A few of our clients are reporting “Threat Alerts” from Mimecast stating hackers have exploited KnowBe4 or KnowBe4 domains to ship electronic mail threats.
That is being despatched to Mimecast clients and different non-customers who’re members of risk intelligence networks.
Generally, there may be an included hyperlink and it references KnowBe4 together with one other Mimecast competitor. The wording alternative of the alert is poor and deceptive.
What they’re referencing is the truth that attackers typically ship phishing emails claiming to be from KnowBe4, normally hoping the potential sufferer clicks on the included malicious hyperlink. The included malicious hyperlink (and sending electronic mail tackle) will typically embrace the phrase ‘knowbe4.com’ someplace in an try to trick the recipient.
No, KnowBe4 Has NOT Been Exploited!
The alert makes use of the phrase “exploiting KnowBe4’s legitimate domain”. Exploit is a time period generally used to point {that a} vulnerability was discovered and utilized by a hacker. On this case, Mimecast ought to have merely stated the attackers had been pretending to be from KnowBe4. It’s a little bit of a stretch to name a phishing electronic mail an exploitation. In our definition, that’s spoofing, not exploitation. This appears to be like like a novice wrote the alert.
To be clear, in Mimecast’s alert, the domains with the time period Knowbe4 in them are usually not KnowBe4 domains. They’re easy look-alike “evil-twin” domains the attackers have created to trick unsuspecting potential victims.
We sometimes see pretend KnowBe4 emails despatched as in the event that they had been actually despatched by our actual area (e.g., knowbe4.com), however once more, these are spoof electronic mail addresses and so they by no means cross the conventional electronic mail checks (e.g., DMARC, SPF, and DKIM). A lot of these messages, utilizing our actual area title, will fail upon receipt and normally find yourself in individuals’s Spam or Unsolicited mail folders.
If you wish to study extra about DMARC, SPF, and DKIM, click on right here.
It isn’t uncommon for any well-known firm for use in a model impersonation phishing assault. It isn’t uncommon for the world’s main human threat administration firm for use in phishing lures. Now we have been for years and think about it a form of badge of honor that hackers assume we’re in style sufficient for use in model impersonation.
Even Mimecast has been the sufferer of name impersonation (see an instance under).
However we didn’t put out an “urgent threat alert” and declare Mimecast’s model or domains had been “exploited.” We consider in truthful competitors, and don’t resort to those ways.
Your human threat administration plan ought to embrace an efficient safety consciousness coaching part that teaches customers about model impersonation, find out how to acknowledge it, and find out how to appropriately mitigate and report it.
It’s nicely understood that not each electronic mail is the place it claims to be from. In truth, we have now constructed a complete business round it.