Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    CyberheistNews Vol 14 #31 How The Whole World Now Knows About Fake North Korean IT Workers

    Cyberheist News
    CyberheistNews Vol 14 #31  |   July 30th, 2024

    How The Whole World Now Knows About Fake North Korean IT WorkersStu Sjouwerman SACP

     

    Wow! Last week's blog post went viral, reaching major media outlets and receiving over 125,000 hits within days. Responses from around the world praised our transparency and commitment to doing what's right, though some had negative reactions.

    I decided to write an FAQ with more detail and reiterate that this was not a data breach but rather a public service announcement: https://blog.knowbe4.com/north-korean-fake-it-worker-faq

    Do we have egg on our face? Yes. And I am sharing that lesson with you. It's why I started KnowBe4 in 2010. In 2024, our mission is more important than ever. Transparency helps the fight against these cyber attacks.

    One of our customers wrote to me and said: "Really appreciate the FAQ you put out as well. Very much appreciate the transparency and how forthcoming KnowBe4 was with information." - Matt.

    Today's fast-paced media cycle often overlooks relevant data. In short, the press coverage was uneven. Many technical media outlets have been cool, calm and collected, considering this a great cautionary tale and appreciated our transparency.

    Other outlets took the "If it bleeds, it leads" sensational angle.

    But we got the message out and that was the main objective. I was asked to do a webinar about this so that we could help organizations ensure they don’t make they same error. We will, so stay tuned. We are also creating a training module: "Secure Hiring" where we will compile all the best hiring practices to help prevent this from happening again.

    Thank you for being a current (or future) KnowBe4 customer. A recent and very relevant article in the Wall Street Journal was sent to me, and is excellent for justifying why security awareness training is critical: "Deepfakes, Fraudsters and Hackers Are Coming for Cybersecurity Jobs:" https://www.wsj.com/articles/deepfakes-fraudsters-and-hackers-are-coming-for-cybersecurity-jobs-e2a76d06

    More Background:

        1) At the end of the blog post we link to a recent podcast from Mandiant where they go in depth about this particular danger. I strongly recommend you listen to it.
        2) The U.S. Government is aware of this threat and has been warning against it since 2022.

    Blog post with links:
    https://blog.knowbe4.com/how-the-whole-world-now-knows-about-fake-north-korean-it-workers

    Warm regards,

    Stu

    [New Features] Ridiculously Easy Security Awareness Training and Phishing

    Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.

    Join us Wednesday, August 7, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.

    Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users:

    • NEW! Callback Phishing allows you to see how likely users are to call an unknown phone number provided in an email and share sensitive information
    • NEW! Individual Leaderboards are a fun way to help increase training engagement by encouraging friendly competition among your users
    • NEW! 2024 Phish-prone™ Percentage Benchmark By Industry lets you compare your percentage with your peers
    • Smart Groups allows you to use employees' behavior and user attributes to tailor and automate phishing campaigns, training assignments, remedial learning and reporting
    • Full Random Phishing automatically chooses different templates for each user, preventing users from telling each other about an incoming phishing test

    Find out how 65,000+ organizations have mobilized their end users as their human firewall.

    Date/Time: Wednesday, August 7, @ 2:00 PM (ET)

    Save My Spot!
    https://info.knowbe4.com/kmsat-demo-2?partnerref=CHN

    Phishing Campaigns Continue To Exploit CrowdStrike Outage

    As expected, threat actors are taking advantage of the global IT outage caused by a faulty CrowdStrike update last Friday, SC Media reports. We've been covering this story, and it looks like the campaigns have only continued.

    Cybercriminals quickly registered dozens of phishing domains related to the outage, including "crowdstrike-helpdesk[.]com" and "crowdstrikefix[.]com."

    CrowdStrike issued an advisory warning that threat actors are conducting the following activity:

    • Sending phishing emails posing as CrowdStrike support to customers
    • Impersonating CrowdStrike staff in phone calls
    • Posing as independent researchers, claiming to have evidence the technical issue is linked to a cyberattack and offering remediation insights
    • Selling scripts purporting to automate recovery from the content update issue

    CrowdStrike is also tracking a phishing campaign that's targeting customers in Latin America with Spanish-language instructions to remediate the issue. The threat actor instructs victims to download "crowdstrike-hotfix[.]zip," which will install the RemCos remote access trojan.

    The U.S. Cybersecurity and Infrastructure Security Agency, the UK's National Cyber Security Centre (NCSC), and the Australian Signals Directorate (ASD) have each issued warnings on increased phishing activity. The ASD stated, "An increase in phishing referencing this outage has already been observed, as opportunistic malicious actors seek to take advantage of the situation."

    Security firm Bolster has also observed threat actors setting up domains that impersonate law firms offering to file legal claims against CrowdStrike.

    "Given the financial losses likely to be incurred due to the widespread outage, many individuals and businesses may seek to recoup their losses through legal action or government assistance, creating a fresh opportunity for threat actors to strike," SC Media writes. "Business leaders should remain wary of potential scams such as phony recovery funds or websites impersonating law firms as they work to recover from the incident."

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Blog post with links:
    https://blog.knowbe4.com/phishing-campaigns-continue-exploit-crowdstrike-outage

    AI vs. AI: Combating Cybercriminals with an AI-Powered Security Awareness Training Program

    Cybercriminals are diving into AI to make the world more dangerous for the rest of us.

    Fortunately, InfoSec professionals like you can do something about it. Chances are you're already applying AI across your tech stack. Why not leverage it to fortify your human firewall? When it comes to the vital human element of cybersecurity, the power of AI can be used to your advantage to engage users with relevant training and keep them informed against evolving cyber attacks.

    This whitepaper discusses ways bad actors are using AI for their own devices. It also explores what a robust security awareness training (SAT) and simulated phishing program with AI at its core can bring to a comprehensive cybersecurity initiative.

    You'll learn:

    • How bad actors are using AI to supercharge their attacks
    • What smarter human risk management powered by AI can look like
    • How generative AI can augment existing strengths to improve security culture

    Download Now:
    https://info.knowbe4.com/wp-ai-powered-security-awareness-ksat-chn

    Is Your Bank Really Calling? How to Protect Yourself from Financial Impersonation Fraud

    Protecting your financial information has never been more crucial. We recommend sharing this section with your significant other and family.

    With the rise of sophisticated scams, it's becoming increasingly difficult to distinguish between legitimate bank communications and fraudulent attempts to access your accounts. So, how can you be sure it's really your bank contacting you?

    The Vulnerability of Personal Information

    First, it's important to understand that our personal details are more accessible than we might think. Previous data breaches have potentially exposed many people's names, addresses and even social security or bank account numbers to cybercriminals.

    This means that they may already have a wealth of your personal information at their fingertips when they contact you, making their scams seem more legit. For example, they may pretend to call from your bank using all the above listed details to "identify" themselves to you, warning you about a suspicious transaction coming off your account. They will try to get you into a stressed or panicked state, which makes you more likely to comply with their demands.

    Red Flags to Watch Out For

    • Requests for passwords or OTPs: Remember, legitimate banks will never ask for your password or One-Time Password (OTP) over the phone. If someone claiming to be from your bank asks for this information, it's a major red flag.
    • Suspicious links or downloads: Be wary of emails or text messages from your bank that include links or files to download. These are very likely phishing attempts aimed at installing malware or stealing your login credentials
    • Pressure tactics: Cybercriminals often create a sense of urgency or panic to cloud your judgment. If you feel rushed or pressured during a call, it's likely not your bank calling
    • Unsolicited calls: Banks rarely make unsolicited calls to customers. They prefer to communicate through secure channels like official banking apps

    When banks do need to verify your details, they typically use automated systems rather than direct phone conversations. For promotional calls, they follow strict verification protocols that don't involve asking for sensitive information over the phone.

    Protecting Yourself

    Here are some tips if you receive suspicious calls or are worried about your account's security.

    • If you have any doubts, end the call immediately
    • Contact your bank directly using their official phone number or banking app
    • Don't be fooled by local accents or personal details the caller might know
    • Trust your instincts — if something feels off, it probably is

    Remember, it's always better to be cautious. A quick call to your bank's official (known-good) number can resolve any uncertainties and potentially save you from financial loss.

    Blog post with links:
    https://blog.knowbe4.com/protect-yourself-financial-impersonation-fraud

    KnowBe4 is the #1 SAT Platform on G2 for 20 Quarters!

    Have you ever wanted to peek behind the curtain of Security Awareness Training (SAT) platforms and see which one truly stands out? Well, you don't need to wonder anymore. The G2 Grid Report has done all the heavy lifting for you, making it a lot easier for you to make an informed decision.

    The G2 Grid Report ranks according to the people who use the products daily. We're talking genuine feedback, satisfaction ratings and how big of an impact they're making in the market.

    In a league of our own, KnowBe4 scored in the 90s, the only vendor to do this. 98% of users gave us 4 or 5 stars and 93% would recommend us to others. Trust isn't just won; it's earned, and we take that to heart.

    You'll get access to:

    • A line up of SAT vendors stacked and rated based on customer reviews
    • Profiles of each vendor highlighting strengths, industries and organization size
    • User-driven scores for ease of use, support quality and more, to help you pick the best platform

    Ready to get your hands on this goldmine of information? Download your complimentary report and see why KnowBe4 has been ranked the #1 SAT vendor for the 20th consecutive quarter and has more customers than all SAT vendors combined.

    Download Now:
    https://info.knowbe4.com/g2-grid-report-for-security-awareness-training-chn

    Let's stay safe out there.

    Warm Regards,

    Stu Sjouwerman, SACP
    Founder and CEO
    KnowBe4, Inc.

    PS: Your KnowBe4 Fresh Content Updates from July 2024:
    https://blog.knowbe4.com/knowbe4-content-updates-july-2024

    PPS: Your KnowBe4 Compliance Plus Fresh Content Updates from July 2024:
    https://blog.knowbe4.com/knowbe4-cmp-content-updates-july-2024

    Quotes of the Week  
    "The real enemy is the man who tries to mold the human spirit so that it will not dare to spread its wings."

    - Abraham Flexner, American educator (1866 - 1959)
    "There are only two mistakes one can make along the road to truth; not going all the way, and not starting."

    - Buddha, Philosopher (563 - 483 BC)
    Thanks for reading CyberheistNews

    You can read CyberheistNews online at our Blog
    https://blog.knowbe4.com/cyberheistnews-vol-14-31-how-the-whole-world-now-knows-about-fake-north-korean-it-workers

    Security News

    Business Email Compromise Was a Top Threat in Q2 2024

    Business email compromise (BEC) and ransomware were the top two threats during the second quarter of 2024, according to researchers at Cisco Talos. Several of the BEC attacks involved smishing messages that targeted employees' phones.

    "In a few of the observed BEC incidents that involved a method of phishing as an infection vector, adversaries leveraged SMS phishing, or 'smishing,' to compromise accounts," the researchers write, "This involves adversaries sending fraudulent text messages to trick recipients into sharing personal information or clicking on malicious links.

    "Targeting employees' personal mobile devices can be an effective method for initial access because they may not have the same security controls as their corporate devices. Organizations should ensure SMS phishing scams are included in security awareness training for employees."

    In one case, a threat actor used a company's compromised email account to send more than a thousand phishing emails to the organization's employees and partners. "In another cluster of activity, adversaries used compromised credentials obtained through unknown means to access a valid email account," Talos says.

    "The adversary then created Microsoft Outlook mailbox rules to send emails to a folder named 'deleted' before using the compromised account to send out over a thousand phishing emails to internal and external recipients. The phishing emails contained a link that led to a fake login page intended to harvest credentials."

    In another instance, an attacker managed to bypass multifactor authentication (MFA) after sending phishing emails from a compromised account. "The emails contained links to fake login pages meant to harvest credentials," the researchers write.

    "At least one employee provided credentials, which resulted in an MFA push notification being sent to the employee's phone which they accepted granting the adversary access. Talos IR recommends organizations educate their employees about the specific channels and points of contact for reporting these incidents.

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Cisco Talos has the story:
    https://blog.talosintelligence.com/ir-trends-ransomware-on-the-rise-q2-2024/

    QR Code Phishing Is Still on the Rise

    Organizations need to be aware of the threat posed by QR code phishing (quishing), according to researchers at Trend Micro. "Phishing emails continue to be the number one attack vector for organizations," the researchers write. "A QR code phishing, or quishing attack, is a modern social engineering cyberattack technique manipulating users into giving away personal and financial information or downloading malware. It targets C-level executives and the highest strategic roles within a company."

    Since QR codes don't use a text-based link, they can slip past email security filters to target humans directly. Humans likewise can't analyze the link itself before scanning the code.

    "Quishing can bypass traditional security email gateways, evading email filtering tools and identity authentication," Trend Micro says. "This allows cyberattacks to move from a protected email to the user's less secure mobile device, where cybercriminals can obtain confidential information, such as payment details, for fraudulent purposes.

    "For instance, a malicious QR code hidden in a PDF or an image (JPEG/PNG) file attached to an email can bypass email security protection, such as filtering and flagging. This allows the email to be delivered directly to the user's inbox without being analyzed for clickable content."

    Trend Micro says users should be on the lookout for the following red flags associated with QR codes:

    • "No context. Exercise caution if the QR code lacks context or appears out of place, such as QR codes randomly placed in a public area.
    • Web links. Avoid sites accessed through a QR codes that request payments. Instead, enter a known and trusted URL for transactions.
    • Overlays. Be wary if the QR code is placed over existing signs or labels, as scammers may try to cover up legitimate information.
    • Too much information: Be skeptical of QR codes that ask for excessive permissions (e.g., access to your camera, contacts, or location) beyond what is necessary."

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Trend Micro has the story:
    https://www.trendmicro.com/en_us/research/24/g/mitigate-risk-of-QR-code-phising-attacks.html

    What KnowBe4 Customers Say

    "Hi Stu, Thank you for the email. Naturally I was quite suspicious so I asked my CSM, Nicole Thackray to confirm if it was legit!

    I am really enjoying the KnowBe4 platform (maybe too much at times!) and I have noticed a positive increase in everyone's approach to cybersecurity since beginning the training and mock phishing emails.

    My current CSM, Nicole, has been really supportive and always really prompt with giving me information or advice I need. Now that I am more comfortable with using the platform I haven't had to rely on her as much, but I know she's always there if needed! I'd also like to extend my praise to my previous CSM, ZoyaS, who got me up and running when we first signed up and put up with my constant questions.

    Finally, I'd like to say a personal congratulations to you on how you handled your recent issue with a certain North Korea based employee. A lot of companies would have done anything in their power to keep that hidden, but I believe you handled it with a lot of grace and using yourselves as an opportunity that we could all learn from made me respect KnowBe4 even more as an organization. All the best."

    - G.A., Data Analyst

    "I just wanted to let you know that I think KnowBe4 post sale service is the best in the IT industry. Your reps are proactive in setting up calls with us and try to help us actively use the services we purchased. With as distracted and busy as I am this is really helpful.

    Someone at KnowBe4 has set up 1) a really good system for executing on cyber security training, and 2) hiring practices that find people who have strong customer service personalities. LoganF is our customer service rep and continues to give us great customer service. I appreciate it."

    - H.D., Director of IT & Security

    The 10 Interesting News Items This Week
    1. A North Korean Hacker Tricked a US Security Vendor Into Hiring Him—and Immediately Tried to Hack Them:
      https://www.wired.com/story/north-korean-hacker-hired-ecurity-company-malware/

    2. Security Firm Accidentally Hires North Korean Hacker, Did Not KnowBe4:
      https://www.darkreading.com/vulnerabilities-threats/security-firm-hires-north-korean-hacker-knowbe4

    3. U.S. State Department offers $10 million reward for North Korean hacker. Not the KnowBe4 one LOL:
      https://www.bleepingcomputer.com/news/security/us-offers-10m-for-tips-on-dprk-hacker-linked-to-maui-ransomware-attacks/

    4. Astronomers discover technique to spot AI fakes using galaxy-measurement tools:
      https://arstechnica.com/information-technology/2024/07/astronomers-discover-technique-to-spot-ai-fakes-using-galaxy-measurement-tools/

    5. Two Russians sanctioned over cyberattacks on US critical infrastructure:
      https://www.theregister.com/2024/07/22/russians_sanctioned_over_cyberattacks/

    6. UK arrests suspected Scattered Spider hacker linked to MGM attack:
      https://www.bleepingcomputer.com/news/security/uk-arrests-suspected-scattered-spider-hacker-linked-to-mgm-attack/

    7. The Hidden Menace of Phantom Attackers on GitHub:
      https://blog.checkpoint.com/security/the-hidden-menace-of-phantom-attackers-on-github-by-stargazers-ghost-network/

    8. Mandiant: North Korean Hackers Targeting Healthcare, Energy:
      https://www.databreachtoday.com/mandiant-north-korean-hackers-targeting-healthcare-energy-a-25845

    9. North Korea-backed cyber espionage campaign targets UK military:
      https://www.theguardian.com/world/article/2024/jul/25/north-korea-backed-cyber-espionage-campaign-targets-uk-military

    10. Wow. Russian ransomware gangs account for 69% of all ransom proceeds:
      https://www.bleepingcomputer.com/news/security/russian-ransomware-gangs-account-for-69-percent-of-all-ransom-proceeds/

    Cyberheist 'Fave' Links
    This Week's Links We Like, Tips, Hints and Fun Stuff

     

    Return To KnowBe4 Security Blog

    Topics: Cybercrime, KnowBe4

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews