Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    CyberheistNews Vol 15 #20 How to Protect Your Business from Scattered Spider's Latest Attack Methods

    Cyberheist News
    CyberheistNews Vol 15 #20  |   May 20th, 2025

    How to Protect Your Business from Scattered Spider's Latest Attack MethodsStu Sjouwerman SACP

    Mandiant warns that the Scattered Spider cybercriminal group is using "brazen" social engineering attacks to target large enterprise organizations in a wide range of sectors.

    Specifically, the group targets "organizations with large help desk and outsourced IT functions that are susceptible to their social engineering tactics."

    The threat actors impersonate employees and attempt to trick IT workers into granting them access. The group also poses as IT workers to target employees.

    Mandiant says organizations should train their employees to be on the lookout for the following social engineering tactics:

    • SMS phishing messages that claim to be from IT requesting users to download and install software on their machine. These may include claims that the user's machine is out of compliance or is failing to report to internal management systems
    • SMS messages or emails with links to sites that reference domain names that appear legitimate and reference SSO (single sign-on) and a variation of the company name. Messages may include text informing the user that they need to reset their password and/or MFA
    • Phone calls to users from IT with requests to reset a password and/or MFA — or requesting that the user provide a validated one-time passcode (OTP) from their device.
    • SMS messages or emails with requests to be granted access to a particular system, particularly if the organization already has an established method for provisioning access
    • MFA fatigue attacks, where attackers may repeatedly send MFA push notifications to a victim's device until the user unintentionally or out of frustration accepts one. Organizations should train users to reject unexpected MFA prompts and report such activity immediately

    Additionally, users should be wary of suspicious communications via collaboration tools.

    "UNC3944 has used platforms like Microsoft Teams to pose as internal IT support or service desk personnel," the researchers write. "Organizations should train users to verify unusual chat messages and avoid sharing credentials or MFA codes over internal collaboration tools like Microsoft Teams. Limiting external domains and monitoring for impersonation attempts (e.g., usernames containing ‘helpdesk' or ‘support') is advised."

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Blog post with links at:
    https://blog.knowbe4.com/how-to-protect-your-business-from-scattered-spiders-latest-attack-methods

    Phishing Attacks Are Evolving—Is Your Organization Keeping Up?

    Cybercriminals are getting smarter, and your users are still their #1 target. Without training, they're your weakest link. With it, they become your strongest defense.

    KnowBe4's 2025 Phishing By Industry Benchmark Report analyzed 14.5 million users, 62,400 organizations, and 67.7 million simulated phishing tests to reveal critical industry benchmarks on phishing and social engineering risks.

    Get the report to uncover:

    • Phishing benchmark data for 19 industries and 7 regions
    • Biggest cybersecurity threats impacting different industries
    • Who's most at risk—and how to fix it
    • Proven strategies to strengthen your human firewall

    Organizations using security awareness training see a dramatic drop in phishing risk within 90 days. How does your company compare?

    Download the phishing report now!
    https://info.knowbe4.com/2025-phishing-by-industry-benchmarking-report-chn

    The Clock Is Ticking: Why Phishing Remains the Fastest-Moving Cyber Threat in 2025

    Cybersecurity professionals face an increasingly aggressive phishing threat landscape, and the 2025 KnowBe4 Phishing By Industry Benchmarking Report makes one thing crystal clear: transforming your largest attack surface - your workforce - into your biggest security asset is critical.

    49 Seconds to Disaster

    According to the Verizon Data Breach Investigations Report (DBIR), the median time it takes someone to click a malicious link is a staggering 21 seconds. And if that phishing email requires the employee to enter data — like credentials — the whole process takes just 49 seconds.

    That means security teams have less than a minute to prevent a potentially catastrophic error once a phishing email is opened.

    This urgency is compounded by the rise in phishing volume and sophistication. KnowBe4's Phishing Threat Trends Report found a 17.3% increase in phishing email volume, while the number of attacks bypassing secure email gateways (SEGs) and native security rose by 47%. Traditional defenses are struggling, and attackers are getting better at slipping through the cracks.

    AI Is Changing the Game

    Unsurprisingly, artificial intelligence (AI) is driving this shift. In fact, 82.6% of phishing emails analyzed by KnowBe4's Threat Research team used some form of AI. These emails are more convincing, harder to detect, and faster to produce. With the ability to adapt tone, impersonate individuals, and evade pattern-based detection, AI-generated phishing emails are pushing some existing email defenses toward obsolescence.

    Beyond AI, other factors contributing to phishing risk include the growing threat of Business Email Compromise (BEC), especially within supply chains, and the uneven nature of digital transformation that leaves organizations exposed. But the most consistent factor remains unchanged: human behavior.

    One in Three Click — Before Training

    KnowBe4's analysis of Phish-prone Percentage (PPP) — the percentage of users likely to fall for a phishing email — shows a concerning trend. Across all organizations, the average PPP before any training is a whopping 33.1%. That's one in three employees clicking on potentially dangerous links.

    CONTINUED at the KnowBe4 blog:
    https://blog.knowbe4.com/the-clock-is-ticking-why-phishing-remains-the-fastest-moving-cyber-threat-in-2025

    [Live Demo] Supercharge Your Anti-Phishing Defense with AI

    Cybercriminals are weaponizing AI, driving a 1,265% surge in phishing attacks since 2022. This isn't just about attack volume — these threats are smarter, more personalized and increasingly evade traditional secure email gateways.

    With 92% of polymorphic attacks now utilizing AI, you need a new approach to outsmart these threats!

    KnowBe4's PhishER Plus is your single-pane-of-glass incident response product that identifies and acts upon threats to keep your users safe where the most dangers lie: their inboxes.

    Combining AI analysis with human intelligence from a community of 13+ million users worldwide, PhishER Plus revolutionizes your email security posture. Easily search, find and remove email threats with PhishRIP, while transforming real threats into training opportunities with PhishFlip.

    In this live 30-minute demo of PhishER Plus, the #1 Leader in the G2 Grid Report for SOAR Software, discover how you can:

    • Automate email investigation and quickly remove phishing threats, saving your team 85% - 99% of time spent on manual review
    • Systematically remove threats from all user inboxes with PhishRIP technology
    • Transform every employee into an active threat sensor with seamless, one-click reporting with the Phish Alert Button (PAB)
    • Convert malicious emails into training opportunities with PhishFlip, identifying who would have fallen victim
    • Gain complete visibility into your email security posture with clear ROI metrics

    Join us to see how organizations are transforming their security posture with PhishER Plus, turning potential vulnerabilities into proactive defense.

    Date/Time: TOMORROW, Wednesday, May 21st @ 2:00 PM (ET)

    Save My Spot:
    https://info.knowbe4.com/phisher-demo-2?partnerref=CHN2

    KnowBe4 Leads the Charge Against Cybersecurity Threats with Unmatched AI Capabilities

    When it comes to artificial intelligence (AI) and human risk management (HRM), not all AI is created equal.

    You need an approach to AI that demonstrably enhances your security posture, integrates seamlessly with your existing processes and operates as an extension of your team. AI should be in service of a larger goal rather than exist for its own sake.

    We're talking benefits, not just features. An established history of innovation, not capabilities that are too little, too late.

    KnowBe4 has been leading the way in AI for almost a decade, and we're not slowing down.

    The Emerging AI Threat

    Since 2022, we've witnessed a staggering 1,265% increase in phishing attacks, largely driven by cybercriminals weaponizing AI technology. The KnowBe4 2025 Phishing Threat Trends Report reveals that 92% of polymorphic attacks now utilize AI to achieve unprecedented scale and effectiveness.

    According to a report from LastPass, more than 95% of cybersecurity pros believe AI-generated content makes phishing detection more challenging. This technological advancement in the hands of bad actors has created a new breed of highly convincing social engineering attacks that one-size-fits-all security awareness training struggles to combat.

    In the cybersecurity arms race, KnowBe4's AI not only predicts and prevents threats but also turns your workforce into informed defenders of their digital domain. KnowBe4's approach to HRM preemptively empower organizations to thwart cyber threats by cultivating a deeply rooted security culture.

    Charting the AI Difference

    AI is accelerating cyber threats at an alarming rate. You need it on your side to help fight back.

    KnowBe4 has forged an entire ecosystem of advanced AI technologies seamlessly integrated into our comprehensive Human Risk Management platform, HRM+. Here's what HRM+ stands out:

    • Proven ROI and Time Efficiency: ROI between 362% and 650% delivered in the first year, with one customer cutting down report creation from 80 hours to just 40 minutes
    • Dramatic Risk Reduction: Our users report a phenomenal decrease in susceptibility to phishing attacks, from 36% to 6% in one year. That's an 83% reduction in risk
    • Financial Benefits and Insurance Savings: Demonstrable savings on cyber insurance premiums are another tangible benefit, with reductions of up to 20% upon using KnowBe4's platform

    Deep-Dive into KnowBe4's Superior AI Ecosystem

    KnowBe4's real-world impact resonates across industries as a trusted provider of an adaptive, cutting-edge cybersecurity platform that outperforms the competition in every parameter of risk management and user engagement.

    Here are the 10 important points we're talking about:

    • Proven Scalability: AI is one thing, scaling it reliably across millions of users isn't. We've done this before, at global scale, with enterprise resilience
    • Superior Training Data: Our agents are trained on over a decade of real-world behavioral data from 13+ million users across 70,000+ organizations worldwide
    • Battle-Tested AI: Not a demo toy, it's production-ready and delivering measurable outcomes with documented 83% reduction in Phish-prone™ Percentage within 12 months
    • Risk-Based Intelligence: All our AI decisions are based on reducing the Risk Score of the user through SmartRisk Agent™
    • Comprehensive Platform Integration: We leverage intelligence across our entire HRM+ platform. We're a cybersecurity company, not just a training company
    • Multi-Agent Architecture: Unlike competitors' single-purpose AI tools, our suite of specialized AI agents works in symphony to address different aspects of human risk management. This means less work for you while still delivering on vital risk reduction responsibilities
    • Human-AI Collaboration: There's no artificial intelligence without human intelligence. Our AI works as an extension of your team and follows your guidelines and configurability to make the decisions on behalf of your organization
    • Continuous Learning Loop: Our AI creates a virtuous cycle where each user interaction improves the system's effectiveness, making it smarter over time unlike static rule-based offerings
    • Transparent Decision-Making: Unlike competitors' black-box AI, our AI provides clear explanations for its recommendations, building trust with users and administrators alike
    • Measurable ROI: Our AI feeds into multi-dimensional reporting to showcase the ROI of organizations' security initiatives, showcasing how they are enhancing their overall risk posture and reducing the risk of a breach

    Blog post with links:
    https://blog.knowbe4.com/knowbe4-leads-charge-against-cybersecurity-threats-with-ai-capabilities

    KnowBe4 Blog Has Been Nominated for European Cybersecurity Blogger Awards

    Exciting News! The KnowBe4 blog has been nominated for the European Cybersecurity Blogger Awards in the category of "The Corporates - Best Cybersecurity Vendor Blog!"

    This recognition highlights our commitment to providing you with valuable cybersecurity insights, trends, and educational content throughout the year.

    How You Can Help
    We would be honored to have your support! Voting is open until May 27th, and your vote would mean the world to our content team who works tirelessly to keep you informed on the latest security trends.

    Vote for KnowBe4:
    https://docs.google.com/forms/d/e/1FAIpQLSdByj6dZgSycbSvcV2qgpTwdh3PjLAqryt0H55Vc5SbUa1LpQ/viewform

    About the Awards
    The European Cybersecurity Blogger Awards celebrates excellence in cybersecurity content creation across blogs, vlogs, podcasts and social media. This prestigious event brings together the cybersecurity community's brightest minds and influential voices during Infosecurity Europe.

    Agentic AI Ransomware Is On Its Way

    By Roger Grimes

    Agentic AI-enabled ransomware is not here yet, but likely will be very soon. I am talking this year or by 2026. Here is why.

    What is Agentic AI?

    First, it helps to define what agentic AI is. To do that, we have to start by defining what Artificial Intelligence (AI) is…and doing that is a bit like trying to nail the proverbial Jell-O to a wall. Everyone has a different definition, but here is mine:

    AI is a system or service that is able to perform tasks that simulate "human intelligence" when learning, reasoning and decision-making.

    Contrast that with classic IF-THEN statements that "hard-code" what a program can do. AI Large Language Models (LLMs) "consume" large amounts of data and use algorithms and goals to produce outputs. The outputs can be changed by consuming more or different information. Traditional programs have all the information they will ever "consume" and predefined decisions at the moment they are coded and published. AI can change its decisions and results based on new inputs. AI can make previously undefined decisions.

    Generative AI is great at creating "synthetic" audio and video of fake or real people saying and doing things they really did not do or say. There are thousands of services that allow anyone to take someone's picture and six to 60 seconds of their voice and easily create an audio or video of that person saying or doing anything.

    There are AIs that allow anyone to create a fake person or to emulate a real person that can realistically engage with people in a meaningful conversation, where that person does not easily detect that the "person" they are interacting with is not truly human.

    Agentic means a software/service that uses separate, stand-alone but cooperating "modules" to meet a common goal. There is usually an "orchestrator agent" that directs the other agents to work toward a common goal.

    A real-world allegory would be how most people build houses and buildings. Although one person might be able to do everything necessary to build a house or building by themselves, almost everyone hires a general construction manager (i.e., the orchestrator agent) that hires all the other specialists (e.g., construction, cement, electrical, plumbing, roofing, etc.) who probably perform their involved tasks faster and better, to create a better overall product. Agentic AI is AI that uses individual cooperating agents to accomplish goals better and faster.

    Here's a generic graphic describing a mock agentic AI:

    [CONTINUED] Blog post with links:
    https://blog.knowbe4.com/agentic-ai-ransomware-is-on-its-way-soon

    Let's stay safe out there.

    Warm Regards,

    Stu Sjouwerman, SACP
    Founder and Exec Chair
    KnowBe4, Inc.

    PS: [BUDGET AMMO #1] How AI is Increasing Insider Threat Risk:
    https://www.inc.com/stu-sjouwerman/how-ai-is-increasing-insider-threat-risk/91187640

    PPS: [BUDGET AMMO #2] Employee phishing training is working – but don't get complacent:
    https://www.itpro.com/security/phishing/employee-phishing-training-is-working-but-dont-get-complacent

    Quotes of the Week  
    "A positive attitude causes a chain reaction of positive thoughts, events and outcomes. It is a catalyst and it sparks extraordinary results."
    - Wade Boggs - Athlete (born 1958)
    "Optimism is the faith that leads to achievement. Nothing can be done without hope and confidence."
    - Helen Keller, Author and Activist (1880–1968)
    Thanks for reading CyberheistNews

    You can read CyberheistNews online at our Blog
    https://blog.knowbe4.com/cyberheistnews-vol-15-20-how-to-protect-your-business-from-scattered-spiders-latest-attack-methods

    Security News

    Phishing Campaign Impersonates Microsoft Dynamics 365 Customer Voice

    Check Point warns that a new phishing campaign is impersonating Microsoft's Dynamics 365 Customer Voice CRM tool. The phishing emails purport to contain important attachments such as invoices and include phony Dynamics 365 Customer Voice links.

    "As part of this campaign, cyber criminals have deployed over 3,370 emails, with content reaching employees of over 350 organizations, the majority of which are American," the researchers write. "More than a million different mailboxes were targeted. Affected entities include well-established community betterment groups, colleges and universities, news outlets, a prominent health information group, and organizations that promote arts and culture, among others."

    The goal of the operation is to steal users' Microsoft credentials, which can then be used in follow-on attacks.

    "When recipients click on the illegitimate links, they are directed to a Captcha test, which is intended to convince targets that they are not interacting with a phishing email, and that instead, they are interacting with an authentic request," Check Point says.

    "Afterwards, the recipient is directed to a phishing site, which mimics a Microsoft login page. This is where the attackers attempt to steal users' information." Check Point concludes, "Cyber security leaders should inform employees about the potential for suspicious emails and the importance of confirming their origination points, especially those that claim to be from Microsoft services, including Dynamics 365 Customer Voice."

    New-school security awareness training gives your employees an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Check Point has the story:
    https://blog.checkpoint.com/research/microsoft-dynamics-365-customer-voice-phishing-scam/

    Email-based Attacks Accounted for Most Cyber Insurance Claims Last Year

    Business email compromise (BEC) attacks and funds transfer fraud (FTF) accounted for 60% of cyber insurance claims in 2024, according to a new report from Coalition.

    "Business email compromise is an event in which cyber criminals gain access to an organization's email account to execute a cyber attack," the cyber insurance provider explains.

    "Attackers often leverage email access to find sensitive data, including login credentials, financials, and other private information. Once equipped with sensitive information, they can steal money, extract data for extortion, or compromise additional technologies."

    Coalition also found that the severity of BEC attacks increased by 23%, with the average loss reaching $35,000.

    "BEC claims severity in the US was higher ($36,000) than the global average, while both Canada and the UK were notably lower ($22,000)," Coalition says. "The spike in BEC severity was, in part, driven by increased prices related to legal expenses, incident response firms, data mining, notifications, and other mitigation and recovery efforts."

    The report adds that business sectors with lower security awareness were more likely to fall victim to cyberattacks.

    "Industries that handle sensitive financial data, personal health information, or intellectual property are often targeted by cyber criminals due to the high value of their data," the researchers write. "Industries tied to critical infrastructure may also face heightened risks from state-sponsored attacks and ransomware campaigns that can disrupt essential operations.

    Meanwhile, industries with lower cybersecurity awareness may be more susceptible to opportunistic attacks, like phishing and credential theft."

    The report notes that organizations should "educate employees on threat actor tactics, learn how to spot and avoid cyber attacks with phishing simulations, and meet compliance requirements."

    Blog post with links:
    https://blog.knowbe4.com/email-based-attacks-accounted-for-most-cyber-insurance-claims-last-year

    What KnowBe4 Customers Say

    "We've never interacted, but I asked Alan for your contact information. Our organization is winding down operations, and I wanted to let you know that Alan has been an excellent CSM. He has consistently been knowledgeable, supportive, and up to date on KnowBe4's features and enhancements.

    "Whenever I reach out, he has always been responsive within the same workday, which has always impressed me. He is able to answer all my questions, and helped me think about using the system in ways that improve our organization's efficiency and security.

    "He has also helped me think about general cybersecurity in new ways. I have always respected his work ethic and integrity.

    "If there's ever an opportunity for Alan to grow with the company and Alan expresses interest, I would highly recommend him for consideration. If nothing else – he definitely deserves a raise or bonus! Thank you!"

    - G.J. Vice President, Compliance & CQI

    The 10 Interesting News Items This Week
    1. [WTH?] You think ransomware is bad now? Wait until it infects your... CPUs!:
      https://www.theregister.com/2025/05/11/cpu_ransomware_rapid7/

    2. Watch Out: The Netflix Review Job Scam Is Not the Kind of Show You Want to Star In:
      https://www.bitdefender.com/en-us/blog/hotforsecurity/netflix-review-job-scam

    3. Unit 42 Develops Agentic AI Ransomware Attack Framework - 100X faster pwning:
      https://www.paloaltonetworks.com/blog/2025/05/unit-42-develops-agentic-ai-attack-framework/

    4. Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures:
      https://thehackernews.com/2025/05/fake-ai-tools-used-to-spread.html

    5. Welcome to the age of paranoia as deepfakes and scams abound:
      https://arstechnica.com/ai/2025/05/welcome-to-the-age-of-paranoia-as-deepfakes-and-scams-abound/

    6. Visualizing the World's Shadow Economies (and the corruption levels):
      https://www.voronoiapp.com/crime/Visualizing-the-Worlds-Shadow-Economies--5018

    7. LockBit Ransomware Admin Panel Hacked, Leaks Reveal Inside Details:
      https://www.securityweek.com/valuable-information-leaked-in-lockbit-ransomware-hack/

    8. North Korean IT Workers Are Being Exposed on a Massive Scale:
      https://www.wired.com/story/north-korean-it-worker-scams-exposed/

    9. North Korea's remote IT worker operations likened to a mafia-style syndicate:
      https://cyberscoop.com/north-korea-cybercrime-dtex-research-center-227/

    10. Phishing campaign goes after Meta Business Suite accounts:
      https://www.ctm360.com/reports/meta-mirage-report

    Cyberheist 'Fave' Links
    This Week's Links We Like, Tips, Hints and Fun Stuff

     

    Return To KnowBe4 Security Blog

    Topics: Cybercrime, KnowBe4

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews