CyberheistNews Vol 14 #38 [CODE RED] A Must-See New Webinar: How To Block North Korean Infiltrators



Phishing Attack Takes a Two-Step Approach to Leverage Legitimate Sites and Evade Detection. [4-Minute Survey] Share Your Thoughts on AI in InfoSec With Me?
Email not displaying? | View Knowbe4 Blog
Cyberheist News

CyberheistNews Vol 14 #38  |  September 17th, 2024

[CODE RED] A Must-See New Webinar: How To Block North Korean InfiltratorsStu Sjouwerman SACP

I don't often ask you to change your plans, but please take an hour today for a critical on-demand "Lunch & Learn."

We just hosted a new webinar on our North Korean fake IT worker experience. The content was rated with 4.9 out of 5, making it our highest-rated webinar to date! It had strong attendance and exceptional engagement. We received 120+ questions.

Watch this exclusive, no-holds-barred conversation with the team who lived through it. Perry Carpenter, our Chief Human Risk Management Strategist, sits down with Brian Jack, Chief Information Security Officer, and Ani Banerjee, Chief Human Resources Officer, to chat about how we spotted the red flags and stopped it before any damage was done.

During this on-demand webinar, you get the inside scoop on:

  • The strategies and tools used by these covert operatives to sneak through the cracks
  • How we discovered something was wrong, and how we quickly stepped in to stop it
  • How you can spot fake IT workers in your hiring process and workplace
  • Practical advice for fortifying your organization implementing robust screening processes and security protocols to safeguard against infiltration

Gain exclusive insights and actionable strategies to protect your org from these sophisticated threats. Don't miss this opportunity to stay ahead in the cybersecurity threat landscape.

Register and watch this on-demand webinar as soon as you can. Please copy and paste this message and send it to friends that need to know. They will thank you!
https://info.knowbe4.com/code-red-webinar

[4-Minute Survey] Share Your Thoughts on AI in InfoSec With Me?

Can you help me with your input? I'd love your thoughts about AI in InfoSec.

This is a super short survey that asks about any AI tools you use or would like, how you feel about AI effectiveness, how it may change your headcount, and how confident you are in addressing AI-related security risks.

The most important thing I'm dying to hear about is your biggest concerns about AI in cybersecurity in your own words.

And if you would like to be entered into the drawing to win one of five $500 Amazon gift cards, you can leave your email address.

Please take this survey. Thanks so much in advance!
https://www.surveymonkey.com/r/KB4-AI-Feedback

Phishing Attack Takes a Two-Step Approach to Leverage Legitimate Sites and Evade Detection

Analysis of a new phishing attack demonstrates how attackers may take a longer path to reach their malicious goals while staying "under the radar" of security products.

It would be simple to create a phishing attack that sends its victims a brand-impersonated email with a link to a fake webpage asking for credentials, personal details or credit card information.

But many of today's security products will detect the impersonation immediately. So, if you're a cybercriminal developing a cunning phishing scam, you need to find ways to avoid being detected – even if it means adding a few unnecessary steps.

And that's exactly what we find in security vendor Perception Point's latest analysis of a phishing attack that uses Microsoft Office Forms as an intermediate step in their phishing scam. According to the analysis, the phishing email impersonates a well-known brand (such as Microsoft 365 below) with the first step being the clicking of a link within the email that points to an Office form.

Blog post with example screenshots and links:
https://blog.knowbe4.com/phishing-attack-takes-a-two-step-approach-to-leverage-legitimate-sites-and-evade-detection

Join us at the Human Risk Summit on October 17

We're excited for our first Human Risk Summit since Egress joined the KnowBe4 team. At the Summit, we'll showcase why Egress and KnowBe4 are the perfect match.

Join us as we welcome Stu Sjouwerman, CEO of KnowBe4, alongside Tony Pepper, CEO of Egress, and other leading industry experts to discuss managing human risk, adaptive cloud email security and the future of cybersecurity.

Event: Human Risk Summit
Date: Thursday, October 17th, 2024
Time: 15:00 BST | 10:00 EST
Location: Online (Virtual Event)

Gain exclusive insights into:

  • The evolving landscape of cyber threats and cutting-edge defenses
  • Innovative strategies for personalized human risk management
  • In-depth analysis of advanced persistent threats and mitigation tactics
  • Techniques for driving behavioral change to strengthen security protocols

And last, but certainly not least, James Sheldrake, Head of Innovation at Egress, will present an exclusive product demo showcasing how Egress and KnowBe4's bi-directional integration personalizes email security and training.

Save My Spot:
https://events.egress.com/VLO50?RefId=kb4cyberheistnews

Your Lawyers Are Increasingly Targeted by Phishing Attacks, Ransomware

Researchers at Bitdefender warn that law firms are high-value targets for ransomware gangs and other criminal threat actors. Attackers frequently use phishing to gain initial access to an organization's networks.

"Phishing is one of the most common attacks in the legal field," the researchers write. "Cybercriminals pose as legitimate entities, tricking employees into divulging sensitive information or clicking malicious links.

"Phishing attacks use social engineering to prey on trust and a sense of urgency. For example, an attacker can impersonate a senior partner and email an associate requesting sensitive client files or bank account information. If the associate is tricked, the cybercriminal gains access to confidential data."

Phishing also often precedes ransomware attacks, granting threat actors a foothold from which they can exfiltrate data and deploy their malware.

"Ransomware attacks have been on the rise, with legal firms frequently targeted," the researchers write. "In these attacks, cybercriminals encrypt a firm's data and demand a ransom in exchange for its release, but a data breach often accompanies these attacks.

"Ransomware is also one of the few cyberattacks that can close down a company if it goes on long enough, if the data stolen by criminals ends up online, or even if the firm simply has no backup system. In some situations, hackers have used the stolen data from legal cases and tried to extort people involved, such as witnesses."

Bitdefender says organizations should implement the following best practices to defend themselves against these attacks.

[CONTINUED] Blog post with links:
https://blog.knowbe4.com/legal-firms-increasingly-targeted-by-phishing-attacks

[Customer Story] Healthcare Organization Streamlines Incident Response Processes with PhishER

Are your user-reported emails overwhelming your IT team? Discover how HealthOne Alliance revolutionized the organization's response to cyber threats with PhishER. PhishER did the heavy lifting and automatically categorized emails as spam or clean, allowing HealthOne Alliance to focus on real threats faster.

PhishER's suite of features, including PhishRIP, PhishFlip and PhishER Blocklist provide a comprehensive approach for managing your user-reported messages. By centralizing operations, HealthOne Alliance was able to efficiently remove threats, convert real phishing attempts into training opportunities and create block entries — all within one platform.

The results:

  • Quicker response times to potential threats, reducing risk across the organization
  • Increased team productivity, allowing them to focus on other security initiatives
  • Faster return of legitimate emails to users

Read the Customer Story to learn more:
https://www.knowbe4.com/hubfs/KnowBe4_PhishER_Customer_Story_Healthcare_EN-US.pdf

OK, Let's Face An Ugly Truth About Money, Sex, and 305 Million Fan Accounts...

I get news from a wide variety of sources, one of them is called The Information which reports on high tech. They just sent me news that OnlyFans revenue jumped 20% to about $1.31 billion for the fiscal year ending November 2023, compared to the previous year, according to a U.K. filing from the adult content site's parent company, Fenix International on Friday.

"While other creator economy startups have struggled since pandemic lockdowns eased, OnlyFans has continued to post strong financial results showing strong demand for the service. "OnlyFans had a strong year in 2023. We have cemented our place as a leading digital entertainment company and a UK tech success story," CEO Keily Blair said in a statement.

"The total number of creator accounts jumped by 29% to about 4.1 million, while fan accounts rose 28% to 305 million, the filing said. Gross payments for chats, photos and videos totaled $6.6 billion last year, up by $1 billion year-over-year."

I had no idea that OnlyFans was this big. Money and sex are the two areas most prone to social engineering attacks. Imagine a phishing attack that combines the two and threatens to shut down their Fan account. Yikes. Train those users!


Let's stay safe out there.

Warm Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: [BUDGET AMMO] I was interviewed on the WSJ Podcast: "Your New Hire May Be a North Korean Spy":
https://www.wsj.com/podcasts/the-journal/your-new-hire-may-be-a-north-korean-spy/c39039df-e15c-4308-983d-6a0c54e523b4?mod=audiocenter_podcasts

PPS: Epic AI Fails And What We Can Learn From Them:
https://www.securityweek.com/epic-ai-fails-and-what-we-can-learn-from-them/

Quotes of the Week
"The key is to keep company only with people who uplift you, whose presence calls forth your best."
- Epictetus was a Greek philosopher from present-day Turkey. (55 - 135 AD)

"Try not to react merely in the moment. Pull back from the situation. Take a wider view. Compose yourself."
- Also by Epictetus. Did he know about social engineering?

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-14-38-code-red-a-must-see-new-webinar-how-to-block-north-korean-infiltrators

Security News
Attackers Using HTTP Response Headers to Redirect Victims to Phishing Pages

Researchers at Palo Alto Networks' Unit 42 warn that attackers are using refresh entries in HTTP response headers to automatically redirect users to phishing pages without user interaction.

"Unit 42 researchers observed many large-scale phishing campaigns in 2024 that used a refresh entry in the HTTP response header," the researchers write.

"From May-July we detected around 2,000 malicious URLs daily associated with campaigns of this type. Unlike other phishing webpage distribution behavior through HTML content, these attacks use the response header sent by a server, which occurs before the processing of the HTML content.

"Malicious links direct the browser to automatically refresh or reload a webpage immediately, without requiring user interaction."

Many of these phishing attacks are targeting employees at companies in the business and economy sector, as well as government entities and educational organizations.

"Attackers predominantly distribute the malicious URLs in the phishing campaigns via emails," Unit 42 says. "These emails consistently include recipients' email addresses and display spoofed webmail login pages based on the recipients' email domain pre-filled with the users' information.

"They largely target people in the global financial sector, well-known internet portals, and government domains. Since the original and landing URLs are often found under legitimate or compromised domains, it is difficult to spot malicious indicators within a URL string."

Unit 42 adds that attackers are also using URL parameters to pre-fill login forms with victims' email addresses, increasing the phishing attack's appearance of legitimacy.

"Many attackers also employ deep linking to dynamically generate content that appears tailored to the individual target," the researchers write. "By using parameters in the URL, they pre-fill sections of a form, enhancing the credibility of the phishing attempt.

"This personalized approach increases the likelihood that the attacker will deceive the victim. Attackers have exploited this mechanism because it enables them to load phishing content with minimum effort while concealing the malicious content."

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Blog post with links:
https://blog.knowbe4.com/attackers-use-technique-to-automatically-redirect-victims-to-phishing-pages

Mexico Targeted by Phishing Attacks from China, Russia, and North Korea

Researchers from Google have published a report on state-sponsored cyber threats targeting Mexico, finding that the majority of these attacks comes from China, Russia and North Korea.

"As the 12th largest economy in the world, Mexico draws attention from cyber espionage actors from multiple nations, with targeting patterns mirroring broader priorities and focus areas that we see elsewhere," the researchers write.

"Since 2020, cyber espionage groups from more than 10 countries have targeted users in Mexico; however, more than 77% of government-backed phishing activity is concentrated among groups from the People's Republic of China (PRC), North Korea, and Russia."

North Korea accounts for a significant portion of state-sponsored social engineering attacks against Mexico. Pyongyang's cyber actors are notable for mixing cyber espionage with financially motivated attacks in order to fund their heavily sanctioned regime.

"Since 2020, North Korean cyber actors have accounted for approximately 18% of government-backed phishing activity targeting Mexico," the researchers write. "Similar to their targeting interests in other regions, cryptocurrency and financial technology firms have been a particular focus.

"One of the emerging trends we are witnessing globally from North Korea is the insider threat posed by North Korean nationals gaining employment surreptitiously at corporations to conduct work in various IT roles.

"We note the potential for this threat to present a future risk to Mexican enterprises given historical activity by North Korean threat actors in Mexico and the challenges associated with the expansive problem of North Korean actors attempting to gain employment in other countries."

Google is also tracking seven cyberespionage groups tied to China, accounting for about a third of state-sponsored threat activity targeting Mexico.

"This volume of PRC cyber espionage is similar to activity in other regions where Chinese government investment has been focused, such as countries within China's Belt and Road Initiative," the researchers write. "In addition to activity targeting Gmail users, PRC-backed groups have targeted Mexican government agencies, higher education institutions, and news organizations."

Google has the story:
https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-targeting-mexico

What KnowBe4 Customers Say

 

"I would like to thank Marc very much for helping me solve technical problems in the implementation here. Marc's knowledge and commitment are invaluable and thanks to him we will be able to complete the implementation. I have over 20 years of experience in the industry, and I must say with confidence that Marc is one of the best engineers I have ever worked with.

I am aware that we have benefited from your great kindness in using Marc's help, but thanks to this the client is satisfied and I feel taken care of despite numerous problems.

This client is very developing, and I think that in the near future he will need to expand his products. Please remember that every new order that appears in the future is due to Marc's help! @Marc - Once again, thank you very much for your support. You are the best!"

- K.K., CEO


"Hi Stu, I just wanted to offer some feedback on our account manager, Chee P. He has gone above and beyond all my expectations. He has an incredible talent for the product, security features and enhancements and displays enthusiasm that many account managers don't possess.

I found he is easily approachable, accommodating on informing us with more info that we initially require, and personable. Where we lack in our response times (particularly when it came to renew), Chee kept us informed. Our apologies for any delays that this may have caused.

Overall, from my side, the product and Chee, have proven extremely valuable. You could not have a more trusted and dedicated team member! Keep up the great work. And a massive thank you to Chee. Put simply, he is amazing!"

- W.C., EU Manager / Managed Services Consultant

The 10 Interesting News Items This Week
  1. BEC attacks have cost $55 billion over the past decade:
    https://www.infosecurity-magazine.com/news/business-email-compromise-55bn/

  2. The FBI says Americans lost $5.6 billion in 2023 to this kind of scam:
    https://www.fastcompany.com/91187723/fbi-says-americans-lost-5-6-billion-2023-kind-scam

  3. Russia's top-secret military unit reportedly plots undersea cable 'sabotage':
    https://www.theregister.com/2024/09/09/russia_readies_submarine_cable_sabotage/

  4. The FBI's CAT has been stalking cyber rats for nearly 20 years:
    https://federalnewsnetwork.com/cybersecurity/2024/09/the-fbis-cat-has-been-stalking-cyber-rats-for-nearly-20-years/

  5. Old Habits, New Threats: Why More Phishing Attacks are Bypassing Outdated Perimeter Detection:
    https://securityboulevard.com/2024/09/old-habits-new-threats-why-more-phishing-attacks-are-bypassing-outdated-perimeter-detection/

  6. Introducing Shell Game, a Strange and Immersive AI Experiment:
    https://www.shellgame.co/p/introducing-shell-game-a-strange

  7. Synthetic Media (deepfakes), Corporate Communications And Crisis Management:
    https://www.forbes.com/councils/forbesbusinesscouncil/2024/09/06/synthetic-media-corporate-communications-and-crisis-management/

  8. Rogue WHOIS server gives researcher superpowers no one should ever have:
    https://arstechnica.com/security/2024/09/rogue-whois-server-gives-researcher-superpowers-no-one-should-ever-have/

  9. Teenager in Britain arrested over cyberattack on London transport agency:
    https://therecord.media/transit-for-london-cyberattack-suspect-arrested

  10. North Korea's Lazarus Group uses fake job recruiting tests to target software developers:
    https://www.reversinglabs.com/blog/fake-recruiter-coding-tests-target-devs-with-malicious-python-packages

Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff
TwitterLinkedInYouTube
Copyright © 2014-2024 KnowBe4, Inc. All rights reserved.

Privacy | Legal | Terms

Unsubscribe

Don't like to click? Email opt-out requests should be sent to opt-out@knowbe4.com


Topics: Cybercrime, KnowBe4



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews