Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    CyberheistNews Vol 14 #52 [Heads Up] Bad Actors Use Voice Phishing in Microsoft Teams To Spread Malware

    Cyberheist News
    CyberheistNews Vol 14 #52  |   December 24th, 2024

    [Heads Up] Bad Actors Use Voice Phishing in Microsoft Teams To Spread MalwareStu Sjouwerman SACP

    Threat actors are using voice phishing (vishing) attacks via Microsoft Teams in an attempt to trick victims into installing the DarkGate malware, according to researchers at Trend Micro.

    "The attacker used social engineering to manipulate the victim to gain access and control over a computer system," Trend Micro says.

    "The victim reported that she first received several thousand emails, after which she received a call via Microsoft Teams from a caller claiming to be an employee of an external supplier. During the call, the victim was instructed to download Microsoft Remote Support application. However, the installation via the Microsoft Store failed.

    "The attacker then instructed the victim to download AnyDesk via browser and manipulate the user to enter her credentials to AnyDesk."

    Fortunately, this particular attack was thwarted before the attacker caused any damage. However, Trend Micro notes that similar attacks have led to ransomware deployment.

    "DarkGate is primarily distributed through phishing emails, malvertising, and SEO poisoning. However, in this case, the attacker leveraged voice phishing (vishing) to lure the victim," the researchers write. "The vishing technique has also been documented by Microsoft, in a case where the attacker utilized QuickAssist to gain access to its target to distribute ransomware."

    The researchers add that security awareness training can help employees thwart social engineering attacks, preventing attackers from gaining access in the first place.

    "Provide employee training to raise awareness about social engineering tactics, phishing attempts, and the dangers of unsolicited support calls or pop-ups," Trend Micro says. "Well-informed employees are less likely to fall victim to social engineering attacks, strengthening the organization's overall security posture."

    KnowBe4 empowers your workforce to make smarter security decisions every day.

    Blog post with links:
    https://blog.knowbe4.com/darkgate-malware-distributed-via-microsoft-teams-voice-phishing

    KnowBe4's HRM+ in Action: Measuring and Managing Human Risk

    Over 68% of breaches are attributed to human error, but less than 3% of security spending is focused on the human layer. So how do you maximize your resources and budget while making a real impact on reducing human risk?

    Join us live to discover how KnowBe4's HRM+, the most comprehensive human risk management platform, can empower you to turn the tables on AI-powered social engineering threats. Learn how you can transform your greatest vulnerability — your workforce — into your strongest line of defense.

    We'll showcase how HRM+ empowers you to:

    • Generate personalized phishing templates and quizzes based on users' risk profiles in mere minutes using AI
    • Deliver adaptive training and simulated social engineering attacks tailored to individual users
    • Detect and respond to cyber threats faster to reduce risk and maximize your limited resources

    Stay ahead of the curve and revolutionize your approach to human risk management by fighting AI with AI.

    Date/Time: Wednesday, January 8, @ 2:00 PM (ET)

    Save My Spot!
    https://info.knowbe4.com/en-us/hrm-live-demo?partnerref=CHN

    No, KnowBe4 Is Not Being Exploited

    Some of our customers are reporting "Threat Alerts" from an email security vendor stating hackers have exploited KnowBe4 or KnowBe4 domains to send email threats. This is being sent to their customers and other non-customers who are members of threat intelligence networks.

    Sometimes, there is an included link and it references KnowBe4 along with another of their competitors. The wording choice of the alert is poor and misleading. What they are referencing is the fact that attackers sometimes send phishing emails claiming to be from KnowBe4, usually hoping the potential victim clicks on the included malicious link.

    The included malicious link (and sending email address) will sometimes include the phrase 'knowbe4.com' somewhere in an attempt to trick the recipient. It's just brand impersonation. It is well understood that not every email is where it claims to be from. In fact, we have built an entire industry around it.

    Blog post with links and example screenshots:
    https://blog.knowbe4.com/no-knowbe4-is-not-being-exploited

    Does Your Domain Have an Evil Twin?

    Since look-alike domains are a dangerous vector for phishing and other social engineering attacks, it's a top priority that you monitor for potentially harmful domains that can spoof your domain.

    Our Domain Doppelgänger tool makes it easy for you to identify your potential "evil domain twins" and combines the search, discovery, reporting and risk indicators, so you can take action now. Better yet, with these results, you can now generate a real-world online assessment test to see what your users are able to recognize as "safe" domains for your organization.

    With Domain Doppelgänger, you can:

    • Search for existing and potential look-alike domains
    • Get a summary report that identifies the highest to lowest risk attack potentials
    • Generate a real-world "domain safety" quiz based on the results for your end users

    Domain Doppelgänger helps you find the threat before it is used against you.

    Find out now!
    https://info.knowbe4.com/domain-doppelganger-chn

    U.S. Justice Department Indicts Fake IT Workers From North Korea

    The U.S. Justice Department revealed indictments against 14 North Korean nationals for their involvement in a long-running scheme designed to pose as remote IT professionals.

    The operation aimed to circumvent international sanctions. It also included allegations of wire fraud, money laundering, and identity theft.

    Unsealed in a St. Louis federal court, the indictment outlines an intricate plot where North Korean operatives leveraged stolen identities and AI-generated credentials to infiltrate U.S.-based companies. The goal: generate funds for the North Korean government.

    The scheme, facilitated by North Korean-controlled entities Yanbian Silverstar in China and Volasys Silverstar in Russia, reportedly earned at least $88 million over a six-year period. Prosecutors said the funds were funneled through financial systems in the U.S. and China to benefit North Korea.

    Beyond collecting salaries, the alleged fake IT workers are accused of stealing sensitive data, including proprietary source code, and using it as leverage to extort companies for additional payments.

    The indictment also details how these operatives were required to meet minimum monthly earnings of $10,000. To evade detection, they employed advanced methods such as deepfake identities, proxy servers, and pseudonymous accounts.

    Blog post with pictures and links:
    https://blog.knowbe4.com/u.s.-justice-department-indictments-fake-it-works-from-north-korea

    KnowBe4 reported on this first on July 23, 2024. See the original blog post, which is this year's Top Viewed post with now well over 200K hits:
    https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us

    Free Resource Kit to Stay Cyber Secure This Holiday Season!

    It's not just you and your organization getting busier during the holiday season. Cybercriminals are also working overtime!

    Upticks in online shopping, holiday travel and other time constraints can make it easier for them to catch users off their guard with relevant schemes. This makes one of the busiest times of year one of the most important times for your employees to stay vigilant against cybersecurity threats.

    That's why we put together this resource kit to help ensure cybercriminals' efforts this season are for nothing!

    Here is what you'll get:

    • New! The Gift of Awareness: Holiday Cybersecurity Essentials training module
    • Two free holiday training modules, available in multiple languages
    • Security documents and digital signage to reinforce the free modules included in the kit to share with your users
    • Newsletters about holiday shopping and travel safety for your users
    • Access to resources for you to help with security planning for the upcoming year

    Download Now:
    https://info.knowbe4.com/free-holiday-resource-kit-chn


    This is the last issue of 2024; we will see you Tuesday January 7th!

    Let's stay safe out there and have a happy holiday.

    Warm regards,

    Stu Sjouwerman, SACP
    Founder and CEO
    KnowBe4, Inc.

    PS: Did you know that PhishER Plus now uses AI for the new PhishML Insights Guide?:
    https://support.knowbe4.com/hc/en-us/articles/35149214884627-PhishML-Insights-Guide

    PPS: KnowBe4 Offers New Secure Coding Training to Combat Surge in Application Security Attacks:
    https://www.prnewswire.com/news-releases/knowbe4-offers-new-secure-coding-training-to-combat-surge-in-application-security-attacks-302334462.html

    Quotes of the Week  
    "Attitude is a little thing that makes a big difference."
    - Winston Churchill - UK Prime Minister (1873 - 1965)
    "The average time to upgrade an application to Java 17 plummeted from what's typically 50 developer-days to just a few hours. We estimate this has saved us the equivalent of 4,500 developer-years of work (yes, that number is crazy but, real).."
    - Andy Jassy, CEO of Amazon, reflects on the transformative impact of AI on productivity. (1963 - )
    Thanks for reading CyberheistNews

    You can read CyberheistNews online at our Blog
    https://blog.knowbe4.com/cyberheistnews-vol-14-52-heads-up-bad-actors-use-voice-phishing-in-microsoft-teams-to-spread-malware

    Security News

    Mobile Phishing Attacks Use New Tactic to Bypass Security Measures

    ESET has published its threat report for the second half of 2024, outlining a new social engineering tactic targeting mobile banking users.

    Threat actors are using Progressive Web Apps (PWAs) and WebAPKs to bypass mobile security measures, since these files don't require users to grant permissions to install apps from unknown sources.

    "The initial phishing messages were delivered through various methods, including SMS, automated voice calls, and social media malvertising," ESET says.

    "Victims received messages or calls suggesting the need to update their mobile banking applications or informing them of potential tax refunds. These messages, sent to presumably random numbers, contained links directing victims to phishing websites mimicking legitimate banking sites.

    "Malvertising on Facebook and Instagram promoted a fake banking app, falsely claiming that the official app was being decommissioned."

    The apps are designed to trick users into entering their banking credentials, and they can also intercept multi-factor authentication codes. "Once installed, the malicious apps ESET researchers analyzed behave like standard mobile banking malware and present fake banking login interfaces, prompting victims to enter their credentials," the researchers write.

    "The stolen credentials, including login details, passwords, and two-factor authentication codes, are then transmitted to the attackers' command and control servers, so that the attackers can gain unauthorized access to victims' accounts."

    The researchers expect to see an increase in this phishing technique over the coming year, so users should be wary of installing apps linked in unsolicited messages.

    "Unlike traditional apps, these malicious PWAs and WebAPKs are essentially phishing websites packaged to look like legitimate applications," ESET says.

    "This means that they do not exhibit the typical behaviors or characteristics associated with malware. Their ability to bypass traditional security warnings of a mobile operating system, and total sidestepping of app store vetting processes is particularly concerning.

    "Therefore, it is anticipated that more sophisticated and varied phishing campaigns utilizing PWAs and WebAPKs will emerge, unless mobile platforms change their approach towards them."

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Blog post with links:
    https://blog.knowbe4.com/mobile-phishing-attacks-use-new-tactic-to-bypass-security-measures

    AI-Powered Investment Scams Surge: How 'Nomani' Steals Money and Data

    Cybersecurity researchers are warning about a new breed of investment scam that combines AI-powered video testimonials, social media malvertising, and phishing tactics to steal money and personal data.

    Known as Nomani — a play on "no money" — this scam grew by over 335% in H2 2024, with more than 100 new URLs detected daily between May and November, according to ESET's H2 2024 Threat Report.

    "The main goal of the fraudsters is to lead victims to phishing websites and forms that harvest their personal information," ESET noted in the report shared with The Hacker News.

    Nomani campaigns rely heavily on fraudulent ads across social media, often impersonating legitimate brands and trusted entities. In some cases, scammers target previous victims, using Europol- and INTERPOL-themed lures promising refunds or assistance in recovering stolen funds.

    The ads come from stolen legitimate profiles, fake business accounts, and micro-influencers with significant follower counts. ESET highlights that "another large group of accounts frequently spreading Nomani ads are newly created profiles with easy-to-forget names, a handful of followers, and very few posts."

    [CONTINUED] At the KnowBe4 blog:
    https://blog.knowbe4.com/ai-powered-investment-scams-surge-how-nomani-steals-money-and-data

    How to Lose a Fortune with Just One Bad Click

    Krebs on Security has posted a new item: "Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to click "yes" to a Google prompt on his mobile device."

    Here is the horror story:
    https://krebsonsecurity.com/2024/12/how-to-lose-a-fortune-with-just-one-bad-click/

    What KnowBe4 Customers Say

    Unsolicited shout out. :-D

    "I just got off the phone with Shaveia B. in tech support and somebody should know she was awesome. That's all."

    - S.R. Sr. Network Engineer

    The 10 Interesting News Items This Week
    1. Credential phishing attacks surged by 703% in the second half of 2024:
      https://www.infosecurity-magazine.com/news/2024-phishing-attacks-double/

    2. U.S. Justice Department indicts 14 North Korean nationals accused of conducting IT worker fraud:
      https://blog.knowbe4.com/u.s.-justice-department-indictments-fake-it-works-from-north-korea

    3. Threat actors stole $2.2 billion worth of cryptocurrency in 2024:
      https://www.chainalysis.com/blog/crypto-hacking-stolen-funds-2025/

    4. CISA issues updated draft of national cyber incident response plan:
      https://www.nextgov.com/cybersecurity/2024/12/cisa-issues-updated-draft-national-cyber-incident-response-plan/401687/

    5. Attackers deploy AI-generated phishing pages:
      https://www.malwarebytes.com/blog/cybercrime/2024/12/ai-generated-malvertising-white-pages-are-fooling-detection-engines

    6. Nearly 800 arrested over Nigerian crypto-romance scam:
      https://www.reuters.com/world/africa/almost-800-arrested-over-nigerian-crypto-romance-scam-2024-12-16/

    7. CISA orders federal agencies to secure Microsoft 365 tenants:
      https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-secure-microsoft-365-tenants/

    8. USPS warns about package tracking 'smishing' text messages: Here's what to know:
      https://www.usatoday.com/story/tech/news/2024/12/17/smishing-phishing-package-scam-usps/77050932007/

    9. ["Badge of Honor"] Moscow lists Recorded Future as 'undesirable' organization:
      https://therecord.media/recorded-future-undesirable-russia-prosecutor-general

    10. Gift card scams are growing more sophisticated:
      https://abnormalsecurity.com/blog/why-gift-card-scams-are-harder-to-spot

    Cyberheist 'Fave' Links
    This Week's Links We Like, Tips, Hints and Fun Stuff

     

    Return To KnowBe4 Security Blog

    Topics: Cybercrime, KnowBe4

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews