CyberheistNews Vol 14 #48 [Eye Opener] Phishing Assaults Now Exploit Visio and SharePoint Information

[Eye Opener] Phishing Assaults Now Exploit Visio and SharePoint Information

Risk actors are exploiting Microsoft Visio recordsdata and SharePoint to launch two-step phishing assaults, in keeping with researchers at Notion Level.

“Perception Point’s security researchers have observed a dramatic increase in two-step phishing attacks leveraging [.]vsdx files – a file extension rarely used in phishing campaigns until now,” the researchers clarify.

“These attacks represent a sophistication of two-step phishing tactics, targeting hundreds of organizations worldwide with a new layer of deception designed to evade detection and exploit user trust.”

The assaults start with phishing emails that seem like necessary enterprise requests, similar to buy orders or proposals. The emails are despatched from reliable, compromised accounts, so that they’re extra more likely to bypass safety filters. The emails have Outlook attachments that result in a Microsoft SharePoint web page internet hosting a Visio [.]vsdx file.

“Inside the Visio file, attackers embed another URL behind a clickable Call-To-Action, in most cases we’ve observed it was a ‘View Document’ button,” the researchers write. “These recordsdata differ in look, with some even incorporating the breached person group’s logos and branding to boost credibility.

“To access the embedded URL, victims are instructed to hold down the Ctrl key and click – a subtle yet highly effective action designed to evade email security scanners and automated detection tools. Asking for the Ctrl key press input relies on a simple interaction that a human user can perform, effectively bypassing automated systems that are not designed to replicate such behaviors.”

After clicking the hyperlink, the sufferer will probably be despatched to a spoofed M365 login web page designed to steal their credentials.

Weblog submit with hyperlinks:
https://weblog.knowbe4.com/phishing-attacks-exploit-microsoft-visio-files

[New!] Examine Out These Highly effective New KnowBe4 AI Options

Be a part of us Wednesday, December 4, @ 2:00 PM (ET), for a dwell demo of how KnowBe4 introduces Human Threat Administration with AI Protection Brokers offering unparalleled, personalised safety consciousness coaching to your workforce. It quickens the educational course of and reduces your group’s threat rating:

• NEW! AIDA – Synthetic Intelligence Pushed Brokers – How do they work?
• NEW! The Sensible Threat Agent Model 2.0 – What was improved?
• Government Reporting See for your self the intense energy of the customized options!

Learn how almost 70,000 organizations have mobilized their finish customers as their human firewall.

Date/Time: Wednesday, December 4, @ 2:00 PM (ET)

Save My Spot!
https://information.knowbe4.com/en-us/kmsat-demo-3?partnerref=CHN

A New Period In Human Threat Administration: Introducing KnowBe4 HRM+

Cybersecurity threats develop extra subtle by the day. Amid this fixed change, one fact stays: individuals are concurrently our best safety vulnerability and our strongest line of protection. It is time to empower organizations with a brand new strategy that minimizes human threat and maximizes safety.

Introducing HRM+, KnowBe4’s groundbreaking human threat administration platform. Constructed as a complete AI-driven ‘best-of-suite’ platform for Human Threat Administration, HRM+ creates an adaptive protection layer towards the newest cybersecurity threats.

The HRM+ platform consists of modules for consciousness & compliance coaching, cloud e-mail safety, real-time teaching, crowdsourced anti-phishing, AI Protection Brokers, and extra. HRM+ tackles the complicated human-element cybersecurity challenges of the trendy world.

What Units HRM+ Aside?

With HRM+, organizations achieve entry to a full suite of highly effective options — all inside one platform. It is personalised, related and adaptive. This is how HRM+ helps organizations construct a robust safety tradition:

• Customized Studying: HRM+ makes use of AI protection brokers to tailor safety consciousness coaching particularly to every particular person, offering unparalleled, personalised safety consciousness coaching to people. This quickens the educational course of and reduces your group’s threat rating.
• AI-Powered E mail Safety: Our platform leverages cutting-edge AI to ship superior e-mail safety, encryption and information leak safety. This is not nearly blocking threats — it is about preemptively defending your most crucial communications.
• Adaptive Protection: HRM+ is a dynamic platform that repeatedly learns and adapts to rising threats, maintaining your group forward of potential dangers and making certain you are not caught off guard.
• All-in-One Platform: From anti-phishing and real-time teaching to compliance coaching and e-mail safety, HRM+ presents a very built-in expertise. Handle all of your cybersecurity coaching and e-mail defenses by way of one easy-to-navigate interface.
• Confirmed Success: Trusted by 47 of the highest 50 cybersecurity corporations, HRM+ builds on KnowBe4’s fame for excellence to ship a brand new commonplace in human threat administration.

Empowering the Workforce to Shield Your Group

HRM+ goes past conventional cybersecurity instruments. By remodeling your workforce into energetic defenders, HRM+ would not simply mitigate dangers — it turns human error into human energy. It is a full integration of human threat administration and AI-powered safety, designed to assist organizations foster a resilient safety tradition.

Able to Revolutionize Your Safety?

Within the battle towards cyber threats, your individuals are your best asset. Uncover how HRM+ can redefine your group’s strategy to cybersecurity by empowering your staff with the personalised, related and adaptive platform they should succeed.

Get able to embrace a brand new period of human threat administration. Uncover what HRM+ can do to your group immediately. Contact our gross sales staff right here for extra info.

Weblog submit with hyperlinks and new firm video:
https://weblog.knowbe4.com/a-new-era-in-human-risk-managementintroducing-knowbe4-hrm

Free Useful resource Equipment to Keep Cyber Safe This Vacation Season!

It is not simply you and your group getting busier through the vacation season. Cybercriminals are additionally working additional time!

Upticks in on-line procuring, vacation journey and different time constraints could make it simpler for them to catch customers off their guard with related schemes. This makes one of many busiest occasions of 12 months some of the necessary occasions to your workers to remain vigilant towards cybersecurity threats.

That is why we put collectively this useful resource equipment to assist guarantee cybercriminals’ efforts this season are for nothing!

Here’s what you may get:

• New! The Present of Consciousness: Vacation Cybersecurity Necessities coaching module
• Two free vacation coaching modules, accessible in a number of languages
• Safety paperwork and digital signage to strengthen the free modules included within the equipment to share along with your customers
• Newsletters about vacation procuring and journey security to your customers
• Entry to assets so that you can assist with safety planning for the upcoming 12 months

Obtain Now:
https://information.knowbe4.com/free-holiday-resource-kit-chn

Ransomware Gangs Evolve: They’re Now Recruiting Penetration Testers

A brand new and regarding cybersecurity development has emerged. In line with the newest Q3 2024 Cato CTRL SASE Risk Report from Cato Networks, ransomware gangs are actually actively recruiting penetration testers to boost the effectiveness of their assaults.

This improvement indicators a big shift within the ways employed by cybercriminals and underscores the necessity for organizations to stay vigilant of their protection methods.

Historically, penetration testers, or “pen testers,” have been employed by organizations to determine vulnerabilities of their techniques. Nevertheless, the report reveals that menace actors are actually looking for these expert professionals to affix ransomware affiliate applications similar to Apos, Lynx, and Rabbit Gap.

This transfer mirrors reliable software program improvement practices, the place testing is essential earlier than deployment.

Etay Maor, chief safety strategist at Cato Networks, explains, “Ransomware is one of the most pervasive threats in the cybersecurity landscape. It impacts everyone—businesses and consumers—and threat actors are constantly trying to find new ways to make their ransomware attacks more effective.”

The report additionally highlights the rising concern of “shadow AI” – the unauthorized use of AI functions inside organizations. This apply poses vital dangers, notably relating to information privateness. Cato CTRL recognized ten AI functions getting used with out correct vetting, together with Bodygram, Craiyon, and Otter[dot]ai. Organizations should pay attention to the potential publicity of delicate info by way of these unsanctioned AI instruments.

One other essential discovering from the report is the underutilization of TLS (Transport Layer Safety) inspection. Solely 45% of collaborating organizations allow TLS inspection, and a mere 3% examine all related TLS-encrypted classes. This hole in safety leaves organizations weak to assaults hidden inside encrypted visitors.

The report discovered that 60% of makes an attempt to take advantage of recognized vulnerabilities have been blocked in TLS visitors throughout Q3 2024. Furthermore, organizations that enabled TLS inspection blocked 52% extra malicious visitors in comparison with these with out it.

As ransomware gangs proceed to evolve their ways, it is clear that orgs should adapt their cybersecurity methods accordingly. The recruitment of penetration testers by menace actors represents a big escalation within the sophistication of ransomware assaults.

To remain forward of those threats, you need to:

• Implement complete TLS inspection protocols
• Be vigilant about shadow AI utilization inside their group
• Usually replace and take a look at their cybersecurity measures
• Spend money on worker coaching to acknowledge and report potential threats

By staying knowledgeable and proactive, organizations can higher defend themselves towards the ever-evolving panorama of cyber threats.

Weblog submit with hyperlinks:
https://weblog.knowbe4.com/ransomware-gangs-evolve-the-alarming-trend-of-recruiting-penetration-testers

Expertise the Thrill: Free Entry to “The Inside Man” Season 1

Till the tip of the 12 months, we’re providing you an unique alternative to dive into the world of cybersecurity and social engineering ways like by no means earlier than. Watch the total first season (12 heart-pounding episodes) of “The Inside Man” — a streaming-quality academic drama sequence that is altering the sport in safety consciousness coaching.

“The Inside Man” is now accessible to you for free of charge by way of December 2024!

Entry the primary season of “The Inside Man” to:

• Rework your coaching right into a binge-worthy expertise
• Empower your staff with real-world cybersecurity situations
• Make safety consciousness stick by way of highly effective storytelling

Do not miss this opportunity to mix schooling and leisure within the combat towards cybercriminals. Assist make your safety tradition follow “The Inside Man!”

Watch Now:
https://information.knowbe4.com/assets/inside-man-season1-chn

[Unprecedented Hack] Russian Spies Jumped From One Wi-Fi to One other in Daisy-chain Assault:

This can be a new one! The GRU remotely hacked right into a Wi-Fi community within the supposed sufferer space and used the compromised laptop as an antenna to launch a W-Fi assault from it. Yikes.

On the Cyberwarcon safety convention in Arlington, Virginia, this week, cybersecurity researcher Steven Adair revealed how his agency, Volexity, found that unprecedented Wi-Fi hacking approach—what the agency is asking a “nearest neighbor attack”—whereas investigating a community breach concentrating on a buyer in Washington, DC, in 2022.

Volexity, which declined to call its DC buyer, has since tied the breach to the Russian hacker group referred to as Fancy Bear, APT28, or Unit 26165. A part of Russia’s GRU navy intelligence company, the group has been concerned in infamous circumstances starting from the breach of the Democratic Nationwide Committee in 2016 to the botched Wi-Fi hacking operation wherein 4 of its members have been arrested within the Netherlands in 2018.

Wired has the story:
https://www.wired.com/story/russia-gru-apt28-wifi-daisy-chain-breach/

Let’s keep protected on the market.

Heat regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: [BUDGET AMMO #1] The Pressing And Important Want To Prioritize Cell Safety:
https://www.securityweek.com/the-urgent-and-critical-need-to-prioritize-mobile-security/

PPS: [BUDGET AMMO #2] 5 Methods Monetary Providers Organizations Can Cease Infiltration:
https://www.forbes.com/councils/forbestechcouncil/2024/11/21/five-ways-financial-services-organizations-can-stop-infiltration/

You may learn CyberheistNews on-line at our Weblog
https://weblog.knowbe4.com/cyberheistnews-vol-14-48-eye-opener-phishing-attacks-now-exploit-visio-and-sharepoint-files

Out of 29 Billion Cybersecurity Occasions, Phishing was the Major Technique of Preliminary Assault

The newly launched single largest evaluation of cyber assaults throughout all of 2023 present a robust tie between using phishing and strategies designed to achieve credentialed entry.

I’ve stood on the “phishing is a problem” soapbox for a few years, making an attempt to focus the eye of cybersecurity groups on the only largest downside inside the group: the workers that fall for social engineering ways time and time once more.

Having simply taken a take a look at an enormous evaluation of tens of billions of 2023 cybersecurity occasions in The 2024 Comcast Enterprise Cybersecurity Risk Report, I really feel a bit redeemed.

In line with the report, 2.6 billion phishing occasions have been detected by Comcast Enterprise final 12 months. To place that large a quantity into perspective, that is barely lower than 5000 phishing assaults detected each minute of final 12 months.

However phishing assaults on organizations are solely a way to an finish – and, normally, that finish is considered one of just some outcomes: malware an infection, some sort of socially-engineered recipient response, or tried credential theft.

And Comcast makes it clear that credential entry is “intricately tied” to phishing assaults with over 400 million situations of credential entry strategies detected (that is over one million every day) that embrace OS credential dumping, pressured authentication, stolen or cast authentication certificates, and exploitation for credentialed entry.

Weblog submit with hyperlinks:
https://weblog.knowbe4.com/out-of-29-billion-cybersecurity-events-phishing-was-the-primary-method-of-initial-attack

Vacation Scams Are Incorporating Deepfakes

Researchers at McAfee warn that generative AI instruments have elevated the sophistication of holiday-themed scams, with a “significant surge in unsolicited holiday shopping emails starting in early October.”

“Black Friday emails alone saw a 495% increase from October to early November,” the researchers write. “Similarly, Christmas-related emails rose by 314% during the same period. This trend suggests that scam-related risks will continue to escalate throughout the holiday season, and consumers should stay aware.”

Notably, scammers are utilizing deepfakes to impersonate celebrities and improve the legitimacy of their assaults. “AI-generated deepfakes now pose a threat, especially to younger shoppers,” McAfee says. “While 1 in 5 Americans (21%) have unknowingly paid for fake products endorsed by deepfake versions of celebrities, the impact is greater among Gen Z and Millennials, with 1 in 3 people aged 18-34 falling victim to a deepfake scam, compared to around 5% of shoppers aged 55 and up.”

McAfee reminds customers to be cautious of presents that appear too good to be true. Scammers attempt to get customers to behave rapidly earlier than pondering issues by way of.

“Many scams are effective because the scammer creates a false sense of urgency or preys on a heightened emotional state,” the researchers write. “Pause earlier than you rush to work together with any message that’s threatening or pressing, particularly whether it is from an unknown or unlikely sender.

“The same very much applies for deals and sales online. Scammers will pop up bogus online ads and stores for sought-after gifts, of course with no intention of shipping you anything. Look out for offers that seem priced too low and hard-to-find items that are miraculously in stock at an online store you’ve never heard of. Stick with reputable retailers instead.”

KnowBe4 permits your workforce to make smarter safety selections each day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and cut back human threat.

McAfee has the story:
https://www.businesswire.com/information/house/20241115918692/en/McAfeepercentE2percent80percent99s-2024-International-Vacation-Procuring-Scams-Examine-Highlights-Rising-Considerations-Over-AI-Powered-Scams-Together with-Deepfakes-Impacting-Vacation-Consumers

What KnowBe4 Clients Say

“I can not converse sufficient for what an incredible job Max B. does as our CSM. I sit up for working with him throughout our common quarterly conferences. He at all times comes effectively ready with concepts and strategies for brand new coaching and phishing campaigns.

He has helped me arrange month-to-month Rip-off of the Week and Safety Hints & Suggestions campaigns that nearly function month-to-month newsletters for us. He’s inventive on the right way to use the KnowBe4 platform to get probably the most bang for our buck out of the system. He’s additionally extraordinarily versatile when my life goes awry, he by no means has an issue rescheduling and getting our assembly match again into his schedule.

Max does an superior job at representing KnowBe4.”

– P.J. Supervisor of IT Infrastructure & Cybersecurity

“Please forward this on to your bosses – we are genuinely appreciative of the level of support you provided and it’s truly rare for us to work with someone who actually embodies what customer success is supposed to be. We deal with dozens upon dozens of vendors, you and your company stand out for how you engage and support our success in the platform.”

– G.M., Chief Info Officer