Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

UK Cybersecurity Report: "Ransomware Is Urgent Issue"

Today, the UK Government issued a comprehensive report called: "Cyber Security Breaches Survey 2017" and covered the skyrocketing ransomware infections. The report highlighted:

"The prevalence of ransomware in particular has heightened awareness and made cyber security a more urgent issue for a wider range of businesses...businesses in sectors that may not expect to be targeted are falling victim to costly ransomware attacks."

The three ‘B’s’ of cybersecurity for small businesses

I just found a great article by Scott ShackelfordAssociate Professor of Business Law and Ethics; Director, Ostrom Workshop Program on Cybersecurity and Internet Governance; Cybersecurity Program Chair, IU-Bloomington, Indiana University.

Scam Of The Week: It's Not A WhatsApp Voice Mail! 

You probably know that the Eastern European cyber mafia does their beta testing in the U.K., before they "export" their criminal campaigns to America. Here is a heads-up of a social engineering phish that was spotted in Ireland, and that your users may receive in their inbox in the near future. Warn them ahead of time!

Why Cerber Is The New King Of Ransomware

During 2016, ransomware exploded. It clearly became the biggest menace on the net, using phishing as it's No.1 infection vector. 

Hundreds of ransomware strains competed for market dominance last year, but one was clearly dominant; Locky, costing victims over 1 billion dollars. However, a recent report of our friends at Malwarebytes showed that Locky has fallen off the face of the earth in Q1 2017, making way for the Cerber strain to become the new king of ransomware.

Inside the Tech Support Scam Ecosystem

Dennis Fisher at OnThe Wire reported on some fascinating research by three PhD candidates at Stony Brook University.

He wrote: "Fake tech support schemes have been a scourge on the Internet for years, with scammers using scare tactics and intimidation to goad victims into paying for worthless "computer repair" services. To find out how these scams work, who's running them, and how to defeat them, a team of researchers recently spent eight months gathering data and analyzing the scammers' tactics and techniques.

First Quarter Top-Clicked Phishing Tests

KnowBe4 customers run millions of phishing tests per year, and we report frequently on the top-clicked phishing topics so that our customers know what the highest-risk phishing templates are. That way they can inoculate their employees against the most prevalent social engineering attacks. 

Fresh information from Osterman Research shows that over a 10-year timespan, since mid-2014, phishing has taken over from Web and still remains the No.1 network infection vector. The graph you see was updated this week. Protecting your network by stepping employees through new-school security awareness training is a must these days.

[ALERT] You Want To Fix This MS-Word 0-day Threat Today

Monday night, researchers at Proofpoint sounded the alarm about a critical 0-day threat known as CVE-2017-0199 in Microsoft Word that allowed booby-trapped Dridex phishing attacks be sent to millions of employees claiming to be a PDF sent to them by their company photocopier.

This one is particularly bad because it bypasses exploit mitigations built into Windows, doesn't require your employee to enable macros, works even against Windows 10 which is Redmond's most secure OS yet, and this exploit works on most or all Windows versions of Word. Ouch!

KnowBe4 March And April Feature Updates

Here is a quick update to show existing customers and people who have not subscribed yet which new features have been added to the KnowBe4 console these last few months, with more exciting capabilities to be added in the next few!

Subscribe To Our Blog

Phish Your Users

Get the latest about social engineering

Subscribe to CyberheistNews