CyberheistNews Vol 14 #50 Cruel Year-End Twist: When Fake Firing Is A Real Phishing Attack

Cruel Year-End Twist: When Fake Firing Is A Real Phishing Attack

Cybercriminals are constantly evolving their tactics to exploit our vulnerabilities. A recent phishing campaign has taken this to a new low, preying on people's fear of job loss to trick them into compromising their own security.

Imagine opening your email to find an official-looking message stating you've been fired. Your heart races, your palms sweat, and in a panic, you click on the link provided for more information. Unfortunately, this seemingly devastating news is just the beginning of your troubles.

This scam, recently uncovered by cybersecurity experts, was disguised as a legal notice from the UK Employment Tribunal. The email appears authentic, complete with official logos and case numbers, urging immediate action to avoid "serious legal consequences."

However, clicking the "Download Document Now" button doesn't lead to any tribunal documents. Instead, it opens a fake Microsoft webpage designed to infect Windows devices with malware.

This malicious software can steal sensitive information, including banking credentials, potentially causing far more damage than a job loss.

This can happen worldwide. Warn your users to protect themselves in the office and at home, and follow these five rules:

1. Always verify unexpected emails, especially those concerning employment, directly with your HR department or manager
2. Be wary of urgent requests for action, particularly those involving downloads or links
3. Check the sender's email address carefully for any inconsistencies
4. Use up-to-date antivirus software and keep your operating system patched
5. When in doubt, don't click. Reach out to the supposed sender through a known, trusted channel

Remember, legitimate organizations rarely ask you to download sensitive documents through email links. Stay vigilant, think before you click and don't let fear cloud your judgment.

Blog post with link:
https://blog.knowbe4.com/fake-firing-leads-to-real-hacking

[Live Demo] Your AI-Powered Defense Against AI-Driven Threats

70-90% of cyberattacks involve some form of social engineering, making it the biggest threat for organizations just like yours.

The rise of AI-powered attacks has made the problem of social engineering more complex and widespread. Generic security awareness training (SAT) is no longer effective in your complex work environment. Your organization may struggle to deliver content that changes user behavior and resonates.

Join Stuart Clark, KnowBe4's Vice President of Product Strategy, for an in-depth look at AIDA — Artificial Intelligence Defense Agents. Stuart will show you how the suite of agents up-levels your approach to human risk management.

With AIDA you can:

• Ensure your SAT is consistent with your organization's broader security initiatives by aligning with the NIST Phish Scale Framework
• Dramatically free up your security team's time by reducing how long it takes your admins to create remedial training
• Improve relationships between your security team and other departments by ensuring users are aligned with security objectives
• Ensure flexibility in your security budget to invest in other key initiatives by actively managing human risk
• Maximize the value of your existing security tech stack with AIDA's seamless integrations

See how AIDA significantly reduces human risk, streamlines security operations and helps you create a strong security culture!

Date/Time: TOMORROW, Wednesday, December 11 @ 2:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/aida-live-demo?partnerref=CHN

Phishing Attacks Impersonating Big Brands Start to Zero in on Just One Brand

The latest data on brand phishing trends shows one brand dominating quarter over quarter, but also continuing to take on a larger share of the brand impersonation.

Take a guess which brand tops the list as the most impersonated in phishing attacks? If you guessed Microsoft, you'd be right. You'd also have been right last quarter, and the quarter before that — according to Check Point Research.

But what is fascinating about this is how the share of brand impersonation in phishing attacks is just running towards Microsoft:

In Q4 of 2023, Microsoft branding was used in 33% of phishing that used impersonation. In Q1 of 2024, it was 38%. In Q2 of 2024, it was 57%. And now in Q3 of 2024, it's 61%.

It only makes sense — Microsoft 365 is the largest digital workspace, the credentials to such a platform would give threat actors access to other corporate resources, and users seem to continue to fall for attacks intent on stealing their credentials.

Also noteworthy is Apple's rise from just bouncing around the top four spots to holding second place two quarters in a row, as well as the entrance of Alibaba to the top 10 list.

These quarterly reports make it clear that cybercriminals are going to continue to leverage global brands as a means of gaining the trust of their recipient victims, and to steal their credentials, infect their computers and take their money.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Blog post with links:
https://blog.knowbe4.com/phishing-attacks-impersonating-big-brands-starts-to-zero-in-on-just-one-brand

Rip, Flip, and Revolutionize Your Phishing Defenses with PhishER Plus

Human error contributes to 68% of data breaches, according to Verizon's 2024 Data Breach Investigations Report.

It's time to turn that statistic on its head and transform your users from vulnerabilities to cybersecurity assets.

In this demo, PhishER Plus can help you:

• Slash incident response times by 90%+ by automating message prioritization
• Customize workflows and machine learning to your protocols
• Use crowdsourced intelligence from more than 13 million users to block known threats
• Conducts real-world phishing simulations that keep security top-of-mind for users

Join us for a live 30-minute demo of PhishER Plus, the #1 Leader in the G2 Grid Report for SOAR Software, to see it in action.

Date/Time: Wednesday, December 18, @ 2:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/phisher-demo-3?partnerref=CHN

Malicious Google Ads Target Users Seeking Solutions to Printer Problems

Scammers are abusing Google ads to target users searching for help with printer problems, according to researchers at Malwarebytes.

The malicious ads claim to offer tech support for installing drivers used by HP and Canon printers.

"After clicking on a malicious ad, the website instructs you to enter your printer's model number in order to download the required driver, which it proceeds to 'install,'" the researchers write.

"This is entirely fake, and the only thing the website displays is a recorded animation that will always end up with the same error message."

After the phony download animation, the site will display a message telling the user that a fatal error has occurred during installation, cautioning them that further installation attempts may damage the printer and void their warranty. The message contains a link to start a live chat with tech support, which will place the user in a call with the scammer.

The researchers note that frustrated users dealing with printer issues are more likely to disregard red flags while looking for a solution.

"There are many people that fall for these types of scams and entire armies of tech support agents working in poor conditions ready to defraud them," Malwarebytes says. "The script is usually standard across scams, with the support agent impersonating a popular brand and requesting personal information from the victim.

"It is quite common for scammers to request and be granted remote access to the user's computer. This gives them leverage to do a number of things, such as stealing data, locking the machine, or even using it to log into the victim's bank account."

Since printers are often used in corporate environments, these scams can also offer attackers an entry point into your org's network.

Blog post with links:
https://blog.knowbe4.com/malicious-google-ads-target-users-seeking-solutions-to-printer-problems

[NEW WHITEPAPER] How Real-Time Security Coaching Mitigates Spear Phishing, Malware and Ransomware

Spear phishing, malware and ransomware are some of the most pervasive and costly cyber threats your organization faces. Traditional security tools, such as endpoint protection and email security, are essential to stopping these attacks, but they don't address the "human element" of these attacks.

A more innovative, proactive approach is required. One that provides real-time guidance to employees to mitigate an attack before it succeeds while also providing training at the moment of risky behavior. This is why real-time security coaching has emerged as a powerful two-pronged mitigation strategy to stop these attacks.

Read this whitepaper to understand:

• An overview of the spear phishing, malware and ransomware threat landscape
• How real-time security coaching can be used to mitigate these threats via real-time notifications and alerts
• How it reinforces security awareness training to mitigate these attacks moving forward

Download Now:
https://info.knowbe4.com/whitepaper/how-real-time-security-coaching-mitigates-spear-phishing-malware-and-ransomware-chn

Let's stay safe out there.

Warm regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: [REALLY, CHECK THIS OUT] Your KnowBe4 Fresh Content Updates from November 2024:
https://blog.knowbe4.com/knowbe4-content-updates-november-2024

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-14-50-cruel-year-end-twist-when-fake-firing-is-a-real-phishing-attack

New Spear Phishing Campaign Targets Individuals and Entities in Japan

Researchers at Trend Micro warn that the China-aligned threat actor Earth Kasha has launched a new spear phishing campaign targeting individuals and organizations in Japan.

"Specific targets include individuals affiliated with political organizations, research institutions, think tanks, and organizations related to international relations," the researchers write. "In 2023, Earth Kasha primarily attempted to exploit vulnerabilities against edge devices for intrusion but this new campaign reveals that they have once again changed their TTPs.

"This shift appears to be driven by a target change, moving from enterprises to individuals. Additionally, an analysis of the victim profiles and the names of the distributed lure files suggests that the adversaries are particularly interested in topics related to Japan's national security and international relations."

The spear phishing emails are written in Japanese and contain a link to a OneDrive folder that encourages recipients to download a ZIP file. The file purports to be a document related to an interview request or a report on geopolitical matters. The documents contain malicious macros which, if enabled, will install malware on the user's device.

Trend Micro concludes, "Earth Kasha's campaigns are expected to continue evolving, with updates to their tools and TTPs. Many of the targets are individuals, such as researchers, who may have different levels of security measures in place compared to enterprise organizations, making these attacks more difficult to detect.

"It is essential to maintain basic countermeasures, such as avoiding opening files attached to suspicious emails. Additionally, it is important to gather threat intelligence and ensure that relevant parties are informed. As this campaign is believed to be ongoing as of October 2024, continued vigilance is necessary."

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Trend Micro has the story:
https://www.trendmicro.com/en_us/research/24/k/return-of-anel-in-the-recent-earth-kasha-spearphishing-campaign.html

FBI Warns of Cybercriminals Using GenAI to Launch Phishing Attacks

The U.S. Federal Bureau of Investigation (FBI) warns that threat actors are increasingly using generative AI to increase the persuasiveness of social engineering attacks.

Criminals are using these tools to generate convincing text, images and voice audio to impersonate individuals and companies.

"Generative AI reduces the time and effort criminals must expend to deceive their targets," the FBI says. "Generative AI takes what it has learned from examples input by a user and synthesizes something entirely new based on that information.

"These tools assist with content creation and can correct for human errors that might otherwise serve as warning signs of fraud. The creation or distribution of synthetic content is not inherently illegal; however, synthetic content can be used to facilitate crimes, such as fraud and extortion."

The FBI offers the following advice to help users avoid falling for these attacks:

• Create a secret word or phrase with your family to verify their identity
• Look for subtle imperfections in images and videos, such as distorted hands or feet, unrealistic teeth or eyes, indistinct or irregular faces, unrealistic accessories such as glasses or jewelry, inaccurate shadows, watermarks, lag time, voice matching, and unrealistic movements
• Listen closely to the tone and word choice to distinguish between a legitimate phone call from a loved one and an AI-generated vocal cloning
• If possible, limit online content of your image or voice, make social media accounts private, and limit followers to people you know to minimize fraudsters' capabilities to use generative AI software to create fraudulent identities for social engineering
• Verify the identity of the person calling you by hanging up the phone, researching the contact of the bank or organization purporting to call you, and call the phone number directly
• Never share sensitive information with people you have met only online or over the phone
• Do not send money, gift cards, cryptocurrency, or other assets to people you do not know or have met only online or over the phone"

The FBI has the story:
https://www.ic3.gov/PSA/2024/PSA241203

What KnowBe4 Customers Say

"I very rarely enjoy working with account and/or sales people, but you and Aaliyah have been a pleasure to work with. Please pass this on to whoever you report to so that they know that working with you and Aaliyah has not only resulted in a customer, but has also resulted in me advertising y'all to my peers in other companies."

- Name withheld on request.

"Good morning Stu, I wanted to pass along my greatest of thanks to Ayla H. in helping us to correct our PhishER system. We had been having a few problems that we could not figure out and she went in and immediately saw the problem and not only did she fix them, but she also gave us some supplemental training on a few things that have made our life much easier.

You see, we are a small SOC and only have 3 people, serving 6 marine cargo terminals and about 1500 people. Using KnowBe4's systems has made things much easier for us to manage and accomplish greater things.

Ayla helped us last week and checked in with us this week, and there has been a significant change in how things are working. And that is all due to her assistance to us. So, I would just like to say that she did an exceptional job and is very easy to work with and kudos to her!"

- P.R., Information Security Manager

1. Ransomware attacks have cost the manufacturing sector $17 billion in downtime since 2018:
   https://www.infosecurity-magazine.com/news/ransomware-manufacturing-dollar17b/
   
   
2. Salt Typhoon breached at least eight [!] U.S. telecoms:
   https://www.cisa.gov/resources-tools/resources/enhanced-visibility-and-hardening-guidance-communications-infrastructure
   
   
3. The Case for and Against Creating a Military Cyber Force:
   https://www.wsj.com/tech/cybersecurity/creating-military-cyber-force-75844bf5?st=jQpmVs
   
   
4. INTERPOL financial crime operation makes record 5,500 arrests, seizures worth over USD 400 million:
   https://www.interpol.int/en/News-and-Events/News/2024/INTERPOL-financial-crime-operation-makes-record-5-500-arrests-seizures-worth-over-USD-400-million
   
   
5. Cyberattack and Financial Troubles Force Stoli's U.S. Arm to File for Bankruptcy:
   https://www.wsj.com/articles/cyberattack-and-financial-troubles-force-stolis-u-s-arm-to-file-for-bankruptcy-230f32f8?
   
   
6. Why Phishers Love New TLDs Like .shop, .top and .xyz:
   https://krebsonsecurity.com/2024/12/why-phishers-love-new-tlds-like-shop-top-and-xyz/
   
   
7. Rockstar phishing kit targets Microsoft 365 users:
   https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/rockstar-2fa-a-driving-force-in-phishing-as-a-service-paas/
   
   
8. UK disrupts money laundering networks used by ransomware:
   https://www.bleepingcomputer.com/news/security/uk-disrupts-russian-money-laundering-networks-used-by-ransomware/
   
   
9. Years after the fact, Russia sentences Hydra Market founder to life in prison:
   https://www.bleepingcomputer.com/news/security/russia-sentences-hydra-dark-web-market-leader-to-life-in-prison/
   
   
10. Law enforcement seizes MATRIX criminal messaging app:
    https://www.bleepingcomputer.com/news/security/police-seize-matrix-encrypted-chat-service-after-spying-on-criminals/
    
    

• Virtual Vaca #1: My Trip to Ontario, Canada | Toronto, Niagara Falls & Muskoka:
  https://youtu.be/ErcBh5Tl06A
  
  
• Virtual Vaca #2: Around Skagway & Haines, Alaska, USA [Amazing Places 4K]:
  https://youtu.be/ta9E8NzwQGc?feature=shared
  
  
• Need some space? Spectacular 4K HDR Video ULTRA HD Dolby Vision 4K:
  https://youtu.be/2w1wdMDT1aQ
  
  
• Get ready to relive the thrill and inspiration of 2024 with the Top 100 People Are Awesome videos of the year!
  https://www.flixxy.com/top-100-videos-of-2024-celebrating-the-year-of-awesomeness.htm?utm_source=4
  
  
• A fresh look inside the now fully restored gorgeous Notre Dame cathedral:
  https://youtu.be/uJ0f_HzODfM
  
  
• Timeless Wonder: An AI Steampunk Masterpiece. Human motion and faces are getting better but not yet perfect:
  https://www.flixxy.com/timeless-wonder-an-ai-steampunk-masterpiece.htm?utm_source=4
  
  
• This Slinky Can Walk Forever!
  https://youtu.be/KIlYZivq_H4
  
  
• LockPickingLawyer Shows An Unusual Mechanism: The Wellington 5-Lever: 4:01
  https://youtu.be/Rq4kS1XNOmw
  
  
• The Largest Vehicles On The Planet: 15:43
  https://youtu.be/MnE8lRzlEHM
  
  
• Our 5 Favorite Intense Raw POV Videos: 8:25
  https://youtu.be/PstCRJlUDBU?feature=shared
  
  
• Unboxing A $4000 Chinese Range Rover - Comparison to the real thing:
  https://youtu.be/D2zpm6dPuW8?feature=shared
  
  
• America Has Finally Built a Beautiful Airport:
  https://youtu.be/MRAkjoUdN_I
  
  
• Who needs reindeer when you've got jet propulsion? Dashing through the snow has never been this fast-or this fun!
  https://www.flixxy.com/dashing-through-the-snow-with-santas-rocket-sleigh.htm?utm_source=4
  
  
• [CLASSIC #1] Penn & Teller: Fool Us - Wizard - Season 6 Episode 7 (2019):
  https://youtu.be/eJ7G-9IRKUI
  
  
• [CLASSIC #2] Penn & Teller: Fool Us - Honor - Season 6 Episode 8 (2019):
  https://youtu.be/mIuSHKou-eg?feature=shared
  
  
• For Da Kids #1 - He started feeding a wild fox, then one day she brought him something back:
  https://youtu.be/OP80sGpnpqo
  
  
• For Da Kids #2 - African Cheetah Versus Meerkats | Big Cat Gets Small Animal to Groom Him & Then Purrs:
  https://youtu.be/PfwBOCxEst8
  
  
• For Da Kids #3 - Dog Interrupts Window Cleaner's Shift To Show Him His Favorite Toy:
  https://youtu.be/-ZzjDXc-pl8
  
  
• For Da Kids #4 - Baby Rhinos Show Off Zoomies & Give Kisses To Lady Raising Them:
  https://youtu.be/FGwBsqWgktg
  
  
• For Da Kids #5 - Cow And Dog Play Ball Together Like Toddlers:
  https://youtu.be/g5kGvh0h-0Y