CyberheistNews Vol 14 #20 Verizon: Nearly 80% of Data Breaches Involve Phishing and the Misuse of Credentials

Cyberheist News

CyberheistNews Vol 14 #20  |   May 14th, 2024

Verizon: Nearly 80% of Data Breaches Involve Phishing and the Misuse of CredentialsStu Sjouwerman SACP

Innovative analysis of data breaches shows which attack vectors are being used and how they're enabled, highlighting the roles phishing and credentials play.

With the release of the new 2024 Verizon Data Breach Investigations Report, we dug into the findings to continue our coverage of important cybersecurity issues, specifically data breaches and phishing.

The report offers fresh insights and perspectives, which are critical to understanding the evolving landscape of cyber threats.

Traditionally, we've seen this report talk about action varieties with phishing as an example, and specific attack vectors (e.g., web applications), but this latest report takes things a step further and combines them to provide InfoSec professionals with a new perspective on where the real problems lie with attacks that lead to data breaches.

As you can see from the table in the blog post, credentials and phishing are present in three of the top four attack combinations.

The combination of credentials and web applications in the top spot aligns with the growth and evolution we've seen in the "credential cyber-economy" of late, where credentials are obtained using impersonated brand login pages and then sold on the dark web. According to the report, credentials are compromised in 71% of web application attacks.

Phishing involves email, but it's interesting to see it take second place, when the top initial attack vector for credential harvesting attacks is actually phishing (meaning behind the top entry is a string of phishing attacks that enabled that attack combination).

Jumping down to fourth and fifth spot, we see that credentials continue to play a role in attack vectors involving desktop sharing software and VPNs.

In total, we see credentials and phishing involved in nearly 80% of data breaches, making the combination of email, social engineering and your users the most critical aspect of your cybersecurity strategy.

A combination of layered security solutions and new-school security awareness training is what's needed to shore up the insecurity demonstrated by the overwhelming evidence provided in Verizon's latest report.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Blog post with links and graphics:

Reality Hijacked: Deepfakes, GenAI, and the Emergent Threat of Synthetic Media

"Reality Hijacked" isn't just a title — it's a wake-up call. The advent and acceleration of GenAI is redefining our relationship with "reality" and challenging our grip on the truth. Our world is under attack by synthetic media.

We've entered a new era of ease for digital deceptions: from scams to virtual kidnappings to mind-bending mass disinformation. Experience the unnerving power of AI that blurs the lines between truth and fiction.

Join us for this webinar where Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4, cuts through the noise, spotlighting how these digital illusions are easily weaponized.

Get ready for a demo-driven journey — a no-holds-barred look at AI's dark artistry. See the unseen. Hear the unheard. Question everything.

  • Crack the code: Learn how GenAI and deepfakes tick
  • Engage with the possible: See how easy it is to use consumer-grade tools to create weapons-grade deceptions
  • See the future: Grasp the real risk to you, society and trust itself
  • Fight back with knowledge: Arm yourself with the latest detection and understand why security awareness training can help build your organization's defenses

This is your reality check. Can you trust what you see and hear? Join us and find out, and earn CPE credit for attending!

Date/Time: TOMORROW, Wednesday, May 15 @ 2:00 PM (ET)

Can't attend live? No worries — register now and you will receive a link to view the presentation on-demand afterwards.

Save My Spot:

[Must Read] How Boeing Battled a Whopping $200M Ransomware Demand

Boeing recently confirmed that in October 2023, it fell victim to an attack by the LockBit ransomware gang, which disrupted some of its parts and distribution operations. The attackers demanded a whopping $200 million not to release the data they had exfiltrated.

On Wednesday, Boeing admitted it was the company described as the "multinational aeronautical and defense corporation headquartered in Virginia" in a recently unsealed U.S. Department of Justice indictment. This indictment revealed the identity of the LockBitSupp administrator.

The indictment accused Dmitry Yuryevich Khoroshev (picture at blog) of being the primary administrator and developer of the LockBit ransomware, as part of a global crackdown involving sanctions from the U.S., U.K. and Australia.

[CONTINUED] Blog post with links:

RIP Malicious Emails With KnowBe4's PhishER Plus

RIP malicious emails out of your users' mailbox with KnowBe4's PhishER Plus!

It's time to supercharge your phishing defenses using these two powerful features:

1) Automatically blocking malicious emails that your filters miss
2) Being able to RIP malicious emails before your users click on them

With PhishER Plus you can:

  • Use crowdsourced intelligence from more than 13 million users to block known threats before you're even aware of them
  • Automatically isolate and "rip" malicious emails from your users' inboxes that have bypassed mail filters
  • Simplify your workflow by analyzing links and attachments from a single console with the CrowdStrike Falcon Sandbox integration
  • Leverage the expertise of the KnowBe4 Threat Research Lab to analyze tens of thousands of malicious emails reported by users around the globe per day
  • Automate message prioritization by rules you set and cut through your incident response inbox noise to respond to the most dangerous threats quickly

Join us for a live 30-minute demo of PhishER Plus, the #1 Leader in the G2 Grid Report for SOAR Software, to see it in action.

Date/Time: Wednesday, May 22, @ 2:00 PM (ET)

Save My Spot:

Protecting Your Digital Footprint: The Dangers of Sharing Too Much on Social Media

For most folks, social media has become integral to their daily lives in today's hyperconnected world. They use platforms like Facebook, Twitter and Instagram to share their thoughts, experiences and personal moments with friends and family.

Being online has even become a business for content creators, who share their insights and thoughts of their daily lives, from "Getting Ready With Me" (GRWM) to recording video trends of jumping over your camera to the beach or the latest dance craze.

However, it is crucial to be aware of the potential dangers of oversharing personal information online, as cybercriminals can exploit this information to stalk individuals where they live or work.

The Rise of Cyberstalking

Cyberstalking is another unfortunate reality in today's digital landscape. With the vast amount of online personal information, cybercriminals can quickly gather data about their victims, enabling them to harass, intimidate or even harm individuals.

Social media platforms provide a treasure trove of information, including your location, personal relationships, interests and daily routines. If accessed by malicious actors, this information can be used to invade one's privacy and potentially compromise their safety.

The Dangers of Oversharing

While bringing countless benefits, this digital age also introduces significant risks, such as identity theft. As Rachel Tobac demonstrated at this year's KB4-CON, she determined and verified her target Perry Carpenter's personal cell phone and email address.

You can see Rachel's Keynote on demand here at the KB4-CON site:

[CONTINUED] Blog post with links:

[Free Phish Alert Button] Give Your Employees a Safe Way to Report Phishing Attacks with One Click!

Do your users know what to do when they receive a suspicious email?

Should they call the help desk or forward it? Should they forward to IT including all headers? Delete and not report it, forfeiting a possible early warning?

KnowBe4's Phish Alert add-in button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user's inbox to prevent future exposure. All with just one click! And now, the Phish Alert add-in button supports Outlook Mobile!

Phish Alert Button Benefits:

  • Reinforces your organization's security culture
  • Users can report suspicious emails with just one click
  • Your Incident Response team gets early phishing alerts from users, creating a network of "sensors"
  • Email is deleted from the user's inbox to prevent future exposure
  • Easy deployment via MSI file for Outlook and GSuite deployment for Gmail (Chrome)

Get the Phish Alert Button Now:

Back to the Hype: An Update on How Cybercriminals Are Using GenAI

Vincenzo Ciancaglini and David Sancho at Trend Micro came up with a good short summary of where this is at:

"In August 2023, we published an article detailing how criminals were using or planning to use generative AI (GenAI) capabilities to help develop, spread, and improve their attacks. Given the fast-paced nature of AI evolution, we decided to circle back and see if there have been developments worth sharing since then. Eight months might seem short, but in the fast-growing world of AI, this period is an eternity.

"Compared to eight months ago, our conclusions have not changed: While criminals are still taking advantage of the possibilities that ChatGPT and other LLMs offer, we remain skeptical of the advanced AI-powered malware scenarios that several media outlets seemed to dread back then. We want to explore the matter further and pick apart the details that make this a fascinating topic.

"We also want to address pertinent questions on the matter. Have there been any new criminal LLMs beyond those reported last year? Are criminals offering ChatGPT-like capabilities in hacking software? How are deepfakes being offered on criminal sites?"

Key Takeaways

  • Adoption rates of AI technologies among criminals lag behind the rates of their industry counterparts because of the evolving nature of cybercrime
  • Compared to last year, criminals seem to have abandoned any attempt at training real criminal large language models (LLMs). Instead, they are jailbreaking existing ones
  • We are finally seeing the emergence of actual criminal deepfake services, with some bypassing user verification used in financial services

Link with full article at:

Note though that a Russia-aligned information operation uses generative AI to modify legitimate articles. Recorded Future's Insikt Group describes a Russia linked influence network dubbed "CopyCop" that's using generative AI tools to modify content from legitimate mainstream media sources, inserting bias that aligns with Russian government perspectives.

The researchers explain, "CopyCop websites focus their attention on US, UK, and French domestic news, politics, crime, and other nationally trending stories, in addition to covering the war in Ukraine from a pro-Russian perspective and the Israel-Hamas conflict from a point of view that is critical of Israeli military operations in Gaza."


Russia-Linked CopyCop Uses LLMs to Weaponize Influence Content at Scale:

[Breaking] The News Is Increasingly Broken. Surge Of Inaccurate AI News Stories:

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: RSA Video Interview #1 Stu Sjouwerman, CEO, KnowBe4 & Tony Pepper, CEO, Egress, join theCUBE host Dave Vellante:

PPS: RSA Video Interview #2 - BankInfo Security: "Inside KnowBe4's Acquisition of Egress":

Quotes of the Week  
"Humanity should question itself, once more, about the absurd and always unfair phenomenon of war, on whose stage of death and pain only remain standing the negotiating table that could and should have prevented it."
- Pope John Paul II - Karol Józef Wojtyła (1920 - 2005)

"Peace cannot be kept by force; it can only be achieved by understanding."
- Albert Einstein (1879–1955)

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog

Security News

Credential-Harvesting Campaign Impersonates Fashion Retailer Shein

A phishing campaign is impersonating fashion retailer Shein in an attempt to steal users' credentials, according to researchers at Check Point. "The email arrives with a tempting subject line: 'Order Verification SHEIN' — claiming to be from Shein customer service," the researchers explain.

"But a closer look reveals a red flag — the sender's email address doesn't match Shein's official one. The email excitedly announces you've received a mystery box from Shein. However, the included link won't bring you a surprise gift; it leads to a fake website designed to steal your personal information (a credential harvesting site).

"This phishing attempt is quite transparent. It preys on your excitement by claiming you've won a prize and uses the trusted brand name 'Shein' to gain your trust. However, a vigilant user can easily spot the scam: check the sender's email address (it shouldn't be random letters) and verify that any links lead to legitimate Shein webpages."

Check Point notes that scammers can be expected to impersonate any popular brand, and observant users can recognize red flags associated with phishing.

"Just like other phishing attempts, scammers are trying to capitalize on popular brands and current trends to trick you," the researchers write. "This time, they're using Shein. There are several red flags that this email isn't legitimate. First, there's a strong sense of urgency surrounding the 'mystery box' offer, which is designed to create excitement and pressure you into clicking.

"Another clue? The email address itself is a jumble of random letters, not a recognizable Shein address. You won't find any Shein branding or logos in the email either. Finally, the link in the email won't take you to an official Shein webpage, but to a fraudulent website designed to steal your information."

Check Point offers the following recommendations to help users avoid falling for phishing attacks:

  • Make sure you don't click on links from websites whose address isn't the official one and check the email's source
  • Check the address of the website and the sender's name for spelling and punctuation errors on websites that look real
  • Ensure the email is free of spelling errors. Pay attention to the language in the email: are you expecting to be addressed in this language by your shipping company?

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Blog post with links. Share with your users:

Phishing Reports in Switzerland More Than Doubled Last Year

Switzerland's National Cyber Security Centre (NCSC) received more than 30,000 reports of cyber incidents in the second half of 2023, more than double the amount received in the second half of 2022.

The NCSC said in a press release, "This increase is mainly down to job offer scams and calls from fraudsters claiming to be police officers. Fraud attempts were among the most frequently reported incidents, with the 'CEO' and 'invoice manipulation' scams being particularly commonplace."

The number of reported phishing attacks also more than doubled last year.

"5536 phishing reports were received, more than twice as many as in the same period last year (2179 reports)," the NCSC says. "What is known as 'chain phishing' is particularly worth mentioning: phishers hack email inboxes and then send emails to all the addresses stored in the mailbox.

"As the sender is likely to be known to the recipients, there is a high probability that they will fall for the scam and respond to the phishing mail. The phished email accounts are then used to write once again to all the contacts they hold."

The Centre also observed an increase in attacks assisted by AI tools. While the number of these attacks is still low, the NCSC expects these techniques to increase in the future.

"There was also an increase in reports of attempted fraud involving the use of AI," the NCSC says. "Cyber criminals use AI-generated images for sextortion attempts, to pretend to be celebrities on the phone, or to perpetrate investment fraud. Although the number of reports of such incidents is still comparatively low, the NCSC believes that these are the first attempts by cyber criminals to explore how AI might be used for future cyberattacks."

Blog post with links:

What KnowBe4 Customers Say

"Hi Stu, thanks for personally checking in on our experience with your training and phishing service. I'm happy to report that we are indeed satisfied with the results. Your service has been instrumental in enhancing our cybersecurity awareness and preparedness. We look forward to continuing our partnership with you."

- N.V., Chief Technology Officer

"Yes, the solution is bearing fruit, users are now concerned by this subject. We started with a phishing test phase to identify the levels of training necessary according to the groups, we will implement the training programs shortly. Do not hesitate to contact me if you wish to visit us. I would like to add that we are delighted with the relationship with the KB4 teams and in particular with Dominic H."

- V.J., Responsable Services Cloud & vDSI

"Thanks for your email, Stu. My apologies for not replying sooner — I was actually making sure this wasn't a scam! So, as you can see, your KnowBe4 is making us all think first before opening and responding to any emails we are not sure of.

"We chose your system as it was preferable to sitting in a one-off training session for hours — and I know from experience that most of our staff don't take in much after 20-30 mins in a training session. KnowBe4, however, has sparked a lot of discussion around the office, so I am thinking it has been a success for us so far."

- H.M., Accounts Manager

The 10 Interesting News Items This Week
  1. LockBit ransomware admin identified, sanctioned in U.S., UK, Australia:

  2. LockBit's seized darknet site resurrected by police, teasing new revelations:

  3. Only 45% of organizations use MFA to protect against fraud:

  4. Thousands of UK troops hit in suspected Chinese hack on defense ministry:

  5. How to Stick It to a Hacker Who Made $100 Million From Ransomware:

  6. New 'LLMjacking' Attack Exploits Stolen Cloud Credentials:

  7. Poland says Russian military hackers target its govt networks with phishing campaigns:

  8. Russia-Linked CopyCop Uses LLMs to Weaponize Influence Content at Scale:

  9. Attack technique can bypass VPN encapsulation:

  10. Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators:

Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

Topics: Cybercrime, KnowBe4

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews