CyberheistNews Vol 14 #28 | July 9th, 2024
[Urgent Alert] 5 Critical Steps to Shield Your Teens from Rising Sextortion
By Anna Collard
A few weeks ago, I was privileged to visit the eighth grade of a high school here in Cape Town and talk to the students about cybersecurity, social media, and emerging technology.
It was a very rewarding experience but also an eye-opener with regards to the level of cyber awareness amongst adolescents. None of the kids in the room have heard about the sextortion threat before. Sextortion is a form of organized crime targeting teenagers worldwide that demands greater awareness and preventive measures.
In sextortion attacks cybercriminals pose as peers or love interests online, typically using fake accounts on Instagram or similar platforms with the sole goal to trick victims into sharing explicit images or videos of themselves.
They do this by first love-bombing the victim ("OMG, you are so beautiful, I'm obsessed") and attempt to establish a rapport. They soon start sharing fake nude pictures of themselves first, coercing their targets into sending one of themselves. Once they have the material, they start blackmailing their victim by threatening them to release the images to all their friends and contacts, unless they pay up.
Tragic stories of young victims of sextortionists like 16-year-old Murray Dowey from Scotland, a 12-year-old Canadian boy, and 16-year-old Jordan DeMay from the U.S., who died by suicide highlight the devastating consequences of this awful crime. Sextortion preys on the vulnerabilities of young people and exploits their trust.
These financially-motivated crimes are typically carried out by organized crime groups, with a disproportionate number of cases involving kids aged 14 to 18. These groups have no scruples, follow well thought-out scripts and target multiple teenagers at a time.
Teenagers are particularly vulnerable due to their prolific use of social media, emotional insecurities and still-developing decision-making skills. Open communication between parents and children; and instilling a critical mindset towards online interactions are of the utmost importance.
In addition to cultivating strong, trusting relationships with teenagers, parents and educators should warn about engaging with strangers online and to apply strong privacy settings on social media accounts to diminish the risks linked to cybercrime in general.
Social media platforms like Meta (Facebook and Instagram's parent company) should implement stronger safety features, such as making teenagers' followers and following lists private by default.
The sextortion epidemic is a complex, transnational issue that requires a multi-pronged approach. By raising awareness, promoting digital safety education amongst both kids, parents and educators, and encouraging tech companies to prioritize user protection, we can work towards a safer digital future for our children.
5 Critical Steps To Shield Your Teens:
- Develop your own understanding of this type of financially motivated extortion by organized crime groups.
- Raise the awareness of teens in your (immediate) family and discuss this topic with them early one-on-one.
- In case of an incident #1: alert the right authority.
- In case of an incident #2: avoid victim-blaming and help them get the images removed.
- Encourage reporting and support. Create an environment where teens feel safe to speak up.
Blog post with links:
https://blog.knowbe4.com/sextortion-epidemic-targeting-teenagers-calls-for-urgent-action
[New Features] Ridiculously Easy Security Awareness Training and Phishing
Old-school awareness training is simply not effective. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, July 10, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look at three new features and see how easy it is to train and phish your users.
- NEW! Callback Phishing allows you to see how likely users are to call an unknown phone number provided in an email and share sensitive information
- NEW! Individual Leaderboards are a fun way to help increase training engagement by encouraging friendly competition among your users
- NEW! 2024 Phish-prone™ Percentage Benchmark By Industry lets you compare your percentage with your peers
- Smart Groups allows you to use employees' behavior and user attributes to tailor and automate phishing campaigns, training assignments, remedial learning and reporting
- Full Random Phishing automatically chooses different templates for each user, preventing users from telling each other about an incoming phishing test
Find out how 65,000+ organizations have mobilized their end users as their human firewall.
Date/Time: TOMORROW, July 10, @ 2:00 PM (ET)
Save My Spot!
https://info.knowbe4.com/en-us/kmsat-demo-1?partnerref=CHN3
The Curious Case of the Payroll Pilfering
By Javvad Malik
In a world where cyber espionage has become as common as a rainy day in London, the recent events surrounding the UK armed forces' payroll database have had us all raising our eyebrows higher than a butler's in a posh British drama.
The plot twists in the world of cybersecurity often reminds me of a Bond film, albeit with fewer martinis and more malware.
The British government, on a rather unassuming Tuesday, declared with the utmost sobriety that it takes "[cybersecurity] extremely seriously" following allegations that a Chinese cyber task force wanted to exfiltrate a database containing the UK armed forces' payroll details.
Work and Pensions Secretary Mel Stride, carefully danced around diplomatic eggshells, with a clear message: "our eyes are wide open when it comes to China" while insisting that at this point it was just an assumption.
Senior Conservative MP Tobias Ellwood stated that the data targeted wasn't just cold, hard numbers but personal details capable of coercing individuals, hinting at a plot thicker than a bowl of oatmeal.
Despite this breach, assurances have been given that paydays have proceeded as scheduled. It does cause one to pause and ponder the human side of cybersecurity in this scenario. Behind every data entry and bank account number lies an individual serving their country, a stark reminder that at the heart of cybersecurity are people, not just zeros and ones.
This incident, while devoid of an MI6 agent with a license to kill, underscores the importance of fostering a culture of cybersecurity awareness that goes beyond mere protocols and passwords. Changing the narrative from reactive gasps to proactive steps can transform a culture from one of vulnerability to resilience.
As we reflect on this incident, it becomes abundantly clear that the realm of cybersecurity has become an integral part of our national security landscape. The digital battlefield is no longer a distant concept but a very real and present threat that demands our utmost attention and proactive measures.
It is crucial to recognize that behind every data point compromised in such breaches are individuals who have dedicated their lives to serving and protecting our nation. The human impact of these cyber incidents cannot be understated, and it is our collective responsibility to safeguard the personal information and well-being of those who put themselves on the line for our safety.
Moreover, this event highlights the pressing need for a fundamental shift in our approach to cybersecurity. It is no longer sufficient to rely on reactive measures and damage control after a breach has occurred. Instead, we must cultivate a robust culture of cybersecurity awareness and proactive defense mechanisms across all levels of our organizations and society.
This cultural shift requires a concerted effort from leadership to prioritize cybersecurity as a core value and invest in the necessary resources, training and infrastructure. It also demands a commitment from every individual to take ownership of their digital hygiene and remain vigilant against potential threats.
Blog post with links:
https://blog.knowbe4.com/the-curious-case-of-the-payroll-pilfering
Crack the Code on Ransomware: Empowering Your Last Line of Defense
Cybercriminals are maximizing the potential damage to your organization to boost their profits. A staggering 91% of reported ransomware attacks included a data exfiltration effort. Now is the time to prepare your defenses.
Join us for this new webinar featuring Roger Grimes, Data-Driven Defense Evangelist at KnowBe4. He will crack the code of ransomware, sharing insights on how to prevent, detect and empower your users to mitigate ransomware attacks.
In this session, you'll learn how to:
- Dissect the latest ransomware tactics and indicators of an impending attack
- Detect the most covert ransomware programs
- Develop tailored defense strategies to respond to ransomware tactics
- Merge technical and human security layers for a formidable defense strategy
Empower your users to become your best, last line of defense. Learn how and earn CPE credit for attending!
Date/Time: Wednesday, July 17, @ 2:00 PM (ET)
Can't attend live? No worries — register now and you will receive a link to view the presentation on-demand afterwards.
Save My Spot:
https://info.knowbe4.com/crack-the-code-on-ransomware?partnerref=CHN
New Malware Campaign Impersonates AI Tools To Trick Users
Researchers at ESET warn that malvertising campaigns are impersonating AI tools to trick users into installing malware. The Rilide infostealer, for example, is being distributed via a malicious browser extension posing as Sora or Gemini.
"In the case of the malicious browser extension, it is delivered to victims who have been duped into clicking on malicious ads, typically on Facebook, that promise the services of a generative AI model," the researchers write.
"Although the extension itself masquerades as Google Translate, it offers the official webpage to one of the AI services used as a lure; the lures include OpenAI's Sora and Google's Gemini. Since August 2023, ESET telemetry has recorded over 4,000 attempts to install the malicious extension."
Additionally, the Vidar malware is spreading through a phony installer for the Midjourney image generator.
"Spread via Facebook ads, Telegram groups, and dark web forums, the malicious installer purports to offer Midjourney, an AI image generator, but delivers the Vidar infostealer instead," the researchers write.
"Upon execution, if the installer detects that a Java runtime environment (JRE) is not installed on the system, an error message about the missing runtime is shown and the official Java download page is opened; Java is required for the installer to run. If the JRE was already installed, then a splash screen advertising Midjourney is shown."
Jiří Kropáč, Director of Threat Detection at ESET, stated, "Although the ongoing development of generative AI models has been accompanied by safeguards to prevent their abuse, this has not prevented cybercrooks from pressing the topic of generative AI into cybercriminal service.
"Since 2023, we have seen predominantly infostealers abusing this theme and expect that trend to continue. Instead of clicking on untrustworthy links promising access to generative AI models, always navigate to the official websites of the providers. And to stay protected against infostealers, make sure to run reputable security solutions on your devices."
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Blog post with links:
https://blog.knowbe4.com/malware-impersonates-ai-tools
[New Whitepaper] 4 Reasons Why SecurityCoach Helps Users Help Themselves
Your employees are your largest attack surface.
For too long the human component of cybersecurity has been neglected, leaving employees vulnerable and creating an easy target for cybercriminals to exploit.
But your users want to do the right thing. Rather than a hurdle to be overcome, organizations need to think of their employee base as an asset, once properly equipped.
In this whitepaper, learn how KnowBe4's SecurityCoach tool helps strengthen your security culture by enabling real-time coaching of your users in response to their risky security behavior. The real-time, focused, security awareness training is called coaching because these quick messaging opportunities are used to nudge users toward the right decisions and behaviors.
Read this whitepaper to learn how SecurityCoach can:
- Deliver the right education where needed to maximize its impact
- Encourage real-time learning with content provided when and where it will matter most
- Provide critical insights to management to help determine where more focused training is needed
Download this whitepaper today!
https://info.knowbe4.com/wp-four-reasons-why-securitycoach-helps-users-help-themselves-chn
[Did You Know?] KnowBe4 Has Sent 1.5 Billion Phishing Security Tests
Currently, the monthly volume of Phishing Security Test (PST) emails is 40 million and growing, which means we will hit the 2 billion mark in the second half of 2025. :-D
Let's stay safe out there.
Warm Regards,
Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.
PS: [Budged Ammo] In an Era of Fakes, How to Know When Someone Online Is Real?
https://www.wsj.com/tech/personal-tech/in-an-era-of-fakes-how-to-know-when-someone-online-is-real-66918976?
PPS: [VIDEO 1:40] Watch How Law Firm Hill Ward Henderson Uses KnowBe4:
https://www.youtube.com/watch?v=yiAmVua8K9o
- George Washington - 1st U.S. President (1732 - 1799) (President from 1789 - 1797)
- Sir Arthur Conan Doyle: Author of Sherlock Holmes (1859 - 1930)
You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-14-28-urgent-alert-five-critical-steps-to-shield-your-teens-from-rising-sextortion
State-Sponsored Phishing Campaigns Target 40,000 VIP Individuals
Researchers at Menlo Security discovered three state-sponsored phishing campaigns that have targeted 40,000 important individuals over the past three months.
"In a recent 90-day period, Menlo Labs uncovered a trifecta of sophisticated [highly evasive and adaptive threat] campaigns—LegalQloud, Eqooqp, and Boomer—compromising at least 40,000 high-value users, including C-suite executives from major banking institutions, financial powerhouses, insurance giants, legal firms, government agencies, and healthcare providers," the researchers write.
"The breadth and depth of these breaches signal an alarming escalation in cyber warfare." The first campaign, "LegalQloud," is impersonating Microsoft to target government workers and investment bankers in North America.
"LegalQloud targets governments and investment banks in North America and impersonates the names of greater than 500 legal firms and steals credentials," Menlo Security writes. "The attack impersonates the Microsoft brand and is hosted on the Tencent Cloud (Tencent is the largest Internet company in China).
The associated domain is not blocked by URL categorization and related blocklist services. This threat is hosted globally and predominantly targets government entities in North America. LegalQloud targets investment banks as a second focus."
The second campaign, called "Eqoop," can bypass multifactor authentication and is targeting entities in the logistics, finance, petroleum, manufacturing, higher education and research sectors. Menlo Security has detected nearly 50,000 attacks tied to this operation.
The third campaign, tracked as "Boomer," uses a combination of sophisticated techniques throughout the attack chain. "Boomer targets government and healthcare sectors," the researchers write. "The evasive techniques and software development tradecraft exceed previously identified campaigns.
"Boomer will avoid detection if only traditional controls are in place. Boomer uses orchestrated, dynamic phishing sites, cookies, server-side logic, bot-detection countermeasures, encrypted code, and other techniques to increase the attack's reach and stealth."
Blog Post with links:
https://blog.knowbe4.com/state-sponsored-phishing-campaigns-target-40000-vip-individuals
Support Tickets Used to Send Phishing Emails
A hacked customer support portal belonging to router manufacturer Mercku is being used to respond to customer queries with phishing emails, BleepingComputer reports. If a customer files a support ticket through the company's Zendesk portal, they'll receive an automated response that attempts to trick them into granting access to their Metamask cryptocurrency account.
The phishing emails contain well-written and grammatically correct messages that appear to come from the Metamask team, informing users that they need to update their accounts' security settings. The emails state, "Your account will experience temporary inaccessibility until you complete the update. To prevent any inconvenience and potential loss of account access, we kindly request that you complete this mandatory update within the next 24 hours."
BleepingComputer states, "In our tests, we contacted Mercku via its Zendesk portal and received the above message in place of an automated acknowledgment. The acknowledgment email is a phishing message. Users should not respond to it and not open any links or attachments contained therein.
"MetaMask is a cryptocurrency wallet that uses the Ethereum blockchain and is available as a browser extension and a mobile app. Given its popularity, MetaMask has often become a target for attackers including phishing actors and crypto scammers."
The phishing website is currently down, but Mercku customers should be on guard until the company resolves the issue. "Fortunately, during our tests, the final destination webpage indicates that the .store domain's hosting account has been 'suspended' and therefore further attacks have been thwarted for now," BleepingComputer says.
"BleepingComputer contacted Mercku's support and press teams over the weekend to notify them of this compromise and ask additional questions about how it occurred. In the meantime, Mercku customers and prospects should refrain from using the manufacturer's support portal and interacting with any communications originating from it."
New-school security awareness training can give your employees a healthy sense of suspicion so they can be wary of fishy requests, even if they come from trusted sources.
BleepingComputer has the story:
https://www.bleepingcomputer.com/news/security/router-makers-support-portal-hacked-replies-with-metamask-phishing/
What KnowBe4 Customers Say
"Stu, thanks for reaching out. I am very happy with KnowBe4. I am able to deploy training and phishing tests quite easily. In addition, the feedback from the users is that the training is useful, so I think they are actually paying attention to it. The AI phishing campaigns are excellent. Thanks again for asking for feedback."
- A.R., Head of Business Systems and IT
"I don't normally do this, but after working with Anna these past couple of months, I thought you would want to know how talented she is. Anna is one of the best reps I have ever worked with at any vendor, and I'm not just saying this. In every demo I have with her, I walk away so impressed.
She is personable, smart, and excellent at reading a customer. In every demo I have done with Anna, the customers are nodding their heads the whole time and often end up selling the product back to us by the end of the meeting.
Anna doesn't just demonstrate the product; she sells why KB4 is the best. To the point where we had a customer call KB4 the 'Rolls-Royce' of SAT. The same customer had built a case for three other brands of SAT but is now ditching all three and only running with KB4. I highly recommend joining one of her demos to see her in action."
- W.A., Business Development Representative
- Australian charged for 'Evil Twin' Wi-Fi attack on plane:
https://www.bleepingcomputer.com/news/security/australian-charged-for-evil-twin-wifi-attack-on-plane - UN urges Russia to 'immediately' cease hacking European satellites:
https://therecord.media/un-russia-satellite-interference-europe - Killings, coups and chaos: inside Putin's secret spy war on Europe:
https://www.thetimes.com/world/europe/article/killings-coups-and-chaos-inside-putins-secret-spy-war-on-europe-jlqmfqnb5 - Cyber-Insurance Premiums Decline as Firms Build Resilience:
https://www.infosecurity-magazine.com/news/cyberinsurance-premiums-decline/?&web_view=true/ - Poland to probe Russia-linked cyberattack on state news agency:
https://therecord.media/poland-cyberattack-investigation-state-agency - TeamViewer says APT29 hack did not affect its product environment or customer data:
https://www.securityweek.com/teamviewer-hack-officially-attributed-to-russian-cyberspies - The 10 most powerful cybersecurity companies today:
https://www.csoonline.com/article/569075/the-10-most-powerful-cybersecurity-companies.html - Crypto Hacks Skyrocket in First Half of 2024, Stolen Money Doubles to $1.4 Billion:
https://www.techtimes.com/articles/306412/20240705/crypto-hacks-skyrocket-first-half-2024-stolen-money-doubles-1.htm/ - Euro Vishing Fraudsters Add Physical Intimidation to Arsenal:
https://www.darkreading.com/remote-workforce/euro-vishing-fraudsters-add-physical-intimidation-to-arsenal - Average ransomware demand reaches staggering $5.2 million:
https://www.infosecurity-magazine.com/news/ransomware-demands-staggering-5m/
- Virtual Vaca #1 - 13 Things You Need To Do In Cyprus!
https://youtu.be/HZiHS66fe9k - Virtual Vaca #2 is just a bit more south - to the unique El Jem, Africa's Colosseum:
https://youtu.be/utySho-xoHI - The most useless new website in the world. And insanely popular!
https://onemillioncheckboxes.com - Best Videos of 2024 So Far - Highlights from People Are Awesome:
https://www.flixxy.com/best-videos-of-2024-so-far-highlights-from-people-are-awesome.htm?utm_source=4 - Prepare to be amazed by the most incredible sports moments of the month!
https://www.flixxy.com/unbelievable-feats-best-moments-of-the-month.htm?utm_source=4 - Fantastic Planet Earth in 12K HDR Video ULTRA HD 120FPS - Colorful Dolby Vision:
https://youtu.be/sxHn80sZjks - Svalbard Raw 100. Kayaking off the Arctic. (Entry for Short Film Awards 2024):
https://youtu.be/sQ9RRmt9XcA - Wingsuit Terrain flying in Turkey:
https://youtu.be/n0KWyOIsWSo - LockPicking Lawyer hacks Hermex's Dimple-Core Round Body Padlock in no time:
https://youtu.be/7d-vwe0IizA - From the archives. This kid is good. Penn and Teller Fool Us - Magic Maxl - Youngest fooler ever!:
https://youtu.be/oQVyW9ZDCog - The Shocking Corruption Behind LA's Water Supply:
https://www.youtube.com/watch?v=muB6sOH_QW8 - For Da Kids #1 - 9-year-old Is Best Friends With A Wild Magpie:
https://youtu.be/jtprj9RNwhc - For Da Kids #2 - Girl Brings Home A Thirsty Toad. Now They Watch Shows Together:
https://www.youtube.com/watch?v=DjHMJcFPuno - For Da Kids #3 - Baby Beavers Find Their Best Friend For Life:
https://youtu.be/wr7pUFLLPJU - For Da Kids #4 - Dwarf Husky Falls In Love With Her Gym Coach:
https://youtu.be/MyCpPFD4Kkg - For Da Kids #5 - Rescued Wolf Dog Immediately Recognizes His Long-Lost Brother:
https://youtu.be/7eDACI55clQ