CyberheistNews Vol 14 #29 | July 15th, 2024
[Warn Your Users] High Scam Risk After Failed Trump Assassination
Pictures of United States presidential candidate Donald Trump rushed from a campaign stage following an assassination attempt, blood on his cheek, are an unsettling shock.
As I write this Sunday morning, I am sure cybercriminals are crafting all manners of social engineering attacks using this stunning event.
Warn your users immediately against the inevitable wave of news about this event. It presents the perfect social engineering storm. It doesn’t take much to imagine all of the disinformation headlines, and these types of events have high click rates across all digital media channels.
WARN YOUR USERS
Your users need to think before they click
Send employees, friends and family something similar to the following:
"Saturday, July 13, 2024, news broke about President Trump barely surviving an assassination attempt. Live video and pictures flooded the airwaves and internet almost immediately. Bad actors are expected to exploit this event in a number of ways, so be careful with anything related to this news: emails, attachments, any social media, texts on your phone, anything. There will be scams, disinformation and misinformation related to this, so Think Before You Click and think twice before you forward anything."
For KnowBe4 customers, we will create new phishing templates ASAP that I suggest you send to everyone as soon as they are available. We will place the templates in the Current Events category.
Crack the Code on Ransomware: Empowering Your Last Line of Defense
Cybercriminals are maximizing the potential damage to your organization to boost their profits. A staggering 91% of reported ransomware attacks included a data exfiltration effort. Now is the time to prepare your defenses.
Join us for this new webinar featuring Roger Grimes, Data-Driven Defense Evangelist at KnowBe4. He will crack the code of ransomware, sharing insights on how to prevent, detect and empower your users to mitigate ransomware attacks.
In this session, you'll learn how to:
- Dissect the latest ransomware tactics and indicators of an impending attack
- Detect the most covert ransomware programs
- Develop tailored defense strategies to respond to ransomware tactics
- Merge technical and human security layers for a formidable defense strategy
Empower your users to become your best, last line of defense. Learn how and earn CPE credit for attending!
Date/Time: THIS WEEK, Wednesday, July 17, @ 2:00 PM (ET)
Can't attend live? No worries — register now and you will receive a link to view the presentation on-demand afterwards.
Save My Spot:
https://info.knowbe4.com/crack-the-code-on-ransomware?partnerref=CHN3
Dodgy New Phishing Platform Targets Microsoft 365 Accounts at Financial Firms
Analysis of the latest phishing-as-a-service (PhaaS) platform ONNX Store highlights just how successful these platforms can be.
Security analysts at threat intelligence vendor Eclectic IQ have been tracking ONNX Store, noting it's a rebranded evolution of the Caffeine PhaaS platform. According to analysis, ONNX has been used to target financial institutions, "including banks, private funding firms and credit union service providers across the EMEA and AMER regions."
This platform uses a combination of socially-engineered phishing emails, and QR codes contained within PDF attachments. It impersonates Microsoft 365 auth pages hosted on bulletproof hosting services, proxied MFA and encrypted JavaScript code to avoid detection.
Eclectic IQ mapped out all the services, websites, bots and more used as by this sophisticated platform. It's a rather elaborate setup that should have organizations worried. Something this advanced, which takes into account just about every way a user or security solution could detect it's a phishing attack, is troublesome.
However, the one element of the attack that even ONNX can't mimic perfectly is the phish itself. It requires the recipient to believe they need to open a PDF attachment and then use their mobile phone to scan the QR code to read the document.
Users who undergo continual security awareness training will recognize such an email as unexpected and suspicious.
Blog post with graphics and links:
https://blog.knowbe4.com/new-phishing-platform-targets-microsoft-365-financial-firms
Rip Malicious Emails With KnowBe4's PhishER Plus
Rip malicious emails out of your users' mailbox with KnowBe4's PhishER Plus! It's time to supercharge your phishing defenses using these two powerful features:
1) Automatically block malicious emails that your filters miss
2) Rip malicious emails from inboxes before your users click on them
With PhishER Plus you can:
- NEW! Detect and respond to threats faster with real-time web reputation intelligence with PhishER Plus Threat Intel, powered by Webroot!
- Use crowdsourced intelligence from more than 13 million users to block known threats before you're even aware of them
- Automatically isolate and "rip" malicious emails from your users' inboxes that have bypassed mail filters
- Simplify your workflow by analyzing links and attachments from a single console with the CrowdStrike Falcon Sandbox integration
- Automate message prioritization by rules you set and cut through your Incident Response inbox noise to respond to the most dangerous threats quickly
Join us for a live 30-minute demo of PhishER Plus, the #1 Leader in the G2 Grid Report for SOAR Software, to see it in action.
Date/Time: Wednesday, July 24, @ 2:00 PM (ET)
Save My Spot:
https://info.knowbe4.com/phisher-demo-1?partnerref=CHN
Amazon-Related Scams Spike Ahead of Prime Day
This week it's Prime Crime.
Researchers at Check Point have spotted over a thousand new suspicious domains linked to Amazon in just the past month. The criminals have geared up to target users during Amazon Prime Day.
"While Prime Day offers incredible savings, it is crucial for shoppers to remain vigilant, exercise caution while clicking on links or providing sensitive information, and ensure they are navigating legitimate platforms," the researchers write.
"Many of the phishing sites impersonate Amazon's login page in order to steal users' credentials. The crooks are also targeting Amazon carrier accounts with a phishing site called "amazon-onboarding[.]com."
Check Point recommends that users adhere to the following best practices to thwart these attacks:
- "Check URLs Carefully: Be wary of misspellings or sites using a different top-level domain (e.g., .co instead of .com). These copycat sites may look attractive but are designed to steal your data.
- Create Strong Passwords: Ensure your Amazon.com password is strong and uncrackable before Prime Day to protect your account.
- Look for HTTPS: Verify that the website URL starts with "https://" and has a padlock icon, indicating a secure connection.
- Limit Personal Information: Avoid sharing unnecessary personal details like your birthday or social security number with online retailers.
- Be Cautious with Emails: Phishing attacks often use urgent language to trick you into clicking links or downloading attachments. Always verify the source.
- Skeptical of Unrealistic Deals: If a deal seems too good to be true, it likely is. Trust your instincts and avoid suspicious offers.
- Use Credit Cards: Prefer credit cards over debit cards for online shopping as they offer better protection and less liability if stolen.""
Blog post with links:
https://blog.knowbe4.com/amazon-scams-spike-ahead-prime-day
2024 Ransomware Awareness Month Kit Now Available
We created this free resource kit to help your organization and your users defend against ransomware. Request your kit now to learn how ransomware has evolved, what new attack vectors you need to be prepared for, and get advice from our experts on how to prevent an attack against your network.
Here is what you'll get:
- Access to our free on-demand Ransomware Master Class webinar featuring Roger Grimes, KnowBe4's Data-Driven Defense Evangelist
- Our most popular whitepaper: Ransomware Hostage Rescue Manual and supplemental Attack Response and Prevention Checklists
- A 7-minute video that explains The Evolution and Future of Ransomware
- A new infographic on The Global Cost of Ransomware
- Posters and digital signage to remind users about what to watch out for
Get Your Free Ransomware Awareness Resources Now!
Phishing Attacks Against State and Local Governments Surge 360%
Researchers at Abnormal Security have observed a 360% increase in phishing attacks against state and local government entities over the past year.
The researchers write, "While phishing tends to consistently increase each year and regularly accounts for the majority of advanced threats, this level of growth is extraordinary."
Threat actors often use phishing to gain a foothold within an organization before launching more follow-on attacks. "Typically, phishing is just the first phase in various criminal schemes, functioning more as a means to secure initial access rather than the primary objective," the researchers write.
"A successful credential phishing attack allows threat actors to obtain usernames and passwords that they can use to compromise additional accounts and initiate more costly campaigns. Phishing emails can also be a mechanism for deploying malware, which enables attackers to disrupt operations, execute espionage, or steal or ransom data.
"Governments in particular are often seen as high-value targets for ransomware due to their critical operations and potential willingness to pay ransoms to restore services quickly."
Abnormal Security also found that business email compromise (BEC) attacks in the public sector have risen by 70% over the past year. These attacks often bypass technical security measures because they rely solely on social engineering rather than trying to deliver a malicious link or file.
"A successful BEC attack requires a bad actor to convince the target that:
- they are the person they claim to be and
- their request is legitimate," the researchers explain.
"Since government entities often have mandated transparency and disclosure requirements, details about their operations, staff, and procedures are publicly available. Cybercriminals can exploit this information to craft more targeted and convincing malicious emails that are more likely to deceive targets into fulfilling fraudulent requests."
Blog post with links:
https://blog.knowbe4.com/phishing-attacks-against-state-local-governments
Let's stay safe out there.
Warm Regards,
Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.
PS: Did you know? August 6th is NATIONAL SOCIAL ENGINEERING DAY (and Kevin Mitnick's birthday!):
https://www.nationaldaycalendar.com/national-day/national-social-engineering-day-august-6
PPS: [Budget Ammo] By yours truly in Forbes - Five Steps To Decoding AI-Powered Impersonation Attacks:
https://www.forbes.com/sites/forbestechcouncil/2024/06/21/five-steps-to-decoding-ai-powered-impersonation-attacks/
- John F. Kennedy (1917 - 1963)
- Will Rogers - Actor (1879 - 1935)
You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-14-29-warn-your-users-high-scam-risk-after-failed-trump-assassination
The Stark Truth Behind the Resurgence of Russia's Fin7
The Russia-based cybercrime group dubbed "Fin7," known for phishing and malware attacks that have cost victim organizations an estimated $3 billion in losses since 2013, was declared dead last year by U.S. authorities. But experts say Fin7 has roared back to life in 2024 — setting up thousands of websites mimicking a range of media and technology companies — with the help of Stark Industries Solutions, a sprawling hosting provider is a persistent source of cyberattacks against enemies of Russia.
Story at Krebs On Security:
https://krebsonsecurity.com/2024/07/the-stark-truth-behind-the-resurgence-of-russias-fin7/
Scammers Are Using AI to Promote Snake Oil Cures
Criminals are using AI-generated content to push health-related scams on social media, according to researchers at Bitdefender. The scammers are promising "low-cost miracle products, medication, or treatments that promise to cure persistent conditions, even cancer."
Many of the scams are posted on Facebook, Messenger, and Instagram, and are using AI-generated images, videos, and audio. "The analyzed deepfake samples are of all possible qualities," the researchers write. "While most of the videos show clear signs of tampering, our researchers found many instances of videos that were more difficult to put down in the deepfake category.
"All samples use the same technique, adapted to each targeted audience --use the credibility and fame of a well-known figure to promote easy cures for common ailments in the targeted group.
"We have observed deepfakes in the following languages: English (which include audiences from the US, UK, Australia and so on), Romanian, Italian, Spanish, Portuguese, German, French, Russian, Czech, Slovak, Slovene, Latvian, Lithuanian, Hungarian, Bulgarian, Polish, Greek, Croatian and others."
The deepfakes impersonate a wide range of people, including Brad Pitt, Cristiano Ronaldo, George Clooney, Bill Maher, Denzel Washington and a variety of high-profile medical figures.
Bitdefender notes that these types of scams aren't new, but the availability of AI tools has made them much more convincing and much easier to carry out.
"Despite the often too-good-to-be-true nature of such advertisements, many individuals still fall prey to this deceptive content," the researchers write. "This can be attributed to several factors, including a lack of awareness, blind trust in online information, the prevalence of false reviews, and the need for individuals to regain their health.
"In some cases, the scammers even exploit individuals who are desperate in finding a solution or treatment that will help them ease symptoms or even cure chronic underlying diseases."
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Bitdefender has the story:
https://www.bitdefender.com/blog/labs/deep-dive-on-supplement-scams-how-ai-drives-miracle-cures-and-sponsored-health-related-scams-on-social-media/
Russian Spear Phishing Campaigns Target NATO Entities
Researchers at Mandiant (part of Google Cloud) warn that Russian government threat actors continue to target NATO member countries with spear phishing attacks. APT29 in particular has been targeting the technology sector in order to launch supply chain attacks.
"Publicly attributed to the Russian Foreign Intelligence Services (SVR) by several governments, APT29 is heavily focused on diplomatic and political intelligence collection, principally targeting Europe and NATO member states," the researchers write.
"APT29 has been involved in multiple high-profile breaches of technology firms that were designed to provide access to the public sector. In the past year, Mandiant has observed APT29 targeting technology companies and IT service providers in NATO member countries to facilitate third-party and software supply chain compromises of government and policy organizations.
"The actor is extremely adept in cloud environments and particularly focused on covering their tracks, making them hard to detect and track, and especially difficult to expel from compromised networks."
The threat actor frequently launches targeted phishing attacks against NATO diplomatic entities. "APT29 also has a long history of spear-phishing campaigns against NATO members with a focus on diplomatic entities," Mandiant says.
"The actor has successfully breached executive agencies across Europe and the U.S. on several occasions. We have also seen them actively targeting political parties in Germany as well as in the U.S. with the likely objective of collecting intelligence on future government policy."
Mandiant also warns that a separate Russian threat actor dubbed "COLDRIVER" is conducting credential phishing campaigns against various individuals and organizations associated with NATO.
"COLDRIVER is a Russian cyber espionage actor that has been publicly linked to Russia's domestic intelligence agency, the Federal Security Service (FSB)," the researchers write. "The actor regularly carries out credential phishing campaigns against high-profile individuals in non-governmental organizations (NGOs) as well as former intelligence and military officers.
"COLDRIVER primarily targets NATO countries and shifted in 2022 to include the Ukrainian Government and organizations supporting the war in Ukraine. March 2022 also marked the first time COLDRIVER campaigns targeted the military of multiple European countries as well as a NATO Centre of Excellence."
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Google Cloud has the story:
https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-facing-nato
What KnowBe4 Customers Say
"Stu, thanks for reaching out. I am very happy with KnowBe4. I am able to deploy training and phishing tests quite easily. In addition, the feedback from the users is that the training is useful, so I think they are actually paying attention to it. The AI phishing campaigns are excellent."
- A.R., Head of Business Systems and IT
- 10 Billion passwords found in single leak...largest leak in history:
https://www.msn.com/en-us/money/other/the-largest-password-leak-in-history-exposes-nearly-10-billion-credentials/ar-BB1pBGz6 - Australia warns Chinese state security hackers are exploiting end-of-life home routers:
https://therecord.media/five-eyes-china-apt40-alert-end-of-life-routers - Why User Experience Matters In Security Awareness Training:
https://www.cybersecurity-insiders.com/why-user-experience-matters-in-security-awareness-training/? - U.S. disrupts AI-powered bot farm pushing Russian propaganda on X:
https://www.bleepingcomputer.com/news/security/us-disrupts-ai-powered-bot-farm-pushing-russian-propaganda-on-x/ - AI speech generator 'reaches human parity' — but it's too dangerous to release:
https://www.livescience.com/technology/artificial-intelligence/ai-speech-generator-reaches-human-parity-but-its-too-dangerous-to-release-scientists-say - NATO Funds Startups Aiming to Solve Cyber Problems in Infrastructure:
https://www.wsj.com/articles/nato-funds-startups-aiming-to-solve-cyber-problems-in-infrastructure-2b6aaf24 - Snopes Launches FactBot, an AI Service to Fact-Check Your Questions. I tried it. Not impressed yet.:
https://www.snopes.com/2024/07/10/snopes-launches-factbot-ai-fact-checking/ - Russian disinformation network's infrastructure is spread across Europe, report says:
https://therecord.media/doppelganger-disinformation-infrastructure-european-companies - FBI disrupts Russian disinformation campaign:
https://www.theregister.com/2024/07/09/russian_ai_bot_farm/ - Criminals leak TicketMaster print-at-home tickets:
https://www.bleepingcomputer.com/news/security/hackers-leak-39-000-print-at-home-ticketmaster-tickets-for-154-events/
- Virtual Vaca #1 Top 10 Places To Visit in Crete:
https://youtu.be/Hk6Mvx6uCYo - Virtual Vaca #2 Turks & Caicos Islands in 4K:
https://youtu.be/deZLj0TyUR8 - Fire-spewing pulsejet engine drone with no moving parts gets real. Note, the Nazi's used this in WW II to attack London with their V-1s, one of the first cruise missiles:
https://newatlas.com/aircraft/wave-pulsejet-engine-deliveries/ - Boating Life in 1904: Restored in Amazing 4K Color:
https://www.youtube.com/watch?v=ICeoszX5z3s - Alex Ramon and MJ the Magic Doxie perform their Dog Park illusion on Penn and Teller Fool-Us:
https://www.flixxy.com/alex-ramon-and-mj-the-dog-fool-penn-and-teller.htm?utm_source=4 - "HELIBOOGIE" 2024 The Base Jumping Movie. Get catapulted off a super high mountain in Norway:
https://www.youtube.com/watch?v=xY6dl4iKDW8 - Amazing Vegas Sphere First Ever Fourth of July Celebration:
https://www.youtube.com/watch?v=22v6ZEAxlCw - Astronaut shares the profound 'big lie' he realized after seeing the Earth from space:
https://www.upworthy.com/astronaut-shares-big-lie-space-rp4 - Watch 'F1' Teaser Trailer: Brad Pitt & Damson Idris:
https://youtu.be/Z1WEJx764vE?si=uha4yYIeQg90F58R - World Record Longest Slackline Attempt:
https://www.flixxy.com/jaan-rooses-epic-slackline-journey-across-the-strait-of-messina.htm?utm_source=4 - World's Fastest Motorbike Vs Fabio Wibmer:
https://www.youtube.com/watch?v=u1PntXMw_zM - Yale "Bicentric" Padlock Picked in no time:
https://youtu.be/CO__LF_m_O8 - For Da Kids #1 - Wild Shark Visits This Man For 23 Years:
https://youtu.be/hYYnugRZDzY - For Da Kids #2 - Woman Spends Year Trying To Find This Captured Wild Horse And All Of His Mares And Babies:
https://youtu.be/FszvLK7qEYk - For Da Kids #3 - Bird Couple Makes The Most Amazing Home For Their Kids:
https://youtu.be/YvwyybB21I8 - For Da Kids #4 - Neighbor's Dog Knocks On Door Everyday To Play With Her BFF:
https://youtu.be/GRCcDyHs9tQ - For Da Kids #5 - Pittie Must Be In The Pool At All Times:
https://youtu.be/nznfUGP2wok