CyberheistNews Vol 9 #5 [Brilliant New Social Engineering Phish] "Please DocuSign: Funding for Your Business"




CyberheistNews Vol 9 #06
[Brilliant New Social Engineering Phish] "Please DocuSign: Funding for Your Business"

A friend was sent this email and he forwarded it to me. It's a brilliant new social engineering phishing scam. It will sail through all your spam / malware filters and email protection devices, because it's entirely legit by using the DocuSign infrastructure. Prime example of an info grabbing phish that does not use a malicious payload.

Clicking on the yellow "Review Document" button gets you to—again an entirely legit—DocuSign page, which requires you to fill out the form as per the normal process. I broke it up in two parts. The top half is more or less normal for a loan application. But wait, the second half really takes the cake.

Continuing to fill out the form allows the bad guy to completely steal the identity of the victim—and the company identity— especially if they are gullible enough to add the "past three most recent bank statements".

If someone in accounting would fall for this attack, the damage could be extensive to a point of bankruptcy for a small business that gets hit hard with the potential repercussions.

You need to see the screen shots at the blog to get the full picture. I would simply forward the blog post to your high-risk employees and warn them about this new type of phishing attack:
https://blog.knowbe4.com/brilliant-new-social-engineering-phish-please-docusign-funding-for-your-business
[Live Webinar] Get an Insider View Into the Methods and Exploits of the World's Most Famous Hacker, Kevin Mitnick

Many of the world's most reputable organizations rely on Kevin Mitnick, the world's most famous hacker and KnowBe4's Chief Hacking Officer, to uncover their most dangerous security flaws. Kevin’s experience as a security consultant and his vast knowledge of social engineering are part of what help you train your users to stay a step ahead of the bad guys. Wouldn’t it be great if you had insight into the latest threats and could find out “What would Kevin do”? Now you can!

Join us for this live webinar where Kevin and Perry Carpenter, KnowBe4's Chief Evangelist and Strategy Officer, will give you an inside look into Kevin’s mind. You will learn more about the world of penetration testing and social engineering with first-hand experiences and some disconcerting discoveries.

In this webinar you will:
  • See exclusive demos of the latest bad guy attack strategies
  • Find out how these vulnerabilities may affect your organization
  • Learn what you can do to stop the bad guys (What Would Kevin Do?)
It's sure to be an experience you won't forget!

Date/Time: Wednesday, February 20th @ 2:00 pm ET

Save your spot!
https://event.on24.com/wcc/r/1916268/5156023D79BF715902153866849A5F15?partnerref=CHN1

P.S. Attend the webinar live and you'll get a “What Would Kevin Do?” desktop wallpaper!
Worldwide Threat Assessments by the US Intelligence Community: CYBER

First of all, at all times keep in mind that planet Earth really is an anarchy of nations. Now, with that perspective keep on reading about the big picture.

Daniel R. Coats, Director of National Intelligence reported on Threats to US national security on January 29, 2019. He first gave big picture, geopolitics data and then had a few paragraphs specifically dedicated to cyber threats. I'm quoting the geopolitics below, and the cyber section plus the full PDF are at the blog.
    • China and Russia are more aligned than at any point since the mid-1950s, and the relationship is likely to strengthen in the coming year as some of their interests and threat perceptions converge, particularly regarding perceived US unilateralism and interventionism and Western promotion of democratic values and human rights.

    • As China and Russia seek to expand their global influence, they are eroding once well-established security norms and increasing the risk of regional conflicts, particularly in the Middle East and East Asia.

    • At the same time, some US allies and partners are seeking greater independence from Washington in response to their perceptions of changing US policies on security and trade and are becoming more open to new bilateral and multilateral partnerships.
The specific CYBER risks are continued at the KnowBe4 blog, together with a link to the PDF download:
https://blog.knowbe4.com/worldwide-threat-assessments-of-the-us-intelligence-community-cyber
[Don't Miss the Feb Live Demo] See Ridiculously Easy Security Awareness Training and Phishing in Action!

Old-school awareness training does not hack it anymore. Your email filters have an average 10-15% failure rate; you need a strong human firewall as your last line of defense.

Join us this week for a 30-minute live demonstration of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing. See the latest product features and how easy it is to train and phish your users.
  • NEW Identify and respond to email threats faster. Enhance your incident response efforts with PhishER add-on!
  • Send fully automated simulated phishing attacks, using thousands of customizable templates with unlimited usage.
  • Train your users with access to the world's largest library of awareness training content and automated training campaigns with scheduled reminder emails.
  • Virtual Risk Officer shows you the Risk Score by user, group, and your whole organization.
  • Advanced Reporting on 60+ key awareness training indicators.
  • Active Directory Integration to easily upload user data, eliminating the need to manually manage user changes.
Find out how 23,000+ organizations have mobilized their end-users as their human firewall.

Date/Time: Wednesday, February 6, 2019 at 2:00 pm ET

Save My Spot!
https://event.on24.com/wcc/r/1918577/0D26DBB3D04B17E3B413A60C794830D3?partnerref=CHN
[February Demonstration] KCM GRC With New Risk and Policy Management Modules

You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments is a continuous problem.

We listened! We have expanded the existing KCM product with new Risk and Policy Management modules, transforming KCM into a full SaaS GRC platform!

Join us for a 30-minute live product demonstration of the new KCM GRC platform from KnowBe4. See how you can simplify the challenges of managing your compliance requirements and ease your burden when it’s time for risk assessments and audits.
  • [NEW] Simplify risk management with an intuitive interface and simple workflow based on the well-recognized NIST 800-30.
  • Quick implementation with pre-built requirements templates for the most widely used regulations.
  • You can assign responsibility for controls to the users who are responsible for maintaining them.
  • Secure evidence repository and DocuLinks giving you two ways of maintaining audit evidence and documentation.
  • Dashboards with automated reminders to quickly see what tasks have been completed, not met, and past due.
Date/Time: Tuesday, February 12, 2019 at 1:00 pm ET

Save My Spot!
https://event.on24.com/wcc/r/1913625/A506CAC6CB6D22648B3513C656C91C4B?partnerref=CHN
Going to HIMSS19 in Orlando Next Week? Stop by the KnowBe4 Booth!

Drop by KnowBe4’s Booth #400-94 in the Cybersecurity Command Center, and see a demo of the innovative KnowBe4 Security Awareness Training Platform to train and phish your users. Be entered to win BOSE QuietComfort 35 Headphones!

See our Presentation: Levers of Human Deception

Join Erich Kron, KnowBe4’s Security Awareness Advocate, during this session he will explore the psychological levers that social engineers and scam artists use to make you more likely to do their bidding, and learn the most effective techniques you can use to counter these attacks in the process.

When/Where: Wednesday, February 13th, 10:45am
HIMSS19, Cybersecurity Command Center, Theater B
Hackbusters - Where You Can Discuss All Things Social Engineering

The KnowBe4 Hackbuster’s Forum is an online community dedicated to stopping the bad guys that use social engineering to hack your organization.

Our Hackbusters discussion forum is a moderated, spam-free forum primarily for KnowBe4 clients (but also inclusive of your peers interested in social engineering.)

HackBusters contains thousands of messages from our KnowBe4 users and our staff. Forum members can post messages to the community or just read through existing threads and Q/A.

Topics: Phishing, Ransomware, Social Engineering, Security Awareness Training Best Practices, Scripting Tools and Other Topics.

We even have some fun by following and discussing the latest social engineering scenes on TV and in film. Please sign in and say hi. Our bot Disco will help you sign up but our human mods are there to help you!
https://discuss.hackbusters.com/
Is Your Commute 30 Minutes or Longer? Here's a Great Podcast!

"Hacking Humans" Is The No. 1 Podcast Covering Social Engineering! Each week the CyberWire’s Hacking Humans podcast looks behind the social engineering scams, phishing schemes, and criminal exploits that make headlines and take a heavy toll on organizations around the world.

They talk to social engineering experts, security pros, cognitive scientists, and those practiced in the arts of deception (perhaps even a magician or two). We also hear from people targeted by social engineering attacks and learn from their experiences. Trust us: check out the recent episodes and subscribe today.
https://blog.knowbe4.com/hacking-humans-is-the-no.-1-podcast-covering-social-engineering
Get the Unique "2019 Security Threats and Trends" Survey Results *First*

Once a year, KnowBe4 runs its Security Threats and Trends Survey. We’re polling IT and Security executives, administrators and professionals like yourself on what technology and business issues you consider your organization's biggest security threats and challenges over the next 12 months.

It will take you 5 minutes tops. As a reward, you get the results first, and will allow you to compare yourself with your peers. It's multiple choice with one essay question. ALL responses are confidential.

Anyone who completes the survey and includes their email address in the Essay question along with a comment gets a complimentary copy of the Executive Summary and the accompanying PowerPoint presentation of the survey results. The person who provides us with the best Essay comment will win a USD 100 Amazon gift card.

Here's the link to the new 2019 survey:
https://www.surveymonkey.com/r/52QKNCV

Let's stay safe out there.

Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc

Quotes of the Week
"Out of 6 billion humans, the troublemakers are just a handful." - Dalai Lama, (born 1935)

"Intellectuals solve problems, geniuses prevent them." - Albert Einstein - Scientist (1879 - 1955)



Thanks for reading CyberheistNews
Security News
Twitter Scammers Pose as Companies Offering Customer Support

Scammers are attempting to steal payment card details by responding to publicly-posted complaints to companies on Twitter, according to Lisa Vaas at Naked Security. It’s a common practice for consumers to file complaints or support requests with companies by tweeting at a company’s Twitter account, and many companies have employees that respond to each of these tweets to offer solutions.

Scammers are taking advantage of this practice by creating Twitter accounts that look nearly identical to official companies’ accounts, and then responding to complaints directed at those companies.

This activity was observed first-hand by Andrew Mabbit, a cybersecurity expert and director at Fidus Information Security, after he tweeted a complaint to British ISP Virgin Media concerning his broken internet connection. Virgin Media publicly replied to his tweet within minutes, but he also received a private message at nearly the same time from an account that, on first glance, appeared to belong to Virgin Media.

The message requested Mabbit’s full name and address, so Mabbit responded with the name of the superhero movie character Deadpool, along with the address of London’s Metropolitan Police department.

The scammer then requested the credit card details associated with Mabbit’s Virgin Media account “for security purposes.” Mabbit again provided fake information, and the scammer tried to obtain another card. After a series of messages were sent back and forth, Mabbit obtained the scammer’s IP address by sending a phony SMS message.

Vaas says that scammers take advantage of the fact that many people who post public Twitter complaints are upset and want a quick solution to their problem. “Scammers will jump at the chance to pretend they’re helping you when they know you’re frustrated because you’re venting publicly, for everyone to see,” she says. Instead of posting a public complaint, it’s safer to contact companies via direct message, where no one else can offer unwanted assistance.

New-school security awareness training can help your employees resist scams by teaching them how to recognize suspicious requests for sensitive information. Naked Security has the story:
https://nakedsecurity.sophos.com/2019/01/28/twitter-scammers-jump-in-on-real-time-complaints-to-companies/
Preparation Pays in Ransomware Defense

The police department of Salisbury, Maryland, was hit by a ransomware attack on January 9th that compromised the department’s entire internal network, according to Rose Velazquez at Delmarva Now. Salisbury police Capt. Rich Kaiser said that the incident “can be characterized as the worst computer network attack in SPD history.”

He added that the attack was made much worse by the fact that “the attacker made entry into our network through a software vendor that we have used for many, many years.” Since the attacker came in through a vendor, the attack was far more widespread than it might have been otherwise.

Despite the fact that the malware encrypted all of the department’s critical systems, no important data were permanently lost. Kaiser said this was due to a "very intricate file backup system." On January 11th, just two days after the attack took place, the department had restored its critical systems.

Three days later, supplemental systems were restored as well. In the meantime, the department was assisted by the Wicomico County Sheriff's Office and the neighboring Fruitland Police Department, both of which helped the Salisbury Police Department perform registrations and wanted persons checks while the systems were down.

“What is important to realize here is our ability to receive and/or respond to calls for service during that time period was not hampered whatsoever,” said Kaiser. “We simply shifted back to a paper reporting system for a short period of time.”

The Salisbury Police Department’s admirable response and quick recovery shows the importance of planning and preparation before an attack takes place. Delmarva Now has the story:
https://www.delmarvanow.com/story/news/local/maryland/2019/01/23/salisbury-police-hit-ransomware-cyber-attack/2550120002/
UK Police Arrest Social Engineer for €10 Million Cryptocurrency Theft

Europol announced on January 23 that a man has been arrested in the UK for the theft of €10 million (USD 15 million) in IOTA cryptocurrency, according to Danny Bradbury at Naked Security.

The man set up a website that tricked IOTA users into using his service to generate their IOTA seeds, which he collected and later used to transfer funds out of their cryptocurrency wallets. He also launched a DDoS attack against IOTA servers to prevent administrators from noticing suspicious transactions.

IOTA cryptocurrency wallets are secured with an 81-character seed that’s used to transfer and receive funds. IOTA tokens can be transferred by anyone who knows this seed, and there are a number of online services that generate these seeds randomly and securely.

The suspect in this case created a program that purported to generate a seed based on the movements of the user’s mouse. In reality, the program created sequential seeds and saved them for the suspect. In January 2018, he used these seeds to steal IOTA from at least eighty-five victims.

While some of the blame may fall on IOTA’s developers for not providing a secure generation tool themselves, users need to be aware of these potential attack vectors. Bradbury says that “the takeaway from this whole sorry affair is that if you’re dealing with a technically complex asset like cryptocurrency, it pays to invest the time in understanding how it works, what the dangers are, and how you can protect yourself against them.”

“Cryptocurrency developers and administrators must also accept that some users will take the path of least resistance, without realizing that this path isn’t secure,” he continues. “Admins can protect their community – and therefore their ventures – by generating secure tools that assist users through all steps of the setup and management process, rather than assuming they will choose security over convenience.”

New-school security awareness training can give your employees the knowledge to identify where and when attackers are likely to target them by showing them real-world examples and giving them insights into attackers’ mindsets. Naked security has the story:
https://nakedsecurity.sophos.com/2019/01/25/police-arrest-man-for-15m-iota-heist/
Attackers are using Google Cloud URLs to Mask Malicious Redirects

Attackers are using Google App Engine on the Google Cloud Platform (GCP) to deliver malware through PDF decoys, according to Netskope Threat Research Labs. The attackers send emails purporting to come from a bank, and primarily target the financial sector.

The attachments in these emails use a Google App Engine URL to trick their victims into trusting the source. When a victim clicks on the attachment, they are logged out of Google App Engine and redirected to a malicious site that downloads a Word document containing a malicious macro.

While PDF readers typically display a warning when a file tries to connect to a website, in this case the warning only displays “appengine.google[.]com.” Many employees would assume that the URL is safe. Additionally, organizations may have already whitelisted Google App Engine URLs, so there would be no warning.

“Enterprises should educate their users to recognize AWS, Azure, and GCP URLs, so they can discern malicious sites from official sites,” the Netskope researchers say. It’s also important to note that the malware is not actually downloaded onto the victim’s machine until after the Word document has been opened and the victim has clicked “Enable editing.”

Employees who have been taught that they should never enable editing in an untrusted Word document can avoid this threat, even if they’re tricked by the earlier stages of the attack. New-school security awareness training can give your employees the knowledge necessary to thwart such attacks. Dark Reading has the story:
https://www.darkreading.com/attacks-breaches/cyberattackers-bait-financial-firms-with-google-cloud-platform/d/d-id/1333729
What KnowBe4 Customers Say

Thank you for reaching out to me. I’m actually glad you did reach out, because I wanted the chance to express how pleased we are, not only with the services your company provides, but also with the excellent customer service we have received from our customer success manager, Katie Kenall.

Though we have not been with KnowBe4 for very long, Katie has been punctual on every call time, answered our questions (repetitive though they may be) with patience, and has gone out of her way to assist me in any way she could. In my experience, it is highly unusual to find someone with a noticeable distinction with regards to customer service. Katie is truly a pleasure to work with.

As for the KnowBe4 product, I am very much enjoying using the various training tools and tests that it provides. KnowBe4 has given us the helps we needed to individualize training for our “at risk” employees, and you have given us a wonderful tool for ongoing training for all of our employees!

Thank you, again. If I can be of any assistance, please feel free to contact me.
K.D., Information Technology Officer



Thank you for your time and consideration! I REALLY like it! We have rolled out the baseline test already, and I have already configured the monthly phishing campaigns. The AD integration, the SAML configuration and we have started the run up to the PAB deployment and resources for using that. Training Campaigns are already established and just waiting user communications.

Let me tell you, I used to do phishing using metasploit pro, and the attempts were very limited. I really like this service because of the vigilance required to avoid being phished! I have already watched a few of training videos and like the breadth of training provided (especially was pleased to see the traveler training).

Thanks to your ASAP we have automated a great deal of this deployment and published our phishing dates to our team so we can brace for the influx of reports. I think this is a great service and would not hesitate to recommend it to everyone! Thanks for asking!
- A.J., Systems and Security Engineer



P.S. If you want to see KnowBe4 compared to other products in an objective, legit platform that makes sure the reviews are fully vetted, check the Gartner Peer Insights site, where KnowBe4 is a 2019 Customer's Choice: https://www.gartner.com/reviews/market/security-awareness-computer-based-training
The 10 Interesting News Items This Week
    1. Dice 2019 Tech Salary Report: "Mind the Gap: Employers and Tech Professionals Divided on How to Satisfy Top Tech Talent". Here is the PDF:
      https://www.knowbe4.com/hubfs/Dice_Tech_Salary_Report_2019.pdf

    2. EU Agency Says Iran Likely to Step up Cyber Espionage:
      https://www.reuters.com/article/us-eu-iran-cyber/eu-agency-says-iran-likely-to-step-up-cyber-espionage-idUSKCN1PM12X

    3. In our Wi-Fi world, the internet still depends on undersea cables:
      https://gcn.com/Articles/2019/01/28/undersea-internet-cables.aspx?m=1&Page=2

    4. Potential global cyber attack could cause USD 85-193 billion worth of damage. Report:
      https://www.reuters.com/article/us-cyber-insurance/potential-global-cyber-attack-could-cause-85-billion-193-billion-worth-of-damage-report-idUSKCN1PN0K7

    5. Phishing campaign throws Shade ransomware at Russians:
      https://www.scmagazine.com/home/security-news/phishing-campaign-throws-shade-ransomware-at-russians/

    6. North Korea could accelerate commercial espionage to meet Kim's economic deadline:
      https://www.cyberscoop.com/north-korea-accelerate-commercial-espionage-meet-kims-economic-deadline/

    7. Exclusive: UAE used cyber super-weapon to spy on iPhones of foes:
      https://in.reuters.com/article/us-usa-spying-karma-exclusive/exclusive-uae-used-cyber-super-weapon-to-spy-on-iphones-of-foes-idINKCN1PO1AN

    8. The Top 25 Cybersecurity Experts to Follow on Social Media in 2019. Check out No. 10:
      https://cybersecurityventures.com/top-20-cybersecurity-experts-to-follow/

    9. Agari Research: One in Five Advanced Email Attacks Sent From Compromised Accounts:
      https://www.businesswire.com/news/home/20190131005226/en/Agari-Research-Advanced-Email-Attacks-Compromised-Accounts

    10. Credential-stuffing attack prompts Dailymotion password reset:
      https://nakedsecurity.sophos.com/2019/01/29/credential-stuffing-attack-prompts-dailymotion-password-reset/
Prepared in cooperation with the CyberWire research team.
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff

FOLLOW US ON: Twitter | LinkedIn | YouTube
Copyright © 2014-2019 KnowBe4, Inc. All rights reserved.

 

Subscribe To Our Blog


Ransomware Hostage Rescue Manual

Recent Posts




Get the latest about social engineering

Subscribe to CyberheistNews