CyberheistNews Vol 14 #38 [CODE RED] A Should-See New Webinar: How To Block North Korean Infiltrators

I do not usually ask you to vary your plans, however please take an hour as we speak for a crucial on-demand “Lunch & Learn.”

We simply hosted a brand new webinar on our North Korean pretend IT employee expertise. The content material was rated with 4.9 out of 5, making it our highest-rated webinar thus far! It had sturdy attendance and distinctive engagement. We obtained 120+ questions.

Watch this unique, no-holds-barred dialog with the crew who lived via it. Perry Carpenter, our Chief Human Threat Administration Strategist, sits down with Brian Jack, Chief Info Safety Officer, and Ani Banerjee, Chief Human Sources Officer, to speak about how we noticed the purple flags and stopped it earlier than any harm was performed.

Throughout this on-demand webinar, you get the within scoop on:

• The methods and instruments utilized by these covert operatives to sneak via the cracks
• How we found one thing was fallacious, and the way we shortly stepped in to cease it
• How one can spot pretend IT employees in your hiring course of and office
• Sensible recommendation for fortifying your group implementing sturdy screening processes and safety protocols to safeguard in opposition to infiltration

Achieve unique insights and actionable methods to guard your org from these refined threats. Do not miss this chance to remain forward within the cybersecurity menace panorama.

Register and watch this on-demand webinar as quickly as you may. Please copy and paste this message and ship it to pals that must know. They’ll thanks!
https://data.knowbe4.com/code-red-webinar

Are you able to assist me along with your enter? I would love your ideas about AI in InfoSec.

It is a tremendous brief survey that asks about any AI instruments you utilize or would really like, how you’re feeling about AI effectiveness, the way it might change your headcount, and the way assured you’re in addressing AI-related safety dangers.

Crucial factor I am dying to listen to about is your largest issues about AI in cybersecurity in your individual phrases.

And if you want to be entered into the drawing to win considered one of 5 $500 Amazon present playing cards, you may go away your electronic mail deal with.

Please take this survey. Thanks a lot prematurely!
https://www.surveymonkey.com/r/KB4-AI-Suggestions

Evaluation of a brand new phishing assault demonstrates how attackers might take an extended path to succeed in their malicious targets whereas staying “under the radar” of safety merchandise.

It could be easy to create a phishing assault that sends its victims a brand-impersonated electronic mail with a hyperlink to a pretend webpage asking for credentials, private particulars or bank card info.

However lots of as we speak’s safety merchandise will detect the impersonation instantly. So, should you’re a cybercriminal creating a crafty phishing rip-off, you’ll want to discover methods to keep away from being detected – even when it means including a couple of pointless steps.

And that is precisely what we discover in safety vendor Notion Level’s newest evaluation of a phishing assault that makes use of Microsoft Workplace Kinds as an intermediate step of their phishing rip-off. Based on the evaluation, the phishing electronic mail impersonates a widely known model (resembling Microsoft 365 beneath) with step one being the press of a hyperlink inside the electronic mail that factors to an Workplace kind.

Weblog submit with instance screenshots and hyperlinks:
https://weblog.knowbe4.com/phishing-attack-takes-a-two-step-approach-to-leverage-legitimate-sites-and-evade-detection

We’re excited for our first Human Threat Summit since Egress joined the KnowBe4 crew. On the Summit, we’ll showcase why Egress and KnowBe4 are the right match.

Be a part of us as we welcome Stu Sjouwerman, CEO of KnowBe4, alongside Tony Pepper, CEO of Egress, and different main business consultants to debate managing human danger, adaptive cloud electronic mail safety and the way forward for cybersecurity.

Occasion: Human Threat Summit
Date: Thursday, October seventeenth, 2024
Time: 15:00 BST | 10:00 EST
Location: On-line (Digital Occasion)

Achieve unique insights into:

• The evolving panorama of cyber threats and cutting-edge defenses
• Revolutionary methods for customized human danger administration
• In-depth evaluation of superior persistent threats and mitigation ways
• Methods for driving behavioral change to strengthen safety protocols

And final, however actually not least, James Sheldrake, Head of Innovation at Egress, will current an unique product demo showcasing how Egress and KnowBe4’s bi-directional integration personalizes electronic mail safety and coaching.

Save My Spot:
https://occasions.egress.com/VLO50?RefId=kb4cyberheistnews

Researchers at Bitdefender warn that legislation companies are high-value targets for ransomware gangs and different prison menace actors. Attackers incessantly use phishing to realize preliminary entry to a company’s networks.

“Phishing is one of the most common attacks in the legal field,” the researchers write. “Cybercriminals pose as authentic entities, tricking staff into divulging delicate info or clicking malicious hyperlinks.

“Phishing attacks use social engineering to prey on trust and a sense of urgency. For example, an attacker can impersonate a senior partner and email an associate requesting sensitive client files or bank account information. If the associate is tricked, the cybercriminal gains access to confidential data.”

Phishing additionally usually precedes ransomware assaults, granting menace actors a foothold from which they’ll exfiltrate information and deploy their malware.

“Ransomware attacks have been on the rise, with legal firms frequently targeted,” the researchers write. “In these assaults, cybercriminals encrypt a agency’s information and demand a ransom in change for its launch, however a knowledge breach usually accompanies these assaults.

“Ransomware is also one of the few cyberattacks that can close down a company if it goes on long enough, if the data stolen by criminals ends up online, or even if the firm simply has no backup system. In some situations, hackers have used the stolen data from legal cases and tried to extort people involved, such as witnesses.”

Bitdefender says organizations ought to implement the next greatest practices to defend themselves in opposition to these assaults.

[CONTINUED] Weblog submit with hyperlinks:
https://weblog.knowbe4.com/legal-firms-increasingly-targeted-by-phishing-attacks

Are your user-reported emails overwhelming your IT crew? Uncover how HealthOne Alliance revolutionized the group’s response to cyber threats with PhishER. PhishER did the heavy lifting and routinely categorized emails as spam or clear, permitting HealthOne Alliance to deal with actual threats sooner.

PhishER’s suite of options, together with PhishRIP, PhishFlip and PhishER Blocklist present a complete method for managing your user-reported messages. By centralizing operations, HealthOne Alliance was in a position to effectively take away threats, convert actual phishing makes an attempt into coaching alternatives and create block entries — all inside one platform.

The outcomes:

• Faster response instances to potential threats, lowering danger throughout the group
• Elevated crew productiveness, permitting them to deal with different safety initiatives
• Quicker return of authentic emails to customers

Learn the Buyer Story to be taught extra:
https://www.knowbe4.com/hubfs/KnowBe4_PhishER_Customer_Story_Healthcare_EN-US.pdf

I get information from all kinds of sources, considered one of them is known as The Info which studies on excessive tech. They simply despatched me information that OnlyFans income jumped 20% to about $1.31 billion for the fiscal yr ending November 2023, in comparison with the earlier yr, in response to a U.Okay. submitting from the grownup content material web site’s guardian firm, Fenix Worldwide on Friday.

“While other creator economy startups have struggled since pandemic lockdowns eased, OnlyFans has continued to post strong financial results showing strong demand for the service. “OnlyFans had a robust yr in 2023. Now we have cemented our place as a number one digital leisure firm and a UK tech success story,” CEO Keily Blair stated in an announcement.

“The total number of creator accounts jumped by 29% to about 4.1 million, while fan accounts rose 28% to 305 million, the filing said. Gross payments for chats, photos and videos totaled $6.6 billion last year, up by $1 billion year-over-year.”

I had no concept that OnlyFans was this massive. Cash and intercourse are the 2 areas most susceptible to social engineering assaults. Think about a phishing assault that mixes the 2 and threatens to close down their Fan account. Yikes. Practice these customers!

Let’s keep protected on the market.

Heat Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: [BUDGET AMMO] I used to be interviewed on the WSJ Podcast: “Your New Hire May Be a North Korean Spy”:
https://www.wsj.com/podcasts/the-journal/your-new-hire-may-be-a-north-korean-spy/c39039df-e15c-4308-983d-6a0c54e523b4?mod=audiocenter_podcasts

PPS: Epic AI Fails And What We Can Study From Them:
https://www.securityweek.com/epic-ai-fails-and-what-we-can-learn-from-them/

You’ll be able to learn CyberheistNews on-line at our Weblog
https://weblog.knowbe4.com/cyberheistnews-vol-14-38-code-red-a-must-see-new-webinar-how-to-block-north-korean-infiltrators

Researchers at Palo Alto Networks’ Unit 42 warn that attackers are utilizing refresh entries in HTTP response headers to routinely redirect customers to phishing pages with out person interplay.

“Unit 42 researchers observed many large-scale phishing campaigns in 2024 that used a refresh entry in the HTTP response header,” the researchers write.

“From Could-July we detected round 2,000 malicious URLs each day related to campaigns of this kind. Not like different phishing webpage distribution conduct via HTML content material, these assaults use the response header despatched by a server, which happens earlier than the processing of the HTML content material.

“Malicious links direct the browser to automatically refresh or reload a webpage immediately, without requiring user interaction.”

Many of those phishing assaults are focusing on staff at firms within the enterprise and financial system sector, in addition to authorities entities and academic organizations.

“Attackers predominantly distribute the malicious URLs in the phishing campaigns via emails,” Unit 42 says. “These emails persistently embrace recipients’ electronic mail addresses and show spoofed webmail login pages based mostly on the recipients’ electronic mail area pre-filled with the customers’ info.

“They largely target people in the global financial sector, well-known internet portals, and government domains. Since the original and landing URLs are often found under legitimate or compromised domains, it is difficult to spot malicious indicators within a URL string.”

Unit 42 provides that attackers are additionally utilizing URL parameters to pre-fill login types with victims’ electronic mail addresses, growing the phishing assault’s look of legitimacy.

“Many attackers also employ deep linking to dynamically generate content that appears tailored to the individual target,” the researchers write. “Through the use of parameters within the URL, they pre-fill sections of a kind, enhancing the credibility of the phishing try.

“This personalized approach increases the likelihood that the attacker will deceive the victim. Attackers have exploited this mechanism because it enables them to load phishing content with minimum effort while concealing the malicious content.”

KnowBe4 empowers your workforce to make smarter safety choices daily. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and cut back human danger.

Weblog submit with hyperlinks:
https://weblog.knowbe4.com/attackers-use-technique-to-automatically-redirect-victims-to-phishing-pages

Researchers from Google have printed a report on state-sponsored cyber threats focusing on Mexico, discovering that almost all of those assaults comes from China, Russia and North Korea.

“As the 12th largest economy in the world, Mexico draws attention from cyber espionage actors from multiple nations, with targeting patterns mirroring broader priorities and focus areas that we see elsewhere,” the researchers write.

“Since 2020, cyber espionage groups from more than 10 countries have targeted users in Mexico; however, more than 77% of government-backed phishing activity is concentrated among groups from the People’s Republic of China (PRC), North Korea, and Russia.”

North Korea accounts for a good portion of state-sponsored social engineering assaults in opposition to Mexico. Pyongyang’s cyber actors are notable for mixing cyber espionage with financially motivated assaults to be able to fund their closely sanctioned regime.

“Since 2020, North Korean cyber actors have accounted for approximately 18% of government-backed phishing activity targeting Mexico,” the researchers write. “Much like their focusing on pursuits in different areas, cryptocurrency and monetary expertise companies have been a selected focus.

“One of many rising tendencies we’re witnessing globally from North Korea is the insider menace posed by North Korean nationals gaining employment surreptitiously at firms to conduct work in varied IT roles.

“We note the potential for this threat to present a future risk to Mexican enterprises given historical activity by North Korean threat actors in Mexico and the challenges associated with the expansive problem of North Korean actors attempting to gain employment in other countries.”

Google can also be monitoring seven cyberespionage teams tied to China, accounting for a few third of state-sponsored menace exercise focusing on Mexico.

“This volume of PRC cyber espionage is similar to activity in other regions where Chinese government investment has been focused, such as countries within China’s Belt and Road Initiative,” the researchers write. “In addition to activity targeting Gmail users, PRC-backed groups have targeted Mexican government agencies, higher education institutions, and news organizations.”

Google has the story:
https://cloud.google.com/weblog/subjects/threat-intelligence/cyber-threats-targeting-mexico

“I wish to thank Marc very a lot for serving to me clear up technical issues within the implementation right here. Marc’s information and dedication are invaluable and due to him we can full the implementation. I’ve over 20 years of expertise within the business, and I need to say with confidence that Marc is without doubt one of the greatest engineers I’ve ever labored with.

I’m conscious that now we have benefited out of your nice kindness in utilizing Marc’s assist, however because of this the shopper is glad and I really feel taken care of regardless of quite a few issues.

This shopper may be very creating, and I believe that within the close to future he might want to increase his merchandise. Please keep in mind that each new order that seems sooner or later is because of Marc’s assist! @Marc – As soon as once more, thanks very a lot in your assist. You’re the greatest!”

– Okay.Okay., CEO

“Hello Stu, I simply wished to supply some suggestions on our account supervisor, Chee P. He has gone above and past all my expectations. He has an unbelievable expertise for the product, security measures and enhancements and shows enthusiasm that many account managers do not possess.

I discovered he’s simply approachable, accommodating on informing us with extra data that we initially require, and personable. The place we lack in our response instances (significantly when it got here to resume), Chee stored us knowledgeable. Our apologies for any delays that this will likely have precipitated.

Total, from my aspect, the product and Chee, have confirmed extraordinarily helpful. You can not have a extra trusted and devoted crew member! Sustain the good work. And a large thanks to Chee. Put merely, he’s wonderful!”

– W.C., EU Supervisor / Managed Companies Advisor