CyberheistNews Vol 15 #13 | April 1st, 2025
Why Password Security Matters: The Danish and Swedish Password Problem
By Martin Kraemer
Organizations and individuals alike face a constant barrage of cyber threats, and often, the weakest link in our defenses is something as simple as a password.
Recently, KnowBe4 has shed light on a concerning trend in Denmark and Sweden: a significant number of employees aren't using strong passwords. Given that people are the primary target for cybercriminals, weak passwords expose both employees and their organizations to serious cyber threats.
Employee Password Habits: A Closer Look
Our research conducted in Denmark and Sweden paints a worrying picture of employee password habits. In Denmark, nearly 20% of employees admit to using short passwords because they're easier to remember. Alarmingly, 8% use the same password for all their accounts.
In Sweden, while slightly better, 13% use short passwords, and almost 6% reuse them. Even more concerning is the lack of understanding about multi-factor authentication (MFA). Over a third of Danish employees and 11% of Swedish employees don't know what MFA is.
Driving Password Security Practices
A vital part of building a strong security culture is ensuring employees consistently create strong passwords and understand their critical role in cybersecurity. Short or simple passwords are easy for cybercriminals to crack, which can lead to unauthorized access to personal and work accounts.
This can result in data breaches, identity theft and financial losses for individuals. For organizations, compromised employee accounts can be gateways for larger attacks, potentially leading to data theft, ransomware and reputational damage.
Making Security Simple and Sustainable
So, what can be done? It starts with the basics:
1) Encourage Password Managers: These tools generate and securely store complex passwords. While 40% of Danes and nearly 49% of Swedes have access to password managers, only a tiny fraction actively use them. Making their use mandatory and providing training can significantly improve security. Low adoption leads to password reuse, which amplifies the impact of a single compromised password.
2) Implement Multi-Factor Authentication (MFA): MFA adds an extra layer of security to the login process, acting as a second lock on your digital door. Despite its effectiveness, only 41% of Danes and 49% of Swedes use MFA. This lack of usage leaves accounts highly vulnerable, even if passwords are compromised. For organizations, it means an increased risk of data breaches and fraud.
How many users in your org use weak passwords?
Blog post with links:
https://blog.knowbe4.com/why-password-security-matters-the-danish-and-swedish-password-problem
Ridiculously Easy AI-Powered Security Awareness Training and Phishing
Phishing and social engineering is the #1 cyber threat to your organization. 68% of all data breaches are caused by human error.
Join us for a live demonstration of KnowBe4 in action. See how we safeguard your organization from sophisticated social engineering threats using the most comprehensive human risk management platform.
Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.
- NEW! Artificial Intelligence Defense Agents allows you to personalize security training, reduce admin burden, and elevate your human risk management strategy
- NEW! SmartRisk Agent provides actionable data and metrics to help you lower your organization's human risk score
- NEW! Individual Leaderboards are a fun way to help increase training engagement by encouraging friendly competition among your users
- Smart Groups allows you to use employees' behavior and user attributes to tailor and automate phishing campaigns, training assignments, remedial learning and reporting
- Full Random Phishing automatically chooses different templates for each user, preventing users from telling each other about an incoming phishing test
Find out how nearly 70,000 organizations have mobilized their end users as their human firewall.
Date/Time: Wednesday, April 2, @ 2:00 PM (ET)
Save My Spot:
https://info.knowbe4.com/kmsat-demo-1?partnerref=CHN2
Amount of Money Requested In BEC Attacks Nearly Doubled in Q4 2024
The average amount of money requested in business email compromise (BEC) attacks spiked to $128,980 in the fourth quarter of 2024, according to the Anti-Phishing Working Group's (APWG's) latest report.
This is nearly double the amount requested during Q3 2024. The researchers found that Gmail accounts were used to launch 81 percent of BEC scams last quarter. The report also warns of a surge in SMS phishing scams impersonating toll operators in the US, driven by a popular Chinese phishing kit.
“Residents of the United States are being bombarded with text messages from Chinese phishers, purporting to come from U.S. toll road operators, including the multi-state EZPass system," the researchers write. “The messages warn recipients that they face fines or loss of their driving license if they don't pay their tolls online.
"Researchers have found that this 'smishing' (SMS phishing) is enabled by an upgraded phishing kit sold in China, which makes it simple to send text messages and launch phishing sites that spoof toll road operators in multiple U.S. states. The phone numbers that the phishers send the messages to are usually random—they are sometimes sent to people who do not use toll roads at all, or target users in the wrong state."
The APWG members observed just under a million phishing attacks in Q4 2024, indicating a steady increase over the course of the year. The SAAS/Webmail category was the most frequently attacked sector, accounting for 23.3 percent of all phishing attacks. Social media came in second, with 22.5% of phishing attacks.
New-school security awareness training gives your organization an essential layer of defense against phishing attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Blog post with links:
https://blog.knowbe4.com/amount-of-money-requested-in-bec-attacks-nearly-doubled-in-q4-2024
Taming the Hacker Storm: Your Framework for Defeating Cybercriminals and Malware
Are you ready to turn the tables on cybercriminals and their malicious minions? Forget those so-called "next-gen" solutions that barely make a dent — it's time for a revolution in cybersecurity that will send hackers running for the hills!
Join us for this webinar as Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist and cyber-visionary, unveils a groundbreaking framework that could change the face of internet security forever. Drawing from his latest book, "Taming the Hacker Storm: A Framework for Defeating Hackers and Malware,"
Roger will take you on a thrilling journey and real-world approach to a future where cybercrime is on its last legs.
In this webinar, you'll discover:
- The shocking truth behind the internet's Achilles' heel — and how we can fortify it
- A blueprint for a new internet ecosystem that will make hackers' heads spin
- Cutting-edge technologies and protocols that could be the silver bullet you've been waiting for
- Your role in the cyber revolution and how to become a hero in the fight against digital villains
- Why arming your team with this knowledge is the ultimate power move for your security culture
Tired of playing defense? It's time to go on the offensive! Join us for this mind-bending session and earn CPE credit while learning how to turn the tide in the cyber war.
Date/Time: Wednesday, April 9 @ 2:00 PM (ET)
Save My Spot:
https://info.knowbe4.com/taming-the-hacker-storm?partnerref=CHN
Surge in Phishing Attacks Hijacking Legitimate Microsoft Communications
A KnowBe4 Threat Lab Publication
On March 3, 2025, the KnowBe4 Threat Labs team observed a massive influx of phishing attacks originating from legitimate Microsoft domains.
KnowBe4 Defend detected activity starting on February 24th, with a peak on March 3rd, when 7,000 attacks from microsoft-noreply[@]microsoft.com were recorded within a 30-minute window.
To carry out this attack, threat actors set up mail routing rules that automatically forwarded legitimate Microsoft invoices to recipients, using sophisticated techniques to include their payload whilst maintaining authentication integrity (including passing DMARC).
This spike comes amid a rise in the exploitation of trusted platforms like DocuSign, PayPal, Google Drive and Salesforce for phishing emails. Notably, by leveraging Microsoft, cybercriminals are increasing the deliverability and legitimacy of their attacks, making detection and prevention more challenging for both users and security systems.
While we observed a surge of these attacks within a 30-minute window, this was likely due to a delay in Microsoft processing the high volume of emails. However, the attack likely continued for hours on this day, affecting thousands of individuals outside our customer base.
Quick Attack Summary:
All attacks analyzed in this campaign were identified and neutralized by KnowBe4 Defend and analyzed by our Threat Labs team.
- Vector and Type: Email phishing
- Techniques: Social engineering and legitimate brand hijacking
- Targets: Global Microsoft Customers
In this attack, cybercriminals hijacked a legitimate Microsoft invoice and used mail flow rules to auto-forward it to thousands of recipients. By setting up their own Microsoft domain, the attackers ensured the emails passed authentication protocols.
They then embedded a fake organization name as their own, which appeared in the body of the email, to socially engineer the victim to call the number present in that "name." Other than this the attacks had no other payload, and all links present are legitimate.
[CONTINUED] Blog post with attack examples, links and screenshots:
https://blog.knowbe4.com/surge-in-phishing-attacks-hijacking-legitimate-microsoft-communications
[WHITEPAPER DOWNLOAD] 7 Best Practices For Implementing Human Risk Management
In cybersecurity, the biggest and most overlooked threat is human risk.
With human error accounting for 68% of data breaches, managing human risk isn't just important — it's essential.
It's why human risk management (HRM) has become a critical part of modern security strategies. Effective HRM goes beyond awareness training by taking a data-driven, behavior-focused approach to reducing human risk.
Download this whitepaper to understand:
- Why HRM demands a strategy that blends technology, psychology and continuous adaptation
- The seven best practices to effectively implement a strong HRM program that drives behavioral change and strengthens your security culture
- How to strengthen your security culture by reducing human risk
Download Now:
https://info.knowbe4.com/7-best-practices-for-implementing-human-risk-management-chn
Let's stay safe out there.
Warm Regards,
Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.
PS: eSecurity Planet has named KnowBe4 to its list of Top 20 Cybersecurity Companies You Need to Know in 2025. (Two things are incorrect though, our yearly sales and the glassdoor score are both much higher :-D)
https://www.esecurityplanet.com/cybersecurity/top-cybersecurity-companies/
- Buddha
- Victor Pinchuk - Businessman and Philanthropist (born 1960)
You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-15-13-why-password-security-matters-the-danish-and-swedish-password-problem
Be Vigilant: Even Security Pros Can Fall for Phishing Attacks
Troy Hunt, a security expert who runs the “Have I Been Pwned" breach monitoring website, disclosed that a phishing email tricked him into handing over his MailChimp credentials.
The email appeared to be a MailChimp notification informing him that his account had been flagged for spam. The message contained a link to review his account, which led to a phishing page.
Hunt notes that he had two-factor authentication (2FA) enabled on his account, but the attackers were able to bypass this measure. While 2FA is a critical layer of defense, users should be aware that attackers can still use social engineering to get around it.
“I went to the link which is on mailchimp-sso[.]com and entered my credentials which - crucially - did not auto-complete from 1Password," Hunt explains. “I then entered the OTP and the page hung. Moments later, the penny dropped, and I logged onto the official website, which Mailchimp confirmed via a notification email which showed my London IP address...
"I immediately changed my password, but not before I got an alert about my mailing list being exported from an IP address in New York. And, moments after that, the login alert from the same IP. This was obviously highly automated and designed to immediately export the list before the victim could take preventative measures."
Hunt explains that he was jetlagged at the time, which contributed to the lapse in judgment. “Firstly, I've received a gazillion similar phishes before that I've identified early, so what was different about this one?" Hunt says.
“Tiredness, was a major factor. I wasn't alert enough, and I didn't properly think through what I was doing. The attacker had no way of knowing that (I don't have any reason to suspect this was targeted specifically at me), but we all have moments of weakness and if the phish times just perfectly with that, well, here we are."
Hunt adds that the phishing email was well-written and believable, with proper grammar and MailChimp branding. “Secondly, reading it again now, that's a very well-crafted phish," Hunt writes. “It socially engineered me into believing I wouldn't be able to send out my newsletter so it triggered "fear", but it wasn't all bells and whistles about something terrible happening if I didn't take immediate action. It created just the right amount of urgency without being over the top."
Troy Hunt has the story:
https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/
[Train Those Users] Phishing-as-a-Service Attacks are on the Rise
Phishing-as-a-service (PhaaS) platforms drove a surge in phishing attacks in the first two months of 2025, according to researchers at Barracuda. PhaaS platforms, which provide criminals with a ready-made kit for launching advanced phishing attacks, were responsible for more than a million attacks in January and February.
Three PhaaS platforms accounted for nearly all of these attacks, with the Tycoon 2FA kit dominating the market. “Tycoon 2FA was the most prominent and sophisticated PhaaS platform active in early 2025," Barracuda says. “It accounted for 89% of the PhaaS incidents seen in January 2025.
"Next came EvilProxy, with a share of 8%, followed by a new contender, Sneaky 2FA with a 3% share of attacks." Sneaky 2FA is a new phishing platform that emerged earlier this year. The tool targets Microsoft 365 accounts and can bypass multifactor authentication.
Barracuda explains, “Targets receive an email that contains a link. If they click on the link, it redirects them to a spoofed, malicious Microsoft login page. The attackers check to make sure the user is a legitimate target and not a security tool before pre-filling the fake phishing page with the victim's email address by abusing Microsoft 365's 'autograb' functionality.
"The attack toolkit is sold as-a-service by the cybercrime outfit, Sneaky Log. It is known as Sneaky 2FA because it can bypass two factor authentication. Sneaky 2FA leverages the messaging service Telegram and operates as a bot."
Barracuda notes that employee training can provide an important layer of defense against phishing attacks. “Security awareness training for employees that helps them to understand the signs and behaviors of the latest threats is also important," the researchers write.
“Encourage employees to report suspicious-looking Microsoft/Google login pages. If you find them, undertake an in-depth log analysis and check for MFA anomalies."
KnowBe4 empowers your workforce to make smarter security decisions every day.
Barracuda has the story:
https://blog.barracuda.com/2025/03/19/threat-spotlight-phishing-as-a-service-fast-evolving-threat
What KnowBe4 Customers Say
"Hi Stu, I'm happy to share that we're very pleased with the training and phishing service. It has proven to be a valuable tool for raising awareness and strengthening our team's security posture. The results have been positive, and the team appreciates the practical and engaging approach of the service.
"We're excited to continue working with you and look forward to seeing how the service evolves in the future. Please don't hesitate to reach out if there's anything new or additional you think could benefit us further."
- P.T., Director Information Technology
- Data Poisoning for Sale!! The New Era of "AI SEO" is Gonna Suck. #FaikFiles Podcast:
https://youtu.be/wm1yAfTjKzY - DeepSeek-V3 now runs at 20 tokens per second on Mac Studio, and that's a nightmare for OpenAI:
https://venturebeat.com/ai/deepseek-v3-now-runs-at-20-tokens-per-second-on-mac-studio-and-thats-a-nightmare-for-openai/ - Cyberattack takes down Ukrainian state railway's online services:
https://www.bleepingcomputer.com/news/security/cyberattack-takes-down-ukrainian-state-railways-online-services/ - KELA Cyber Finds 200% Surge in Cybercriminals Seeking AI to Launch Attacks:
https://info.ke-la.com/hubfs/Reports/KELA%20Report%20-%202025%20AI%20Threat%20Report.pdf - Ransomware attacks surge despite payments being down:
https://www.ontinue.com/resource/2h-2024-threat-intelligence-report/ - 'Lucid' Phishing-as-a-Service Exploits Faults in iMessage, Android RCS:
https://www.darkreading.com/threat-intelligence/lucid-phishing-exploits-imessage-android-rcs - Crypto Heist Suspect “Wiz" Arrested After $243 Million Theft:
https://hackread.com/crypto-heist-suspect-wiz-arrested-243-million-theft/ - Exclusive: Secretive Chinese network tries to lure fired federal workers, research shows:
https://www.reuters.com/world/china/secretive-chinese-network-tries-lure-fired-federal-workers-research-shows-2025-03-25/ - [Krebs on Security] When Getting Phished Puts You in Mortal Danger:
https://krebsonsecurity.com/2025/03/when-getting-phished-puts-you-in-mortal-danger/ - Interpol operation nabs over 300 suspected cybercriminals:
https://www.interpol.int/en/News-and-Events/News/2025/More-than-300-arrests-as-African-countries-clamp-down-on-cyber-threats
- Virtual Vaca #1 to Belogradchik Rocks: Bulgaria's Natural Wonder [Amazing Places 4K]:
https://youtu.be/r_lZSQHvwYM/li> - Virtual Vaca #2 to Washington DC - USA by drone [4K]:
https://youtu.be/qdGin1IPgh0 - Virtual Vaca #3 to Hawaii in 4K - Hidden Gems & Incredible Scenes:
https://youtu.be/9mGbLh13vEA - No Room for Error, a Wingsuit Flight to Porto Da Cruz:
https://youtu.be/7nDBoLi_JPA - Great video on incremental improvements. Only 3:27 min. Worth it!:
https://www.youtube.com/watch?v=DWSuHPQId4c - Looking for the ultimate thrill in 360°? These GoPro MAX highlights capture some of the most jaw-dropping moments ever filmed:
https://www.flixxy.com/top-10-epic-gopro-max-moments-best-of-360-adventures.htm?utm_source=4 - Most Unbelievable Places 4K HDR 60fps - 4K Video ULTRA HD - Dolby Vision:
https://youtu.be/W-j4JiUXemI - Unboxing A $9000 Chinese 'Rolls Royce Cullinan':
https://youtu.be/TW-joGuPDQY - The best ping pong shots of 2023, level 9999:
https://youtu.be/fR6AWymfGXM - Peter Samelson on Fool Us 2025 - The Smoke:
https://youtu.be/yCsjzi4bAnQ - Guinness World Records: 1) Hercules Pillars Hold / And then...Nail Beds!:
https://youtu.be/nC8N8wMj1K4 - For Da Kids #1 - Beluga Whale steals kayakers' camera only to return it unscathed:
https://youtu.be/7cp3TJDh4vA - For Da Kids #2 - He Thought Was Rescuing A 'Very Aggressive Dog'...But Then They Met:
https://youtu.be/UI4TMYwufRw - For Da Kids #3 - Tiny Kitten Copies Everything German Shepherd Does:
https://youtu.be/KVfQa9wZZEQ - For Da Kids #4 - Tiny Duckling Rescued After Falling Into Sewer Drain:
https://youtu.be/hCVuwmKLS5s - For Da Kids #5 - Orphaned lamb walks right up and says 'Hey, let's be friends':
https://youtu.be/NaT_PpPy9ik
