CyberheistNews Vol 15 #02 | January 14th, 2025
[HEADS UP] Credential Phishing Increased by 703% in H2 2024
Credential phishing attacks surged by 703% in the second half of 2024, according to a new report by SlashNext. Phishing attacks overall saw a 202% increase during the same period.
"Since June, the number of attacks per 1,000 mailboxes each week has increased linearly," the researchers write.
"Currently, we are capturing close to one advanced attack per mailbox each week. As we reach the 1,000 threshold, this translates to nearly one advanced attack for every single mailbox each month. This steady increase indicates a substantial volume problem that individual efforts cannot handle effectively."
The researchers believe the increase is partially due to the proliferation of phishing kits, which allow criminals to launch sophisticated attacks with little effort.
"Throughout the year, we've shown evidence of attackers having access to unique phishing kits designed to evade detection, automate their processes, and target victims at scale," SlashNext says. "Our data shows that these diverse phishing methods have been consistently employed from the beginning to the end of the year.
"Since our mid-year report, there has been a remarkable 202% increase in the number of phishing messages delivered per 1,000 mailboxes. This trend underscores a significant shift in email security dynamics. We are now operating in what can be described as a 'volume game,' where the sheer number of attacks overwhelms traditional security measures."
The researchers predict that these attacks will continue to increase throughout 2025, as threat actors incorporate AI tools to improve the efficiency of their attacks.
"Looking ahead to 2025, we expect this rapid evolution to accelerate, with AI-generated attacks becoming more sophisticated and harder to detect, while attackers increasingly target messaging platforms beyond email, including business collaboration tools, SMS, and social media," SlashNext says. "The bottom line is phishing isn't an email-only problem anymore; it is a broader messaging security problem that requires a fundamental shift in how orgs approach threat detection and prevention."
[NEW] Stop Advanced Phishing Attacks with KnowBe4 Defend
KnowBe4 Defend takes a new approach to email security by addressing the gaps in M365 and Secure Email Gateways (SEGs). Defend helps you respond to threats quicker, dynamically improve security and stop advanced phishing threats. It reduces admin overhead, enhances detection and engages users to build a stronger security culture.
Blog post with links and an invitation to get your for Defend Demo:
https://blog.knowbe4.com/credential-phishing-increased-by-703-in-h2-2024
AI vs. AI: Transforming Cybersecurity Through Proactive Technologies
Cybercriminals are using AI to outsmart traditional defenses, making the world more dangerous for the rest of us. They're deploying AI-generated deepfake videos to impersonate executives and using AI-powered chatbots to mimic trusted colleagues in sophisticated social engineering attacks.
As an IT professional, you have the power to turn the tables. Now is the time to leverage the power of AI to protect your organization and gain a critical edge in cybersecurity.
Join us for this webinar where James McQuiggan, Security Awareness Advocate at KnowBe4, helps you understand how your organization can harness AI-powered agents for real-time threat detection, predictive analytics and automated training.
You'll learn:
- Jaw-dropping examples of hyper-personalized phishing and shape-shifting malware attacks
- New strategies to deploy AI and autonomous agents as your 24/7 cyber guardians
- How to harness predictive analytics to stay two steps ahead of evolving threats
- About the ethical minefield of AI in cybersecurity and how to navigate it safely
- Practical, actionable steps to leverage AI in your human risk management strategy
Attend this webinar to arm yourself with the knowledge and strategies you need, and earn CPE credit for attending!
Date/Time: Wednesday, January 15, @ 2:00 PM (ET)
Can't attend live? No worries — register now and you will receive a link to view the presentation on-demand afterwards.
Save My Spot!
https://info.knowbe4.com/ai-vs-ai?partnerref=CHN2
[BUDGET AMMO] Cybersecurity Is Now the #1 Business Risk – WSJ Reveals Why
Kim S. Nash, the Deputy Bureau Chief at the Wall Street Journal who owns the cybersecurity beat, wrote in her newsletter today: "Forget trade wars and turnovers in national leadership. Cybersecurity is the business risk to rule them all.
"Cybersecurity ranks first among geopolitical risks, said 60% of 517 risk decision makers in a Harris Poll commissioned by insurer Chubb. We all know how serious cyber threats are. But I was surprised by how much the worry outranked all other geopolitical concerns." Take a look:
- Escalating tensions between major powers—42%
- Resource scarcity and climate change—39%
- Trade wars and protectionism—38%
- Political instability—32%
- Red Sea shipping problems—27%
- War in Ukraine—20%
- Israeli-Palestinian conflict—16%
Wow. Who would ever have thought we would read that in the WSJ...
Link to blog post:
https://blog.knowbe4.com/budget-ammo-dept-wsj-cybersecurity-is-the-king-of-business-worries
Rip, Flip and Revolutionize Your Phishing Defenses with PhishER Plus
Human error contributes to 68% of data breaches, according to Verizon's 2024 Data Breach Investigations Report.
It's time to turn that statistic on its head and transform your users from vulnerabilities to cybersecurity assets.
In this demo, see how PhishER Plus can help you:
- Slash incident response times by 90%+ by automating message prioritization
- Customize workflows and machine learning to your protocols
- Use crowdsourced intelligence from more than 13 million users to block known threats
- Conducts real-world phishing simulations that keep security top-of-mind for users
Join us for a live 30-minute demo of PhishER Plus, the #1 Leader in the G2 Grid Report for SOAR Software, to see it in action.
Date/Time: Wednesday, January 22, @ 2:00 PM (ET)
Save My Spot:
https://info.knowbe4.com/phisher-demo-1?partnerref=CHN
AI-Crafted Spear Phishing Emails Have a 54% Success Rate
A new study has found that AI-assisted spear phishing attacks have significantly improved over the past year, and now fool more than 50% of human targets, Malwarebytes reports.
A team of researchers including security expert Bruce Schneier conducted a study evaluating the success rates of AI-crafted spear phishing emails versus human-made emails, finding that both sets of emails were equally effective at fooling targets. AI-crafted emails with a human touch were the most successful.
"We include four email groups with a combined total of 101 participants: A control group of arbitrary phishing emails, which received a click-through rate (recipient pressed a link in the email) of 12%, emails generated by human experts (54% click-through), fully AI-automated emails 54% (clickthrough), and AI emails utilizing a human-in-the-loop (56% click-through)," the researchers write.
"Thus, the AI-automated attacks performed on par with human experts and 350% better than the control group. The results are a significant improvement from similar studies conducted last year, highlighting the increased deceptive capabilities of AI models."
The discovery that AI-crafted phishing emails are as effective as human-crafted ones is significant, since AI tools allow attackers to create the emails at a much faster rate and with fewer mistakes. The researchers found that an AI-crafted spear phishing message took an average of under three minutes to create, while human-made emails took an average of 34 minutes.
"Thus the human-in-the-loop based AI-automation was about 92% faster than the fully manual process," the researchers write. "The fully AI-automated process (no human-in-the-loop) removes all manual time overhead. It accomplishes the entire process, from data collection to email generation, at a cost of roughly four cents per email."
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Malwarebytes has the story:
https://www.malwarebytes.com/blog/news/2025/01/ai-supported-spear-phishing-fools-more-than-50-of-targets
KnowBe4 is the #1 SAT Platform on G2 for over 5 years!
Have you ever wanted to peek behind the curtain of security awareness training (SAT) platforms and see which one truly stands out? Well, you don't need to wonder anymore. The G2 Grid Report has done all the heavy lifting for you, making it a lot easier for you to make an informed decision.
The G2 Grid Report ranks according to the people who use the products daily. We're talking genuine feedback, satisfaction ratings and how big of an impact they're making in the market.
In a league of our own, KnowBe4 scored in the 90s, the only vendor to do this. 98% of users gave us 4 or 5 stars and 93% would recommend us to others. Trust isn't just won; it's earned, and we take that to heart.
You'll get access to:
- A line up of SAT vendors stacked and rated based on customer reviews
- Profiles of each vendor highlighting strengths, industries and organization size
- User-driven scores for ease of use, support quality and more, to help you pick the best platform
Ready to get your hands on this goldmine of information? Download your complimentary report and see why KnowBe4 has been ranked the #1 SAT vendor for the 22nd consecutive quarter and has more customers than all SAT vendors combined.
Download Now:
https://info.knowbe4.com/g2-grid-report-for-security-awareness-training-chn-edition
Let's stay safe out there.
Warm regards,
Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.
PS: Forbes 2025 Predictions: The Impact Of AI On Cybersecurity (by yours truly):
https://www.forbes.com/councils/forbestechcouncil/2025/01/06/2025-predictions-the-impact-of-ai-on-cybersecurity/
PPS: [NEW WHITEPAPER] Meet AIDA: The KnowBe4 Approach to Human Risk Management:
https://www.knowbe4.com/resources/whitepapers-and-ebooks/meet-aida-knowbe4-human-risk-management
- Not Peter Drucker but Alan Kay - Computer Scientist (1940 - )
- Robbie Sinclair, Head of Security at Country Energy in New South Wales, Australia
You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-15-02-heads-up-credential-phishing-increased-by-703-percent-in-h2-2024
Phishing Campaign Uses Phony Video Game Testing Lures
A phishing campaign is targeting users with phony offers to beta test new video games, according to researchers at Malwarebytes. The phishing messages are sent via Discord, email or text message.
The messages purport to come from a game developer, and include a link to download an archive supposedly containing the game's installer. "The archives are offered for download on various locations like Dropbox, Catbox, and often on the Discord content delivery network (CDN), by using compromised accounts which add extra credibility," Malwarebytes explains.
"What the target will actually download and install is in reality an information stealing Trojan." The campaign is distributing several different strains of malware, all of which can steal users' credentials or financial information.
"There are several variations going around," the researchers state. "Some use NSIS installers, but we have also seen MSI installers. There are also various information stealers being spread through these channels like the Nova Stealer, Ageo Stealer, or the Hexon Stealer.
"The Nova Stealer and the Ageo Stealer are a Malware-as-a-Service (MaaS) stealer where criminals rent out the malware and the infrastructure to other criminals. It specializes in stealing credentials stored in most browsers, session cookie theft for platforms like Discord and Steam, and information theft related to cryptocurrency wallets."
The researchers note that the attackers can use the compromised accounts to launch additional phishing attacks against the victim's contacts.
"One of the main interests for the stealers seem to be Discord credentials which can be used to expand the network of compromised accounts," the researchers write. "This also helps them because some of the stolen information includes friends accounts of the victims. By compromising an increasing number of Discord accounts, criminals can fool other Discord users into believing that their everyday friends and contacts are speaking with them, emotionally manipulating those users into falling for even more scams and malware campaigns."
Malwarebytes has the story:
https://www.malwarebytes.com/blog/news/2025/01/can-you-try-a-game-i-made-fake-game-sites-lead-to-information-stealers
Phishing Campaign Abuses Legitimate Services to Send PayPal Requests
A phishing campaign is abusing Microsoft 365 test domains to send legitimate payment requests from PayPal, according to Fortinet's Chief Information Security Officer (CISO) Dr. Carl Windsor.
Windsor found that the threat actor registered a free MS365 test domain and used it to create a distribution list containing targets' email addresses. The scammer then used this distribution list to send payment requests via PayPal web portal.
"When you click on the link, you are redirected to a PayPal login page showing a request for payment," Windsor writes. "A panicked person may be tempted to log in with their account details, but this would be very dangerous. It links your PayPal account address with the address it was sent to—not where you received it."
If a victim uses this portal to log into their PayPal account, their account will be linked to the scammer's PayPal account. "This money request is then distributed to the targeted victims, and the Microsoft365 SRS (Sender Rewrite Scheme) rewrites the sender to, e.g., onmicrosoft[.]com, which will pass the SPF/DKIM/DMARC check," Windsor explains.
"Once the panicking victim logs in to see what is going on, the scammer's account gets linked to the victim's account. The scammer can then take control of the victim's PayPal account—a neat trick. It's so neat, in fact, that it would sneak past even PayPal's own phishing check instructions."
This phishing attack is notable because it abused legitimate services at every step, increasing the likelihood that the messages would bypass security filters and fool untrained users.
Windsor concludes, "The beauty of this attack is that it doesn't use traditional phishing methods. The email, the URLs, and everything else are perfectly valid. Instead, the best solution is the Human Firewall—someone who has been trained to be aware and cautious of any unsolicited email, regardless of how genuine it may look.
"This, of course, highlights the need to ensure your workforce is receiving the training they need to spot threats like this to keep themselves—and your organization—safe."
Fortinet has the story:
https://www.fortinet.com/blog/threat-research/phish-free-paypal-phishing
What KnowBe4 Customers Say
"Hello Ryan and Stu, I hope that you are well. Sonya A. is an absolute Rockstar in her knowledge and understanding of the KnowBe4 interface. Starting with my first meeting with her, she demonstrated a deep understanding of the product and a genuine eagerness to help us. She demonstrated features of KnowBe4 that I hadn't even discovered yet.
She set it all up and now my users are much more engaged and the failure rates for all of my users have decreased dramatically. I even received complements on the training mandated. You have a real gem in Sonya and a massive advocate for your product who displays deep understanding of your product and a genuine desire to help others. Thank you for your time and attention."
- K.M., IT Manager
"So far so great! Loving the data we get from KB4 now that it has been in use for several months. Shout out to Jacob D. for the huge amount of help he was in getting us set up. 10/10 would recommend. Thanks."
- B.K., Endpoint Administrator
- State-sponsored APTs are increasingly using ransomware:
https://www.welivesecurity.com/en/business-security/state-aligned-apt-groups-increasingly-deploying-ransomware/ - AI-supported spear phishing fools more than 50% of targets:
https://www.malwarebytes.com/blog/news/2025/01/ai-supported-spear-phishing-fools-more-than-50-of-targets - A Day in the Life of a Prolific Voice-Phishing Crew:
https://krebsonsecurity.com/2025/01/a-day-in-the-life-of-a-prolific-voice-phishing-crew/ - Recruitment Phishing Scam Imitates CrowdStrike Hiring Process:
https://www.crowdstrike.com/en-us/blog/recruitment-phishing-scam-imitates-crowdstrike-hiring-process/ - WSJ: "How Chinese Hackers Graduated From Clumsy Corporate Thieves to Military Weapons":
https://www.wsj.com/tech/cybersecurity/typhoon-china-hackers-military-weapons-97d4ef95? - U.S. Treasury Dept. Sanctions Publicly Traded Chinese Cyber Firm Linked to Botnet Attack:
https://www.bloomberg.com/news/articles/2025-01-03/us-sanctions-chinese-cybersecutity-firm-linked-to-botnet-attack - KnowBe4 mentioned in InformationWeek: "The Biggest Cybersecurity Issues Heading into 2025:"
https://www.informationweek.com/cyber-resilience/the-biggest-cybersecurity-issues-heading-into-2025 - CES 2025: AI Advancing at 'Incredible Pace,' NVIDIA CEO Says:
https://blogs.nvidia.com/blog/ces-2025-jensen-huang/ - Japan pins more than 200 cyberattacks on China:
https://apnews.com/article/japan-police-cyberattack-china-government-68adcb293b2931da4c30ca0279720124 - U.S. Treasury hack linked to Silk Typhoon Chinese state hackers:
https://www.bleepingcomputer.com/news/security/us-treasury-hack-linked-to-silk-typhoon-chinese-state-hackers/
- Virtual Vaca #1: The Hoover Dam in Nevada - Arizona, USA. See how the water has dropped:
https://youtu.be/C3e737VHTxU - Virtual Vaca #2: A Two-girl Adventure in Virgin Islands National Park:
https://youtu.be/_B7FqEB2OCo - Virtual Vaca #3 - Need some space? HIDDEN WORLD. Dolby Vision HDR 4K Video ULTRA HD (60 FPS):
https://www.youtube.com/watch?v=HMh49snObuk - [SUPER FAVE] People Are Awesome - Best of the Decade!:
https://www.flixxy.com/10-years-of-epic-awesomeness-the-ultimate-people-are-awesome-compilation.htm?utm_source=4 - World's Most Talented Kids:
https://youtu.be/803wWO6eSbg - LA Auto Show 2024: Must-See Futuristic Cars and Custom Rides:
https://www.youtube.com/watch?v=mjWpRA64V1U - Overbudget: Britain's $57BN Nuclear Nightmare:
https://youtu.be/ycNqII5HYMI - Sketchy Wingsuit Flight From A Low Rusty Elevator:
https://youtu.be/xXq6SzijVpM - Prepare to be amazed by the incredible illusions of Jiang Hao, Taiwan's master magician!:
https://www.flixxy.com/jaw-dropping-illusions-by-jiang-hao-master-of-magic-from-taiwan.htm?utm_source=4 - The LockPickingLawyer hacks with Lishi tool vs. Normal Picking of Yale Assure:
https://youtu.be/5V4nrW5ASKs - For Da Kids #1 - Huge German Shepherds Think Tiny Baby Is Their Puppy:
https://youtu.be/WEoM7vttAgY - For Da Kids #2 - Tiny Horse Makes Big Change & Becomes Dancing Pony:
https://youtu.be/HfsU22rCVDs - For Da Kids #3 - Abandoned Puppy Jumps Into Rescuers Arms:
https://www.youtube.com/watch?v=Qwvq8wknIbo - For Da Kids #4 - Guy Detangles A Fox From Clothesline:
https://youtu.be/lR7fuIjLImE - For Da Kids #5 - Monkey Cracks Nut - what could go wrong?:
https://youtu.be/yGA5JQNJceM
