselves.

    Blog post with images and links:
    https://blog.knowbe4.com/cisco-calls-out-organizations-as-overconfident-and-unprepared-for-cyberattacks

    What KnowBe4 Customers Say

    "Hi Stu, I hope that I am getting to you directly, and not overstepping any perceived bounds. I just wanted to let you know that Krissy's presence and performance as our CSM has been the most pleasant experience I have ever had from a CSM. Ever… I have been nothing but impressed with her responses to our concerns, and I have always enjoyed our interactions.

    She has always been timely and confident in her answers to our concerns. She certainly deserves any praise you care to give her. Anyhow, thanks for being an outstanding vendor for us."

    - B.K., Director of IT

    The 10 Interesting News Items This Week
    1. 60 minutes (13:30m) segment reveals that Russians team up with young, English-speaking hackers for cyber attacks:
      https://www.youtube.com/watch?v=lEwC1tN2jb8

    2. UK flooded with forged stamps despite using barcodes — to prevent just that:
      https://www.bleepingcomputer.com/news/security/uk-flooded-with-forged-stamps-despite-using-barcodes-to-prevent-just-that/

    3. [Victim Blaming] MGM Seeks to Block FTC Probe of 2023 Cyberattack:
      https://www.wsj.com/articles/mgm-seeks-to-block-ftc-probe-of-2023-cyberattack-2a2ca461

    4. Hackers linked to Russia's military claim credit for sabotaging U.S. water utilities:
      https://www.wired.com/story/cyber-army-of-russia-reborn-sandworm-us-cyberattacks/?

    5. 'Junk gun' ransomware: Peashooters can still pack a punch:
      https://news.sophos.com/en-us/2024/04/17/junk-gun-ransomware-peashooters-can-still-pack-a-punch/

    6. OpenAI's GPT-4 can exploit real vulnerabilities by reading security advisories:
      https://www.theregister.com/2024/04/17/gpt4_can_exploit_real_vulnerabilities/

    7. Change Healthcare Ransomware attack has cost $872 million so far:
      https://therecord.media/ransomware-unitedhealth-costs-billions-still-climbing/

    8. 'Sandworm' Group Is Russia's Primary GRU Cyberattack Unit in Ukraine:
      https://www.darkreading.com/ics-ot-security/-sandworm-group-is-russia-s-primary-cyber-attack-unit-in-ukraine

    9. Microsoft's new AI tool is a deepfake nightmare machine:
      https://www.creativebloq.com/news/microsoft-ai

    10. Roku makes 2FA mandatory for all after nearly 600K accounts pwned:
      https://www.theregister.com/2024/04/15/roku_2fa_for_everyone/

    Cyberheist 'Fave' Links
    This Week's Links We Like, Tips, Hints and Fun Stuff

     

    Return To KnowBe4 Security Blog

    Topics: Cybercrime, KnowBe4

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews