CyberheistNews Vol 14 #33 Your Customers Nonetheless Fall For Phishing Assaults Due to URL Shorteners


CyberheistNews Vol 14 #33  |   August thirteenth, 2024


Your Customers Nonetheless Fall For Phishing Assaults Due to URL ShortenersStu Sjouwerman SACP

Evaluation of present phishing assaults by safety researchers has uncovered a rise in the usage of trusted shortlink providers.

To achieve success, phishing scammers want to ascertain legitimacy as a lot and as early as attainable.

Model impersonation inside an e mail has lengthy been one methodology, however to ascertain legitimacy to safety options, scammers have needed to do extra than simply have a look-alike area.

In accordance with safety researchers at Barracuda, a wave of phishing assaults is leveraging legit URL shortening providers so as to add a layer of obfuscation to their malicious hyperlinks in emails.

Whereas some safety options really comply with hyperlinks to, and analyze, their last vacation spot, many options merely take a look at the hyperlink itself. Through the use of a shortlink, like these created by bit.ly that look just like “bit[dot]ly[slash]FakeURL,” options that take the hyperlink at face worth will see it as legit.

Barracuda theorizes that menace actors are compromising credentials at these shortlink providers to realize entry and make the most of them as a part of phishing assaults.

There are actually solely two methods to counteract this:

  • Make use of safety software program options that traverse hyperlinks and scan last internet locations for malicious content material
  • Train customers by continuous new-school safety consciousness coaching to be vigilant each time they work together with an e mail, attachment, or an online hyperlink, not trusting the content material or context in entrance of them and selecting to scrutinize earlier than continuing.

And since cybercriminals will proceed to evolve their strategies, each of those needs to be put and stored in place.

Weblog submit with hyperlinks:
https://weblog.knowbe4.com/phishing-attacks-continue-to-leverage-url-shorteners-to-obfuscate-malicious-links

[WEBINAR] 2024 Phishing Insights: What 11.9 Million Person Behaviors Reveal About Your Threat

Your secret weapon to fight cyber threats could be slightly below your nostril! As cyber criminals proceed to take advantage of tried and examined assault strategies, whereas concurrently upping their recreation with extra superior methods, your human protection layer could be your ace within the gap.

However how resilient are your customers on the subject of warding off these threats? We checked out 11.9 million customers throughout 55,675 organizations that can assist you discover out.

On this webinar Perry Carpenter, KnowBe4’s Chief Evangelist and Technique Officer, and Joanna Huisman, KnowBe4’s Senior Vice President of Strategic Insights and Analysis, evaluate our 2024 Phishing By Trade Benchmarking Examine findings and finest practices.

You’ll be taught extra about:

  • New phishing benchmark information for 19 industries
  • Understanding who’s in danger and what you are able to do about it
  • Methods to radically decrease phish-prone share inside 90 days
  • Actionable tricks to create your “human firewall”
  • The worth of new-school safety consciousness coaching

Are you aware how your group compares to your friends? Watch this webinar to seek out out!

Date/Time: TOMORROW, Wednesday, August 14 @ 2:00 PM (ET)

Cannot attend reside? No worries — register now and you’ll obtain a hyperlink to view the presentation on-demand afterwards.

Save My Spot:
https://information.knowbe4.com/2024-phishing-insights?partnerref=CHN2

62% of Phishing Emails Bypassed DMARC Checks in 1H of 2024

A report from Darktrace has discovered that 62% of phishing emails within the first half of 2024 had been in a position to bypass the DMARC verification checks to be able to attain customers’ inboxes.

“Building on the insights from the 2023 End of Year Threat Report, an analysis of malicious emails detected by Darktrace / EMAIL in 2024 underscores the implication that email threats are increasingly capable of circumventing conventional email security tools,” the report says.

“Notably, 62% of the 17.8 million phishing emails identified by Darktrace successfully bypassed Domain-based Message Authentication, Reporting, and Conformance (DMARC) verification checks.”

Moreover, almost 40% of phishing makes an attempt within the first half of 2024 had been focused, indicating that menace actors are investing extra effort into tailoring their assaults. The researchers additionally noticed a rise in assaults that impersonated manufacturers or VIPs.

“Extra apparently nonetheless, in Could and June alone, Darktrace recognized 540,000 model impersonation makes an attempt (malicious e mail actors making an attempt to masquerade as trusted and respected organizations to deceive recipients) and an additional 240,000 emails making an attempt to impersonate a VIP at a company.

“This trend towards impersonation and deception under the guise of a trusted company, or even a company executive, suggests threat actors are curating more bespoke and targeted email campaigns intended to target select organizations, or even individuals, more efficiently than traditional mass phishing attacks.”

Notably, Darktrace noticed a 59% improve in multistage phishing assaults, which “elicit recipients to follow a series of steps, such as clicking a link or scanning a QR code, before delivering a payload or attempting to harvest credentials.” Since these assaults are extra complicated, they’ll extra simply evade detection by safety instruments.

New-school safety consciousness coaching may give your group a necessary layer of protection by educating your staff to acknowledge social engineering assaults. KnowBe4 empowers your workforce to make smarter safety choices day by day. Over 65,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and cut back human danger.

Weblog submit with hyperlinks:
https://weblog.knowbe4.com/62-of-phishing-emails-bypassed-dmarc-checks-in-h1-2024

Rip Malicious Emails With KnowBe4’s PhishER Plus

Rip malicious emails out of your customers’ mailbox with KnowBe4’s PhishER Plus! It is time to supercharge your phishing defenses utilizing these two highly effective options:

1) Robotically block malicious emails that your filters miss
2) Rip malicious emails from inboxes earlier than your customers click on on them

With PhishER Plus you possibly can:

  • NEW! Detect and reply to threats quicker with real-time internet status intelligence with PhishER Plus Menace Intel, powered by Webroot!
  • Use crowdsourced intelligence from greater than 13 million customers to dam identified threats earlier than you are even conscious of them
  • Robotically isolate and “rip” malicious emails out of your customers’ inboxes which have bypassed mail filters
  • Simplify your workflow by analyzing hyperlinks and attachments from a single console with the CrowdStrike Falcon Sandbox integration
  • Automate message prioritization by guidelines you set and minimize by your incident response inbox noise to answer essentially the most harmful threats shortly

Be a part of us for a reside 30-minute demo of PhishER Plus, the #1 Chief within the G2 Grid Report for SOAR Software program, to see it in motion.

Date/Time: Wednesday, August 21, @ 2:00 PM (ET)

Save My Spot:
https://information.knowbe4.com/phisher-demo-2?partnerref=CHN

Prisoner Swap Contains Russian Hackers and KGB Murderer

Included among the many U.S. prisoners being despatched again to Russia within the swap are two outstanding convicted hackers, each of whom had been serving prolonged sentences, and a KGB murderer.

As a result of international hackers typically function from nations like Russia that lack extradition treaties with the U.S., they not often face American courts, making their convictions vital wins for the Justice Division.

Vladislav Klyushin, a Russian nationwide sentenced final yr to just about a decade in jail by a federal jury in Boston for hacking into company earnings databases to steal and commerce on nonpublic info. U.S. officers famous Klyushin’s “extensive ties” to the Russian president’s workplace.

Roman Seleznev, the son of a Russian parliament member, was described by prosecutors as “one of the most prolific credit-card thieves in history.” In 2016, he was convicted by a federal jury in Seattle for hacking into a whole bunch of companies and promoting stolen information on-line, resulting in greater than $169 million in fraud losses.

Vadim Krasikov, (image) the Russian on the heart of Thursday’s high-profile prisoner swap, has been a prime precedence for the Kremlin in alternate negotiations for a while. Earlier this yr, President Vladimir Putin hinted at a want for such a commerce to safe the discharge of a “patriot” detained in Germany. Krasikov was serving a jail sentence for homicide.

Weblog submit with hyperlinks and movie:
https://weblog.knowbe4.com/prisoner-swap-includes-russian-hackers-and-kgb-assassin

[Whitepaper]: Overcoming The Phishing Tsunami: A Sport-Altering Technique For Stopping Phishing

Phishing assaults typically really feel like an unrelenting tsunami, flooding your org with a unending deluge of threats.

Conventional strategies for analyzing and mitigating phishing assaults are handbook, repetitive and error-prone. These workflows gradual the velocity at which you’ll mitigate a spear-phishing assault and improve the chance that phishing presents to your group.

There’s a higher approach. One which shifts the burden off your IT crew to a singular, AI-powered system constructed from the bottom as much as automate the identification and prioritization of phishing threats and makes use of crowdsourced menace intelligence to enhance accuracy and velocity time to mitigation.

Learn this whitepaper to be taught:

  • The 5 main challenges you may face when manually reporting, analyzing and mitigating phishing assaults
  • How the correct SOAR product can present finely-tuned, automated identification and mitigation of phishing emails
  • Why the correct SOAR product is essential to your group’s incident response plan and supercharging your present e mail safety filters

Obtain Now:
https://information.knowbe4.com/wp-overcoming-the-phishing-tsunami-chn

[WHOA] – This ‘Unpatch Assault’ Is a New One to Me!

In a startling revelation at Black Hat 2024, SafeBreach safety researcher Alon Leviev demonstrated a crucial vulnerability in Home windows techniques, dubbed the “Windows Downdate” assault.

This exploit permits menace actors to forcibly downgrade totally up to date Home windows 10, 11, and Home windows Server techniques to older variations, reintroducing vulns that had been beforehand patched.

By exploiting zero-day vulnerabilities (CVE-2024-38202 and CVE-2024-21302), attackers can bypass security measures like Credential Guard and Virtualization-Based mostly Safety, making a supposedly safe system inclined to hundreds of previous exploits.

Regardless of being reported to Microsoft six months in the past, no patch has been launched, leaving customers susceptible. Microsoft has mitigation methods till a repair is deployed.

Weblog submit with hyperlinks:
https://weblog.knowbe4.com/whoa-this-unpatch-attack-is-a-new-one-to-me

Quotes of the Week  

“In a time of deceit telling the truth is a revolutionary act.”
– George Orwell – Author (1903 – 1950)


“Unless you are entertaining the reader, you are only getting a piece of paper dirty on one side.”
– Robert Heinlein, Sci-fi Writer (1907 – 1988)


Thanks for studying CyberheistNews

You possibly can learn CyberheistNews on-line at our Weblog
https://weblog.knowbe4.com/cyberheistnews-vol-14-33-your-users-still-fall-for-phishing-attacks-because-of-url-shorteners

Safety Information

AI Instruments Have Elevated the Sophistication of Social Engineering Assaults

The Cyber Security Company of Singapore (CSA) has warned that menace actors are more and more utilizing AI to reinforce phishing and different social engineering assaults, Channel Information Asia studies. The CSA’s report discovered that cybercriminals are promoting instruments that automate these assaults, permitting unskilled menace actors to launch refined assaults.

“The malicious potential of AI has been compounded by an explosion of AI-powered tools available in underground forums,” the CSA says. “Cybercriminals are peddling pretend social media accounts and content material generated by AI, in addition to AI providers to completely automate the upkeep of those accounts.

“Developers have also sold impersonation services that employ deepfake voices, and AI-generated spam that can bypass anti-spam and anti-phishing controls of popular webmail services.”

The CSA cites a report from iProov that noticed a 704% improve in the usage of deepfakes for social engineering over the course of 2023. “Attempts to weaponise deepfake technology for scams or fraud will continue to grow, given the widespread accessibility of tools to create highly convincing deepfakes at a relatively low cost,” the CSA says.

Whereas these assaults have grown extra refined, the identical safety finest practices can be utilized to defend in opposition to them. Person consciousness coaching can present a necessary layer of protection by educating staff to acknowledge the hallmarks of social engineering.

“Conventional cyber hygiene measures remain largely relevant at mitigating the AI-enabled threats at present, and individuals and companies should continue to adopt these measures,” the CSA says.

“For example, users should continue implementing tight access controls to their accounts [e.g. using strong passwords and multifactor authentication (MFA)], regularly updating software and patching vulnerabilities, and educating employees on how to recognise and handle cybersecurity threats.”

KnowBe4 empowers your workforce to make smarter safety choices day by day. Over 65,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and cut back human danger.

Channel Information Asia has the story:
https://www.channelnewsasia.com/singapore/ai-phishing-attempts-cyber-attacks-technology-scams-deepfakes-ransomware-4506631

Malvertising Marketing campaign Impersonates Google Authenticator

Researchers at Malwarebytes noticed a malvertising marketing campaign that abused Google Advertisements to focus on folks looking for Google Authenticator. If somebody typed “Google Authenticator” into Google, the malicious advert can be on the prime of the search outcomes.

The advert copied the web site description from the true Google Authenticator however would redirect customers to a phishing website. “We can follow what happens when you click on the ad by monitoring web traffic,” the researchers clarify. “We see a number of redirects via intermediary domains controlled by the attacker, before landing on a fake site for Authenticator.”

If a person clicks the obtain button, the positioning will set up the DeerStealer malware. The researchers notice that the malicious file is hosted on GitHub, making it extra prone to bypass safety instruments.

“Hosting the file on GitHub allows the threat actor to use a trusted cloud resource, unlikely to be blocked via conventional means,” the researchers write. “While GitHub is the de facto software repository, not all applications or scripts hosted on it are legitimate.”

Malwarebytes concludes that customers ought to pay attention to this tactic to allow them to keep away from falling for these assaults. “Threat actors have been abusing Google ads as a way to trick users into visiting phishing and malware sites,” Malwarebytes says.

“For the reason that complete premise of those assaults depends on social engineering, it’s completely crucial to correctly distinguish actual advertisers from pretend ones. As we noticed on this case, some unknown particular person was in a position to impersonate Google and efficiently push malware disguised as a branded Google product as properly.

“We should always notice that Google Authenticator is a widely known and trusted multi issue authentication instrument, so there’s some irony in potential victims getting compromised whereas attempting to enhance their safety posture.

“We recommend avoiding clicking on ads to download any kind of software and instead visiting the official repositories directly.”

Malwarebytes has the story:
https://www.malwarebytes.com/weblog/information/2024/07/threat-actor-impersonates-google-via-fake-ad-for-authenticator

What KnowBe4 Clients Say

“Hello Rachel, Thank you for your time and guidance in walking me through the console. I really appreciate how clearly you explain things and suggest things that really help me with setting up campaigns for our users. Your insights are very helpful and you’re also a pleasant person to talk to! Keep up the good work and look forward to our next discussions!”

– Y.B., System Admin


“Stu, Thanks for the customized attain out. I did at first suppose it was an automatic e mail! Thanks for that levity!

I have been a champion now of KB4 since 2019 after I first rolled it out to the hospital the place I labored. On the time there have been round 4000 customers. The success of this system was such that after we introduced in DHS to do some pen testing in opposition to us, one of many highlights of their testing was only a 2% Phish-prone share.

Once we all “merged” into a bigger well being system, we had been operating completely different options. Only a few options rolled as much as the mother or father group. Nevertheless, I would wish to suppose (and I could possibly be biased right here a bit…) we simply bested the in place competitors however as soon as we shoved our horse into the race, it seemed like a Secretariat film!

Calling out gross sales rep Michael H., a superb instance of nice folks abilities at work. Our present CSM Kim A. has been excellent to work with. Very, very, pleased to have her on our account.

In closing, I need to thanks and your crew for offering us with the instruments and the supporting forged we have to make our program successful story. Have an incredible day!”

– S.G., Affiliate Director Cybersecurity Governance [edited for brevity]

The ten Fascinating Information Objects This Week

Cyberheist ‘Fave’ Hyperlinks

This Week’s Hyperlinks We Like, Suggestions, Hints and Enjoyable Stuff

Recent articles

What Is a Payroll Schedule and How one can Select One

Key takeawaysThere are a number of elements to think...

Grasp Certificates Administration: Be part of This Webinar on Crypto Agility and Finest Practices

î ‚Nov 15, 2024î „The Hacker InformationWebinar / Cyber Security Within the...

9 Worthwhile Product Launch Templates for Busy Leaders

Launching a product doesn’t should really feel like blindly...