CyberheistNews Vol 14 #27 [Important Alert] TeamViewer Network Breached as Russian APT29 Hackers Strike Again



Cyberheist News

CyberheistNews Vol 14 #27  |   July 2nd, 2024

[Important Alert] TeamViewer Network Breached as Russian APT29 Hackers Strike AgainStu Sjouwerman SACP

In a concerning development, TeamViewer, one of the world's leading remote access software providers, has disclosed a cyber attack that breached its corporate network environment.

The incident was first detected on June 26, 2024, when TeamViewer's security team identified irregularities in their internal IT infrastructure.

Responding swiftly, TeamViewer activated its incident response procedures and engaged renowned cybersecurity experts to investigate and mitigate the breach. While details are still emerging, TeamViewer attributes the attack to APT29, a notorious Russian state-sponsored hacking group with a track record of sophisticated cyber espionage campaigns.

The cybersecurity firm NCC Group has issued an alert warning its customers about a "significant compromise of the TeamViewer remote access and support platform by an APT group." Furthermore, Health-ISAC, an intelligence-sharing community for healthcare organizations, cautioned that APT29 is actively exploiting TeamViewer connections.

Although TeamViewer has stated that there is no evidence of the product environment or customer data being affected, the implications of this breach are far-reaching. With over 640,000 customers worldwide and installations on 2.5 billion devices, TeamViewer's remote access capabilities could potentially provide threat actors with a foothold into countless networks.

This incident serves as a stark reminder of the persistent and evolving cyber threats that organizations face, even from seemingly secure and trusted software solutions. Threat actors are continuously adapting their tactics, exploiting new vulnerabilities and leveraging sophisticated hacking tools to compromise systems and exfiltrate sensitive data.

As the investigation into the TeamViewer breach continues, we urge organizations to remain vigilant, review their remote access protocols and prioritize ongoing security awareness training initiatives. Cyber threats are constantly evolving, and a well-informed and prepared workforce is often the last line of defense against extremely expensive breaches.

Blog post with links:
https://blog.knowbe4.com/teamviewer-corporate-network-breached

[New Features] Ridiculously Easy Security Awareness Training and Phishing

Old-school awareness training is simply not effective. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

Join us Wednesday, July 10, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.

Get a look at three new features and see how easy it is to train and phish your users.

  • NEW! Callback Phishing allows you to see how likely users are to call an unknown phone number provided in an email and share sensitive information
  • NEW! Individual Leaderboards are a fun way to help increase training engagement by encouraging friendly competition among your users
  • NEW! 2024 Phish-prone™ Percentage Benchmark By Industry lets you compare your percentage with your peers
  • Smart Groups allows you to use employees' behavior and user attributes to tailor and automate phishing campaigns, training assignments, remedial learning and reporting
  • Full Random Phishing automatically chooses different templates for each user, preventing users from telling each other about an incoming phishing test

Find out how 65,000+ organizations have mobilized their end users as their human firewall.

Date/Time: Wednesday, July 10, @ 2:00 PM (ET)

Save My Spot!
https://info.knowbe4.com/en-us/kmsat-demo-1?partnerref=CHN

My Hacker Story: A Cautionary Tale of Intern Antics and Cultural Learnings

By Javvad Malik

My hacker story does not paint me in the best light, and it is not intended to. I am a firm believer in sharing one's mistakes and being open to learning from them. My incident taught me so much, and many years later, I am still benefiting from the learning opportunities. As the wise quote goes, "We have met the enemy, and they are us" — a sentiment that perfectly sums up my experience.

Watch the 3:30 Video. Highly Entertaining!
https://blog.knowbe4.com/hacker-story-cautionary-tale-intern-antics-and-cultural-learnings

Crack the Code on Ransomware: Empowering Your Last Line of Defense

Cybercriminals are maximizing the potential damage to your organization to boost their profits. A staggering 91% of reported ransomware attacks included a data exfiltration effort. Now is the time to prepare your defenses.

Join us for this new webinar featuring Roger Grimes, Data-Driven Defense Evangelist at KnowBe4. He will crack the code of ransomware, sharing insights on how to prevent, detect, and empower your users to mitigate ransomware attacks.

In this session, you'll learn how to:

  • Dissect the latest ransomware tactics and indicators of an impending attack
  • Detect the most covert ransomware programs
  • Develop tailored defense strategies to respond to ransomware tactics
  • Merge technical and human security layers for a formidable defense strategy

Empower your users to become your best, last line of defense. Learn how and earn CPE credit for attending!

Date/Time: Wednesday, July 17, @ 2:00 PM (ET)

Can't attend live? No worries — register now and you will receive a link to view the presentation on-demand afterwards.

Save My Spot:
https://info.knowbe4.com/crack-the-code-on-ransomware?partnerref=CHN

Mexican Organizations Under Attack from Specialized Cybercriminals

A crafty group of cybercriminals has been relentlessly pursuing Mexican banks, cryptocurrency platforms and other organizations in an extended campaign stretching back over two years. Their weapon of choice? A heavily customized version of the AllaKore remote access trojan (RAT).

These threat actors are ruthlessly targeting any large Mexican enterprise they can get their hands on. With a sweet spot for companies pulling in over $100 million in annual revenue, they're not messing around with small fry.

Leveraging legitimate Mexican government resources like IMSS documents as lures, they've invested serious effort into making their campaign look as legit as can be. With newly added Spanish commands, it can hoover up banking credentials, authentication data and anything else that smells like money.

The stolen data gets fired off to the crooks' shady command-and-control servers to be exploited for financial fraud and other illicit activities. Slick as these cyber crooks are, they've left a few clues that point to them operating out of Latin America. Bundles of Mexican Starlink IP addresses interacting with their C2 infrastructure and the RAT's consolidated Spanish nomenclature both hint at "donde estan los malos."

This criminal operation is heavily persistent, the attacks have lasted for years of active targeting across multiple industries. From retail and agriculture operations all the way up to finance, transportation and critical infrastructure suppliers, no entity has been safe. It's an unfortunately well-designed criminal scheme that's proving highly resistant to disruption so far.

Whether your company is in Mexico or halfway across the world, this is yet another stark reminder that cybercriminals will stop at nothing to go where the money is. Staying ahead of evolving attack techniques and improving your security awareness training efforts is pivotal to putting the brakes on crooks like these. When millions are on the line, you can't afford not to make cybersecurity a top priority.

Blog post with links:
https://blog.knowbe4.com/mexican-organizations-under-attack-cyber-criminals

[Customer Story] Financial Services Organization Improves the Quality of Compliance Training Content

Old-school compliance training is expensive, outdated and boring. Your users need compliance training content that's always fresh and up-to-date so you can stay on top of your compliance requirements.

With Compliance Plus, you can use the power of the KnowBe4 platform to create and deliver compliance training campaigns the same way you deliver your security awareness training campaigns. This means a seamless training experience for your users, plus it's easier for you to manage everything in one platform.

In this customer story, hear from a CISO at a financial services organization about why they chose Compliance Plus and how it provides better value for the price.

Read the Customer Story:
https://www.knowbe4.com/trustradius-cmp-smb-customer-story

Learn How To Uplevel From Your Static SEC to M365 + Egress

Metropolis International Group transitions from static SEG to Microsoft 365 and Egress

The challenge was that the static SEG technology was falling short:

  • Not sufficient in preventing advanced attacks
  • A significant amount of spam evaded their SEG
  • Managing spam notifications significantly increased the security team's workload
  • The SEG failed to stop sensitive information from being sent to incorrect recipients, creating privacy and compliance risks
  • The SEG's simplistic name matching policy led to excessive false positives when messages were sent from personal to work email accounts

As a leading media and technology firm, Metropolis International Group (Metropolis) manages over 40 diverse publications, ranging from financial journals to music industry magazines. This variety often results in false email misdirection and impersonation alerts from their Secure Email Gateway (SEG) during internal forwarding.

Faced with an uptick in sophisticated phishing attacks evading the SEG, Metropolis wanted to take decisive action to mitigate risk, improve user experience and alleviate the administrative burden on its security team.

After deploying the Egress Intelligent Email Security Suite, Metropolis decided to transition away from its SEG entirely. Chris Jenkins, IT Manager explains: "We rigorously reviewed our email security policies to discern what needed to stay and what was outdated. Opting for a clean slate, we chose Microsoft Exchange Online Protection, with the Egress Intelligent Email Suite layered on top for additional security."

The migration, conducted domain by domain starting with the least active, involved reconfiguring internet traffic and updating crucial settings to secure mail flow.

"Following this adjustment, we activated all the necessary policies. The next stage, which was critical, involved observing and testing the system closely for any missed emails or potential issues that required immediate attention and resolution," Chris says. Progressively, Metropolis expanded this approach to include their five largest domains.

This systematic method allowed Chris to strengthen Metropolis' email security infrastructure gradually, ensuring each domain was adequately secured before moving onto the next.

Chris explains: "The biggest priority for me is about being abundantly cautious when dealing with the business-critical service of email and ensuring mail flow remained uninterrupted throughout."

Full story with numbers at Egress, a KnowBe4 company:
https://www.egress.com/resources/customers/customer-stories/metropolis?


Let's stay safe out there.

Warm Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: Your KnowBe4 Fresh Content Updates from June 2024:
https://blog.knowbe4.com/knowbe4-content-updates-june-2024

PPS: KnowBe4 Recognized as Cyber Security Educator of the Year at IT Europa Awards 2024:
https://blog.knowbe4.com/knowbe4-recognized-as-cyber-security-educator-of-the-year-at-it-europa-awards-2024

Quotes of the Week  
"If you don't have time to do it right, when will you have the time to do it over?."
- John Wooden, American basketball coach and player (1910 - 2010)

"People do not decide to become extraordinary. They decide to accomplish extraordinary things."
- Sir Edmund Hillary, explorer, mountaineer (1919 - 2008)

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-14-27-important-alert-teamviewer-network-breached-as-russian-apt29-hackets-strike-again

Security News

The Double-Edged Sword of AI: Empowering Cybercriminals and the Need for Heightened Cybersecurity Awareness

By Javvad Malik

The BBC recently reported that Booking.com is warning that AI is driving an explosion in travel scams. Up to 900% in their estimation — making it abundantly clear that while AI can be a force for good, it can also be a formidable weapon in the arsenal of cybercriminals.

One of the most concerning trends we've observed is the increasing use of AI by cybercriminals to carry out sophisticated phishing attacks. By leveraging the power of natural language processing and machine learning, these malicious actors can craft highly personalized and convincing emails, text messages and social media posts that are designed to trick even the most vigilant individuals into divulging sensitive information or clicking on malicious links.

The consequences of falling victim to such AI-driven phishing scams can be devastating, ranging from financial losses and identity theft to the compromise of entire corporate networks. As these attacks become more prevalent and harder to detect, it's crucial that we, as a society, prioritize cybersecurity awareness and education.

Gone are the days when cybersecurity was solely the concern of IT professionals and security experts. In today's interconnected world, where our personal and professional lives are increasingly intertwined with technology, cybersecurity is everyone's responsibility. From the boardroom to the front lines, from the classroom to the living room, we all have a role to play in safeguarding our digital lives and the sensitive information we hold dear.

[CONTINUED] Blog Post with links:
https://blog.knowbe4.com/the-double-edged-sword-of-ai-empowering-cybercriminals-and-the-need-for-heightened-cybersecurity-awareness

Phishing Attacks in the UK Have Surged

Over 11 million phishing attacks have been reported to the UK's Suspicious Email Reporting Service (SERS) over the past year, according to new data from Action Fraud. The UK's National Cyber Security Centre has also taken down more than 329,000 phishing sites since the SERS program started in 2020.

"Action Fraud, the national fraud and cybercrime reporting service, launched a national phishing awareness campaign on 24 June 2024, as reporting reached its highest level since SERS launched," Action Fraud stated. "New data shows a rise of 44% year-on-year, with almost 11,611,400 reports made to SERS in 2023, up from 8,074,200 reports in 2022.

"Alongside emails, there has also been a huge number of text messages reported to 7726." Claire Webb, Deputy Head of Action Fraud, said, "When fraudsters go phishing for valuable information, anyone could be a target. They will hook an unknowing victim with a genuine-looking email, in a bid to get them to share personal information, or bank details.

"Year on year, the amount of people reporting phishing emails and texts is growing. Action Fraud is urging everyone to be extra vigilant of suspicious-looking emails landing in their inbox, which could contain malicious links leading to unknown websites."

Action Fraud offers the following advice to help users avoid falling for phishing attacks:

  • If you have any doubts about a message, contact the organization directly using the contact details on their official website.
  • Do not use the number or web address in the message. Your bank, or any other official source, will not ask you to provide sensitive information by email.
  • Received an email that doesn't feel right? STOP! Report suspicious emails by forwarding them to: report[@]phishing[.]gov[.]uk. Send emails to this address that feel suspicious, even if you're not certain they're a scam – they will be checked.
  • Always report suspicious text messages or scam call numbers, free of charge, to 7726. Your provider can find out where the text came from and block or ban the sender.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Action Fraud has the story:
https://www.actionfraud.police.uk/phishing

What KnowBe4 Customers Say

"Hello Stu, the tools have brought many positive results, especially with the option of automatic training for users. The phishing report button was also a differentiator for the company. Overall, we are very satisfied."

- Z.E., IT Operations


"Hello Stu, things are going very well. KnowBe4 is quickly becoming a cornerstone for our phishing awareness training, new employee onboarding and phishing tests. With a couple quarters under the belt, I plan to ramp up the Q3 exercise and leverage more of the platform capabilities such as QR codes, USB drop and custom Phishing content (maybe some deep fake content). The process for setting up exercises is easy, reporting hits the mark with the Executive team, its going very well."

- M.D., Cyber Security Manager

The 10 Interesting News Items This Week
  1. [Lunch & Learn] How Russia really works: Bill Browder on surviving Putin. The Full interview:
    https://youtu.be/nUzw9kCJ5rc?si=8jb8-2yD4gdK_yZc

  2. Russian hackers sanctioned by European Council for attacks on EU and Ukraine:
    https://therecord.media/six-russian-hackers-sanctioned-european-council-eu-ukraine

  3. CISA confirms hackers may have accessed data from chemical facilities during January incident:
    https://therecord.media/cisa-confirms-hackers-chemical-facilities

  4. UK and U.S. cops band together to tackle Qilin's ransomware shakedowns:
    https://www.theregister.com/2024/06/25/nca_fbi_qilin_ransomware/

  5. FBI Warns Law Firms, Attorneys About Cybercriminals Posing as Counsel:
    https://www.law.com/nationallawjournal/2024/06/26/fbi-has-new-warning-for-law-firms-and-attorneys-398-135564

  6. Chinese cyberespionage gangs deploy ransomware as a diversion:
    https://www.sentinelone.com/labs/chamelgang-attacking-critical-infrastructure-with-ransomware/

  7. $257 million seized in global police crackdown against online scams:
    https://www.interpol.int/News-and-Events/News/2024/USD-257-million-seized-in-global-police-crackdown-against-online-scams

  8. U.S. indicts Russian GRU hacker, offers $10 million reward:
    https://www.bleepingcomputer.com/news/security/us-indicts-russian-gru-hacker-offers-10-million-reward/

  9. Cyberattackers are using more new malware, attacking critical infrastructure:
    https://www.csoonline.com/article/2508092/cyberattackers-are-using-more-new-malware-attacking-critical-infrastructure.html

  10. Google disrupts Chinese influence operations:
    https://blog.google/threat-analysis-group/google-disrupted-dragonbridge-activity-q1-2024/

Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

Topics: Cybercrime, KnowBe4



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews