CyberheistNews Vol 8 #50 [BREAKING NEWS] You Want to See This Brand-New Phishing Threat Response Product PhishER

CyberheistNews Vol 8 #50
[BREAKING NEWS] You Want to See This Brand-New Phishing Threat Response Product PhishER

NEW PRODUCT LIVE DEMO: Identify & Respond to Email Threats Faster with PhishER

We are excited to announce the release of PhishER, a new product that’s a huge time-saver for your Incident Response team.

Because phishing remains the most widely used cyber attack vector, most end users report a lot of email messages they “think” could be potentially malicious to your incident response team.

Whether or not you step employees through security awareness training doesn’t change the fact that your users are likely already reporting potentially dangerous emails in some fashion within your organization. The increase of this email traffic ...can present a new problem! How do you best manage your user-reported messages?

With only approximately 1 in 10 user-reported emails being verified as actually malicious, how do you not only handle the real phishing attacks and email threats—and just as importantly—effectively manage the other 90% of user-reported messages accurately and efficiently? PhishER.

PhishER is an easy-to-use lightweight Security Orchestration, Automation and Response (SOAR) platform for managing the high volume of potentially malicious email messages reported by your users. With automated prioritization of emails, PhishER helps your Incident Response and Security Operations teams cut through the inbox noise and respond to the most dangerous threats more quickly.

Join us, Thursday, December 20, 2018, at 2:00 pm (ET) for a first look and live 30-minute demonstration of the brand-new PhishER platform. See how you can identify and respond to email threats faster with PhishER.
  • Automate message prioritization by rules you set into one of three categories: Clean, Spam or Threat
  • See clusters of messages to identify a potential phishing attack against your organization
  • Create custom workflows for tasks such as prioritization and alerting
  • Meet critical SLAs within your organization to process and prioritize threats and legitimate emails
  • Easy integration with KnowBe4’s email add-in button, Phish Alert, or forwarding to a mailbox works too!
Find out how adding PhishER to your incident response efforts can help you identify and respond to email threats faster. See if for yourself in this NEW PRODUCT LIVE DEMO:

[Heads-Up] New Email Extortion Scam Bomb Threat Demands Bitcoin

A new email extortion scam is making the rounds, threatening that someone has planted bombs within the recipient's building that will be detonated unless a hefty bitcoin ransom is paid by the end of the business day.

The email was reported to KnowBe4 via a number of sources, including the (free) Phish Alert Button. It appears that the Bitcoin address was different in each message, indicating a higher level of automation than normal. This is a variant of the recent sextortion strains that are doing the rounds, sent by the same miscreants.

This campaign is likely to be very disruptive, some organizations receiving will have no choice but to treat this as a credible threat and go into lockdown like banks and school districts.

The shocking thing is that it was just a hop, skip, and a jump from your run-of-the-mill phish to a bomb threat reported by national media.

Here is the text of one version of the extortion email, a screenshot, and a recommended blurb you can cut/paste and send to your users. This is a developing story and there will be more detail and updates at the KnowBe4 blog:
These Incredibly Realistic Fake Faces Show How AI Can Now Mess With Us

This is more than a bit concerning. The faces in this post look like pretty normal humans. They could be social media shots. However, they were generated by a recent type of algorithm: generative adversarial network, or GAN.

Nvidia researchers Tero Karras, Samuli Laine, and Timo Aila posted details of the method to produce completely imaginary fake faces with stunning, almost eerie, realism.

GANs employ two "dueling" neural networks to train a model to learn the nature of a dataset well enough to generate convincing fakes. When you apply GANs to images, this provides a way to generate often highly realistic still fakes you could use for extremely hard to detect social engineering attacks, especially combined with deep fake videos.

Here is the blog post with the links to the paper, still shots and example videos. Check it out and shiver:
NotPetya Causes Whopping 100 Million Insurance Coverage Lawsuit

Techlawx posted news about an astounding NotPetya-related lawsuit. We all remember June 27, 2017, when a major global cyber attack harmed thousands of companies. The malicious code was dubbed NotPetya, a variation of ransomware called Petya that was first discovered in 2016.

Among the companies infected was Mondelez International, who produces and markets snack food and beverage products for consumers in approximately 165 countries. They own brands like Nabisco, Oreo, belVita biscuits, Cadbury chocolate, Toblerone chocolate and Trident gum.

NotPetya caused damage to its hardware and operational software systems, property, commercial supply and distribution disruptions, unfulfilled customer orders, reduced margins, and other covered losses aggregating well in excess of $100,000,000 (Wow!) Here is the story and the problem:
Mimecast: "Your Filters Are Missing 12 Percent of the Unwanted Emails"

Mimecast said: "Is a false negative rate of 12% a large number or a small one? I suppose it depends on your perspective. If your email security system lets in 12 unwanted emails—whether spam, phishing, impersonations, emails containing malicious links or attachments—for every 100 unwanted emails that arrived at your organization’s doorstep, would you be okay with that?"

I will leave it to you to decide based on what you consider reasonable and acceptable. But this is what their most recent Email Security Risk Assessment (ESRA) data collection and analysis has found. They have been doing this for 7 quarters and the numbers are always of concern.

In an ESRA test the Mimecast service reinspects a participating organization’s emails that were deemed safe by their incumbent email security system. The picture ain't pretty. The percentages are pretty consistent with what is being reported by Cyren, so the conclusion presents itself that about 10 to 15% of those emails wind up in your user's inbox. Yikes. Blog post:

Do You Know What's Getting Through Your Mail Filters?

With email still the #1 attack vector, do you know if hackers can get through your mail filters? Spoofed domains, malicious attachments and executables just to name a few...

KnowBe4’s Mailserver Security Assessment (MSA) tests your mailserver configuration by sending 40 different types of email message tests that check the effectiveness of your mail filtering rules.

Here's how MSA works:
  • 100% non-malicious packages sent
  • Select from 40 automated email message types to test against
  • Saves you time! No more manual testing of individual email messages with MSA's automated send, test, and result status
  • Validate that your current filtering rules work as expected
Results in an hour or less!

Find out now if your mailserver is configured correctly, many are not!
CrowdStrike: Compelling Stories From the Cyber Intrusion Casebook 2018

From the Front Lines of Incident Response, the CrowdStrike Services Cyber Intrusion Casebook 2018 offers some compelling stories how threat actors are continuously adopting new means to achieve their objectives. Drawn from real-life client engagements, the annual Casebook provides valuable insights into ever-evolving attacker tactics, techniques and procedures (TTPs).

Attack Vectors

A dramatic increase in the number of attacks leveraging social engineering, phishing and spearphishing, which accounted for one-third of all attacks investigated — up from 11 percent last year. This is due, in no small part, to this year’s rise in BECs, along with the continued popularity of phishing among nation-state actors. Web server attacks, although still the biggest single attack vector at 19.7 percent of all attacks, declined significantly from the 37 percent reported last year.

CrowdStrike recommends what it calls the 1-10-60 rule: Detect an attack on your organization within one minute, take 10 minutes to investigate it, and then remediate it within 60 minutes. "Organizations that can operate at this level will dramatically improve their chances of staying ahead of the adversary and stopping a potential breach from occurring," the company wrote in its case report.

Learn how CrowdStrike Services IR experts detected and stopped sophisticated adversaries and get recommendations that will better protect your organization. Download the PDF here:
Does Your Domain Have an Evil Twin?

Our Domain Doppelgänger tool makes it easy for you to identify your potential “evil domain twins” so you can take action now.

With Domain Doppelgänger, you can:
  • Search for existing and potential look-alike domains
  • Get a summary report that identifies the highest to lowest risk attack potentials
  • Generate a real-world “domain safety” quiz based on the results for your end users
Domain Doppelgänger helps you find the threat before it is used against you.

Find Your Look-Alike Domains!
Exposing the Dirty Little Secrets of Social Engineering, Featuring Kevin Mitnick

Kevin Mitnick, the world's most famous hacker and KnowBe4's Chief Hacking Officer, along with Perry Carpenter, KnowBe4’s Chief Evangelist and Strategy Officer, will share social engineering insights and experiences. As the author of four best-selling books on the art of social engineering, Kevin is famous for his use of deception, intrusion, and invisibility as a tradecraft. The secrets he shares will help you defend against social engineering threats posed by the bad guys and keep them from manipulating your unsuspecting users.

Key topics covered will include:
  • How social engineering has changed over time
  • Some of the cleverest social engineering techniques
  • Common ways malicious actors find information to use in spear phishing campaigns
  • Psychology of a social engineering exploit and how an organization can protect its users
Watch it Now!

Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

PS: I'm super excited about the PhishER release. It's a brand-new KnowBe4 product that helps your team prioritize and manage potentially malicious messages reported by your users. Identify and respond to email threats fast!
Quotes of the Week
"Imagination is everything. It is the preview of life's coming attractions." - Albert Einstein

"Every child is an artist. The problem is how to remain an artist once we grow up." - Pablo Picasso

Thanks for reading CyberheistNews
Security News
Hackbusters - Where Can You Discuss All Things Social Engineering?

The KnowBe4 Hackbuster’s Forum is an online community dedicated to stopping the bad guys that use social engineering to hack your organization.

Our Hackbusters discussion forum is a moderated, spam-free forum primarily for KnowBe4 clients (but also inclusive of your peers interested in social engineering.)

HackBusters contains thousands of messages from our KnowBe4 users and our staff. Forum members can post messages to the community or just read through existing threads and Q/A. Topics: Phishing, Ransomware, Social Engineering, Security Awareness Training Best Practices, Scripting Tools and Other Topics.

We even have some fun by following the latest social engineering dramas on TV and in film. Our favorite is Mr. Robot. Rumor has it that we could see Mr. Robot early 2019!

You're invited to join the discussion:
Kanye West Tops Dashlane’s List of 2018’s “Worst Password Offenders”

Dashlane today announced its third annual list of the “Worst Password Offenders.” The list highlights the high-profile individuals and organizations that had the most significant password-related blunders in 2018.

“Passwords are the first line of defense against cyberattacks,” said Emmanuel Schalit, CEO of Dashlane. “Weak passwords, reused passwords, and poor organizational password management can easily put sensitive information as risk.”

Dashlane found that the average internet user has over 200 digital accounts that require passwords, and the company projects this figure to double to 400 in the next five years. “The sheer number of accounts requiring passwords means everyone is prone to make the same mistakes as the Password Offenders,” states Schalit. “We hope our list serves as a wake-up call to everyone to follow the best password security practices.” Here is the list:
Half of Management Teams Don’t Understand Business Process Compromise

A new survey by Trend Micro reveals that 43% of organizations in twelve countries have been affected by business process compromise (BPC) attacks. In spite of this, 50% of management teams don’t even know what these attacks are.

Security teams showed more awareness of the threat, with 72% saying that preventing BPC attacks was a top priority.

A BPC attack discreetly alters legitimate business processes to generate profit for the attackers. A key component of these attacks is stealth, with attackers remaining within a network for extended periods of time. This allows the attackers to become very well-versed in the internal workings of the organization.

That familiarity allows the attackers to carry out the essence of the attack, which can include diverting money from the organization’s cash flow system, smuggling illegal products using the organization’s infrastructure, or even rigging the stock market to accumulate millions of dollars.

“We’re seeing more cybercriminals playing the long game for greater reward,” said Rik Ferguson, vice president of security research for Trend Micro. “In a BPC attack, they could be lurking in a company’s infrastructure for months or years, monitoring processes and building up a detailed picture of how it operates.

From there they can insert themselves into critical processes, undetected and without human interaction. For example, they might re-route valuable goods to a new address, or change printer settings to steal confidential information – as was the case in the well-known Bangladeshi Bank heist.” In the Bangladeshi Bank heist, attackers used their knowledge of the SWIFT financial platform to steal up to $81 million via fraudulent transactions.

New-school security awareness training can help employees recognize and prevent these attacks, both before and after they’ve taken root. By teaching employees to be on the lookout for potential weak points or exploitable processes, organizations can drastically reduce the success of attackers who try to infiltrate their networks. Help Net Security has the story:
Ransomware Is a Growing Threat to Every Industry

Ransomware is a global problem that is only getting worse, as evinced by Datto’s 2018 Global State of the Channel Ransomware Report. The report surveyed more than 2,400 IT professionals, including many who work for Managed Service Providers (MSPs).

Kim Crawley at Cylance summarizes Datto’s report and highlights the trends that show why ransomware is such a dangerous threat.

First, ransomware targets every industry. Attackers who use ransomware often don’t care who their targets are as long as they’ll pay to restore their systems. This accounts for the indiscriminate, infectious nature of ransomware like WannaCry. The more systems that are infected, the higher the potential return is for the attackers.

The vectors through which ransomware can infect a system have increased as well. The report shows that 86% of ransomware victims had antivirus software installed, 65% had email and spam filters in place, and 29% were using pop-up blockers.

One of the top infection vectors for ransomware is vulnerable Remote Desktop Protocol ports. With such a wide variety of entry points, organizations have a very difficult time locking down everyone.

Additionally, while ransomware most commonly affects Windows systems, 9% of MSPs have seen it infect macOS, 8% have seen it on Android, and 5% have seen it on iOS. Crawley notes that the number of MSPs reporting ransomware affecting macOS and iOS has increased by 500% from Datto’s 2017 report.

Finally, as organizations and consumers begin using more and more IoT devices, ransomware could begin threatening human lives on a much wider scale. 39% of MSPs expect the malware to begin targeting self-driving cars, and 37% of MSPs predict that it will start to affect medical devices.

In the face of this growing threat, organizations need to take every measure possible to defend themselves against ransomware. While technical safeguards are essential, they won’t stop every threat. Employees need new-school security awareness training so that they don’t fall for phishing or other social engineering techniques that could allow ransomware to gain access to their systems. Cylance has the story:
What KnowBe4 Customers Say

"Hey Stu, so far, so good! The training we’ve been able to do using you guys as a resource has been invaluable. Our click rate has plummeted. Thanks for being there for us."
- Best, G.K. Director, IT

"So far, our experience with KnowBe4 has been great. I’d been pushing for our organization to undertake this type of training for a long time and am glad that we finally reached a consensus to take the plunge.

Our Customer Success Rep, Brandie Leffler, is outstanding. She’s been helpful with anything we’ve needed so far. It’s a pleasure working with Brandie because she has the (rare) talent of being cheerful and personable while at the same time being professional and clearly focused on moving us forward.

Our results, so far have been positive, and by the feedback (direct and indirect) I think we’ve got everyone thinking about security and how they fit in, which is probably one of the biggest challenges. I think that the program has been received well and that we’re heading in the right direction."
- B.J. Systems & Data Manager

P.S. If you want to see KnowBe4 compared to other products in an objective, legit platform that makes sure the reviews are fully vetted, check Gartner Peer Insights:
Live In Europe? KnowBe4 Wants to Know What Keeps You up at Night!

IT Pros today have lots of security concerns such as ransomware, external attacks, data breaches and compliance mandates. Some issues you have locked down tight, while others are making you crazy!

We want to know what aspects of IT security you have covered, and which ones have you worried sick!

In this fast, 5-minute online survey, we want to hear about what issues are of great concern to you and your organization.

Hurry and take the survey now - be one of the first 500 to take the survey and have a chance to win one of several 500-dollar Amazon gift cards! (or equivalent in your local currency)

The 10 Interesting News Items This Week
    1. Former CIA Technical Intelligence Officer Rosa Smothers Joins KnowBe4 as Senior VP of Cyber Operations:

    2. AI Set to Supercharge Phishing in 2019:

    3. Ships Infected With Ransomware, USB Malware, Worms:

    4. UK firms feel 'let down by government' over cyber-security:

    5. Iranian hackers targeting US nuclear scientists' private emails:

    6. Surprise! The US doesn't have a single data privacy law that applies to all fifty states... who knew. A group of 15 US senators indicated it wanted to change the status quo, introducing the Data Care Act:

    7. AP Exclusive: Iran hackers hunt nuke workers, US officials:

    8. PhishER is a brand-new product that helps your team prioritize and manage potentially malicious messages reported by your users. Identify and respond to email threats fast!:

    9. FBI Says Chinese Espionage Poses ‘Most Severe’ Threat to American Security:

    10. ‘Operation Sharpshooter’ Targets Global Defense, Critical Infrastructure:
Prepared in cooperation with the CyberWire research team.
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff
    • For victims of cybercrime: follow the links below to get the resources and support you need to respond and recover from cybercrime and online fraud incidents:
    • PhishER is a brand-new product that helps your team prioritize and manage potentially malicious messages reported by your users. Identify and respond to email threats fast!:

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2018 KnowBe4, Inc. All rights reserved.

Subscribe To Our Blog

Ransomware Has Gone Nuclear Webinar

Get the latest about social engineering

Subscribe to CyberheistNews