CyberheistNews Vol 15 #08 | February 25th, 2025
Protect Your Data: Russian Spear-Phishing Targets Microsoft 365 Accounts
Several Russian threat actors, including the SVR's Cozy Bear, are launching highly targeted spear phishing attacks against Microsoft 365 accounts, according to researchers at Volexity.
The attackers are impersonating employees at the US State Department, the Ukrainian Ministry of Defense, the European Union Parliament, and well-known research institutions.
The attacks use a technique called "Device Code Authentication," which attempts to trick users into entering a code that grants access to their accounts. This login method is provided by Microsoft to facilitate sign-ins from input constrained devices, like smart TVs or printers.
"However, in this case, it means if an attacker can convince a user to enter a specific code into this dialogue (and log in), they are granted long-term access to the user's account," Volexity explains.
The researchers note, "This method has been more effective at successfully compromising accounts than most other targeted spear-phishing campaigns."
The attackers began by instigating conversations with the targets via email or messaging apps. After gaining the victim's trust, they sent links that purportedly led to a Microsoft Teams meeting or a chatroom. These links took the victims to a Microsoft Device Code authentication page that asked them to enter a code.
In one case, the threat actor contacted a target via Signal, then asked them if they could move the conversation to a different chat application.
"The message was a ploy to fool the user into thinking they were being invited into a secure chat, when in reality they were giving the attacker access to their account," the researchers write. "The generated Device Codes are only valid for 15 minutes once they are created.
"As a result, the real-time communication with the victim, and having them expect the 'invitation,' served to ensure the phish would succeed through timely coordination."
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Blog post with links:
https://blog.knowbe4.com/protect-your-data-russian-spear-phishing-targets-microsoft-365-accounts
Ridiculously Easy AI-Powered Security Awareness Training and Phishing
Phishing and social engineering are the #1 cyber threat to your organization. 68% of all data breaches are caused by human error.
Join us for a live demonstration of KnowBe4 in action. See how we safeguard your organization from sophisticated social engineering threats using the most comprehensive human risk management platform.
Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.
- NEW! Artificial Intelligence Defense Agents allows you to personalize security training, reduce admin burden, and elevate your human risk management strategy
- NEW! SmartRisk Agent provides actionable data and metrics to help you lower your organization's human risk score
- NEW! Individual Leaderboards are a fun way to help increase training engagement by encouraging friendly competition among your users
- Smart Groups allows you to use employees' behavior and user attributes to tailor and automate phishing campaigns, training assignments, remedial learning and reporting
- Full Random Phishing automatically chooses different templates for each user, preventing users from telling each other about an incoming phishing test
Find out how nearly 70,000 organizations have mobilized their end users as their human firewall.
Date/Time: Wednesday, March 5 @ 2:00 PM (ET)
Save My Spot!
https://info.knowbe4.com/en-us/kmsat-demo-3?partnerref=CHN
Scanning for Trouble: Behind the Scenes of Our QR Code Phishing Demo
At KnowBe4, we constantly strive to stay ahead of emerging threats and create training content to warn users about the latest tactics used by cybercriminals.
One of the ways we do this is through our internally produced demo video productions, which used to star the incredible Kevin Mitnick and his legendary hacking demos. In these modules we showcase real-world attack scenarios and provide actionable insights on how to defend against them.
Last year my colleague Dr. Martin Krämer and I had the opportunity to present such a demo on QR code phishing and other image-based phishing techniques. While we're used to discussing cybersecurity threats, being in front of the camera was a whole new challenge. And we did this in both English and German.
[CONTINUED] Blog post with links:
https://blog.knowbe4.com/scanning-for-trouble-behind-the-scenes-of-our-qr-code-phishing-demo
KnowBe4 Named a Leader In Frost Radar: Human Risk Management, 2024
Download your complimentary copy of the Frost Radar: Human Risk Management, 2024 report, where KnowBe4 has been recognized as a leader in human risk management (HRM). The report identifies the industry's most innovative and impactful participants and provides insight into HRM best practices.
KnowBe4 was recognized by Frost & Sullivan for our:
- AI-powered adaptive phishing simulations
- Behavioral security coaching with SecurityCoach
- Comprehensive human risk scoring
- PhishER Plus for threat identification and remediation
- Security awareness training content
Discover more about how KnowBe4's HRM+ platform delivers all of these capabilities, and more, by reading the report.
Download Now:
https://info.knowbe4.com/industry-benchmark-reports/frost-and-sullivan-human-risk-management-chn
Spear Phishing is the Top Cyber Threat to the Manufacturing Sector
Spear phishing was the top cybersecurity threat to the manufacturing sector over the past six months, according to a report from ReliaQuest. These attacks accounted for 41% of true-positive alerts in the sector.
"Spear phishing remains a favored tactic for attackers targeting manufacturing companies—and it's easy to see why," ReliaQuest says. "It preys on the everyday flow of business; attackers send spear phishing emails that look routine—like a supplier requesting payment—and wait for a misstep. And when that happens, the consequences are stark."
These attacks are fueled by the growing availability of phishing kits, which enable attackers to launch sophisticated attacks with very little effort.
"Spear phishing attacks on manufacturing are set to double in 2025, driven by the increasing use of phishing kits and nation-state interest in industries like defense and aerospace," the researchers write. "Discussions about phishing kits on cybercriminal forums surged by 136% in 2024, allowing attackers of all skill levels to exploit manufacturing's reliance on email for supply-chain and financial transactions."
The manufacturing sector was also a top target for ransomware, with 370 victims in the fourth quarter of 2024.
"Why is manufacturing such a prime target?" ReliaQuest writes. "Downtime is devastating—but that's also true for sectors like health care. What sets manufacturing apart is its operational scale. One production line being compromised can disrupt entire supply chains and cause huge financial losses.
"And as organizations increasingly adopt Industrial Internet of Things (IIoT) devices to improve OT visibility, the risks grow exponentially. Many IIoT devices are tied to legacy OT systems that can't be updated, creating vulnerabilities that are magnets for attackers.
"The combination of large-scale operations, legacy vulnerabilities, and open supply chains makes manufacturing a goldmine for attackers—and the statistics show they're cashing in."
Blog post with links:
https://blog.knowbe4.com/spear-phishing-is-the-top-threat-to-the-manufacturing-sector
Does Your Domain Have an Evil Twin?
Since look-alike domains are a dangerous vector for phishing and other social engineering attacks, it's a top priority that you monitor for potentially harmful domains that can spoof your domain.
Our Domain Doppelgänger tool makes it easy to identify potential 'evil domain twins' by combining search, discovery, reporting, and risk indicators so you can take action immediately.
Better yet, with these results, you can now generate a real-world online assessment test to see what your users are able to recognize as "safe" domains for your organization.
With Domain Doppelgänger, you can:
- Search for existing and potential look-alike domains
- Get a summary report that identifies the highest to lowest risk attack potentials
- Generate a real-world "domain safety" quiz based on the results for your end users
Domain Doppelgänger helps you find the threat before it is used against you.
Find out now!
https://info.knowbe4.com/domain-doppelganger-chn
Three Things You Should Know...
-
KnowBe4 was Honored as the #2 Best Software Product and #1 Security Product on G2!
Best Software Products 2025 - We are #2 only behind Salesforce Sales Cloud:
https://www.g2.com/best-software-companies/top-productsBest Security Software Products 2025 - #1!
https://www.g2.com/best-software-companies/top-security - Perry Carpenter started a new YouTube Channel: @theFAIKfiles
He added over 800 new subs in the past week. Total sub is just over 3,100. Not too shabby for a 4-week old channel. It's got super interesting DeepFake videos.
Subscribe here:
https://www.youtube.com/@theFAIKfiles - [VIDEO] Whoa! Check out this robot.
In this demo, the Ultra Mobile Vehicle (UMV) drives, turns, jumps, tricks, and comes to a sudden stop called a track-stand. All of the driving, landings, balance, and track-stands are done using reinforcement learning. DANG.
https://www.youtube.com/watch?v=ATWR25xGF74
Let's stay safe out there.
Warm regards,
Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.
PS: Yours Truly in Inc Mag: If Banning Explicit Deepfakes Isn't the Answer, What Is?
https://www.inc.com/stu-sjouwerman/if-banning-explicit-deepfakes-isnt-the-answer-what-is/91150114
PPS: [CLICKBAIT ALERT] Playboy Model Ariane Bellamar Dead at 46:
https://www.tmz.com/2025/02/18/playboy-model-ariane-bellamar-dead-heart-attack/?
- R. Buckminster Fuller - Architect (1895 - 1983)
- Ralph Waldo Emerson - Philosopher & Writer (1803 – 1882)
You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-15-08-protect-your-data-russian-spear-phishing=targets-microsoft-365-accounts
Harnessing Agentic AI To Supercharge Security Awareness Training
By Erich Kron, Security Awareness Advocate, KnowBe4
Security awareness training has been steadily gaining traction and momentum as organizations have come to understand that cyberattacks mostly stem from their own employees (e.g., clicking on phishing links, downloading malicious files, failing to use strong passwords).
Despite a lot of in-house training, almost half (46%) of employees still continue to struggle with phishing emails.
Common Mistakes That Dampen Security Training
Conventional cyber awareness programs may fall short in certain areas.
One-size-fits-all: Most training programs are generic, offering the same content to all individuals regardless of their role, skill level, or prior knowledge. This lack of personalization can lead to disengagement and ineffective learning.
Outdated content: Training programs may fail to keep pace with the evolving threat landscape – content isn't regularly updated to reflect the latest threats like AI-generated phishing attacks, or coercive synthetic media such as deepfakes, leaving users unprepared to defend against modern cyber risks.
Absent real-world context: Conventional training rarely simulates real-world scenarios, making it difficult for people to apply what they've actually learned in practice. This gap between theory and application can leave organizations vulnerable to attacks.
Lack of consistent feedback: Without timely and actionable feedback, individuals may not understand their mistakes or learn how to respond and improve. This can result in repeated errors and a false sense of security.
Limited user context: Basic metrics to assess user performance – i.e., click-through rates or completion percentages – can lack depth when not analyzed in the context of an employee's background, learning history, job role, cyber maturity level, or other factors.
In the absence of such granular understanding, organizations are unable to measure a program's true education efficacy or tailor it to address specific worker behaviors or risks.
What Is Agentic AI And How Can It Enhance Cyber Training Programs?
[CONTINUED] at Cybersecurity-insiders, they have the story:
https://www.cybersecurity-insiders.com/harnessing-agentic-ai-to-supercharge-security-awareness-training/
Phishing Attacks Increased by Nearly 200% in H2 2024
Phishing and malicious emails remained the primary vectors of infection during the second half of 2024, according to a new report from Acronis.
"The number of email-based attacks detected in the second half of 2024 increased 197% compared to the second half of 2023, while the number of attacks per organization within the same time frame increased by 21%," the report says.
"Almost 50% of users were attacked at least once, 29% of users experienced at least one phishing attack via URL, and 14% of users experienced at least one malware detection."
The researchers also observed an increase in ransomware attacks, which often begin with a phishing attack.
"Ransomware attacks saw a noticeable increase in sophistication, often combining social engineering with technical exploits to infiltrate org," the researchers write. "When compared to breaches from 2023, a clear shift in attack vectors is evident, with ransomware groups increasingly targeting third-party service providers and cloud-based systems."
The report adds that organized ransomware gangs are increasingly targeting managed service providers (MSPs) to maximize disruption.
"In 2024, ransomware increasingly targeted critical industries, including transportation, healthcare, and manufacturing, with attackers using personalized tactics and AI-driven strategies to exploit vulnerabilities and demand higher ransoms," Acronis says.
"This trend reflects a shift towards more sophisticated, large-scale attacks aimed at maximizing disruption and financial gain, highlighting the critical role MSPs play in protecting organizations with advanced security measures and incident response strategies."
The researchers note that employee awareness is an important layer of defense against social engineering attacks.
"Human error is often the weakest link in security," the report says. "Regularly train employees on recognizing phishing attempts, creating strong passwords, and following company policies on data protection to reduce the risk of breaches caused by negligence or lack of awareness."
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Blog post with links:
https://blog.knowbe4.com/phishing-attacks-increased-by-nearly-200-in-h2-2024
What KnowBe4 Customers Say
"Hi Stu, we are very pleased with your software and have been making the most of it within the parameters set by our district leadership. Additionally, Steve D., our Customer Success Manager, has been fantastic and truly excels in supporting us."
- K.M., MIS Manager
"Hi Stu, I'm loving the platform enough to tell you about it on a Sunday afternoon! Switching from our old security awareness platform to KnowBe4 has proven to be a very good decision."
- C.C., Chief Information Security Officer
- CISA and FBI issue advisory on the Ghost ransomware:
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-050a - [VIDEO] Microsoft Explains Majorana 1: The Path to a Million Qubits:
https://youtu.be/wSHmygPQukQ - How Phished Data Turns into Apple & Google Wallets:
https://krebsonsecurity.com/2025/02/how-phished-data-turns-into-apple-google-wallets/ - VC Insight Partners Compromised Via Social Engineering Attack:
https://www.databreachtoday.com/insight-partners-compromised-via-social-engineering-attack-a-27562 - Experts race to extract intel from Black Basta internal chat leaks:
https://www.theregister.com/2025/02/21/experts_race_to_extract_intel/ - The cyber insurance reckoning: Why AI-powered attacks are breaking coverage (and what comes next):
https://venturebeat.com/security/the-cyber-insurance-reckoning-why-ai-powered-attacks-are-breaking-coverage-and-what-comes-next/ - Salt Typhoon hackers exploited stolen credentials and a 7-year-old software flaw in Cisco systems:
https://www.nextgov.com/cybersecurity/2025/02/salt-typhoon-hackers-exploited-stolen-credentials-and-7-year-old-software-flaw-cisco-systems/403146/ - Russia's Cozy Bear targets Microsoft 365 accounts:
https://www.volexity.com/blog/2025/02/13/multiple-russian-threat-actors-targeting-microsoft-device-code-authentication/ - Russian threat actors launch QR code phishing attacks against Signal accounts:
https://www.bleepingcomputer.com/news/security/russian-phishing-campaigns-exploit-signals-device-linking-feature/ - Chinese espionage actor may be moonlighting as ransomware attacker:
https://www.security.com/threat-intelligence/chinese-espionage-ransomware
- Virtual Vaca #1 to Edge of the World, Riyadh, Saudi Arabia:
https://youtu.be/RyJHOTdJa6o - Virtual Vaca #2 to Nepal - The Himalaya is smaller than you think:
https://youtu.be/KWHAsHE_WWE?si=soJB6_TIktRk_P6X - Top 10 Places To Visit in Patagonia - Travel Guide:
https://youtu.be/5FVhJa-xwIQ - Long POV Wingsuit Flight from Tablemountain to Camps Bay Beach South Africa 2025:
https://youtu.be/qKgJH9jNcUc - Marula's SHOCKING Balance Act Stuns Everyone! | Italia's Got Talent
https://youtu.be/Jk2Y282L__U - The Fastest Fooler in History:
https://youtu.be/pay48nKSmBI - LockPickingLawyer said "Squire 39CS: Strong, but…"
https://youtu.be/aqAayxvlS3I - LockPickingLawyer #2 HUGE Flaw in OKG Sliding Bolt Paslock:
https://youtu.be/pSGm7ChcWrI - Inside Europe's $1BN Abandoned Mega-Build:
https://youtu.be/sYFbyZBvnlU - We're introducing Helix, a generalist Vision-Language-Action (VLA) model that unifies perception, language understanding, and learned control to overcome multiple longstanding challenges in robotics:
https://youtu.be/Z3yQHYNXPws - Watch as skydiver Max Manow makes history by flying his wingsuit in close proximity to a nosediving plane, hooking onto a handlebar to be towed out of Arizona's Hell Hole Bend Canyon:
https://www.flixxy.com/wingsuit-daredevil-hooks-onto-plane-mid-air-for-epic-canyon-tow.htm - Straight Into A Crack | Wingsuit Flight in the South African Wilderness:
https://youtu.be/o-kivXy2Gd0 - For Da Kids #1 - Belgian Malinois Dog Has The Most Incredible Skateboarding Skills:
https://youtu.be/gRbR5MusuP4 - For Da Kids #2 - This Big Friendly "Cow" Escaped The Shelter To Experience All The Luxuries Of A Home:
https://youtu.be/US4fe7sgVRQ - For Da Kids #3 - "Black Sea Monster" Spotted By A Human For The First Time Ever:
https://youtu.be/VBHcDUjbS6Y - For Da Kids #4 - Excited Pig Gives Rocks To Her Favorite Humans:
https://youtu.be/xxq-1pthg0I - For Da Kids #5 - Dream Rescue: Adorable Leopard Cubs Reunite With Their Mama In The Wild:
https://youtu.be/_MrpTLfGNXI
