CyberheistNews Vol 14 #42Â | Â October fifteenth, 2024
[Heads Up] Majority of U.S. Execs Now Rank Cyber Threats as #1 Threat
A whopping 75% U.S. executives ranked cyberattacks as their high enterprise threat, in a September examine from PricewaterhouseCoopers. That is forward of margin strain affecting earnings (70%), geopolitical tensions (68%) and AI authorized and reputational dangers (63%).
PwC’s newest Pulse Survey reveals that executives see financial, political and regulatory dangers irrespective of who wins the 2024 U.S. presidential election:
- Cyber Threats: Cyber threats are the highest enterprise threat for 75% of executives
- Recession Dangers: 61% of executives see recession dangers within the subsequent six months as a result of geopolitical tensions, labor market issues, and excessive prices
- Regulation Considerations: Most executives count on a divided authorities in 2025, elevated govt orders, and extra regulation and litigation
- Protectionism: 71% imagine commerce and tax insurance policies will harm U.S. competitiveness, with issues differing by potential presidential outcomes
- Authorities Impression: State governments and federal regulators have extra affect on enterprise than the presidential election, rating above Congress and the president
Relying on who you ask, between 70% and 90% of cyber threat has human error as the basis trigger. That is why Human Threat Administration (HRM) is so necessary.
And right here is the subsequent main advance in HRM. We’re thrilled to announce the second model of our threat rating structure. It’s so far superior now we have renamed — promoted actually — our preliminary “Virtual Risk Officer” to SmartRisk Agentâ„¢. It delivers a game-changing replace to your threat evaluation capabilities and gives you extra detailed and actionable insights.
SmartRisk Agent is an built-in, rule-based engine purpose-built for human threat administration. This highly effective enhancement offers you a extra complete and correct method to evaluating consumer threat on your org, empowering you with unprecedented visibility and actionable insights.
This agent works carefully along with all the opposite KnowBe4 AI Protection Brokers. 4 are launched as previews for the KnowBe4 neighborhood, 4 extra are being labored on as we converse, and plenty of extra to come back sooner or later platform, all built-in with one another and highly effective modules just like the Egress e mail safety suite.
Key Options:
- Enhanced Threat Scoring algorithm that considers a wider vary of threat from throughout KnowBe4’s merchandise: KnowBe4 Phishing and Coaching, PAB, SecurityCoach, PasswordIQ, and EEC Professional
- Suggestions tailor-made to the safety sort with the best threat space by focused coaching with ModStore content material
- Threat Pattern Monitoring that tracks modifications in threat scores over time
- Threat Rating Distribution Graph that reveals insights into central tendency, unfold and outliers
- Detailed Safety Varieties desk with breakdowns and tendencies for identified elements and factors
- Identification of the Riskiest customers and group partitioned into elements
Threat Rating v2 is obtainable on the Studies tab and below our Govt Studies subtab. For extra particulars, please check with our complete data base article SmartRisk Agent and Threat Rating v2 Information out there right here:
https://weblog.knowbe4.com/meet-smartrisk-agent-unlock-your-new-human-risk-management
Right here is the chief abstract of the PwC survey, it is wonderful infosec funds ammo:
https://www.pwc.com/us/PulseSurveyElection2024?mod=djemCybersecruityPro&tpl=cs
Rip Malicious Emails With KnowBe4’s PhishER Plus
Rip malicious emails out of your customers’ mailbox with KnowBe4’s PhishER Plus! It is time to supercharge your phishing defenses utilizing these two highly effective options:
1) Robotically block malicious emails that your filters miss
2) Rip malicious emails from inboxes earlier than your customers click on on them
With PhishER Plus, you’ll be able to:
- NEW! Detect and reply to threats quicker with real-time net fame intelligence with PhishER Plus Menace Intel, powered by Webroot!
- Use crowdsourced intelligence from greater than 13 million customers to dam identified threats earlier than you are even conscious of them
- Robotically isolate and “rip” malicious emails out of your customers’ inboxes which have bypassed mail filters
- Simplify your workflow by analyzing hyperlinks and attachments from a single console with the CrowdStrike Falcon Sandbox integration
- Automate message prioritization by guidelines you set and lower by your incident response inbox noise to answer essentially the most harmful threats shortly
Be a part of us for a stay 30-minute demo of PhishER Plus, the #1 Chief within the G2 Grid Report for SOAR Software program, to see it in motion.
Date/Time: TOMORROW, Wednesday, October 16, @ 2:00 PM (ET)
Save My Spot:
https://data.knowbe4.com/phisher-demo-1?partnerref=CHN2
Hurricane Deepfakes Flood Social Media
Because the current hurricane Helene prompted main injury and as hurricane Milton has left a path of destruction throughout Florida, deepfakes are spreading misinformation on social media.
Platforms similar to Instagram, Fb and X are flooded with manipulated photographs, complicated customers and distorting the truth.
In keeping with Forbes, some of the viral photographs — a younger woman stranded in floodwaters clutching a drenched pet — has garnered over 1,000,000 views on X alone.
Kevin Guo, CEO of the content material moderation platform Hive, confirmed the picture was AI-generated and is getting used to sow misinformation in regards to the federal authorities’s response to the hurricane.
Different false photographs embrace a person wading by water with a canine, legislation enforcement officers engaged in reduction efforts, and even a doctored picture of Donald Trump in a life jacket navigating muddy waters. Whereas these AI-generated photographs could seem innocent at first look, they pose a menace you all perceive. Quite a few scams are potential with this kind of social engineering.
The crooks are impersonating FEMA and different catastrophe reduction organizations so as to trick individuals into sending cash or handing over private data. Cybercriminals at all times try to use pure disasters with social engineering assaults, and related scams must be anticipated within the aftermath of Hurricane Milton.
One significantly merciless rip-off is instantly concentrating on victims of hurricanes who’re looking for monetary help. “One of the first major threats we observed is FEMA claim scamming, where cybercriminals pose as legitimate FEMA assistance providers to steal personal information and funds,” researchers at Veriti say.
“A VIP member on a hackers discussion board, below the alias ‘brokedegenerate,’ just lately posted a couple of new rip-off concentrating on Florida residents affected by the hurricane. On the discussion board, the scammer shares techniques for creating pretend FEMA help claims, with detailed directions on learn how to deceive victims and siphon off funds meant for catastrophe reduction.
“This kind of scam is particularly dangerous, as victims are already in a vulnerable position due to the natural disaster.” The researchers have additionally noticed a surge in hurricane-related phishing domains, similar to “hurricane-helene-relief[.]com.”
“By using hurricane-related terms and associating themselves with disaster relief, these domains aim to create a sense of urgency, making it more likely that victims will fall for the phishing schemes,” the researchers write.
“Attackers will likely send phishing emails directing recipients to these websites, claiming to offer relief services or grant applications. Once victims input their personal details, the attackers can use or sell the data for financial gain.”
Throughout occasions of disaster, it is essential to confirm the data you encounter on-line. Sharing false or deceptive photographs can divert consideration away from actual wants. As AI know-how continues to advance, so does its potential to mislead, and staying vigilant within the face of those techniques is extra necessary than ever. Keep alert and suppose twice earlier than sharing content material throughout any type of catastrophe.
Weblog publish with hyperlinks:
https://weblog.knowbe4.com/hurricane-deepfakes-flood-social-media
The Excellent ROI of KnowBe4’s PhishER Plus Platform
91% of cyber assaults begin with a spear-phishing assault, and phishing is liable for two-thirds of ransomware infections. In case your group is combating phishing threats with guide workflows, you are dramatically growing the chance that phishing presents to your group.
It’s essential arm your IT and InfoSec groups with the instruments to precisely and shortly mitigate phishing threats earlier than they strike. However making a compelling enterprise case on your CFO and management is the important first step.
This information is designed that will help you articulate the worth of PhishER Plus, KnowBe4’s Safety Orchestration, Automation and Response (SOAR) platform, to your CFO and management. It gives concrete examples of the return on funding that KnowBe4 clients have realized, empowering you to current a powerful enterprise case for the funding.
Obtain this return on funding information for insights into:
- The continuing drawback of overcoming the phishing tsunami for organizations of all sizes
- The danger and price of combating phishing threats with guide workflows
- The associated fee financial savings and threat discount realized by utilizing PhishER Plus
Obtain Now:
https://data.knowbe4.com/en-us/wp-outstanding-roi-phisher-plus-platform-chn
Attackers Abuse URL Rewriting to Evade Safety Filters
Attackers proceed to use URL rewriting to cover their phishing hyperlinks from e mail safety filters, in keeping with researchers at Irregular Safety.
URL rewriting is a safety method utilized by many e mail safety platforms to investigate hyperlinks in emails to confirm their security earlier than customers are allowed to click on on them. Nevertheless, this system may also be abused to masks the unique phishing hyperlink.
“In the first step of the attack, the threat actor compromises an email account belonging to a customer of an email security solution that leverages URL rewriting (not the target of the actual email attack presented hereafter),” the researchers write.
“The threat actor then sends an email to that same compromised account containing a novel URL, which will get rewritten rather than blocked. When the threat actor has that rewritten URL, a new email is sent from the compromised account to the threat actor’s next victims containing that rewritten URL.”
This new e mail impersonates a Microsoft safety alert informing the consumer {that a} malicious hyperlink was blocked. The e-mail comprises a hyperlink to view particulars in regards to the alert.
“Because this message originates from a legitimate account, passes email authentication, and contains a novel, rewritten URL from a legitimate security control, the victim’s secure email gateway (SEG) delivers the message and rewrites the already-rewritten URL,” Irregular says.
If the consumer clicks the hyperlink, they’re going to be despatched to a website that makes an attempt to trick them into putting in an OAuth app that offers the attacker entry to their Microsoft 365 account.
“The user is redirected to another site and must solve a CAPTCHA. After this, they are prompted to allow the installation of an OAuth application,” the researchers write. “This grants the attacker permission to access their M365 account. Instead of a traditional phishing attack, the user unknowingly installs an add-on that gives the attacker ongoing access to the account, even if the user changes their password. The only way to stop this access is by removing the add-on from the account.”
KnowBe4 empowers your workforce to make smarter safety selections day by day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human threat.
Weblog publish with hyperlinks:
https://weblog.knowbe4.com/attackers-abuse-url-rewriting
KnowBe4 is the #1 SAT Platform on G2 for over 5 years!
Have you ever ever needed to peek behind the scenes of Safety Consciousness Coaching (SAT) platforms and see which one really stands out? Effectively, you need not marvel anymore. The G2 Grid Report has carried out all of the heavy lifting for you, making it straightforward to make an knowledgeable choice.
The G2 Grid Report ranks in keeping with the individuals who use the merchandise day by day. We’re speaking real suggestions, satisfaction scores and the way massive of an affect they’re making out there.
In a league of our personal, KnowBe4 scored within the 90s, the one vendor to do that. 98% of customers gave us 4 or 5 stars and 93% would suggest us to others. Belief is not simply received; it is earned, and we take that to coronary heart.
You may get entry to:
- A line up of SAT distributors stacked and rated primarily based on buyer evaluations
- Profiles of every vendor highlighting strengths, industries and group measurement
- Consumer-driven scores for ease of use, help high quality and extra, that will help you choose one of the best platform
Able to get your fingers on this goldmine of data? Obtain your complimentary report and see why KnowBe4 has been ranked the #1 SAT vendor for the twenty first consecutive quarter and has extra clients than all SAT distributors mixed.
Obtain Now:
https://data.knowbe4.com/g2-grid-report-for-security-awareness-training-chn
Free Phishing Platform Has Created Greater than 140,000 Spoofed Web sites
A free phishing-as-a-service (PhaaS) platform named Sniper Dz has assisted within the creation of greater than 140,000 phishing websites over the previous yr, in keeping with researchers at Palo Alto Networks. The service permits unskilled criminals to spin up subtle phishing websites that steal credentials or ship malware.
“For prospective phishers, Sniper Dz offers an online admin panel with a catalog of phishing pages.” Phishers can both host these phishing pages on Sniper Dz-owned infrastructure or obtain Sniper Dz phishing templates to host on their very own servers.
Surprisingly, Sniper Dz PhaaS gives these companies freed from cost to phishers — maybe as a result of Sniper Dz additionally collects sufferer credentials stolen by phishers who use the platform to compensate for the price of service. The equipment’s builders have taken measures to cover the phishing websites from safety suppliers, so the websites keep up longer earlier than being flagged as malicious.
“Sniper Dz uses a unique approach of hiding phishing content behind a public proxy server to launch live phishing attacks,” the researchers write. “The criminals behind this platform auto-setup the proxy server to load phishing content that is hosted on their server. We believe this approach could be useful in protecting their infrastructure from detection.”
The menace actors additionally abuse official companies to host the websites, which will increase the probability that the phishing hyperlinks will bypass safety filters.
“Criminals using Sniper Dz often abuse legitimate software-as-a-service (SaaS) platforms to host phishing websites,” the researchers write. “When establishing their infrastructure, these phishers embrace well-liked model names, tendencies, and even delicate matters as key phrases to lure victims into opening and utilizing their phishing pages
“After stealing credentials from a victim, this infrastructure can redirect the victim to malicious advertisements including distribution of potentially unwanted applications or programs (PUA or PUP) like rogue browser installers.”
Weblog publish with hyperlinks:
https://weblog.knowbe4.com/free-phishing-platform-created-140000-spoofed-websites
Let’s keep protected on the market.
Heat regards,
Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.
PS: KnowBe4 Reinforces Market Management Streak in G2 Fall 2024 Report, Topping Each Safety Consciousness Coaching and SOAR Classes:
https://www.prnewswire.com/news-releases/knowbe4-reinforces-market-leadership-streak-in-g2-fall-2024-report-topping-both-security-awareness-training-and-soar-categories-302268345.html
PPS: [NEW] 10 Cybersecurity Execs to Observe on LinkedIn (I am one 😀 ):
https://www.spiceworks.com/tech/it-careers-skills/articles/10-cybersecurity-pros-to-follow-on-linkedin/
Quotes of the Week Â
“Never give up on what you really want to do. The person with big dreams is more powerful than one with all the facts.”
– H. Jackson Brown Jr., American creator (1940 – 2021)
“Nothing in this world can take the place of persistence. Talent will not: nothing is more common than unsuccessful men with talent. Genius will not; unrewarded genius is almost a proverb. Education will not: the world is full of educated derelicts. Persistence and determination alone are omnipotent.”
– Calvin Coolidge, American President (1872 – 1933)
You may learn CyberheistNews on-line at our Weblog
https://weblog.knowbe4.com/cyberheistnews-vol-14-42-heads-up-majority-of-us-execs-now-rank-cyber-threats-as-number-one-risk
Safety Information
Spear Phishing and Ransomware Surge within the Healthcare Sector
Spear phishing is the most typical preliminary entry vector for attackers concentrating on organizations within the healthcare and social help (HSA) sector, in keeping with researchers at ReliaQuest. Spear phishing was concerned in practically two-thirds of incidents on this sector over the previous yr.
“Attackers targeting the HSA sector primarily use spear phishing with links and attachments,” the researchers write. “Almost 30% of incidents throughout all sectors started with spear phishing, with the HSA sector disproportionately accounting for 13% of those assaults.
“HSA organizations are prime targets for spear phishing due to the fast-paced environment in hospitals and medical establishments.” The researchers be aware that social engineering assaults are efficient towards this sector as a result of an absence of safety coaching.
“The HSA sector is particularly vulnerable to phishing and social engineering attacks due to a lack of cybersecurity training, especially in publicly funded and understaffed organizations,” ReliaQuest says. “This vulnerability is exacerbated throughout peak intervals, such because the COVID-19 pandemic, when overworked groups could unintentionally neglect cybersecurity protocols.
“We expect an increase in AI-generated phishing emails and voice/video attacks. To counter these threats, HSA organizations should implement robust verification processes, establish clear cybersecurity policies, and deploy advanced email filtering solutions.”
The researchers additionally warn that the HSA sector noticed a 40% enhance in ransomware assaults over the previous yr. “Historically, many Ransomware-as-a-Service (RaaS) groups have prohibited attacks on medical institutions, enforced both by explicit regulations and collective disapproval from the wider cybercriminal community,” ReliaQuest explains.
“Nevertheless, this restriction seems to be weakening: ReliaQuest noticed 442 HSA organizations listed on ransomware data-leak web sites throughout the reporting interval. A 40% enhance from the 315 organizations named within the earlier 12 months. This surge is probably going defined by the emergence of recent RaaS teams that disregard previous conventions and are unwilling to withhold assaults towards a sector seen as extra prone to pay ransoms.
“The HSA sector is widely perceived as more likely to pay ransoms to quickly restore operations and ensure continuity of critical patient care.”
KnowBe4 empowers your workforce to make smarter safety selections day by day.
ReliaQuest has the story:
https://www.reliaquest.com/weblog/threats-health-care-social-assistance-landscape/
Trinity Ransomware Targets the Healthcare Sector
The Trinity ransomware gang is launching double-extortion assaults towards organizations within the healthcare sector, in keeping with an advisory from the U.S. Division of Well being and Human Companies (HHS). The ransomware good points preliminary entry by way of phishing emails or software program vulnerabilities.
“Trinity ransomware was first seen around May 2024,” the advisory says. “It’s a sort of malicious software program that infiltrates techniques by a number of assault vectors, together with phishing emails, malicious web sites, and exploitation of software program vulnerabilities.
“Upon set up, Trinity ransomware begins gathering system particulars such because the variety of processors, out there threads, and related drives to optimize its multi-threaded encryption operations. Subsequent, Trinity ransomware will try to escalate its privileges by impersonating the token of a official course of.
“This allows it to evade security protocols and protections. Additionally, Trinity ransomware performs network scanning and lateral movement, indicating its ability to spread and carry out attacks across multiple systems in a targeted network.”
Like many different organized ransomware teams, Trinity steals a replica of the sufferer’s information earlier than encrypting it, so as to enhance strain on the sufferer to pay the ransom.
“Trinity ransomware employs a double extortion strategy,” HHS explains. “This includes exfiltrating delicate information from victims earlier than encrypting it, after which threatening to publish the information if the ransom just isn’t paid. This can be a tactic more and more seen throughout newer ransomware strains concentrating on important industries, significantly healthcare.
“There has been a total of seven Trinity ransomware victims identified to date. Of these, two victims have been identified as healthcare providers, one based in the United Kingdom, and the other a United States-based gastroenterology services provider, where Trinity claims to have access to 330 GB of the organization’s data.”
New-school safety consciousness coaching can provide your group an important layer of protection towards ransomware assaults.
The HHS has the story:
https://www.hhs.gov/websites/default/information/trinity-ransomware-threat-actor-profile.pdf
What KnowBe4 Prospects Say
“Hi Stu, yes, we are happy with the KnowBe4 platform. It’s easy to use and a perfect way to keep our colleagues aware of all the possible cybersecurity threats.”
– W.J., Software program Developer
(Unsolicited) “Mr. Sjouwerman, I wish to personally thanks for sharing considered one of your brightest stars with our firm Erika B. She is among the many causes now we have continued to resume our subscription with KnowBe4. It’s of no shock to us that she is excelling inside your organization, and I’ve nice hopes that her progress will proceed to flourish over the approaching years.
Erika grew to become an indispensable and built-in Coaching Advisor for our firm. She devoted hours to make sure that we understood the Knowbe4 product and that we obtained essentially the most out of the coaching assets that KnowBe4 has to supply. She created a customized report for us to trace coaching progress, which I take advantage of to transient my CEO/CFO month-to-month, as they’ve each expressed their pleasure within the report’s element and format.
We’ll miss her as our Buyer Success Supervisor, however we imagine she’s going to proceed to convey worth to KnowBe4, as her love for what she does exemplifies her ardour for self-development and private development.”
– M.V., Supervisor Information Technology
The ten Attention-grabbing Information Objects This Week
Cyberheist ‘Fave’ Hyperlinks