CyberheistNews Vol 14 #41 [Wake-Up Call] Senator Falls Victim to Deepfake Scam. Are Your Users Next?



Cyberheist News

CyberheistNews Vol 14 #41  |   October 8th, 2024

[Wake-Up Call] Senator Falls Victim to Deepfake Scam. Are Your Users Next?Stu Sjouwerman SACP

When technology blurs the lines between reality and fiction, a recent incident involving U.S. Senator Ben Cardin serves as a stark reminder of the growing threat posed by deepfake scams.

This sophisticated attack not only highlights the vulnerabilities faced by high-profile individuals but also underscores the need for security awareness training among all users.

Earlier this month, Senator Cardin found himself at the center of an elaborate deepfake operation. The scammers, impersonating Ukrainian Foreign Minister Dymtro Kuleba, managed to set up a Zoom call with the Senator. The impersonation was so convincing that it initially fooled Cardin and his staff, demonstrating the alarming accuracy of modern deepfake technology.

However, the scam unraveled when the impersonator began asking politically charged questions that seemed out of character for Minister Kuleba. This deviation from expected behavior alerted Senator Cardin and his team, prompting them to end the call and alert authorities.

The Broader Implications

This incident is not isolated. Deepfake scams are becoming increasingly common and sophisticated. Recent studies indicate that a significant portion of consumers have encountered deepfake content, with some even falling victim to related scams.

From fake celebrity endorsements for fraudulent cryptocurrency platforms to political disinformation campaigns, the applications of this technology for malicious purposes are diverse and concerning.

Protecting Yourself in the Age of Deepfakes

As we navigate this threat tactic, it's crucial to adopt a mindset of healthy skepticism and vigilance. Here are some key takeaways:

  • Verify unexpected communications, especially those involving sensitive information or financial transactions
  • Be wary of urgent requests or pressure tactics, which are often hallmarks of scams
  • Stay informed about the latest deepfake technologies and scam techniques
  • Implement robust verification processes in professional settings
  • Trust your instincts – if something feels off, it probably is

The Way Forward

While technology to detect deepfakes is still evolving, our best defense lies in education and awareness. By staying informed and maintaining a critical eye, we can collectively mitigate the risks posed by these sophisticated scams.

As we move forward, let Senator Cardin's experience serve as a reminder that in the face of advancing technology, our human intuition, awareness and critical thinking skills remain our most valuable assets.

[NEW WEBINAR] North Korea's Secret IT Army and How to Combat It

Organizations around the world are unknowingly recruiting and hiring fake employees and contractors from North Korea. These sophisticated operatives aim to earn high salaries while potentially stealing money and confidential information.

KnowBe4 recently learned this chilling fact firsthand when we discovered and stopped one of these operatives at our own organization. Since sharing our experience, we've discovered that many others have faced similar situations, too.

Join us for this webinar where Roger A. Grimes, Data-Driven Defense Evangelist for KnowBe4, teaches you what we have learned and how you can stay one step ahead. He'll cover:

  • Stories of fake North Korean employees and contractors hired by unsuspecting organizations
  • Red flags to watch out for to spot a fake employee job submission or resume
  • How to tell if you've got a fake North Korean employee or contractor already on the payroll
  • What updates and best practices you can start using today to keep bad actors out of your organization, and what to do if you suspect you may have already hired one

Don't miss this critical webinar that could be the difference between safeguarding your organization's assets and unknowingly inviting a potential security breach right in. Plus earn CPE credit for attending!

Date/Time: TOMORROW, Wednesday, October 9 @ 2:00 PM (ET)

Can't attend live? No worries — register now and you will receive a link to view the presentation on-demand afterwards.

Save My Spot:
https://info.knowbe4.com/north-korea-secret-it-army?partnerref=CHN2

Dick's Sporting Goods Cyber Attack Underscores Importance of Email Security and Internal Controls

The recent cyber attack on Dick's Sporting Goods makes it clear that email played a critical role and emphasizes the need for better security controls.

Dick's Sporting Goods is a $12 billion company with more than 800 stores across the United States. That measure of success made the retailer the target of a recent cyber attack. A filing with the U.S. Securities and Exchange Commission (SEC) notified them of a cyber attack involving "unauthorized third-party access to its information systems, including portions of its systems containing certain confidential information."

While the filing provides no details, an anonymous source told Bleeping Computer that "email systems had been shut down, likely to isolate the attack, and all employees had been locked out of their accounts. IT staff is now manually validating employees' identities on camera before they can regain access to internal systems."

With no other details, I can make some educated guesses on what happened:

  • Email is involved – whether this initially started with a phishing attack or the compromise of a credential (which still usually involves phishing).
  • At least one email account was likely compromised – shutting down the email system sounds like a lack of visibility into which accounts have been compromised
  • Impersonation of employees may have been involved – the mention of "manually validating employee identities" make me think this may be similar to the attack that hit the MGM in Vegas where someone used social engineering to pretend to be an actual employee.

All these factors add up to the need for effective Human Risk Management to ensure that IT staff and employees alike don't fall for social engineering, phishing, credential attacks, and more.

Blog post with links:
https://blog.knowbe4.com/dicks-sporting-goods-suffers-cyber-attack

Rip Malicious Emails With KnowBe4's PhishER Plus

Rip malicious emails out of your users' mailbox with KnowBe4's PhishER Plus! It's time to supercharge your phishing defenses using these two powerful features:

1) Automatically block malicious emails that your filters miss
2) Rip malicious emails from inboxes before your users click on them

With PhishER Plus, you can:

  • NEW! Detect and respond to threats faster with real-time web reputation intelligence with PhishER Plus Threat Intel, powered by Webroot!
  • Use crowdsourced intelligence from more than 13 million users to block known threats before you're even aware of them
  • Automatically isolate and "rip" malicious emails from your users' inboxes that have bypassed mail filters
  • Simplify your workflow by analyzing links and attachments from a single console with the CrowdStrike Falcon Sandbox integration
  • Automate message prioritization by rules you set and cut through your incident response inbox noise to respond to the most dangerous threats quickly

Join us for a live 30-minute demo of PhishER Plus, the #1 Leader in the G2 Grid Report for SOAR Software, to see it in action.

Date/Time: Wednesday, October 16, @ 2:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/phisher-demo-1?partnerref=CHN

[Cybersecurity Awareness Month] Responding to Cyber Incidents the 'Inside Man' Way: Fiona's Approach

By Anna Collard

In a world where cybersecurity incidents are no longer a matter of if they will happen, but when, having a solid incident response plan is a critical component of cyber resilience and business continuity.

The National Institute of Standards and Technology (NIST) provides comprehensive guidelines on how to set up an executive incident response.

For this blog, I'm drawing inspiration from Fiona, the vibrant and friendly PA to the IT director in the first season of our security awareness series "The Inside Man," to illustrate how effective incident response should be managed. [Watch the video on the blog]

Preparation: The Fiona Method

Fiona's proactive nature mirrors the essential preparation phase of incident response planning. Just as Fiona helps ensure the IT department runs smoothly by anticipating issues and organizing resources, a robust incident response plan starts with thorough preparation.

This includes tasks such as policy development, training and awareness programs to keep both incident responders and all employees informed about how to detect cyberthreats and what to do and not to do during an incident, as well as the provision of relevant tools and resources. Part of preparation is also the need for frequent simulations and testing of incident response plans.

Detection and Analysis: Fiona's Keen Eye

Fiona's empathetic yet analytical ability to detect issues early and analyze their implications aligns with the detection and analysis phase of NIST's guidelines. These include continuous monitoring to promptly detect potential incidents as well as a thorough triage and analysis of problems to comprehend the nature, scope and potential impact of incidents.

Containment, Eradication and Recovery: Fiona's Leadership

When it comes to handling crises, Fiona's leadership and decisive action are crucial. During an incident, immediate actions to contain cybersecurity incidents quickly are critical, followed by the eradication of the root cause of the issue. Lastly, during recovery all focus is on restoring normalcy while ensuring issues are resolved post-incident.

Post-Incident Activities: Fiona's Continuous Improvement

Fiona's reflective nature and dedication to continuous improvement embody the essence of NIST's post-incident activities, which include the importance of documenting all incident details and response actions, and conducting post-incident reviews to identify strengths and areas of improvement. Updates to processes based on lessons learned will ensure that teams adapt to evolving threats.

The Fiona Approach: Bringing NIST Recommendations to Life

Fiona's character perfectly embodies the principles of incident responders:

  • Proactive preparation
  • Keen detection and analysis
  • Decisive containment
  • Commitment to continuous improvement

By channeling Fiona's approach, organizations can effectively prepare for and manage cybersecurity incidents, ensuring a strong security culture.

There's still time to download our 2024 kit of Cybersecurity Awareness Month resources, themed to the hit series "The Inside Man." Check it out below!

Blog post with links and video:
https://blog.knowbe4.com/cybersecurity-awareness-month-anna-collard-2024

Do Users Put Your Organization at Risk with Browser-Saved Passwords?

Is the popularity of password dumpers, malware that allows cybercriminals to find and "dump" passwords your users save in web browsers, putting your organization at risk?

KnowBe4's Browser Password Inspector (BPI) is a complimentary IT security tool that allows you to analyze your organization's risk associated with weak, reused and old passwords your users save in Chrome, Firefox and Edge web browsers.

BPI checks the passwords found in the browser against active user accounts in your Active Directory. It also uses publicly available password databases to identify weak password threats and reports on affected accounts so you can take action immediately.

With Browser Password Inspector you can:

  • Search and identify any of your users that have browser-saved passwords across multiple machines and whether the same passwords are being used
  • Quickly isolate password security vulnerabilities in the browser and easily identify weak or high-risk passwords being used to access your organization
  • Better manage and strengthen your organization's password hygiene policies and security awareness training efforts

Get your results in a few minutes!

Find Out Now:
https://info.knowbe4.com/browser-password-inspector-chn

Scammers Use QR Code Stickers to Target UK Motorists

Netcraft warns that scammers are posting QR code stickers on parking meters in the UK and other European countries.

In the UK, the QR codes lead to phishing sites that impersonate the parking payment app PayByPhone. The phishing sites are designed to steal personal information and payment data.

"Looking at British media reports, these parking QR code scams appeared to peak during the summer holiday period (June to September)," Netcraft says. "Activity is concentrated in coastal tourism locations such as Blackpool, Brighton, Portsmouth, Southampton, Conwy and Aberdeen.

There are now at least 30 parking apps in the UK, varying by location—an abundance that benefits criminals. By targeting tourist destinations, threat actors can prey on tourists who need to download the parking payment apps and are searching for ways to do so."

The phishing pages collect complete payment card details, as well as information about vehicles. The researchers note, "This personally identifiable information (PII) could be used in future phishing attacks, for example, utilizing the threat actor's knowledge of the victim's vehicle, including location-based campaigns that utilize the victim's location codes.

After each form is submitted, the phishing websites submit victims' data to the server. This maximizes the amount of information gathered, i.e., even if the victim exits the site before completing the entire process."

Netcraft also found evidence that the same threat actor is conducting similar scams in France, Germany, Italy and Switzerland. "The behaviors and characteristics of the threat actor identified through the analysis demonstrates the scale and strategic approach being used," the researchers write.

"Not only is this one criminal group operating across a continent, but they are also investing to evade detection and achieve continuous operation.

Additionally, the criminal group is likely responsible for a number of other attacks. This shows how cybercrime groups adapt and evolve their tactics and respond to opportunities that yield greater impact."

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.


Let's stay safe out there.

Warm regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: [BUDGET AMMO] Defending The Nation's Infrastructure With A Shared Culture Of Cybersecurity:
https://www.forbes.com/councils/forbestechcouncil/2024/10/01/defending-the-nations-infrastructure-with-a-shared-culture-of-cybersecurity/

PPS: [NEW RELEASE] Training module "Secure Hiring and Onboarding" (10 min) is released and available on your ModStore!

Quotes of the Week  

So, you would think that when you ask ChatGPT 4o to not make things up, especially when in your prompt you say find quotes: "from real people, referenced and proven legit by fact checking:", it would come up with the real thing. But no. It completely made up these two quotes, and they sound totally believable. "Trust but Verify" is truer than ever!

"As the line between reality and digital deception continues to blur, the greatest defense we have is a well-informed and vigilant mind."
- Bruce Schneier, Security Technologist and Author

"Cybersecurity is much more than an IT issue; it's a societal issue that requires a shift in how we think about trust, verification, and protection in our digital age."
- Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA)

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-14-41-wake-up-call-senator-falls-victim-to-deepfake-scam-are-your-users-next

Security News

Cybercriminal Gang Targeting SMBs Using Business Email Compromise

Researchers at Todyl have published a report on a major cybercriminal group that's conducting business email compromise (BEC) attacks against small and medium-sized businesses. Todyl describes three separate BEC attacks launched by this threat actor.

In one case, the attackers compromised a Microsoft 365 account belonging to an individual working at a small non-profit. In another instance, the threat actor targeted executives working in a mid-sized manufacturer's product development department. In a third case, the attackers targeted an accountant working in a small accounting firm.

"The threat group infrastructure is incredibly active and has accelerated over the last 3 months," the researchers write. "At the peak, approximately 65% of all attempted BEC cases across Todyl came from this group, with the vast majority being pre-infected and newly onboarded organizations.

The attacks targeted everything from very small businesses to mid-market companies across legal, construction, critical infrastructure, defense, health care, non-profit, and many other industries."

Todyl stresses that the operation is sophisticated and highly organized. The threat actor puts a great deal of effort into launching targeted attacks against smaller entities.

"The sheer volume of hosts is staggering, and managing such a large fleet requires significant capital and automation, pointing to a well-funded and operationally mature group," the researchers write. "They also leveraged trusted proxy services like Cloudflare to hide their phishing lures and malicious login pages, enabling them to bypass web security gateways and URL filters, further underscoring their advanced capabilities and sophistication."

The researchers note that BEC attacks are designed to bypass technical security defenses and bypass humans directly. "Business Email Compromise (BEC) continues to evolve into one of the most pervasive and damaging cyber threats in the modern digital landscape," the researchers write.

"As small and medium businesses enhance their defenses with endpoint security, attackers are adapting, seeking new ways to bypass these barriers. The shift in tactics is stark: rather than rely on traditional malware, threat actors are exploiting human error, trust, and communication channels, focused on services that remain vulnerable."

Blog post with links:
https://blog.knowbe4.com/major-bec-gang-targets-smbs

The Number of Ransomware Attacks Around the World Increased by 73%

The number of ransomware attacks around the world increased by 73% in 2023, according to a new report by the Institute for Security and Technology's Ransomware Task Force (RTF). These attacks opportunistically target orgs across all industries, but the hardest-hit sectors over the past two years have been construction, hospitals and health care, government, IT services and consulting, and financial services.

"The data shows a year-over-year increase in incidents in a majority of sectors compared to 2022, which is in line with the overall increased ransomware activity observed throughout the year," the RTF says. "Like last year, our data indicates that the construction and hospitals and healthcare sectors continue to be the top two sectors with the most incidents worldwide."

The RTF also observed a surge in ransomware groups using big-game hunting tactics. These attacks are targeted, sophisticated operations designed to cause maximum damage to high-value targets in order to extract a large ransom.

"As we enter the final three months of 2024, we anticipate an increase in 'big game hunting' tactics by ransomware groups–most notably CL0P—as cyber criminals adapt and create new ways to further extort ransomware victims," the researchers write.

Phishing remains a top initial access vector for ransomware actors. The RTF points to the 8Base gang, which uses phishing attacks to gain access to their victims' networks.

"Many ransomware groups still rely on traditional, relatively unsophisticated means such as phishing to execute an attack," the researchers write.

"8Base is a good example of the profitability of such a model. 8Base, who portray themselves as 'simple penetration testers' to trick victims into paying their ransom demand, emerged in March 2022.

The group typically relies on phishing attacks to compromise systems, delivering a ransom note that pretends to offer help to their victims. In May 2023, 8Base moved to a double-extortion ransomware model and created their own data leak site."

Blog post with links:
https://blog.knowbe4.com/ransomware-attacks-around-world-increased-73-percent

What KnowBe4 Customers Say

"Hi Stu, thanks for reaching out. I was highly dubious that this may be a phish, or some sort of training exercise in the build up to Cyber Security Awareness Month, however the only red flag indicator I could notice was that previous automated emails from yourself do not have the "."" between your first initial and surname in the email, then I noticed that other KnowBe4 staff members have this too!

I can confirm that we are very happy with the service and it is playing a vital role in strengthening the security posture of our users. We will be ramping up our exercises throughout the month of October and offering a prize incentive, to encourage participation and increase user engagement, as part of Cyber Security Awareness Month."

- J.A., Cyber Security Engineer


"Stu, thanks for reaching out. We've been running campaigns successfully for most of the year now with very positive results, and the training modules have been a big help with modernizing our Security Awareness Training."

- Z.A., Security Engineer II

The 10 Interesting News Items This Week
  1. 200K+(!) people in Southeast Asia have been forced to run online scams:
    https://www.wired.com/story/pig-butchering-scam-invasion/

  2. Western authorities link Russian intelligence officer to Evil Corp cybercrime empire:
    https://therecord.media/evil-corp-cybercrime-eduard-benderskiy-russian-intelligence

  3. White House Pledges Major Deliverables at Ransomware Summit:
    https://www.govinfosecurity.com/white-house-pledges-major-deliverables-at-ransomware-summit-a-26418

  4. Russian Cyber Offensive Shifts Focus to Ukraine's Military Infrastructure:
    https://hackread.com/russian-cyber-offensive-ukraines-military-infrastructure/

  5. New ransomware strain infects more than 100 organizations per month:
    https://www.theregister.com/2024/10/03/ransomware_spree_infects_100_orgs/

  6. Arrests 8 in Major Phishing and Romance Fraud Crackdown in West Africa:
    https://thehackernews.com/2024/10/interpol-arrests-8-in-major-phishing.html

  7. A Single Cloud Compromise Can Feed an Army of AI Sex Bots:
    https://krebsonsecurity.com/2024/10/a-single-cloud-compromise-can-feed-an-army-of-ai-sex-bots/

  8. How North Korea Infiltrated the Crypto Industry:
    https://www.coindesk.com/tech/2024/10/02/how-north-korea-infiltrated-the-crypto-industry/

  9. DOJ, Microsoft seize dozens of domains 'used by Russian intelligence agents:
    https://therecord.media/doj-microsoft-seize-domains-russian-intelligence

  10. Nation-state hackers collaborate with cybercriminal groups:
    https://www.opentext.com/about/press-releases/opentext-cybersecurity-s-2024-threat-hunter-perspective-shows-collaboration-between-nation-states-and-cybercrime-rings-to-inflict-more-damage

Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

Topics: Cybercrime, KnowBe4



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews