CyberheistNews Vol 14 #48 | November 26th, 2024
[Eye Opener] Phishing Attacks Now Exploit Visio and SharePoint Files
Threat actors are exploiting Microsoft Visio files and SharePoint to launch two-step phishing attacks, according to researchers at Perception Point.
“Perception Point’s security researchers have observed a dramatic increase in two-step phishing attacks leveraging [.]vsdx files – a file extension rarely used in phishing campaigns until now,” the researchers explain.
“These attacks represent a sophistication of two-step phishing tactics, targeting hundreds of organizations worldwide with a new layer of deception designed to evade detection and exploit user trust.”
The attacks begin with phishing emails that appear to be important business requests, such as purchase orders or proposals. The emails are sent from legitimate, compromised accounts, so they’re more likely to bypass security filters. The emails have Outlook attachments that lead to a Microsoft SharePoint page hosting a Visio [.]vsdx file.
“Inside the Visio file, attackers embed another URL behind a clickable Call-To-Action, in most cases we’ve observed it was a ‘View Document’ button,” the researchers write. “These files vary in appearance, with some even incorporating the breached user organization’s logos and branding to enhance credibility.
“To access the embedded URL, victims are instructed to hold down the Ctrl key and click – a subtle yet highly effective action designed to evade email security scanners and automated detection tools. Asking for the Ctrl key press input relies on a simple interaction that a human user can perform, effectively bypassing automated systems that are not designed to replicate such behaviors.”
After clicking the link, the victim will be sent to a spoofed M365 login page designed to steal their credentials.
Blog post with links:
https://blog.knowbe4.com/phishing-attacks-exploit-microsoft-visio-files
[New!] Check Out These Powerful New KnowBe4 AI Features
Join us Wednesday, December 4, @ 2:00 PM (ET), for a live demo of how KnowBe4 introduces Human Risk Management with AI Defense Agents providing unparalleled, personalized security awareness training to your workforce. It quickens the learning process and reduces your organization’s risk score:
- NEW! AIDA – Artificial Intelligence Driven Agents – How do they work?
- NEW! The Smart Risk Agent Version 2.0 – What was improved?
- Executive Reporting See for yourself the extreme power of the custom features!
Find out how nearly 70,000 organizations have mobilized their end users as their human firewall.
Date/Time: Wednesday, December 4, @ 2:00 PM (ET)
Save My Spot!
https://info.knowbe4.com/en-us/kmsat-demo-3?partnerref=CHN
A New Era In Human Risk Management: Introducing KnowBe4 HRM+
Cybersecurity threats grow more sophisticated by the day. Amid this constant change, one truth remains: people are simultaneously our greatest security vulnerability and our strongest line of defense. It’s time to empower organizations with a new approach that minimizes human risk and maximizes protection.
Introducing HRM+, KnowBe4’s groundbreaking human risk management platform. Built as a comprehensive AI-driven ‘best-of-suite’ platform for Human Risk Management, HRM+ creates an adaptive defense layer against the latest cybersecurity threats.
The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. HRM+ tackles the complex human-element cybersecurity challenges of the modern world.
What Sets HRM+ Apart?
With HRM+, organizations gain access to a full suite of powerful features — all within one platform. It’s personalized, relevant and adaptive. Here’s how HRM+ helps organizations build a strong security culture:
- Personalized Learning: HRM+ uses AI defense agents to tailor security awareness training specifically to each individual, providing unparalleled, personalized security awareness training to individuals. This quickens the learning process and reduces your organization’s risk score.
- AI-Powered Email Protection: Our platform leverages cutting-edge AI to deliver advanced email security, encryption and data leak protection. This isn’t just about blocking threats — it’s about preemptively protecting your most critical communications.
- Adaptive Defense: HRM+ is a dynamic platform that continuously learns and adapts to emerging threats, keeping your organization ahead of potential risks and ensuring you’re not caught off guard.
- All-in-One Platform: From anti-phishing and real-time coaching to compliance training and email security, HRM+ offers a truly integrated experience. Manage all your cybersecurity training and email defenses through one easy-to-navigate interface.
- Proven Success: Trusted by 47 of the top 50 cybersecurity firms, HRM+ builds on KnowBe4’s reputation for excellence to deliver a new standard in human risk management.
Empowering the Workforce to Protect Your Organization
HRM+ goes beyond traditional cybersecurity tools. By transforming your workforce into active defenders, HRM+ doesn’t just mitigate risks — it turns human error into human strength. It’s a complete integration of human risk management and AI-powered protection, designed to help organizations foster a resilient security culture.
Ready to Revolutionize Your Security?
In the battle against cyber threats, your people are your greatest asset. Discover how HRM+ can redefine your organization’s approach to cybersecurity by empowering your team with the personalized, relevant and adaptive platform they need to succeed.
Get ready to embrace a new era of human risk management. Discover what HRM+ can do for your organization today. Contact our sales team here for more information.
Blog post with links and new company video:
https://blog.knowbe4.com/a-new-era-in-human-risk-managementintroducing-knowbe4-hrm
Free Resource Kit to Stay Cyber Secure This Holiday Season!
It’s not just you and your organization getting busier during the holiday season. Cybercriminals are also working overtime!
Upticks in online shopping, holiday travel and other time constraints can make it easier for them to catch users off their guard with relevant schemes. This makes one of the busiest times of year one of the most important times for your employees to stay vigilant against cybersecurity threats.
That’s why we put together this resource kit to help ensure cybercriminals’ efforts this season are for nothing!
Here is what you’ll get:
- New! The Gift of Awareness: Holiday Cybersecurity Essentials training module
- Two free holiday training modules, available in multiple languages
- Security documents and digital signage to reinforce the free modules included in the kit to share with your users
- Newsletters about holiday shopping and travel safety for your users
- Access to resources for you to help with security planning for the upcoming year
Download Now:
https://info.knowbe4.com/free-holiday-resource-kit-chn
Ransomware Gangs Evolve: They’re Now Recruiting Penetration Testers
A new and concerning cybersecurity trend has emerged. According to the latest Q3 2024 Cato CTRL SASE Threat Report from Cato Networks, ransomware gangs are now actively recruiting penetration testers to enhance the effectiveness of their attacks.
This development signals a significant shift in the tactics employed by cybercriminals and underscores the need for organizations to remain vigilant in their defense strategies.
Traditionally, penetration testers, or “pen testers,” have been employed by organizations to identify vulnerabilities in their systems. However, the report reveals that threat actors are now seeking these skilled professionals to join ransomware affiliate programs such as Apos, Lynx, and Rabbit Hole.
This move mirrors legitimate software development practices, where testing is crucial before deployment.
Etay Maor, chief security strategist at Cato Networks, explains, “Ransomware is one of the most pervasive threats in the cybersecurity landscape. It impacts everyone—businesses and consumers—and threat actors are constantly trying to find new ways to make their ransomware attacks more effective.”
The report also highlights the growing concern of “shadow AI” – the unauthorized use of AI applications within organizations. This practice poses significant risks, particularly regarding data privacy. Cato CTRL identified ten AI applications being used without proper vetting, including Bodygram, Craiyon, and Otter[dot]ai. Organizations must be aware of the potential exposure of sensitive information through these unsanctioned AI tools.
Another critical finding from the report is the underutilization of TLS (Transport Layer Security) inspection. Only 45% of participating organizations enable TLS inspection, and a mere 3% inspect all relevant TLS-encrypted sessions. This gap in security leaves organizations vulnerable to attacks hidden within encrypted traffic.
The report found that 60% of attempts to exploit known vulnerabilities were blocked in TLS traffic during Q3 2024. Moreover, organizations that enabled TLS inspection blocked 52% more malicious traffic compared to those without it.
As ransomware gangs continue to evolve their tactics, it’s clear that orgs must adapt their cybersecurity strategies accordingly. The recruitment of penetration testers by threat actors represents a significant escalation in the sophistication of ransomware attacks.
To stay ahead of these threats, you should:
- Implement comprehensive TLS inspection protocols
- Be vigilant about shadow AI usage within their organization
- Regularly update and test their cybersecurity measures
- Invest in employee training to recognize and report potential threats
By staying informed and proactive, organizations can better protect themselves against the ever-evolving landscape of cyber threats.
Blog post with links:
https://blog.knowbe4.com/ransomware-gangs-evolve-the-alarming-trend-of-recruiting-penetration-testers
Experience the Thrill: Free Access to “The Inside Man” Season 1
Until the end of the year, we’re offering you an exclusive opportunity to dive into the world of cybersecurity and social engineering tactics like never before. Watch the full first season (12 heart-pounding episodes) of “The Inside Man” — a streaming-quality educational drama series that’s changing the game in security awareness training.
“The Inside Man” is now available to you at no cost through December 2024!
Access the first season of “The Inside Man” to:
- Transform your training into a binge-worthy experience
- Empower your team with real-world cybersecurity scenarios
- Make security awareness stick through powerful storytelling
Don’t miss this chance to blend education and entertainment in the fight against cybercriminals. Help make your security culture stick with “The Inside Man!”
Watch Now:
https://info.knowbe4.com/resources/inside-man-season1-chn
[Unprecedented Hack] Russian Spies Jumped From One Wi-Fi to Another in Daisy-chain Attack:
This is a new one! The GRU remotely hacked into a Wi-Fi network in the intended victim area and used the compromised computer as an antenna to launch a W-Fi attack from it. Yikes.
At the Cyberwarcon security conference in Arlington, Virginia, this week, cybersecurity researcher Steven Adair revealed how his firm, Volexity, discovered that unprecedented Wi-Fi hacking technique—what the firm is calling a “nearest neighbor attack”—while investigating a network breach targeting a customer in Washington, DC, in 2022.
Volexity, which declined to name its DC customer, has since tied the breach to the Russian hacker group known as Fancy Bear, APT28, or Unit 26165. Part of Russia’s GRU military intelligence agency, the group has been involved in notorious cases ranging from the breach of the Democratic National Committee in 2016 to the botched Wi-Fi hacking operation in which four of its members were arrested in the Netherlands in 2018.
Wired has the story:
https://www.wired.com/story/russia-gru-apt28-wifi-daisy-chain-breach/
Let’s stay safe out there.
Warm regards,
Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.
PS: [BUDGET AMMO #1] The Urgent And Critical Need To Prioritize Mobile Security:
https://www.securityweek.com/the-urgent-and-critical-need-to-prioritize-mobile-security/
PPS: [BUDGET AMMO #2] Five Ways Financial Services Organizations Can Stop Infiltration:
https://www.forbes.com/councils/forbestechcouncil/2024/11/21/five-ways-financial-services-organizations-can-stop-infiltration/
Quotes of the Week
“The knowledge of the world is only to be acquired in the world, and not in a closet.”
– Lord Chesterfield (Letters to His Son) (1694 – 1773)
“Whatever is worth doing at all is worth doing well..”
– Lord Chesterfield (1694 – 1773)
You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-14-48-eye-opener-phishing-attacks-now-exploit-visio-and-sharepoint-files
Security News
Out of 29 Billion Cybersecurity Events, Phishing was the Primary Method of Initial Attack
The newly released single largest analysis of cyber attacks across all of 2023 show a strong tie between the use of phishing and techniques designed to gain credentialed access.
I’ve stood on the “phishing is a problem” soapbox for many years, attempting to focus the attention of cybersecurity teams on the single largest problem within the organization: the employees that fall for social engineering tactics time and time again.
Having just taken a look at a massive analysis of tens of billions of 2023 cybersecurity events in The 2024 Comcast Business Cybersecurity Threat Report, I feel a little redeemed.
According to the report, 2.6 billion phishing events were detected by Comcast Business last year. To put that big a number into perspective, that’s slightly less than 5000 phishing attacks detected every minute of last year.
But phishing attacks on organizations are only a means to an end – and, usually, that end is one of just a few outcomes: malware infection, some kind of socially-engineered recipient response, or attempted credential theft.
And Comcast makes it clear that credential access is “intricately tied” to phishing attacks with over 400 million instances of credential access techniques detected (that’s over a million each day) that include OS credential dumping, forced authentication, stolen or forged authentication certificates, and exploitation for credentialed access.
Blog post with links:
https://blog.knowbe4.com/out-of-29-billion-cybersecurity-events-phishing-was-the-primary-method-of-initial-attack
Holiday Scams Are Incorporating Deepfakes
Researchers at McAfee warn that generative AI tools have increased the sophistication of holiday-themed scams, with a “significant surge in unsolicited holiday shopping emails starting in early October.”
“Black Friday emails alone saw a 495% increase from October to early November,” the researchers write. “Similarly, Christmas-related emails rose by 314% during the same period. This trend suggests that scam-related risks will continue to escalate throughout the holiday season, and consumers should stay aware.”
Notably, scammers are using deepfakes to impersonate celebrities and increase the legitimacy of their attacks. “AI-generated deepfakes now pose a threat, especially to younger shoppers,” McAfee says. “While 1 in 5 Americans (21%) have unknowingly paid for fake products endorsed by deepfake versions of celebrities, the impact is greater among Gen Z and Millennials, with 1 in 3 people aged 18-34 falling victim to a deepfake scam, compared to around 5% of shoppers aged 55 and up.”
McAfee reminds users to be wary of offers that seem too good to be true. Scammers try to get users to act quickly before thinking things through.
“Many scams are effective because the scammer creates a false sense of urgency or preys on a heightened emotional state,” the researchers write. “Pause before you rush to interact with any message that is threatening or urgent, especially if it is from an unknown or unlikely sender.
“The same very much applies for deals and sales online. Scammers will pop up bogus online ads and stores for sought-after gifts, of course with no intention of shipping you anything. Look out for offers that seem priced too low and hard-to-find items that are miraculously in stock at an online store you’ve never heard of. Stick with reputable retailers instead.”
KnowBe4 enables your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
McAfee has the story:
https://www.businesswire.com/news/home/20241115918692/en/McAfee%E2%80%99s-2024-Global-Holiday-Shopping-Scams-Study-Highlights-Growing-Concerns-Over-AI-Powered-Scams-Including-Deepfakes-Impacting-Holiday-Shoppers
What KnowBe4 Customers Say
“I can’t speak enough for what a great job Max B. does as our CSM. I look forward to working with him during our regular quarterly meetings. He always comes well prepared with ideas and suggestions for new training and phishing campaigns.
He has helped me set up monthly Scam of the Week and Security Hints & Tips campaigns that almost serve as monthly newsletters for us. He is creative on how to use the KnowBe4 platform to get the most bang for our buck out of the system. He is also extremely flexible when my life goes awry, he never has a problem rescheduling and getting our meeting fit back into his schedule.
Max does an awesome job at representing KnowBe4.”
– P.J. Manager of IT Infrastructure & Cybersecurity
“Please forward this on to your bosses – we are genuinely appreciative of the level of support you provided and it’s truly rare for us to work with someone who actually embodies what customer success is supposed to be. We deal with dozens upon dozens of vendors, you and your company stand out for how you engage and support our success in the platform.”
– G.M., Chief Information Officer
The 10 Interesting News Items This Week
Cyberheist ‘Fave’ Links