blog-slider.jpg

KnowBe4

Security Awareness Training Blog


Keeping You Informed. Keeping You Aware.

Phishing Attack Uses Stuxnet Technology And Makes PCs Into Roombugs

Researchers have uncovered an advanced malware-based operation that siphoned more than 600 gigabytes from about 70 targets in a broad range of industries, including news media, and scientific research.

The operation uses malware to capture audio recordings of conversations, screen shots, documents, and passwords, according to a blog post published last week by security firm CyberX. Targets are initially infected using malicious Microsoft Word documents sent in phishing e-mails.

KnowBe4 Introduces New “Social Engineering Indicators” Training Method

Today, we are introducing a new training method that IT managers can use to better manage the continually increasing social engineering threats.

Social Engineering Indicators (SEI) turns every simulated phishing email into a tool you can use to dynamically train your employees how to spot red flags within any email. If your users overlook these red flags, it can lead to a security breach or ransomware infection.

Criminal India Call Center Uses Social Engineering To Scam 15,000 Americans

I got alerted by a Slashdot story about we have been covering here several times. 

An FBI agent based in India says the country has now become a major hub for call-center fraud, blaming "a demographic bulge of computer-savvy, young, English-speaking job seekers; a vast call-center culture; super-efficient technology; and what can only be described as ingenuity."

Expect Malicious Machine Learning In 2017, making social engineering more effective

Intel Security's McAfee Threat Predictions for 2017 (PDF) observes that advances in technology are essentially neutral and that developments like machine learning should be welcomed, but they will also become available to cybercriminals. Machine learning in particular is something that can be misused.

Intel Security's Eric Peterson cites CEO Fraud (The FBI calls it Business Email Compromise) – where individuals in companies are targeted through social engineering, and manipulated to fraudulently transfer money to criminal-controlled bank accounts.

Russian Breach US Grid? Nah, Someone Fell For Social Engineering And Enabled Macros

Breathlessly, the Washington Post reports that the Russian Grizzly Steppe malware was found within the system of a Vermont power utility. 

Nah, they just dodged a bullet. This time someone fell for a social engineering ruse, opened an email, next opened the attachment and then enabled macros on a laptop that was not connected to the grid. It's a bad security awareness fail, but no real damage done. Yet. Because that's similar to how Natanz was penetrated by Stuxnet.

Disk-Killer Malware Adds Ransomware Feature And Charges $200,000+ 

Talk about adding insult to injury with this new KillDisk version. Here is how social engineering can cost you dearly. 

The Sandworm cybercrime gang has upped its game. They were initially named after the Sandworm malware which targeted and sabotaged Industrial Control Systems  and Supervisory Control And Data Acquisition (SCADA) industrial devices in America during 2014,

The Sandworm gang later evolved into the TeleBots gang, which developed the TeleBots backdoor trojan, and the KillDisk disk-wiping malware.

Scam Of The Week: George Michael Dies At 53. Watch out for phishing attacks

Today, news broke that George Michael was found dead on Sunday at his home in Goring in Oxfordshire, England. He was 53.  A police statement said: “Thames Valley Police were called to a property in Goring-on-Thames shortly before 2 p.m. Christmas Day. Sadly, a 53-year-old man was confirmed deceased at the scene. At this stage the death is being treated as unexplained but not suspicious.”

Mr. Michael’s manager, Michael Lippman, told The Hollywood Reporter that Mr. Michael had died of heart failure “in bed, lying peacefully.”

This is a celebrity death similar to Prince that the bad guys are going to exploit in a variety of ways. You have to warn your users right away that a series of scams are underway using the George Michael death as social engineering trick. Earlier celebrity death scams show there will be a high click rate on scams that claim to show Michael's last words on video.

Scam Of The Week - Fake News: a Content-based Social Engineering Attack

Facebook, Google, and Twitter have recently been facing scrutiny for promoting fake news stories.  Depending on your sources and who you believe, fake news played and is still playing a role in the 2016 presidential election.

10 Ways To Avoid Holiday Scams

With the biggest cybercriminal hacking holidays of the year upon us, it's time for a reminder of red flags to pay attention to when shopping either online or in brick-and-mortar stores. 

This social engineering attack starts with a fake customer-service call

Michael Kan at CSO reported on a TrustWave blog post with some troublesome news:  "Hotel and restaurant chains, beware. A notorious cybercriminal gang is tricking businesses into installing malware by calling their customer services representatives and convincing them to open malicious email attachments.

The culprits in these hacks, which are designed to steal customers’ credit card numbers, appear to be the Carbanak gang, a group that was blamed last year for stealing as much as $1 billion from various banks."

Subscribe To Our Blog

Phish Your Users




Get the latest about social engineering

Subscribe to CyberheistNews