CyberheistNews Vol 14 #42 [Heads Up] Majority of U.S. Execs Now Rank Cyber Threats as #1 Risk



Cyberheist News

CyberheistNews Vol 14 #42  |   October 15th, 2024

[Heads Up] Majority of U.S. Execs Now Rank Cyber Threats as #1 RiskStu Sjouwerman SACP

A whopping 75% U.S. executives ranked cyberattacks as their top business risk, in a September study from PricewaterhouseCoopers. That's ahead of margin pressure affecting earnings (70%), geopolitical tensions (68%) and AI legal and reputational risks (63%).

PwC's latest Pulse Survey shows that executives see economic, political and regulatory risks no matter who wins the 2024 U.S. presidential election:

  • Cyber Threats: Cyber threats are the top business risk for 75% of executives
  • Recession Risks: 61% of executives see recession risks in the next six months due to geopolitical tensions, labor market concerns, and high costs
  • Regulation Concerns: Most executives expect a divided government in 2025, increased executive orders, and more regulation and litigation
  • Protectionism: 71% believe trade and tax policies will hurt U.S. competitiveness, with concerns differing by potential presidential outcomes
  • Government Impact: State governments and federal regulators have more influence on business than the presidential election, ranking above Congress and the president

Depending on who you ask, between 70% and 90% of cyber risk has human error as the root cause. That's why Human Risk Management (HRM) is so important.

And here is the next major advance in HRM. We're thrilled to announce the second version of our risk score architecture. It is so far advanced we have renamed — promoted really — our initial "Virtual Risk Officer" to SmartRisk Agent™. It delivers a game-changing update to your risk assessment capabilities and provides you more detailed and actionable insights.

SmartRisk Agent is an integrated, rule-based engine purpose-built for human risk management. This powerful enhancement gives you a more comprehensive and accurate approach to evaluating user risk for your org, empowering you with unprecedented visibility and actionable insights.

This agent works closely together with all the other KnowBe4 AI Defense Agents. Four are released as previews for the KnowBe4 community, four more are being worked on as we speak, and many more to come in the future platform, all integrated with each other and powerful modules like the Egress email security suite.

Key Features:

  • Enhanced Risk Scoring algorithm that considers a wider range of risk from across KnowBe4's products: KnowBe4 Phishing and Training, PAB, SecurityCoach, PasswordIQ, and EEC Pro
  • Recommendations tailored to the security type with the greatest risk area through targeted training with ModStore content
  • Risk Trend Monitoring that tracks changes in risk scores over time
  • Risk Score Distribution Graph that reveals insights into central tendency, spread and outliers
  • Detailed Security Types table with breakdowns and trends for known factors and points
  • Identification of the Riskiest users and team partitioned into factors

Risk Score v2 is available on the Reports tab and under our Executive Reports subtab. For more details, please refer to our comprehensive knowledge base article SmartRisk Agent and Risk Score v2 Guide available here:
https://blog.knowbe4.com/meet-smartrisk-agent-unlock-your-new-human-risk-management

Here is the executive summary of the PwC survey, it's excellent infosec budget ammo:
https://www.pwc.com/us/PulseSurveyElection2024?mod=djemCybersecruityPro&tpl=cs

Rip Malicious Emails With KnowBe4's PhishER Plus

Rip malicious emails out of your users' mailbox with KnowBe4's PhishER Plus! It's time to supercharge your phishing defenses using these two powerful features:

1) Automatically block malicious emails that your filters miss
2) Rip malicious emails from inboxes before your users click on them

With PhishER Plus, you can:

  • NEW! Detect and respond to threats faster with real-time web reputation intelligence with PhishER Plus Threat Intel, powered by Webroot!
  • Use crowdsourced intelligence from more than 13 million users to block known threats before you're even aware of them
  • Automatically isolate and "rip" malicious emails from your users' inboxes that have bypassed mail filters
  • Simplify your workflow by analyzing links and attachments from a single console with the CrowdStrike Falcon Sandbox integration
  • Automate message prioritization by rules you set and cut through your incident response inbox noise to respond to the most dangerous threats quickly

Join us for a live 30-minute demo of PhishER Plus, the #1 Leader in the G2 Grid Report for SOAR Software, to see it in action.

Date/Time: TOMORROW, Wednesday, October 16, @ 2:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/phisher-demo-1?partnerref=CHN2

Hurricane Deepfakes Flood Social Media

As the recent hurricane Helene caused major damage and as hurricane Milton has left a path of destruction across Florida, deepfakes are spreading misinformation on social media.

Platforms such as Instagram, Facebook and X are flooded with manipulated images, confusing users and distorting the reality.

According to Forbes, one of the most viral images — a young girl stranded in floodwaters clutching a drenched puppy — has garnered over a million views on X alone.

Kevin Guo, CEO of the content moderation platform Hive, confirmed the image was AI-generated and is being used to sow misinformation about the federal government's response to the hurricane.

Other false images include a man wading through water with a dog, law enforcement officers engaged in relief efforts, and even a doctored photo of Donald Trump in a life jacket navigating muddy waters. While these AI-generated images may seem harmless at first glance, they pose a threat you all understand. Numerous scams are possible with this type of social engineering.

The crooks are impersonating FEMA and other disaster relief organizations in order to trick people into sending money or handing over personal information. Cybercriminals always attempt to exploit natural disasters with social engineering attacks, and similar scams should be expected in the aftermath of Hurricane Milton.

One particularly cruel scam is directly targeting victims of hurricanes who are seeking financial assistance. "One of the first major threats we observed is FEMA claim scamming, where cybercriminals pose as legitimate FEMA assistance providers to steal personal information and funds," researchers at Veriti say.

"A VIP member on a hackers forum, under the alias 'brokedegenerate,' recently posted about a new scam targeting Florida residents affected by the hurricane. On the forum, the scammer shares tactics for creating fake FEMA assistance claims, with detailed instructions on how to deceive victims and siphon off funds intended for disaster relief.

"This kind of scam is particularly dangerous, as victims are already in a vulnerable position due to the natural disaster." The researchers have also observed a surge in hurricane-related phishing domains, such as "hurricane-helene-relief[.]com."

"By using hurricane-related terms and associating themselves with disaster relief, these domains aim to create a sense of urgency, making it more likely that victims will fall for the phishing schemes," the researchers write.

"Attackers will likely send phishing emails directing recipients to these websites, claiming to offer relief services or grant applications. Once victims input their personal details, the attackers can use or sell the data for financial gain."

During times of crisis, it's crucial to verify the information you encounter online. Sharing false or misleading images can divert attention away from real needs. As AI technology continues to advance, so does its potential to mislead, and staying vigilant in the face of these tactics is more important than ever. Stay alert and think twice before sharing content during any kind of disaster.

Blog post with links:
https://blog.knowbe4.com/hurricane-deepfakes-flood-social-media

The Outstanding ROI of KnowBe4's PhishER Plus Platform

91% of cyber attacks start with a spear-phishing attack, and phishing is responsible for two-thirds of ransomware infections. If your organization is combating phishing threats with manual workflows, you're dramatically increasing the risk that phishing presents to your organization.

You need to arm your IT and InfoSec teams with the tools to accurately and quickly mitigate phishing threats before they strike. But creating a compelling business case for your CFO and leadership is the critical first step.

This guide is designed to help you articulate the value of PhishER Plus, KnowBe4's Security Orchestration, Automation and Response (SOAR) platform, to your CFO and leadership. It provides concrete examples of the return on investment that KnowBe4 customers have realized, empowering you to present a strong business case for the investment.

Download this return on investment guide for insights into:

  • The ongoing problem of overcoming the phishing tsunami for organizations of all sizes
  • The risk and cost of combating phishing threats with manual workflows
  • The cost savings and risk reduction realized through using PhishER Plus

Download Now:
https://info.knowbe4.com/en-us/wp-outstanding-roi-phisher-plus-platform-chn

Attackers Abuse URL Rewriting to Evade Security Filters

Attackers continue to exploit URL rewriting to hide their phishing links from email security filters, according to researchers at Abnormal Security.

URL rewriting is a security technique used by many email security platforms to analyze links in emails to verify their safety before users are allowed to click on them. However, this technique can also be abused to mask the original phishing link.

"In the first step of the attack, the threat actor compromises an email account belonging to a customer of an email security solution that leverages URL rewriting (not the target of the actual email attack presented hereafter)," the researchers write.

"The threat actor then sends an email to that same compromised account containing a novel URL, which will get rewritten rather than blocked. When the threat actor has that rewritten URL, a new email is sent from the compromised account to the threat actor's next victims containing that rewritten URL."

This new email impersonates a Microsoft security alert informing the user that a malicious link was blocked. The email contains a link to view details about the alert.

"Because this message originates from a legitimate account, passes email authentication, and contains a novel, rewritten URL from a legitimate security control, the victim's secure email gateway (SEG) delivers the message and rewrites the already-rewritten URL," Abnormal says.

If the user clicks the link, they'll be sent to a site that attempts to trick them into installing an OAuth app that gives the attacker access to their Microsoft 365 account.

"The user is redirected to another site and must solve a CAPTCHA. After this, they are prompted to allow the installation of an OAuth application," the researchers write. "This grants the attacker permission to access their M365 account. Instead of a traditional phishing attack, the user unknowingly installs an add-on that gives the attacker ongoing access to the account, even if the user changes their password. The only way to stop this access is by removing the add-on from the account."

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Blog post with links:
https://blog.knowbe4.com/attackers-abuse-url-rewriting

KnowBe4 is the #1 SAT Platform on G2 for over 5 years!

Have you ever wanted to peek behind the curtain of Security Awareness Training (SAT) platforms and see which one truly stands out? Well, you don't need to wonder anymore. The G2 Grid Report has done all the heavy lifting for you, making it easy to make an informed decision.

The G2 Grid Report ranks according to the people who use the products daily. We're talking genuine feedback, satisfaction ratings and how big of an impact they're making in the market.

In a league of our own, KnowBe4 scored in the 90s, the only vendor to do this. 98% of users gave us 4 or 5 stars and 93% would recommend us to others. Trust isn't just won; it's earned, and we take that to heart.

You'll get access to:

  • A line up of SAT vendors stacked and rated based on customer reviews
  • Profiles of each vendor highlighting strengths, industries and organization size
  • User-driven scores for ease of use, support quality and more, to help you pick the best platform

Ready to get your hands on this goldmine of information? Download your complimentary report and see why KnowBe4 has been ranked the #1 SAT vendor for the 21st consecutive quarter and has more customers than all SAT vendors combined.

Download Now:
https://info.knowbe4.com/g2-grid-report-for-security-awareness-training-chn

Free Phishing Platform Has Created More than 140,000 Spoofed Websites

A free phishing-as-a-service (PhaaS) platform named Sniper Dz has assisted in the creation of more than 140,000 phishing sites over the past year, according to researchers at Palo Alto Networks. The service allows unskilled criminals to spin up sophisticated phishing sites that steal credentials or deliver malware.

"For prospective phishers, Sniper Dz offers an online admin panel with a catalog of phishing pages." Phishers can either host these phishing pages on Sniper Dz-owned infrastructure or download Sniper Dz phishing templates to host on their own servers.

Surprisingly, Sniper Dz PhaaS offers these services free of charge to phishers — perhaps because Sniper Dz also collects victim credentials stolen by phishers who use the platform to compensate for the cost of service. The kit's developers have taken measures to hide the phishing sites from security providers, so the sites stay up longer before being flagged as malicious.

"Sniper Dz uses a unique approach of hiding phishing content behind a public proxy server to launch live phishing attacks," the researchers write. "The criminals behind this platform auto-setup the proxy server to load phishing content that is hosted on their server. We believe this approach could be useful in protecting their infrastructure from detection."

The threat actors also abuse legitimate services to host the sites, which increases the likelihood that the phishing links will bypass security filters.

"Criminals using Sniper Dz often abuse legitimate software-as-a-service (SaaS) platforms to host phishing websites," the researchers write. "When establishing their infrastructure, these phishers include popular brand names, trends, and even sensitive topics as keywords to lure victims into opening and using their phishing pages

"After stealing credentials from a victim, this infrastructure can redirect the victim to malicious advertisements including distribution of potentially unwanted applications or programs (PUA or PUP) like rogue browser installers."

Blog post with links:
https://blog.knowbe4.com/free-phishing-platform-created-140000-spoofed-websites


Let's stay safe out there.

Warm regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: KnowBe4 Reinforces Market Leadership Streak in G2 Fall 2024 Report, Topping Both Security Awareness Training and SOAR Categories:
https://www.prnewswire.com/news-releases/knowbe4-reinforces-market-leadership-streak-in-g2-fall-2024-report-topping-both-security-awareness-training-and-soar-categories-302268345.html

PPS: [NEW] 10 Cybersecurity Pros to Follow on LinkedIn (I'm one :-D ):
https://www.spiceworks.com/tech/it-careers-skills/articles/10-cybersecurity-pros-to-follow-on-linkedin/

Quotes of the Week  
"Never give up on what you really want to do. The person with big dreams is more powerful than one with all the facts."
- H. Jackson Brown Jr., American author (1940 - 2021)

"Nothing in this world can take the place of persistence. Talent will not: nothing is more common than unsuccessful men with talent. Genius will not; unrewarded genius is almost a proverb. Education will not: the world is full of educated derelicts. Persistence and determination alone are omnipotent."
- Calvin Coolidge, American President (1872 - 1933)

Thanks for reading CyberheistNews

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-14-42-heads-up-majority-of-us-execs-now-rank-cyber-threats-as-number-one-risk

Security News

Spear Phishing and Ransomware Surge in the Healthcare Sector

Spear phishing is the most common initial access vector for attackers targeting organizations in the healthcare and social assistance (HSA) sector, according to researchers at ReliaQuest. Spear phishing was involved in nearly two-thirds of incidents in this sector over the past year.

"Attackers targeting the HSA sector primarily use spear phishing with links and attachments," the researchers write. "Nearly 30% of incidents across all sectors began with spear phishing, with the HSA sector disproportionately accounting for 13% of these attacks.

"HSA organizations are prime targets for spear phishing due to the fast-paced environment in hospitals and medical establishments." The researchers note that social engineering attacks are effective against this sector due to a lack of security training.

"The HSA sector is particularly vulnerable to phishing and social engineering attacks due to a lack of cybersecurity training, especially in publicly funded and understaffed organizations," ReliaQuest says. "This vulnerability is exacerbated during peak periods, such as the COVID-19 pandemic, when overworked teams may unintentionally neglect cybersecurity protocols.

"We expect an increase in AI-generated phishing emails and voice/video attacks. To counter these threats, HSA organizations should implement robust verification processes, establish clear cybersecurity policies, and deploy advanced email filtering solutions."

The researchers also warn that the HSA sector saw a 40% increase in ransomware attacks over the past year. "Historically, many Ransomware-as-a-Service (RaaS) groups have prohibited attacks on medical institutions, enforced both by explicit regulations and collective disapproval from the wider cybercriminal community," ReliaQuest explains.

"However, this restriction appears to be weakening: ReliaQuest observed 442 HSA organizations listed on ransomware data-leak websites during the reporting period. A 40% increase from the 315 organizations named in the previous 12 months. This surge is likely explained by the emergence of new RaaS groups that disregard past conventions and are unwilling to withhold attacks against a sector seen as more likely to pay ransoms.

"The HSA sector is widely perceived as more likely to pay ransoms to quickly restore operations and ensure continuity of critical patient care."

KnowBe4 empowers your workforce to make smarter security decisions every day.

ReliaQuest has the story:
https://www.reliaquest.com/blog/threats-health-care-social-assistance-landscape/

Trinity Ransomware Targets the Healthcare Sector

The Trinity ransomware gang is launching double-extortion attacks against organizations in the healthcare sector, according to an advisory from the U.S. Department of Health and Human Services (HHS). The ransomware gains initial access via phishing emails or software vulnerabilities.

"Trinity ransomware was first seen around May 2024," the advisory says. "It is a type of malicious software that infiltrates systems through several attack vectors, including phishing emails, malicious websites, and exploitation of software vulnerabilities.

"Upon installation, Trinity ransomware begins gathering system details such as the number of processors, available threads, and connected drives to optimize its multi-threaded encryption operations. Next, Trinity ransomware will attempt to escalate its privileges by impersonating the token of a legitimate process.

"This allows it to evade security protocols and protections. Additionally, Trinity ransomware performs network scanning and lateral movement, indicating its ability to spread and carry out attacks across multiple systems in a targeted network."

Like many other organized ransomware groups, Trinity steals a copy of the victim's data before encrypting it, in order to increase pressure on the victim to pay the ransom.

"Trinity ransomware employs a double extortion strategy," HHS explains. "This involves exfiltrating sensitive data from victims before encrypting it, and then threatening to publish the data if the ransom is not paid. This is a tactic increasingly seen across newer ransomware strains targeting critical industries, particularly healthcare.

"There has been a total of seven Trinity ransomware victims identified to date. Of these, two victims have been identified as healthcare providers, one based in the United Kingdom, and the other a United States-based gastroenterology services provider, where Trinity claims to have access to 330 GB of the organization's data."

New-school security awareness training can give your organization an essential layer of defense against ransomware attacks.

The HHS has the story:
https://www.hhs.gov/sites/default/files/trinity-ransomware-threat-actor-profile.pdf

What KnowBe4 Customers Say

"Hi Stu, yes, we are happy with the KnowBe4 platform. It's easy to use and a perfect way to keep our colleagues aware of all the possible cybersecurity threats."

- W.J., Software Developer


(Unsolicited) "Mr. Sjouwerman, I would like to personally thank you for sharing one of your brightest stars with our company Erika B. She is one of the many reasons we have continued to renew our subscription with KnowBe4. It is of no surprise to us that she is excelling within your company, and I have great hopes that her progress will continue to flourish over the coming years.

Erika became an indispensable and integrated Training Advisor for our company. She dedicated hours to ensure that we understood the Knowbe4 product and that we received the most out of the training resources that KnowBe4 has to offer. She created a custom report for us to track training progress, which I use to brief my CEO/CFO monthly, as they have both expressed their pleasure in the report's detail and layout.

We will miss her as our Customer Success Manager, but we believe she will continue to bring value to KnowBe4, as her love for what she does exemplifies her passion for self-development and personal growth."

- M.V., Manager Information Technology

The 10 Interesting News Items This Week
  1. Russia Pays Criminals to Sow 'Mayhem' In Europe, Warns U.K. Spy Chief:
    https://www.wsj.com/world/europe/russia-pays-criminals-to-sow-mayhem-in-europe-warns-u-k-spy-chief-21ab960c?

  2. FBI Creates Fake Cryptocurrency to Expose Widespread Crypto Market Manipulation:
    https://thehackernews.com/2024/10/fbi-creates-fake-cryptocurrency-to.html

  3. WSJ: U.S. Wiretap Systems Targeted in China-Linked Hack:
    https://www.wsj.com/tech/cybersecurity/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b?

  4. North Korean threat actors target job seekers with social engineering attacks:
    https://unit42.paloaltonetworks.com/north-korean-threat-actors-lure-tech-job-seekers-as-fake-recruiters/

  5. Grim Cyber Prognosis Requires Security Booster:
    https://www.darkreading.com/threat-intelligence/healthcare-cyber-prognosis-security-booster

  6. New Mamba 2FA bypass service targets Microsoft 365 accounts:
    https://www.bleepingcomputer.com/news/security/new-mamba-2fa-bypass-service-targets-microsoft-365-accounts/

  7. FEMA Scrambles to Confront Two Storms—and Misinformation:
    https://www.wsj.com/politics/fema-hurricane-misinformation-38e88386

  8. Microsoft disrupts spearphishing infrastructure belonging to Russia's FSB:
    https://blogs.microsoft.com/on-the-issues/2024/10/03/protecting-democratic-institutions-from-cyber-threats/

  9. FINRA Warns Of Phishing Email Scam Impersonating Regulators:
    https://www.wealthmanagement.com/regulation-compliance/finra-warns-phishing-email-scam-impersonating-regulators

  10. The Netherlands blames state-sponsored actor for police network breach:
    https://www.bleepingcomputer.com/news/security/dutch-police-state-actor-likely-behind-recent-data-breach/

Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

Topics: Cybercrime, KnowBe4



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews