CyberheistNews Vol 14 #46 [Eye Opener] Attackers Do not Hack, They Log In. Can You Cease Them?

[Eye Opener] Attackers Do not Hack, They Log In. Can You Cease Them?

The newest development in cybercrime is that attackers do not actually deal with “hacking” in; they’re logging in.

We see this now within the wild, pushed by organized legal teams like Scattered Spider and BlackCat, who’ve re-emerged with a renewed deal with gaining entry by official means, typically exploiting assist desks and social engineering techniques.

Their methods typically depend on social engineering assist desk employees into resetting credentials or bypassing multi-factor authentication (MFA), reaching entry with out breaking in. These attackers goal for the simplest path to your community, leveraging stolen credentials from info-stealers or posing as official customers to achieve entry.

A current case reported by ReliaQuest underscores this tactic. Scattered Spider used social engineering to trick a assist desk, resulting in a six-hour assault that resulted in system encryption. The attackers even used Microsoft Groups to demand a ransom — exhibiting a brand new degree of boldness and ingenuity in fashionable cyber assaults.

As menace analyst Hayden Evans explains, “Attackers don’t hack in; they log in.” His recommendation is evident: organizations should implement stringent assist desk insurance policies and guarantee MFA configurations can face up to social engineering methods.

To guard your community, work arduous on enhancing worker coaching, monitoring for suspicious exercise and reinforcing assist desk protocols. These measures construct resilience towards right now’s superior menace actors who bypass conventional safety measures by merely logging in.

Weblog submit with hyperlinks:
https://weblog.knowbe4.com/eye-opener-attackers-dont-hack-they-log-in.-can-you-stop-them

Recon 2.0: AI-Pushed OSINT within the Palms of Cybercriminals

Cybercriminals are utilizing synthetic intelligence (AI) and generative AI in open supply intelligence (OSINT) actions to focus on your group with supercharged reconnaissance efforts.

With AI-driven methods, they will collect, analyze and exploit publicly out there knowledge to create extremely focused and convincing social engineering schemes, phishing campaigns and different types of cyber assaults.

Be part of James McQuiggan, Safety Consciousness Advocate at KnowBe4, as he explores how attackers use AI and OSINT to shortly establish and prioritize targets. Discover ways to develop strong cybersecurity methods to counter AI-enhanced threats.

Utilizing unique demos and real-world examples, you will:

• Acquire insights into how AI and generative AI amplify OSINT-driven reconnaissance
• Perceive how attackers use AI to reinforce knowledge aggregation, profile era and goal prioritization to focus on your group
• Uncover the implications of AI-driven OSINT and methods for menace detection and mitigation
• Be taught why a powerful safety tradition remains to be your greatest line of protection

Register now to learn to detect and mitigate AI-enhanced OSINT threats.

Date/Time: TOMORROW, Wednesday, November 13, @ 2:00 PM (ET)

Cannot attend dwell? No worries — register now and you’ll obtain a hyperlink to view the presentation on-demand afterwards.

Save My Spot:
https://data.knowbe4.com/ai-driven-osint?partnerref=CHN2

BlackBasta Ransomware Gang Makes use of New Social Engineering Ways To Goal Company Networks

ReliaQuest has warned that the BlackBasta ransomware gang is utilizing new social engineering techniques to acquire preliminary entry inside company networks.

The menace actor begins by sending mass e mail spam campaigns concentrating on staff, then including individuals who fall for the emails to Microsoft Groups chats with exterior customers.

These exterior customers pose as IT assist or assist desk employees and ship staff Microsoft Groups messages containing malicious QR codes. In some instances, the attackers used voice phishing (vishing) telephone calls to persuade customers to put in distant administration software program.

“The underlying motivation is likely to lay the groundwork for follow-up social engineering techniques, convince users to download remote monitoring and management (RMM) tools, and gain initial access to the targeted environment,” the researchers write. “Ultimately, the attackers’ end goal in these incidents is almost certainly the deployment of ransomware.”

ReliaQuest emphasizes the huge scale of the marketing campaign, with one person receiving a thousand malicious emails in beneath an hour.

“This rapidly escalating campaign poses a significant threat to organizations,” the researchers write. “The threat group is targeting many of our customers across diverse sectors and geographies with alarming intensity. The sheer volume of activity is also unique; in one incident alone, we observed approximately 1,000 emails bombarding a single user within just 50 minutes. Due to commonalities in domain creation and Cobalt Strike configurations, we attribute this activity to Black Basta with high confidence.”

Just one worker must fall for a phishing assault for an attacker to achieve entry to your community. New-school safety consciousness coaching may give your group an important layer of protection towards social engineering techniques.

KnowBe4 empowers your workforce to make smarter safety selections on daily basis. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human danger.

Weblog submit with hyperlinks:
https://weblog.knowbe4.com/blackbasta-ransomware-gang-uses-new-social-engineering-tactics

Rip, Flip, and Revolutionize Your Phishing Defenses with PhishER Plus

Human error contributes to 68% of information breaches, in accordance with Verizon’s 2024 Information Breach Investigations Report.

It is time to flip that statistic on its head and rework your customers from vulnerabilities to cybersecurity belongings.

Meet KnowBe4’s PhishER Plus: The one SOAR e mail safety providing that mixes AI-driven safety with crowdsourced intelligence for unmatched e mail safety and incident administration.

On this demo, PhishER Plus might help you:

• Slash incident response occasions by 90%+ by automating message prioritization
• Customise workflows and machine studying to your protocols
• Use crowdsourced intelligence from greater than 13 million customers to dam recognized threats
• Conducts real-world phishing simulations that maintain safety top-of-mind for customers

Be part of us for a dwell 30-minute demo of PhishER Plus, the #1 Chief within the G2 Grid Report for SOAR Software program, to see it in motion.

Date/Time: Wednesday, November 20, @ 2:00 PM (ET)

Save My Spot:
https://data.knowbe4.com/phisher-demo-2?partnerref=CHN

Attackers Abuse DocuSign to Ship Phony Invoices

Risk actors are abusing DocuSign’s API to ship phony invoices that seem “strikingly authentic,” in accordance with researchers at Wallarm.

“Unlike traditional phishing scams that rely on deceptively crafted emails and malicious links, these incidents use genuine DocuSign accounts and templates to impersonate reputable companies, catching users and security tools off guard,” Wallarm says.

The menace actors arrange DocuSign accounts that permit them to create invoices for faux purchases. They will then ship an e mail notification from the DocuSign platform.

“An attacker creates a legitimate, paid DocuSign account that allows them to change templates and use the API directly,” the researchers clarify. “The attacker employs a specifically crafted template mimicking requests to e-sign paperwork from well-known manufacturers, principally software program firms; for instance, Norton Antivirus.

“These fake invoices may contain accurate pricing for the products to make them appear authentic, along with additional charges, like a $50 activation fee. Other scenarios include direct wire instructions or purchase orders.”

Notably, the menace actors have automated these phishing assaults utilizing DocuSign’s API, permitting them to mass-distribute the phony invoices.

“The longevity and breadth of the incidents reported in DocuSign’s community forums clearly demonstrate that these are not one-off, manual attacks,” the researchers clarify. “In order to carry out these attacks, the perpetrators must automate the process. DocuSign offers APIs for legitimate automation, which can be abused for these malicious activities.”

Because the messages come from a official service, they are much extra more likely to bypass safety filters and idiot human customers. Whereas this marketing campaign abused DocuSign, the researchers observe that attackers can use different e-signature and doc providers to launch these assaults as nicely.

“The exploitation of trusted platforms like DocuSign through their APIs marks a concerning evolution in cybercriminal strategies,” Wallarm concludes. “By embedding fraudulent actions inside official providers, attackers improve their possibilities of success whereas making detection tougher.

“Organizations must adapt by enhancing their security protocols, prioritizing API security, and fostering a culture of vigilance.”

Weblog submit with hyperlinks:
https://weblog.knowbe4.com/attackers-abuse-docusign-to-send-phony-invoices

New Rent or Safety Risk? Be taught How you can Spot Them

Each new rent represents each a possibility and a possible danger. Nevertheless, HR professionals typically do not anticipate dangerous actors to “apply” for a place, which makes them inclined to actual safety threats when hiring.

Are you outfitted to make sure your group’s security from the second a candidate applies?

This module is for HR professionals, IT professionals, hiring managers and others concerned within the recruitment and onboarding of staff. It options an in-depth interview with KnowBe4 employees who recount their real-life expertise in uncovering a nasty actor working for a nation-state authorities, disguised as a “new hire” throughout his onboarding course of.

We element KnowBe4’s fast response to safe the community and consequent efforts to teach others on this tried assault and the way it was foiled.

By the tip of this module, it is possible for you to to:

• Enhance organizational hiring safety practices
• Elevate consciousness about hiring-based safety threats
• Present sensible data for figuring out dangers

Get Your Free Coaching:
https://data.knowbe4.com/free-cybersecurity-tools/secure-hiring-and-onboarding-chn

Let’s keep protected on the market.

Heat regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: [Budget Ammo #1] Stu goes LIVE in INC. Magazine – “How to Navigate the AI Minefield”:
https://www.inc.com/stu-sjouwerman/how-to-navigate-the-ai-minefield/90998714

PPS: [Budget Ammo #2] Clicker Beware: Understanding and stopping open redirect assaults:
https://www.scworld.com/perspective/clicker-beware-understanding-and-preventing-open-redirect-attacks

You’ll be able to learn CyberheistNews on-line at our Weblog
https://weblog.knowbe4.com/cyberheistnews-vol-14-46-eye-opener-attackers-dont-hack-they-log-in-can-you-stop-them

Attackers Abuse Eventbrite to Ship Phishing Emails

Attackers are abusing Eventbrite’s scheduling platform to ship phishing emails, in accordance with researchers at Notion Level. These assaults elevated by 900% between July and October 2024.

“Perception Point researchers observed phishing emails delivered via ‘noreply@events.eventbrite[.]com,'” the researchers write.

“Regardless of being introduced as official occasions created on the Eventbrite platform, attackers use these messages to impersonate recognized manufacturers like NLB, DHL, EnergyAustralia, and Qatar Publish.

“Each email urges the recipient to take action: reset your PIN code; verify your delivery address; pay for an outstanding bill; pay for a package. These time-bound requests employ a social engineering tactic threat actors use to prompt the target to act fast.”

The attackers arrange occasions in Eventbrite, after which ship invites with embedded phishing hyperlinks. The emails usually tend to bypass safety filters since they’re despatched from a official service.

“Once the target clicks on the phishing link, they are redirected to a phishing page,” Notion Level says. “We discovered examples spoofing Qantas airline, Brobizz toll assortment, webhosting platform One(.)com, European monetary establishment NLB, and plenty of extra.

“Designed to look like legitimate websites, targets are asked for personal info, like their login credentials, tax identification numbers, phone numbers, credit card details, and more.”

The attacker can absolutely customise the looks of the e-mail to make it appear to be a convincing notification from the spoofed model.

“Once the attacker creates an event, they can then create emails from within the Eventbrite platform to be sent to attendees,” the researchers write. “These emails can embody textual content, photos, and hyperlinks, all of that are prime alternatives for attackers to smatter in malicious content material.

“The attacker then enters their list of targets (or ‘attendees’) and sends them the invite email. Once sent, the target receives an email from ‘noreply@events.eventbrite[.]com,’ containing all of the malicious details the attacker included.”

Weblog submit with hyperlinks:
https://weblog.knowbe4.com/attackers-abuse-eventbrite-to-send-phishing-emails

New Model of the Rhadamanthys Malware Spreads By way of Phishing

Researchers at Test Level are monitoring a “large scale and sophisticated phishing campaign” that is spreading an upgraded model of the Rhadamanthys infostealer. The phishing emails inform recipients that they’ve dedicated copyright infringement on their Fb pages.

“This campaign utilizes a copyright infringement theme to target various regions, including the United States, Europe, East Asia, and South America,” the researchers write. “The marketing campaign impersonates dozens of firms, whereas every e mail is shipped to a selected focused entity from a special Gmail account, adapting the impersonated firm and the language per focused entity.

“Almost 70% of the impersonated companies are from Entertainment /Media and Technology/Software sectors.” The emails have attachments that purportedly comprise particulars on the copyright infringement. These attachments redirect customers to Dropbox or Discord, the place they’re tricked into downloading a malicious archive.

The researchers imagine financially motivated cybercriminals are behind the assaults. The marketing campaign is opportunistically concentrating on a variety of orgs, utilizing automated instruments to craft focused phishing emails.

“Unlike nation-state actors, who typically target high-value assets such as government agencies or critical infrastructure, this campaign displays no such selectivity,” Test Level says. “As an alternative, it targets a various vary of organizations with no clear strategic connections, reinforcing the conclusion that monetary motives drive the attackers.

“The infrastructure used, such as creating different Gmail accounts for each phishing attempt, indicates the possible use of automation tools possibly powered by AI. This level of operational efficiency, along with the indiscriminate targeting of multiple regions and sectors, points to a cybercrime group seeking to maximize financial returns by casting a wide net.”

New-school safety consciousness coaching provides your group an important layer of protection towards social engineering assaults. KnowBe4 empowers your workforce to make smarter safety selections on daily basis. Over 70,000 orgs worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human danger.

Test Level has the story:
https://analysis.checkpoint.com/2024/massive-phishing-campaign-deploys-latest-rhadamanthys-version/

Hood Faculty Buyer Case Examine

We’re happy to supply a just lately printed case research that includes an schooling sector buyer known as Hood Faculty. Along with being one of many first prospects to include KnowBe4 Pupil Version, listed here are some successes the shopper noticed by working with us:

• Improved safety consciousness throughout greater than 2,500 employees and college students
• Trainings are driving a discount in clicks throughout phishing campaigns, transferring from 12% towards objective of 6%
• Greater than 200 suspicious emails reported by way of the Phish Alert Button each month
• 40% of scholars have accomplished KnowBe4 Pupil Version coaching, giving it a ranking of three.5 – 4.5 stars
• Discount in effort and time spent by IT division investigating potential phishing emails

Get direct entry to this case research right here:
https://www.knowbe4.com/hubfs/KSAT-Training-Hood-Faculty-CS-en_US.pdf

What KnowBe4 Clients Say

“Stu, first, I hope you, your loved ones, and operations are all protected and recovering from the horrific hurricanes we skilled final month. Simply following up, we have been in a position to attain Egress yesterday and can be switching over from Darktrace to Egress in December for our residential and title operations.

Additionally, can be making an attempt to develop our present KnowBe4 from our title operations to our residential operations employees and presumably brokers as nicely at the moment, we’re tremendous excited to start out our relationship with Egress and develop our already nice relationship with KnowBe4.”

– T.S., Director of Information Technology

“Hello Stu, we have now discovered KB4 very useful in our consciousness coaching initiatives. We’re additionally a reseller and our prospects are thrilled with it. Thanks in your e mail. Meaning rather a lot.

– Okay.T., Account Government