CyberheistNews Vol 14 #25 Microsoft and KnowBe4 Collaborate on Ribbon Phish Alert Button for Outlook

Cyberheist News

CyberheistNews Vol 14 #25  |   June 18th, 2024

Microsoft and KnowBe4 Collaborate on Ribbon Phish Alert Button for OutlookStu Sjouwerman SACP

Increasing phishing attacks are a constant threat to organizations, making it crucial for users to report suspicious emails.

This practice not only helps in identifying and mitigating potential threats, but also plays a significant role in educating and creating awareness among employees.

The importance of reporting suspected phishing emails cannot be overstated, as it acts as a last line of defense against cyber threats. However, the process of reporting phishing attempts has not always been straightforward.

One of the primary complications with reporting phishing emails is the lack of a standardized button across different email platforms and security solutions. Various vendors offer their own reporting buttons, each with its own placement and functionality.

This inconsistency leads to a fragmented user experience, making it challenging for employees to quickly and efficiently report suspicious emails. Additionally, the presence of multiple reporting buttons can result in confusion and even false positives, which can overwhelm security teams with unnecessary alerts.

Recognizing these challenges, KnowBe4 has collaborated with Microsoft to integrate a standardized customizable reporting button directly into Microsoft Outlook called the Microsoft Ribbon Phish Alert Button. This partnership aims to streamline the process of reporting phishing emails, providing a consistent and user-friendly experience across the Outlook platform.

The Collaboration with Microsoft

During the recent Microsoft Build conference, Sam Ramon, a technical writer from the Office Platform Team, announced several significant updates to the Outlook add-in space. Among these updates was the introduction of a new integrated spam reporting feature, developed in collaboration with KnowBe4.

This feature is designed to enhance the security awareness training and simulated phishing capabilities offered by KnowBe4. Brandon Smith, Product Manager at KnowBe4, [VIDEO link in blog post] highlighted the benefits of this collaboration during his presentation.

The new spam reporting add-in for Outlook aims to provide an enhanced security experience by making the phishing reporting process more accessible and efficient for users. This integration ensures that the spam reporting button is conveniently located in the Outlook ribbon, always within reach for users to report suspicious emails with just a single click.

Key Features and Benefits

  • Consistent User Experience
  • Efficient Reporting
  • Enhanced Security
  • Collaboration and Innovation
  • Seamless Integration

Microsoft Ribbon Phish Alert Button Product Manual

From our Knowledge Base: The Microsoft Ribbon Phish Alert Button (PAB) allows your users to easily report suspicious emails and help protect your organization from cyberattacks. When you integrate the PAB with Microsoft's integrated spam-reporting feature, the PAB will appear in the Outlook ribbon.

When your users click the PAB to report an email, they can provide your IT team with an early warning about potential threats. You can receive reported emails in the Microsoft 365 Defender platform and the KSAT console. To learn how to install the Microsoft Ribbon PAB and how your users can use the PAB in their mail clients, see the Knowledge Base Article.

Looking Ahead

The introduction of the Microsoft Ribbon Phish Alert Button marks a significant step forward in the fight against phishing attacks. As more organizations adopt this solution, the ease and efficiency of reporting phishing emails will undoubtedly improve, leading to better threat detection and prevention.

Moving forward, KnowBe4 and Microsoft remain committed to refining and expanding this add-in. Future updates will likely include smarter analytics, deeper integration between platforms and additional features to further enhance the security and user experience.

The collaboration between KnowBe4 and Microsoft exemplifies the power of innovation and teamwork in addressing the challenges of cybersecurity.

Blog post with link to Microsoft BUILD Conference Video:

Rip Malicious Emails With KnowBe4's PhishER Plus

Rip malicious emails out of your users' mailbox with KnowBe4's PhishER Plus!

It's time to supercharge your phishing defenses using these two powerful features:

1) Automatically blocking malicious emails that your filters miss
2) Being able to RIP malicious emails before your users click on them

With PhishER Plus you can:

  • NEW! Detect and respond to threats faster with real-time web reputation intelligence with PhishER Plus Threat Intel, powered by Webroot!
  • Use crowdsourced intelligence from more than 13 million users to block known threats before you're even aware of them
  • Automatically isolate and "rip" malicious emails from your users' inboxes that have bypassed mail filters
  • Simplify your workflow by analyzing links and attachments from a single console with the CrowdStrike Falcon Sandbox integration
  • Automate message prioritization by rules you set and cut through your incident response inbox noise to respond to the most dangerous threats quickly

Join us for a live 30-minute demo of PhishER Plus, the #1 Leader in the G2 Grid Report for SOAR Software, to see it in action.

Date/Time: THIS WEEK, Wednesday, June 19, @ 2:00 PM (ET)

Save My Spot:

Beware: Major AI Chatbots Now Intentionally Spreading Election Disinformation

Just when you thought the disinformation landscape couldn't get any worse, a new report from Democracy Reporting International in Europe reveals that popular AI chatbots have started intentionally spreading false information related to elections and the voting process.

The researchers examined the responses from chatbots like Google's Gemini, OpenAI's ChatGPT4, ChatGPT4-o, and Microsoft's Copilot when asked common election-related questions across 10 European languages. Their findings? A concerning level of disinformation being pushed out.

As the report states, "We titled our last study 'misinformation'...we have changed the category now to 'disinformation,' which implies a level of intent. Once a company has been made aware of misinformation but fails to act on it, it knowingly accepts the spread of false information."

That's right, these major companies are well aware their chatbots are providing inaccurate and misleading information about voting processes, voter registration, mail-in ballots, and more — yet they've failed to add proper guardrails to the AI models. It's inexcusable. This potentially undermines election integrity.

Some examples of the disinformation included:

  • ChatGPT provides Irish voters with instructions for a single outdated paper form, rather than clarifying the various online/in-person options based on voter status.
  • Copilot doesn't mention that Polish citizens living abroad can vote for their country's MEPs.
  • ChatGPT incorrectly tells Greek users they need to register to vote, when all citizens are automatically registered.

OpenAI in particular has made zero efforts to prevent its chatbots from spreading electoral disinformation, according to the report. The researchers urgently recommend OpenAI "retrain its chatbots to prevent such disinformation."

This cavalier attitude from Big AI is concerning as we head into major elections across Europe and the U.S. in 2024. Voters relying on AI assistants for guidance may be misled in ways that could suppress turnout and cause problems.

As experts in the area, we must raise awareness with our customers and communities about the dangers of blindly trusting chatbot responses on civic processes.

Disinformation is a top cybersecurity threat to organizations and democracies. Don't let your guard down — stay vigilant against emerging AI-powered disinformation vectors like this. Confirm any election instructions through official .gov websites and nonpartisan organizations.

New-school security awareness training empowers employees to think critically about AI output and spot potential disinformation red flags. With the stakes for fair elections so high, preparedness is key.

Blog post with link to EuroNews source:

[NEW] Whitepaper: The Role of AI in Email Security

As organizations have implemented email security solutions and trained employees to recognize email attacks, threat actors have pivoted to more advanced methods that bypass protections, namely artificial intelligence (AI).

In response, email security vendors are using AI in their defensive tools to stop attacks that leverage new and emerging attack methods in email. Many organizations have gained AI-enabled protections by virtue of their incumbent email security vendors, but to strengthen their defenses, they are now shopping for new solutions offering AI to bolster the baseline protections offered by cloud email providers.

Read this research to learn:

  • How cybercriminals are leveraging AI to circumvent traditional email security tools
  • How AI capabilities are improving detection efficacy
  • Top AI-driven security features IT buyers are prioritizing when evaluating email security products

Download Now:

DarkGate Malware Being Spread via Excel Docs Attached To Phishing Emails

A phishing campaign is spreading the DarkGate malware using new techniques to evade security filters, according to researchers at Cisco Talos.

"The DarkGate malware family is distinguished by its covert spreading techniques, ability to steal information, evasion strategies, and widespread impact on both individuals and organizations" the researchers explain.

"Recently, DarkGate has been observed distributing malware through Microsoft Teams and even via malvertising campaigns. Notably, in the latest campaign, AutoHotKey scripting was employed instead of AutoIT, indicating the continuous evolution of DarkGate actors in altering the infection chain to evade detection."

The malware is delivered via malicious Excel documents attached to phishing emails. The emails purport to come from a company's CEO, and urge recipients to review the attached documents as soon as possible.

"Talos' intent analysis of these emails revealed that the primary purpose of the emails primarily pertained to financial or official matters, compelling the recipient to take an action by opening the attached document," the researchers write.

"The infection process begins when the malicious Excel document is opened. These files were specially crafted to utilize a technique, called 'Remote Template Injection,' to trigger the automatic download and execution of malicious contents hosted on a remote server."

The researchers explain that Remote Template Injection is a less common tactic that's more likely to go undetected by security measures.

"Remote Template Injection is an attack technique that exploits a legitimate Excel functionality wherein templates can be imported from external sources to expand a document's functions and features," Cisco Talos says.

"By exploiting the inherent trust users place in document files, this method skillfully evades security protocols that may not be as stringent for document templates compared to executable files. It represents a refined tactic for attackers to establish a presence within a system, sidestepping the need for conventional executable malware."

Blog post with links:

[INFOGRAPHIC] 9 Cognitive Biases Hackers Exploit the Most

Cybersecurity is not just a technological challenge, but increasingly a social and behavioral one.

People, no matter their tech savviness, are often duped by social engineering scams, like CEO fraud, because of their familiarity and immediacy factors.

Bad actors have the know-how to tap into "mental shortcuts" known as cognitive biases and manipulate employees into compromising sensitive information or systems.

Check out this infographic, with examples of the top cognitive biases hackers use the most:

Sinister "More_eggs" Malware Cracks Into Companies by Targeting Hiring Managers

Job seekers, beware — cybercriminals have a nasty new way to slide their malicious code on corporate networks. Researchers have uncovered a devious phishing campaign that's distributing the powerful More_eggs backdoor by disguising it as resume submissions for open roles.

That's right, threat actors are exploiting one of the most routine parts of hiring processes to launch crippling cyber attacks.

According to the investigation, malicious actors are responding to job listings on LinkedIn and luring recruiters to fake websites purporting to contain candidate resumes. But attempting to download the "resume" launches a malware infection chain instead.

The cybersecurity firm eSentire spotted one of these attacks in May targeting an industrial services company. The threat actor impersonated a job applicant and tricked a hiring manager into visiting their weaponized site, where a malicious Windows shortcut file triggered the silent deployment of the More_eggs malware.

More_eggs is a pernicious modular backdoor capable of harvesting sensitive data, delivering additional payloads, and giving threat actors full remote access. It's part of a Malware-as-a-Service operation run by criminal groups like Golden Chickens, providing potent tools to cybercriminal clientele.

These actors are well-versed in using social engineering tactics to boost infection rates. Previous More_eggs campaigns have also used bogus job opportunity lures on LinkedIn to trick professionals into downloading the malware. Leverage people's career aspirations and desire to land their dream job — it's a deviously effective psychological ploy.

The infection vector gets worse. The malicious resume download sites are designed to switch to displaying harmless HTML code after a period of time, erasing traces of the attack for unwitting victims. Brutal stuff aimed at staying undetected for as long as possible inside the target's network.

This campaign highlights why security awareness training for ALL staff, even non-technical roles like HR, is absolutely crucial to blocking phishing and social engineering threats. One wrong click could potentially compromise your entire organization.

Hiring managers need to remain hyper-vigilant about vetting job applicants and purported resumes, especially those coming from sketchy websites or email contacts. If something seems off, stop and get that resume file properly scanned before downloading it. Corporate security policies and best practices must govern how recruitment teams handle candidate materials.

Making sure your staff stays alert to these sneaky tactics could be the difference between safely onboarding great new talent or unknowingly enlisting a malicious code operator onto your payroll. Give your defenses a skills injection — ramp up your organization's security awareness training now to stomp out resume-themed threats.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Blog post with links:

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: [BUDGET AMMO] Egress Report "CEOs, Cybersecurity Leaders, Stressed Out By Phishing":

Quotes of the Week  
"Life is short, Break the rules. Forgive quickly, Kiss slowly. Love truly. Laugh uncontrollably. And never regret anything that makes you smile."
- Mark Twain - Author (1835 - 1910)

"Peace is not an absence of war, it is a virtue, a state of mind, a disposition for benevolence, confidence, justice."
- Spinoza - Philosopher (1632 – 1677)

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog

Security News

Unmasking the Threat: Why Phishing Scams Are Surging in Japan

Japan has a large number of Forbes Global 2000 corporations — more than the UK, Germany and France combined. Despite this economic strength, Japan faces an alarming and growing threat from phishing attacks, which is much worse than previously assumed.

According to findings by Mailsuite, Japan is frequently targeted by phishers, particularly impersonating its major brands. Telecom firm au by KDDI, for instance, has been exploited in 18,964 phishing scams since January 2020. Another frequently impersonated brand is the Japanese payment service JCB, which has been used in 14,907 phishing scams.

Japanese specialists confirm that these findings align with other research by Cloudflare and Vade. KDDI's cell phone service name, "au," is often abused due to its similarity to the Australian ccTLD, fooling many into thinking phishing emails are legitimate. Moreover, other major brands like train company JR East and retail franchise Aeon have also seen over 10,000 verified phishing scams each.

The problem has reached such an extent that 2023 saw a record number of phishing scams in Japan, surpassing the previous annual record for unauthorized money transfers within just six months. The trend has extended into 2024 and Hisashi Arai from KDDI's UX and Quality Department highlights the sophistication of these phishing sites, which mimic legitimate screens almost identically, making detection difficult.

Compounding the issue is the low adoption rate of DMARC by major Japanese companies, trailing behind those in the Philippines and Thailand. Japan's economic affluence, ranking third globally by GDP, makes it an attractive target for North Korean and Chinese cybercriminals. Additionally, cultural factors, such as Japan's strict adherence to deadlines, make citizens more vulnerable to phishing attempts using urgent language.

The Council of Anti-Phishing Japan's monthly reports further underscore the severity of the situation. Additionally, a recent Cloudflare announcement listed several Japanese brands frequently targeted in phishing scams, including Mitsubishi UFJ NICOS, Rakuten, JR East and Aeon.

The upshot is that phishing attacks in Japan are a significant and escalating issue, requiring immediate and enhanced cybersecurity measures to protect its corporations and citizens.

Blog post with links:

New Phishing Kit Uses Progressive Web Apps to Display Phony Login Pages

A new phishing kit abuses progressive web apps (PWAs) to impersonate corporate login pages and steal credentials, BleepingComputer reports.

"A PWA is a web-based app created using HTML, CSS, and JavaScript that can be installed from a website like a regular desktop application," BleepingComputer explains. "Once installed, the operating system will create a PWA shortcut and add it to Add or Remove Programs in Windows and under the /Users/account/Applications/ folder in macOS.

"When launched, a progressive web app will run in the browser you installed it from but be displayed as a desktop application with all the standard browser controls hidden." The phishing kit was released by security researcher "mr.d0x" for red-teaming purposes, but this technique will likely be adopted by cybercriminals.

"PWAs open up the path for UI manipulation that can trick users into believing they're on a different website," mr.d0x explained in a blog post. "This technique clearly has some disadvantages such as the requirement of the target user to install the application.

"Additionally, the PWA window briefly displays the actual domain name in the top right corner. However, I believe people's habits of checking the URL bar will lead them to disregard that domain name (security awareness is required for this)."

BleepingComputer has the story:

Crooks in the UK Allegedly Used Homemade Cell Tower to Send Smishing Messages

Police in the UK have arrested two individuals for allegedly using a homemade cell phone tower to send thousands of SMS phishing (smishing) messages, the Register reports. The device enabled the malicious text messages to evade detection by security filters.

"Officers have made two arrests in connection with an investigation into the use of a 'text message blaster,' believed to have been used to send thousands of smishing messages, posing as banks and other official organisations, to members of the public," the City of London Police said in a press release.

"In what is thought to be the first of its kind in the UK, an illegitimate telephone mast is believed to have been used as an 'SMS blaster' to send messages that bypass mobile phone networks' systems in place to block suspicious text messages."

UK communications regulator Ofcom told the Register, "Criminals who defraud people using mobile technology cause huge distress and financial harm to their victims. We're working closely with the police, the National Cyber Security Centre, other regulators, and industry to tackle the problem."

Criminals are always looking for new ways to bypass technical defenses in order to target users directly with social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

The Register has the story:

What KnowBe4 Customers Say

"Hi Stu, we have really enjoyed the product so far. It has served as a great help for our security awareness training and we are hoping to soon deploy additional features such as the PhishER button."

- R.P., Security Engineer

"Hi Stu, Thanks for your personal email. It's great to hear from you. We are happy over here and feel like KB4 is an essential and helpful tool for our organization. I especially appreciate my account rep, Crystal C. who is an invaluable resource to me. I am growing in appreciation and dependency as an important tool for us. Would you do me a favor and reach to Crystal and express my deep appreciation? Please let me know if I can help you in the future."

- P.M., IT Manager

The 10 Interesting News Items This Week
  1. The CEO Is Next To Get Sued For... a Data Breach:

  2. WSJ: Deepfakes, Fraudsters and Hackers Are Coming for Cybersecurity Jobs:

  3. London hospitals cancel over 800 operations after ransomware attack:

  4. Ransomware Is 'More Brutal' Than Ever in 2024:

  5. America's Password Habits: 46% Report Having their Password Stolen Over the Last Year:

  6. A small Idaho city loses $1 million in a 'social engineering' scam. How it happened:

  7. Chinese cyberespionage campaign infected 20,000 FortiGate systems:

  8. 70% of Cybersecurity Pros Often Work Weekends, 64% Looking for New Jobs:

  9. CISA warns of criminals impersonating its employees in phone calls:

  10. How Russia is trying to disrupt the 2024 Paris Olympic Games:

Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

Topics: Cybercrime, KnowBe4

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews