Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.
Stay on top of the latest in security including social engineering, ransomware and phishing attacks.

Cryptocurrencies and Email Extortion Trends

Researchers at GreatHorn have found that 98.7% of extortion emails ask for payment in Bitcoin. Most of these emails aren’t targeted, but enough people will likely fall for them that the ...
Continue Reading

Phishing Campaign Uses Novel Technique to Deliver Malware

Researchers at McAfee warn that a phishing campaign is delivering malware via Word documents that don’t contain any malicious code. When a user opens the document and enables content, the ...
Continue Reading

New York Department of Financial Services Issues New Guidance to Financial Services Orgs to Counter Ransomware

NYDFS offers up sound best practices in addition to their recently released Cyber Insurance Risk Framework based on recent attack investigations, finding repeated use of “the same handful ...
Continue Reading

Year-Long Phishing Campaign Targets Energy, Oil & Gas Companies Using Spoofed B2B Correspondence

Uncovered by the research team at cloud protection vendor Intezer, this new phishing campaign seeks to steal information and position each victim as the foothold to spear phish additional ...
Continue Reading

Spear Phishing Campaign Targets Energy Companies

Researchers at Intezer have spotted a phishing campaign that’s targeting energy companies in South Korea, the United States, the United Arab Emirates, and Germany. Most of the targets are ...
Continue Reading

Ransomware Attacks Put Singapore Organizations at Risk of Violation of the Personal Data Protection Act

A new court decision sets precedence for all Singapore organizations where ransomware attacks – even without data exfiltration – may be subject to financial noncompliance penalties.
Continue Reading

Counterterrorism Strategies Could Be the Key to Stopping Ransomware

With ransomware players, sophistication, effectiveness, and cost all on the rise, it may be time for us to take a page from counterterrorism to make it more difficult for cybercriminal ...
Continue Reading

Phishbait Follows Current Events

Crisis draws opportunistic criminals, and the Kaseya ransomware incident is no different. Kaseya’s updates on the incident have included repeated warnings not to be taken in by emails or ...
Continue Reading

The Pandemic’s Paradigm Shift with Cybersecurity

Just over a year ago, a much-prized perk – the ability to work from home – became an everyday reality for many. ITWeb, in partnership with KnowBe4, conducted a survey to gain insight into ...
Continue Reading

How to Defeat REvil Ransomware

The REvil ransomware gang is in the news again! This time for a supply chain attack and the largest public extortion demand ever – $70 million dollars.
Continue Reading

KnowBe4 Fresh Content Updates from June

Here are important fresh content updates to share with you that happened in the month of June.
Continue Reading

[On-Demand Webinar] Implement DMARC the Right Way to Keep Phishing Attacks Out of Your Inbox

DMARC, SPF, and DKIM are global anti-domain-spoofing standards, which can significantly cut down on phishing attacks. Implemented correctly they allow you to monitor email traffic, ...
Continue Reading

Ransomware Attacks from Within Russia So Impactful, U.S. Government Says They Will Take Action If Russia Won’t

In light of recent ransomware attacks, the White House Press Secretary Jen Psaki stated this week that the Russian government needs to address ransomware groups stemming from Russia.
Continue Reading

How REvil Works: A Look Inside the World’s Most Famous Ransomware-as-a-Service

With well-known companies impacted by REvil in every sector, including tech, it’s time to get a better understanding of who they are and what makes their ransomware so successful.
Continue Reading

Social Engineering and Organizational Culture

Consistent awareness training is necessary to fend off phishing attacks, according to Keatron Evans, a principal security researcher, instructor, and author with Infosec. In an interview ...
Continue Reading

Lazarus Group Continues Targeting Defense Contractors

North Korea’s Lazarus Group has been launching phishing campaigns against more defense contractors and engineering companies, according to researchers at AT&T Alien Labs. The ...
Continue Reading

87% Increase in Social Engineering Scams During the First Quarter of 2021 Compared to Q1 2020

There was an 87% increase in social engineering scams during the first quarter of 2021 compared to Q1 2020, according to Ayelet Biger-Levin from BioCatch. In an article for The Paypers, ...
Continue Reading

Your The Majority of Business Email Compromise Phishing Attacks Initially Go for Credentials, Not Money

With BEC attacks historically trying to get to the “committing fraud” part as quickly as possible, new data shows threat actors are taking their time, looking for a larger payoff.
Continue Reading

It Was Only a Matter of Time: The Ransomware Ecosystem Has Given Birth to VC Investors

Security firm LIFARS confirms that cybercriminals are acting like venture capital investors, funding startup cybercriminal organizations, such as Darkside Ransomware.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews