CyberheistNews Vol 15 #28 | July 15th, 2025
[The $1B Question] Is Your Security Team Ready for AI Prompt Attacks?
Probably not. So the question becomes: "Should your security team learn prompt engineering?" The answer is definitely YES. Here's why:
AI-powered attacks are evolving at scary speed. Criminals are using LLMs to craft perfect phishing emails, automate social engineering and scale attacks like never before.
Your defenders need the same weapons.
At KnowBe4, we're seeing security teams who understand prompt engineering catch threats three times faster. They're building AI agents that analyze patterns humans miss, and automating response workflows that used to take hours. They are using adaptive email security tools with O365 that use AI to defend against and quarantine the most sophisticated threats.
The future of cybersecurity isn't just about defending against AI — it's about wielding it better than the attackers. Start simple: Have your team take a prompt engineering course. Run an internal hackathon. Build your first security AI agent. The criminals already have.
Ransomware Reality Check: Busting Cybersecurity Myths
Join us for an engaging and interactive webinar where we put ransomware myths to the test! This unique session combines the analytical approach to the most persistent discussions surrounding ransomware attacks and YOU decide whether they hold weight.
KnowBe4 cybersecurity experts, Javvad Malik and Erich Kron, will go head-to-head to debate the facts, presenting evidence, real-world case studies and expert opinions on controversial ransomware topics. Should you:
- Ever negotiate with ransomware groups?
- Prioritize prevention or recovery?
- Be required to disclose ransom payments?
- Face legal consequences for making ransomware payments?
- Hire former black hat actors as consultants?
But here's where it gets interesting: YOU get the deciding vote! After each debate, you will vote on which argument was most compelling and maybe even walk away from it thinking about ransomware in a new light. Plus earn CPE credit for attending!
Date/Time: TOMORROW, Wednesday, July 16 @ 2:00 PM (ET)
Can't attend live? No worries — register now and you will receive a link to view the presentation on-demand afterwards.
Save My Spot:
https://info.knowbe4.com/ransomware-webinar-2025?partnerref=CHN2
AI Attacks Are Coming in a Big Way Now!
By Roger Grimes
AI is going to allow better, faster and more pervasive attacks. For a few years, if you attended one of my presentations involving AI, I would tell you all about AI and AI threats…perhaps even scare you a bit…and then tell you this, "AI attacks are coming, but how you are likely to be attacked this year doesn't involve AI. It will be the same old attacks that have worked for decades."
I always got lots of comforted smiles from those ending lines. But this year is different. This year, if you are successfully attacked, AI is likely to be involved. Starting now, AI is more than likely to be involved, and by next year…for sure…AI will be the main way you are attacked.
AI promises to solve many of humanity's long-standing problems (e.g., diseases, traffic management, better weather prediction, etc.), improve productivity, and give us many inventions and solutions that were not easily achievable. Unfortunately, AI will also allow cyberattackers to be better at malicious hacking.
This article will discuss many of the ways AI will be used by attackers to "better" attack us. I'm not talking about things way, way in the future. I'm talking about improvements happening now that will become forevermore the way things are done, starting this year and definitely normalized by next.
[CONTINUED] At the KnowBe4 blog:
https://blog.knowbe4.com/ai-attacks-are-coming-in-a-big-way-now
[Live Demo] Intelligent Email Defense: Automate, Remediate, and Train from One Platform
As cyberattackers continue to outpace traditional defenses, it's not a question of if, but when sophisticated attacks will bypass your email security controls.
Phishing attacks are surging at an unprecedented 1,265% rate since 2022, largely driven by AI advancements. Most concerning, 31% of IT teams take more than five hours to respond to reported security issues, leaving your organization vulnerable during those critical hours when threats remain active in your users' inboxes.
During this demo, you'll discover how PhishER Plus can help take control back from rising AI phishing risks by:
- Transforming your users into active threat sensors with one-click reporting via the Phish Alert Button
- Accelerating response times with AI-powered automation that reduces manual email review by 85-99%
- Providing comprehensive threat intelligence from a network of 13+ million global users and third-party integrations
- Removing threats automatically from all mailboxes with PhishRIP before users can interact with them
- Converting real attacks into targeted training opportunities with PhishFlip
Discover how PhishER Plus combines AI and human intelligence to transform your users from security risks into your most valuable defenders.
Date/Time: Wednesday, July 23 @ 2:00 PM (ET)
Save My Spot:
https://info.knowbe4.com/phisher-demo-1?partnerref=CHN
Alert: Scattered Spider is Targeting the Aviation Sector
The U.S. FBI and cybersecurity experts are warning that the Scattered Spider extortion gang has shifted its focus to the aviation and transportation sectors, BleepingComputer reports.
The group spent the past several months targeting companies in the retail and insurance sectors, and has now hit several airlines. Scattered Spider uses social engineering attacks to gain initial access, then steals data and/or deploys ransomware to extort their victims.
Palo Alto Networks' Unit 42 says the group frequently targets organizations' help desks to trick IT workers into resetting passwords for them. Unit 42's SVP of Consulting and Threat Intelligence Sam Rubin stated, "Organizations should be on high alert for sophisticated and targeted social engineering attacks and suspicious MFA reset requests."
Likewise, Charles Carmakal, CTO at Google's Mandiant, said in a LinkedIn post, "We recommend that the industry immediately take steps to tighten up their help desk identity verification processes prior to adding new phone numbers to employee/contractor accounts (which can be used by the threat actor to perform self-service password resets), reset passwords, add devices to MFA solutions, or provide employee information (e.g. employee IDs) that could be used for a subsequent social engineering attacks."
Carmakal points to Mandiant's guidance on defending against Scattered Spider, which notes that the group is "extremely proficient at using multiple forms of social engineering to convince users into doing something that will allow them to gain access."
Mandiant says organizations should educate users to be on the lookout for these tactics. New-school security awareness training gives your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 orgs worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Blog post with links:
https://blog.knowbe4.com/alert-scattered-spider-is-targeting-the-aviation-sector
Data Exfiltration Over Email: How to Detect Intentional Exfiltration in Microsoft 365
Cybersecurity leaders have reported intentional rule-breaking as the leading cause of data loss and exfiltration in their organization, yet many struggle to effectively detect or monitor this threat.
Download this guide to learn:
- Why employees exfiltrate data over email
- How individuals bypass internal safeguards to send sensitive information to personal emails
- The limitations of traditional DLP solutions in detecting exfiltration
Download Now:
https://info.knowbe4.com/ciso-strategy-guide-data-exfiltration-over-email-chn
Let's stay safe out there.
Warm Regards,
Stu Sjouwerman, SACP
Founder and Exec Chair
KnowBe4, Inc.
PS: [By Yours Truly] "What Can Businesses Do About Ethical Dilemmas Posed by AI?":
https://www.securityweek.com/what-can-businesses-do-about-ethical-dilemmas-posed-by-ai/
PPS: [ARTICLE] KnowBe4 evolves from security training to human risk management:
https://www.techzine.eu/blogs/security/132970/knowbe4-evolves-from-security-training-to-human-risk-management/
- Socrates (469 - 399 BC)
- Pericles (495 - 429 BC)
You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-15-28-the-1b-question-is-your-security-team-ready-for-ai-prompt-attacks
AI-Generated Summaries Mistakenly Suggest Phishing Sites
Researchers at Netcraft warn that AI-generated search engine summaries are suggesting phishing sites when users ask them to find legitimate login pages. The researchers tested popular AI models, asking them for the login pages of fifty major brands, and found that the models provided the wrong sites 34% of the time.
"In many cases, users see AI-generated content before (or instead of) traditional search results—and often without even needing to log in," the researchers explain. "This shift marks a fundamental change in how users interact with the web.
"But it also introduces new risks: when an AI model hallucinates a phishing link or recommends a scam site, the error is presented with confidence and clarity. The user is far more likely to click and follow through. We've already seen troubling public examples, but our deeper investigation shows that the issue isn't confined to hypothetical or early-stage rollouts. It's systemic—and increasingly exploitable."
In at least one case, a model suggested a downright malicious page that impersonated Wells Fargo's login portal. "This wasn't a subtle scam," the researchers write. "The fake page used a convincing clone of the brand. But the critical point is how it surfaced: it wasn't SEO, it was AI.
"Perplexity recommended the link directly to the user, bypassing traditional signals like domain authority or reputation. This scenario highlights a major challenge. AI-generated answers often strip away traditional indicators like verified domains or search snippets. Users are trained to trust the answer, and the attacker exploits the user if the answer is wrong."
Netcraft notes that AI summaries offer threat actors a new avenue to get phishing links in front of users. "Phishers and cybercriminals are well-versed in traditional SEO techniques," the researchers explain. "But now they're turning their attention to AI-optimized content, pages designed to rank not in Google's algorithm, but in a chatbot's language model."
Netcraft has the story:
https://www.netcraft.com/blog/large-language-models-are-falling-for-phishing-scams
Crooks Use Callback Phishing to Bypass Security Measures
Researchers at Cisco Talos warn of a surge in callback phishing attacks that use PDF files with phone numbers to trick victims into calling the scammers. The emails purport to come from well-known brands, and use phony urgent scenarios to spur the victim into acting quickly.
Many of the phishing lures inform users of a large unauthorized transaction on an account. "A significant portion of email threats with PDF payloads persuade victims to call adversary-controlled phone numbers, displaying another popular social engineering technique: telephone-oriented attack delivery (TOAD), also known as callback phishing," the researchers write.
"Victims are instructed to call a specific number in the PDF to resolve an issue or confirm a transaction. Once the victim calls, the attacker poses as a legitimate representative and attempts to manipulate them into disclosing confidential information or installing malicious software on their computer."
The researchers note that callback phishing can often bypass technical security measures, since it relies on a victim reaching out to the scammer. The phishing emails and PDF files don't contain any malicious links or malware-laden attachments.
"Phishing typically involves sending emails or messages with malicious links or attachments that direct the victim to a counterfeit website," Talos explains. "Callback phishing, however, does not rely on fake websites or phishing links. Instead, attackers use direct voice communication to exploit the victim's trust in phone calls and the perception that phone communication is a secure way to interact with an organization.
"Additionally, the live interaction during a phone call enables attackers to manipulate the victim's emotions and responses by employing social engineering tactics. Callback phishing is, therefore, a social engineering technique rather than a traditional email threat."
Cisco Talos has the story:
https://blog.talosintelligence.com/pdfs-portable-documents-or-perfect-deliveries-for-phish/
- FBI Cybersecurity Breach Led to Murders of Informants in El Chapo Case:
https://www-secureworld-io.cdn.ampproject.org/c/s/www.secureworld.io/industry-news/fbi-breach-deaths-el-chapo? - U.S. Treasury sanctions North Korean over alleged involvement in IT worker scheme:
https://home.treasury.gov/news/press-releases/sb0190 - FBI Warns of Health Insurance Scam Stealing Personal and Medical Data:
https://hackread.com/fbi-warns-health-insurance-scam-steal-medical-data/ - Someone using AI to impersonate Marco Rubio contacted at least five people including foreign ministers, cable says:
https://www.cnn.com/2025/07/08/politics/marco-rubio-artificial-intelligence-impersonation - Alleged Chinese State Hacker Wanted by US Arrested in Italy:
https://www.securityweek.com/alleged-chinese-state-hacker-wanted-by-us-arrested-in-italy/ - Many UK workers wouldn't tell their bosses if they'd been hit by a cyberattack:
https://www.techradar.com/pro/security/many-workers-wouldnt-tell-their-bosses-if-theyd-been-hit-by-a-cyberattack? - The world's first AI operating system wants to automate your workflow:
https://bgr.com/tech/the-worlds-first-ai-operating-system-wants-to-automate-your-workflow/ - Iranian ransomware group offers bigger payouts for attacks on Israel, US:
https://therecord.media/iran-ransomware-group-pay2keyi2p-israel-us-targets - Four arrested in UK over M&S, Co-op, Harrod cyberattacks:
https://www.bleepingcomputer.com/news/security/four-arrested-in-uk-over-mands-co-op-harrod-cyberattacks/ - New ransomware gang targets Europe and Asia:
https://www.trendmicro.com/en_us/research/25/g/bert-ransomware-group-targets-asia-and-europe-on-multiple-platforms.html
- Virtual Vaca #1 to Little Latvia a Time-lapse Drone Tilt-shift:
https://youtu.be/_yByicNJ1rM?si=xUz3y8_ptEgSaFyS - Virtual Vaca #2 to Joshua Tree National Park, California, USA. Amazing moonscape:
https://youtu.be/i4h4_07K1-M?si=v4Aenyn-r3VXzgXX - Witness the incredible fusion of nostalgia and innovation as The Floppotron brings Eurythmics' Sweet Dreams to life through a symphony of obsolete tech:
https://www.flixxy.com/sweet-dreams-on-floppy-disks-the-floppotron-orchestra-strikes-again.htm?utm_source=4 - Why Bhutan is Building the Anti-Dubai:
https://youtu.be/hPlRmUv7qzo - LockPickingLawyer - Cool, Innovative, & DUMB: U-Change Padlock Picked & Bypassed:
https://youtu.be/Xyk-9HJQ1BA - Dreamscapes Reimagined: A Visual Test in HDR Video 8K 120FPS Dolby Vision:
https://youtu.be/xLOqu_CQ8Ck - [Live History] A Trip to the 1899 French Seaside HD Colorized w/Sound:
https://youtu.be/o5HwW6yDcv0 - [JUST RECORDED]: Elon Musk Drops New Tech Bombshells - Full Presentation:
https://www.youtube.com/watch?v=XhOwlEyJhOg - Rimac Nevera R Destroys 24 World Records | 0-400-0 in 25.79s!:
https://youtu.be/LOcp3-Ik3G4 - Robot walking down Michigan street stops traffic:
https://youtu.be/ScRetH9wxPk - [FLYING CARS THEN] Italy's Flying Car from 1949 – The Future Took Off 75 Years Ago:
https://www.flixxy.com/italys-flying-car-from-1949-the-future-took-off-75-years-ago.htm?utm_source=3 - [FLYING CARS NOW] Compare that to the Jetson ONE - Reaching the Mountain Summit Saving Lives:
https://youtu.be/DKVzKyROz-Y - For Da Kids #1 - Sea Turtle Stuck In Plastic Gets Help At Just The Right Time:
https://youtu.be/4r_fJbpI-6o - For Da Kids #2- Rescued Otter Climbs Onto Man's Kayak To Say "Hi":
https://youtu.be/GQILrdrMCpc - For Da Kids #3- This Wild Raccoon Acts Like a Puppy… Surprises Everyone She Meets:
https://youtu.be/QMq6TMKDKk4 - For Da Kids #4 - Rescuing Baby Swan While Mama Attacks:
https://youtu.be/UnjvlartbrQ - For Da Kids #5 - Dog Trapped in a Car Has the Best Reaction to Her Rescue!:
https://youtu.be/-bhXKN_2p0M
