CyberheistNews Vol 14 #39 | September 24th, 2024
[EYE OPENER] Beyond Analysts: The Undeniable Leadership We Have in HRM
Color me surprised. I started KnowBe4 in 2010, and helped create a whole new category. Analyst reports aim to provide market insights. But when it comes to Human Risk Management (HRM), we've noticed that they often fall short of capturing the full picture.
You already know that we are the undisputed leader in the essential areas that have been standard features in the security awareness market for years. Those capabilities are why we've become the largest vendor in the space. But for years now we have exceeded just those standard features.
We wrote a blog post that I strongly recommend with a few examples why KnowBe4 stands out as the clear leader in the HRM space — and why it matters for your organization.
It's a 3-minute read, and you will walk out with powerful ammo to buy or renew your subscription. You might even experience some surprise yourself. :-D
Blog post with links:
https://blog.knowbe4.com/beyond-analyst-reports-knowbe4s-undeniable-leadership-hrm
[New Features] Ridiculously Easy and Effective Security Awareness Training and Phishing
Old-school security awareness training (SAT) does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us Wednesday, October 2, @ 2:00 PM (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to SAT and simulated phishing that is effective in changing user behavior.
Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.
- NEW! Callback Phishing allows you to see how likely users are to call an unknown phone number provided in an email and share sensitive information
- NEW! Individual Leaderboards are a fun way to help increase training engagement by encouraging friendly competition among your users
- NEW! 2024 Phish-prone™ Percentage Benchmark By Industry lets you compare your percentage with your peers
- Smart Groups allows you to use employees' behavior and user attributes to tailor and automate phishing campaigns, training assignments, remedial learning and reporting
- Full Random Phishing automatically chooses different templates for each user, preventing users from telling each other about an incoming phishing test
Find out how nearly 70,000 organizations have mobilized their end users as their human firewall.
Date/Time: Wednesday, October 2, @ 2:00 PM (ET)
Save My Spot!
https://info.knowbe4.com/en-us/kmsat-demo-1?partnerref=CHN
New Ransomware Threat Group, RansomHub, is so Effective, the NSA is Already Warning You About Them
The latest evolution of the ransomware service model, RansomHub, has only been around since February of this year, but its affiliates are already successfully exfiltrating data.
You know you're a problem when the U.S. government puts out a notice about you. That's the case for RansomHub — the latest iteration of a ransomware as a service group formerly working under the names Cyclops and Knight.
It appears that their latest service model is pulling ransomware affiliate actors away from big names in the ransomware world like LockBit and ALPHV.
According to the CISA/NSA cybersecurity advisory, the group and its affiliates have successfully exfiltrated data from over 210 organizations since February of this year across a wide range of industries that include "water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation, and communications critical infrastructure."
In addition to a longer list of mitigations at the end of the advisory, the NSA make a few summary recommendations at the beginning to help organizations focus in on some of the most effective ways to stop ransomware:
- Install updates for operating systems, applications and firmware
- Use phishing-resistant MFA
- Implement security awareness training and include an ability for users to report phishing attacks
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Blog post with kinks:
https://blog.knowbe4.com/new-ransomware-threat-group-ransomhub-is-so-effective-the-nsa-is-already-warning-you-about-them
[Free Phish Alert Button] Give Your Employees a Safe Way to Report Phishing Attacks with One Click!
Phishing attacks are increasing in sophistication, posing a severe threat to organizations.
Users need a consistent process for reporting these emails, and InfoSec teams need one platform to manage the influx of reported emails.
KnowBe4's Phish Alert Button (PAB) provides your users a safe way to report email threats to the security team for analysis, and automatically deletes the email from the user's inbox to prevent further exposure.
Phish Alert Button Benefits:
- Reinforces your organization's security culture
- Users can report suspicious emails with just one click
- Your Incident Response team gets early phishing alerts from users, creating a network of "sensors"
- Email is deleted from the user's inbox to prevent future exposure
- Easy deployment via MSI file for Outlook and G Suite deployment for Gmail (Chrome)
KnowBe4's PAB works across most Outlook and Google workspaces. Outlook users should leverage our new Microsoft Ribbon PAB for a frictionless experience!
Get your Phish Alert Button Now:
https://info.knowbe4.com/free-phish-alert-chn
North Korean Hackers Target Software Developers With Phony Coding Tests
Researchers at ReversingLabs warn that North Korea's Lazarus Group is targeting software developers with phony job interviews.
The threat actors are posing as employees of major financial services firms and send coding assessment tests as part of the interview process. Our team recently recorded a webinar that covers this exact topic, as our cybersecurity experts discuss how we spotted the red flags and stopped it before any damage was done.
The coding tests are designed to trick the job applicant into installing malware concealed in Python packages.
"The content of nearly identical README files included with the packages provides more insight into what the victim encountered," ReversingLabs says.
"They contain instructions for the job candidates to find and fix a bug in a password manager application, republishing their fix and taking screenshots to document their coding work. The README files tell would-be candidates to make sure the project is running successfully on their system before making modifications. That instruction is intended to make sure that the malware execution is triggered regardless of whether the job candidate (aka ‘the target') completes the assigned coding assignment."
The threat actors attempt to instill a sense of urgency by setting a short deadline for the assignment. This is a common social engineering tactic that makes the victim less likely to slow down and think rationally before acting.
"Specifically, the instructions set a timeframe for completing the assignment (finding a coding flaw in the package and fixing it)," the researchers write.
"It is clearly intended to create a sense of urgency for the would-be job seeker, thus making it more likely that he or she would execute the package without performing any type of security or even source code review first. That ensures the malicious actors behind this campaign that the embedded malware would be executed on the developer's system."
Blog post with links:
https://blog.knowbe4.com/north-korean-hackers-target-software-developers-with-phony-coding-tests
[NEW WHITEPAPER] 9 Cognitive Biases Hackers Exploit the Most
Hackers have become increasingly savvy at launching specialized attacks that target your users by tapping into their fears, hopes and biases to get access to their data.
Cybersecurity is not just a technological challenge, but increasingly a social and behavioral one. People, no matter their tech savviness, are often duped by social engineer scams, like CEO fraud, because of their familiarity and immediacy factors.
Bad actors know how to tap into specific mental patterns we all have called cognitive biases to trick users into compromising sensitive information or systems.
In this whitepaper, explore how a better understanding of how hackers are duping users can help you identify potential cognitive biases, deliver training that actually changes behaviors and cut down on security incidents.
Read this whitepaper to learn:
- How hackers get users to click by understanding how they tick
- Examples of specific cognitive biases hackers use the most through social engineering
- How new-school security awareness training and real-time security coaching can be used to nudge users toward more secure behavior
Download this whitepaper today!
https://info.knowbe4.com/wp-nine-cognitive-biases-hackers-exploit-most-chn
Scary New Windows PowerShell Phish
This is actually really slick, hats off to the person that came up with this. Reminds me of the old online game "hack" of getting someone to drop their equipment and hit ALT-F4, booting them out of the game and letting others steal their stuff. In AOL back in the day if you couldn't get someone to Alt F4 you could sometimes get them to Alt+S+S which didn't kill the app but it did sign them out, with their loot to pick up.
Check out how this works with Windows PowerShell today:
Brian Krebs has the story:
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/
What You Are Worried About Regarding AI
I just ran a super short survey that asks about any AI tools you use or would like, how you feel about AI effectiveness, how it may change your headcount, and how confident you are to address AI-related security risks.
The most important thing I wanted to know is your biggest concerns about AI in cybersecurity in your own words. This is what you told me!
"My biggest concerns about AI in cybersecurity are AI-generated phishing, deepfakes, and automated attacks that make threats look real, making it harder for me and my team to detect them. I also worry that AI has become a tool for bad actors, the potential for data leakage, and if AI can protect our network quickly enough."
Job Titles of the people answering:
Management/Leadership 30.4%
Information Security 21.6%
Technical/Engineering 19.2%
IT Support/Administration 12.8%
Compliance/Risk Management 6.4%
Other roles: 11.2%
Here is what KnowBe4 is doing with AI to fight malicious use of AI by bad actors.
You can test the first four released Agents in KnowBe4's community today:
https://blog.knowbe4.com/i-am-announcing-aida-artificial-intelligence-defense-agents
KnowBe4 Flagship Season Is Officially Here!
We are super excited to announce the release of the first two of the 2025 flagship modules:
- 2025 Social Engineering Red Flags. With a completely new facelift, we delve into some of the top threats to organizations around the globe, including business email compromise (BEC), authentication fraud and impersonation using AI. 16 minutes.
- 2025 Common Threats Get excited for a brand-new demo featuring some Knowsters you're sure to recognize! With expertise and humor, Colin Murphy and Javvad Malik show how using cloud-based systems doesn't always protect users from things like ransomware, which can be installed even when using cloud devices. 19 minutes.
Go check them out in your KnowBe4 ModStore!
Some Hot Links This Week:
- [BUDGET AMMO] Harness AI to Deliver Smarter Security Awareness Training:
https://www.inc.com/inc-masters/harness-ai-to-deliver-smarter-security-awareness-training.html - [BUDGET AMMO] Cost of Cybercrime Estimated 15.6 Trillion in 2029:
https://blog.knowbe4.com/cost-of-cybercrime-estimated-15.6-trillion-in-2029 - For your Lunch & Learn: Watch "Marc Benioff | All-In Summit 2024" on YouTube about AI in the SalesForce platform. Very interesting data:
https://youtu.be/TtNrCJCwwlc?si=E1k_n_UGUig0LJqV - Security Firm's North Korean Hacker Hire Not an Isolated Incident:
https://www.darkreading.com/vulnerabilities-threats/security-hire-north-korean-hacker-not-isolated-incident - Attend the highly insightful Human Risk Summit 2024 - October 17th 15:00 BST / 10:00 EST:
https://events.egress.com/event/hrs24/summary? - [BUDGET AMMO] Beyond Analyst Reports: KnowBe4's Undeniable Leadership in Human Risk Management:
https://blog.knowbe4.com/beyond-analyst-reports-knowbe4s-undeniable-leadership-hrm
Let's stay safe out there.
Warm Regards,
Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.
- Joseph Campbell - Author (1904 - 1987)
- Plato - Philosopher (427 - 347 B.C.)
You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-14-39-eye-opener-beyond-analysts-the-undeniable-leadership-we-have-in-hrm
U.S. Government Indicts Chinese National for Alleged Spear Phishing Attacks
The U.S. Justice Department has indicted a Chinese national, Song Wu, for allegedly sending spear-phishing emails to employees at various US military and government entities, as well as research institutions and private companies.
"In executing the scheme, Song allegedly sent spearphishing emails to individuals employed in positions with the U.S. government, including NASA, the Air Force, Navy, and Army, and the Federal Aviation Administration," the Justice Department says.
"Song also sent spear phishing emails to individuals employed in positions with major research universities in Georgia, Michigan, Massachusetts, Pennsylvania, Indiana, and Ohio, and with private sector companies that work in the aerospace field."
The Justice Department says Song was an employee of the Aviation Industry Corporation of China (AVIC), a Chinese state-owned aerospace and defense conglomerate. The goal of the alleged operation was presumably cyberespionage.
"Song allegedly engaged in a multi-year ‘spear phishing' email campaign in which he created email accounts to impersonate U.S.-based researchers and engineers and then used those imposter accounts to obtain specialized restricted or proprietary software used for aerospace engineering and computational fluid dynamics," the DOJ says.
"This specialized software could be used for industrial and military apps, such as development of advanced tactical missiles and aerodynamic design and assessment of weapons."
The phishing emails impersonated real colleagues of the targeted individuals, requesting access to source code.
"Song's spear phishing emails appeared to the targeted victims as having been sent by a colleague, associate, friend, or other person in the research or engineering community," the indictment says. "His emails requested that the targeted victim send or make available source code or software to which Song believed the targeted victim had access."
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
The U.S. Justice Department has the story:
https://www.justice.gov/opa/pr/justice-department-announces-three-cases-tied-disruptive-technology-strike-force
Phishing Attacks Increasingly Target Mobile Devices
Lookout has published its threat report for the second quarter of 2024, finding a significant rise in phishing attacks targeting mobile devices. Many of these attacks are designed to trick users into handing over their credentials, granting attackers access to corporate accounts.
"Mobile phishing and malicious content have exploded in popularity as attackers evolve their tactics to target enterprise credentials," the researchers write. "This has led to a fundamental shift in the traditional cyber killchain, and this modern killchain is dependent on using legitimate credentials as a way to quietly enter corporate infrastructure and compromise data.
"Attackers take on convincing personas as internal IT or security teams to trick employees into sharing or supposedly resetting their passwords. More recently, actors have taken to impersonating executives and contacting new or existing employees to get them to share sensitive company data in a high pressure situation."
The researchers note that mobile phishing attacks can take place through any app that allows users to message each other, and these messages can often evade security filters.
"Mobile phishing is a pervasive threat that attackers can use across any app that has messaging functionality," the researchers write. "This doesn't just mean email, SMS, iMessage, WhatsApp, Telegram and the like, but also social media apps like Instagram and TikTok, the LinkedIn mobile app, mobile games, and even dating apps.
"Even if an organization manages the apps its employees can use, Lookout data shows that those employees are just as likely to encounter a phishing attack as organizations who don't manage apps."
New-school security awareness training gives your organization an essential layer of defense against social engineering attacks.
Lookout has the story:
https://www.lookout.com/threat-intelligence/report/q2-2024-mobile-landscape-threat-report
What KnowBe4 Customers Say
"Hiya Stu, thanks for your email. Yes we are happy with your service.
As I'm sure you are aware, there are limitations with the MS offering, and KnowBe4 makes the process of building the simulated phishing emails, and the reporting much easier. We are able to spend time doing more frequent campaigns, rather than working with MS tools.
Getting the tight integration between the Phish Alert Button and Outlook (both web version, and desktop version) is something that we are keen to see, so I hope the dev work you are doing in this area continues."
- J.P, Information Security Analyst
"Thanks for checking in, Stu. We were just talking today about how we can buy all the tech and software in the world but if our own people give up information, we're toast.
KnowB4 has been working great so far!
Just had my quarterly meeting with Laura S. and am thankful that she is our main contact for KB4. She is professional, quick to assist, and I appreciate her willingness to share best practices and next steps for our school district. Definitely a happy camper!"
- H.E., Chief Technology Officer
- 49% of attacks against financial institutions begin with phishing:
https://www.trustwave.com/en-us/company/newsroom/news/trustwaves-2024-financial-services-threat-reports-highlight-alarming-trends-in-insider-threats-and-phishing-as-a-service/ - FBI tells public to ignore false claims of hacked voter data:
https://www.bleepingcomputer.com/news/security/fbi-tells-public-to-ignore-false-claims-of-hacked-voter-data/ - Russian election interference efforts focus on the Harris-Walz campaign:
https://blogs.microsoft.com/on-the-issues/2024/09/17/russian-election-interference-efforts-focus-on-the-harris-walz-campaign/ - Deepfakes and the New Era of Social Engineering:
https://greylock.com/greymatter/deepfakes-and-the-new-era-of-social-engineering/ - Australian police infiltrate encrypted messaging app Ghost and arrest dozens:
https://apnews.com/article/australia-ghost-encrypted-app-bad89db81faecc6581d25818c0d7765d - An Avalanche of GenAI Videos Is Coming to YouTube Shorts:
https://www.wired.com/story/generative-ai-tools-youtube-shorts-veo/ - FBI: Chinese national charged in alleged spearphishing campaign that targeted NASA, Air Force:
https://fedscoop.com/chinese-national-charged-spearphishing-campaign-targeted-nasa-air-force/ - U.S. government ‘took control' of a botnet run by Chinese government hackers, says FBI director:
https://techcrunch.com/2024/09/18/u-s-government-took-control-of-a-botnet-run-by-chinese-government-hackers-says-fbi-director/ - Watch George Kurtz, CEO CrowdStrike at Fal.con 2024 on theCUBE on YouTube:
https://www.youtube.com/watch?v=Xo_ipCVQkyI - Germany seizes 47 crypto exchanges used by ransomware gangs:
https://www.bleepingcomputer.com/news/security/germany-seizes-47-crypto-exchanges-used-by-ransomware-gangs/
- Virtual Vaca #1 - Top 10 Places To Visit in the historic island of Malta:
https://youtu.be/PSZJTE38ftI - Virtual Vaca #2 - Maia Beach and the Phi Phi Islands, Thailand [Amazing Places 4K]:
https://youtu.be/0H2ROc-fKTU - Witness world-class magician Eric Chien as he takes the stage on The Magic Star, South Korea's premier magic competition:
https://www.flixxy.com/eric-chiens-mind-blowing-magic-act-on-korean-tv-show.htm?utm_source=4 - A Video Game Solved London's Biggest Problem. Why do I think "Second Life" when I see this?:
https://youtu.be/cfcleOOPUcs - LockPickingLawyer - A Handmade Lock Made of Melted Keys!:
https://youtu.be/xZbD_9FTwEA - LockPickingLawyer - This Lock Is Indisputably "Pickproof":
https://www.youtube.com/watch?v=qqL7wTu5IEk - This UFO Boat is pretty awesome:
https://x.com/rainmaker1973/status/1835557206495838694?s=12&t=vSAPngidkSaQJtTdB6pOmw - 'Crims In Da Gym". This will always be funny:
https://x.com/am_blujay/status/1835573233715646967?s=12&t=vSAPngidkSaQJtTdB6pOmw - World's First Drive Of Lotus Concept Theory 1:
https://youtu.be/WaHHYVQg_-8 - A Wingsuit Flight over Air Glaciers:
https://youtu.be/pbmc_SGCrnk - Largest Collection of Wacky Vehicles - Guinness World Records:
https://www.youtube.com/watch?v=ftSQQYqFeug - For Da Kids #1 - This cat came to campus EVERY DAY for 15 years. Students called him Professor Meow!:
https://youtu.be/GMaiq0-FrOU - For Da Kids #2 - She's an Icon, She's a Legend, and She Is the Moment. Meet Viral Baby Hippo Moo Deng:
https://youtu.be/8bFd_iQHCnw - For Da Kids #3 - Scared cat relaxes when he hears Spanish:
https://youtu.be/OvaqSgZJA5g - For Da Kids #4 - Border Collie Demands His TV Time When Lady Gets Home:
https://youtu.be/mrHOBdm8fIs - For Da Kids #5 - This Bulldog Wants One Thing: The Biggest Stick:
https://youtu.be/VB4zPoGaLTQ