CyberheistNews Vol 14 #46 [Eye Opener] Attackers Do not Hack, They Log In. Can You Cease Them?

[Eye Opener] Attackers Do not Hack, They Log In. Can You Cease Them?

The newest development in cybercrime is that attackers do not actually deal with “hacking” in; they’re logging in.

We see this now within the wild, pushed by organized prison teams like Scattered Spider and BlackCat, who’ve re-emerged with a renewed deal with gaining entry via reputable means, typically exploiting assist desks and social engineering techniques.

Their methods typically depend on social engineering assist desk workers into resetting credentials or bypassing multi-factor authentication (MFA), attaining entry with out breaking in. These attackers purpose for the best path to your community, leveraging stolen credentials from info-stealers or posing as reputable customers to realize entry.

A latest case reported by ReliaQuest underscores this tactic. Scattered Spider used social engineering to trick a assist desk, resulting in a six-hour assault that led to system encryption. The attackers even used Microsoft Groups to demand a ransom — exhibiting a brand new degree of boldness and ingenuity in fashionable cyber assaults.

As menace analyst Hayden Evans explains, “Attackers do not hack in; they log in.” His recommendation is obvious: organizations should implement stringent assist desk insurance policies and guarantee MFA configurations can stand up to social engineering tips.

To guard your community, work laborious on bettering worker coaching, monitoring for suspicious exercise and reinforcing assist desk protocols. These measures construct resilience in opposition to immediately’s superior menace actors who bypass conventional safety measures by merely logging in.

Weblog submit with hyperlinks:
https://weblog.knowbe4.com/eye-opener-attackers-dont-hack-they-log-in.-can-you-stop-them

Recon 2.0: AI-Pushed OSINT within the Fingers of Cybercriminals

Cybercriminals are utilizing synthetic intelligence (AI) and generative AI in open supply intelligence (OSINT) actions to focus on your group with supercharged reconnaissance efforts.

With AI-driven methods, they will collect, analyze and exploit publicly accessible information to create extremely focused and convincing social engineering schemes, phishing campaigns and different types of cyber assaults.

Be part of James McQuiggan, Safety Consciousness Advocate at KnowBe4, as he explores how attackers use AI and OSINT to rapidly establish and prioritize targets. Discover ways to develop sturdy cybersecurity methods to counter AI-enhanced threats.

Utilizing unique demos and real-world examples, you will:

• Acquire insights into how AI and generative AI amplify OSINT-driven reconnaissance
• Perceive how attackers use AI to reinforce information aggregation, profile technology and goal prioritization to focus on your group
• Uncover the implications of AI-driven OSINT and techniques for menace detection and mitigation
• Be taught why a powerful safety tradition continues to be your greatest line of protection

Register now to learn to detect and mitigate AI-enhanced OSINT threats.

Date/Time: TOMORROW, Wednesday, November 13, @ 2:00 PM (ET)

Cannot attend stay? No worries — register now and you’ll obtain a hyperlink to view the presentation on-demand afterwards.

Save My Spot:
https://data.knowbe4.com/ai-driven-osint?partnerref=CHN2

BlackBasta Ransomware Gang Makes use of New Social Engineering Techniques To Goal Company Networks

ReliaQuest has warned that the BlackBasta ransomware gang is utilizing new social engineering techniques to acquire preliminary entry inside company networks.

The menace actor begins by sending mass electronic mail spam campaigns focusing on staff, then including individuals who fall for the emails to Microsoft Groups chats with exterior customers.

These exterior customers pose as IT help or assist desk workers and ship staff Microsoft Groups messages containing malicious QR codes. In some circumstances, the attackers used voice phishing (vishing) telephone calls to persuade customers to put in distant administration software program.

“The underlying motivation is more likely to lay the groundwork for follow-up social engineering methods, persuade customers to obtain distant monitoring and administration (RMM) instruments, and achieve preliminary entry to the focused atmosphere,” the researchers write. “Finally, the attackers’ finish purpose in these incidents is sort of actually the deployment of ransomware.”

ReliaQuest emphasizes the large scale of the marketing campaign, with one consumer receiving a thousand malicious emails in below an hour.

“This quickly escalating marketing campaign poses a major menace to organizations,” the researchers write. “The menace group is focusing on lots of our clients throughout numerous sectors and geographies with alarming depth. The sheer quantity of exercise can be distinctive; in a single incident alone, we noticed roughly 1,000 emails bombarding a single consumer inside simply 50 minutes. As a consequence of commonalities in area creation and Cobalt Strike configurations, we attribute this exercise to Black Basta with excessive confidence.”

Just one worker must fall for a phishing assault for an attacker to realize entry to your community. New-school safety consciousness coaching can provide your group an important layer of protection in opposition to social engineering techniques.

KnowBe4 empowers your workforce to make smarter safety choices day-after-day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human danger.

Weblog submit with hyperlinks:
https://weblog.knowbe4.com/blackbasta-ransomware-gang-uses-new-social-engineering-tactics

Rip, Flip, and Revolutionize Your Phishing Defenses with PhishER Plus

Human error contributes to 68% of knowledge breaches, in response to Verizon’s 2024 Information Breach Investigations Report.

It is time to flip that statistic on its head and remodel your customers from vulnerabilities to cybersecurity belongings.

Meet KnowBe4’s PhishER Plus: The one SOAR electronic mail safety providing that mixes AI-driven safety with crowdsourced intelligence for unmatched electronic mail safety and incident administration.

On this demo, PhishER Plus will help you:

• Slash incident response instances by 90%+ by automating message prioritization
• Customise workflows and machine studying to your protocols
• Use crowdsourced intelligence from greater than 13 million customers to dam recognized threats
• Conducts real-world phishing simulations that hold safety top-of-mind for customers

Be part of us for a stay 30-minute demo of PhishER Plus, the #1 Chief within the G2 Grid Report for SOAR Software program, to see it in motion.

Date/Time: Wednesday, November 20, @ 2:00 PM (ET)

Save My Spot:
https://data.knowbe4.com/phisher-demo-2?partnerref=CHN

Attackers Abuse DocuSign to Ship Phony Invoices

Risk actors are abusing DocuSign’s API to ship phony invoices that seem “strikingly genuine,” in response to researchers at Wallarm.

“In contrast to conventional phishing scams that depend on deceptively crafted emails and malicious hyperlinks, these incidents use real DocuSign accounts and templates to impersonate respected corporations, catching customers and safety instruments off guard,” Wallarm says.

The menace actors arrange DocuSign accounts that enable them to create invoices for pretend purchases. They will then ship an electronic mail notification from the DocuSign platform.

“An attacker creates a reputable, paid DocuSign account that permits them to alter templates and use the API straight,” the researchers clarify. “The attacker employs a specifically crafted template mimicking requests to e-sign paperwork from well-known manufacturers, principally software program corporations; for instance, Norton Antivirus.

“These pretend invoices could include correct pricing for the merchandise to make them seem genuine, together with extra prices, like a $50 activation charge. Different situations embrace direct wire directions or buy orders.”

Notably, the menace actors have automated these phishing assaults utilizing DocuSign’s API, permitting them to mass-distribute the phony invoices.

“The longevity and breadth of the incidents reported in DocuSign’s neighborhood boards clearly show that these will not be one-off, guide assaults,” the researchers clarify. “In an effort to perform these assaults, the perpetrators should automate the method. DocuSign affords APIs for reputable automation, which might be abused for these malicious actions.”

Because the messages come from a reputable service, they are much extra more likely to bypass safety filters and idiot human customers. Whereas this marketing campaign abused DocuSign, the researchers word that attackers can use different e-signature and doc providers to launch these assaults as effectively.

“The exploitation of trusted platforms like DocuSign via their APIs marks a regarding evolution in cybercriminal methods,” Wallarm concludes. “By embedding fraudulent actions inside reputable providers, attackers improve their probabilities of success whereas making detection more difficult.

“Organizations should adapt by enhancing their safety protocols, prioritizing API safety, and fostering a tradition of vigilance.”

Weblog submit with hyperlinks:
https://weblog.knowbe4.com/attackers-abuse-docusign-to-send-phony-invoices

New Rent or Safety Risk? Be taught How one can Spot Them

Each new rent represents each a chance and a possible danger. Nevertheless, HR professionals typically do not anticipate dangerous actors to “apply” for a place, which makes them vulnerable to actual safety threats when hiring.

Are you outfitted to make sure your group’s security from the second a candidate applies?

This module is for HR professionals, IT professionals, hiring managers and others concerned within the recruitment and onboarding of staff. It options an in-depth interview with KnowBe4 workers who recount their real-life expertise in uncovering a foul actor working for a nation-state authorities, disguised as a “new rent” throughout his onboarding course of.

We element KnowBe4’s fast response to safe the community and consequent efforts to teach others on this tried assault and the way it was foiled.

By the top of this module, it is possible for you to to:

• Enhance organizational hiring safety practices
• Elevate consciousness about hiring-based safety threats
• Present sensible information for figuring out dangers

Get Your Free Coaching:
https://data.knowbe4.com/free-cybersecurity-tools/secure-hiring-and-onboarding-chn

Let’s keep protected on the market.

Heat regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: [Budget Ammo #1] Stu goes LIVE in INC. Magazine – “How one can Navigate the AI Minefield”:
https://www.inc.com/stu-sjouwerman/how-to-navigate-the-ai-minefield/90998714

PPS: [Budget Ammo #2] Clicker Beware: Understanding and stopping open redirect assaults:
https://www.scworld.com/perspective/clicker-beware-understanding-and-preventing-open-redirect-attacks

You’ll be able to learn CyberheistNews on-line at our Weblog
https://weblog.knowbe4.com/cyberheistnews-vol-14-46-eye-opener-attackers-dont-hack-they-log-in-can-you-stop-them

Attackers Abuse Eventbrite to Ship Phishing Emails

Attackers are abusing Eventbrite’s scheduling platform to ship phishing emails, in response to researchers at Notion Level. These assaults elevated by 900% between July and October 2024.

“Notion Level researchers noticed phishing emails delivered through ‘noreply@occasions.eventbrite[.]com,'” the researchers write.

“Regardless of being offered as reputable occasions created on the Eventbrite platform, attackers use these messages to impersonate recognized manufacturers like NLB, DHL, EnergyAustralia, and Qatar Put up.

“Every electronic mail urges the recipient to take motion: reset your PIN code; confirm your supply tackle; pay for an impressive invoice; pay for a package deal. These time-bound requests make use of a social engineering tactic menace actors use to immediate the goal to behave quick.”

The attackers arrange occasions in Eventbrite, after which ship invites with embedded phishing hyperlinks. The emails usually tend to bypass safety filters since they’re despatched from a reputable service.

“As soon as the goal clicks on the phishing hyperlink, they’re redirected to a phishing web page,” Notion Level says. “We discovered examples spoofing Qantas airline, Brobizz toll assortment, hosting platform One(.)com, European monetary establishment NLB, and plenty of extra.

“Designed to appear to be reputable web sites, targets are requested for private data, like their login credentials, tax identification numbers, telephone numbers, bank card particulars, and extra.”

The attacker can absolutely customise the looks of the e-mail to make it appear to be a convincing notification from the spoofed model.

“As soon as the attacker creates an occasion, they will then create emails from inside the Eventbrite platform to be despatched to attendees,” the researchers write. “These emails can embrace textual content, pictures, and hyperlinks, all of that are prime alternatives for attackers to smatter in malicious content material.

“The attacker then enters their record of targets (or ‘attendees’) and sends them the invite electronic mail. As soon as despatched, the goal receives an electronic mail from ‘noreply@occasions.eventbrite[.]com,’ containing all the malicious particulars the attacker included.”

Weblog submit with hyperlinks:
https://weblog.knowbe4.com/attackers-abuse-eventbrite-to-send-phishing-emails

New Model of the Rhadamanthys Malware Spreads By way of Phishing

Researchers at Verify Level are monitoring a “massive scale and complex phishing marketing campaign” that is spreading an upgraded model of the Rhadamanthys infostealer. The phishing emails inform recipients that they’ve dedicated copyright infringement on their Fb pages.

“This marketing campaign makes use of a copyright infringement theme to focus on varied areas, together with the US, Europe, East Asia, and South America,” the researchers write. “The marketing campaign impersonates dozens of corporations, whereas every electronic mail is shipped to a selected focused entity from a unique Gmail account, adapting the impersonated firm and the language per focused entity.

“Virtually 70% of the impersonated corporations are from Leisure /Media and Expertise/Software program sectors.” The emails have attachments that purportedly include particulars on the copyright infringement. These attachments redirect customers to Dropbox or Discord, the place they’re tricked into downloading a malicious archive.

The researchers imagine financially motivated cybercriminals are behind the assaults. The marketing campaign is opportunistically focusing on a variety of orgs, utilizing automated instruments to craft focused phishing emails.

“In contrast to nation-state actors, who sometimes goal high-value belongings resembling authorities businesses or important infrastructure, this marketing campaign shows no such selectivity,” Verify Level says. “As an alternative, it targets a various vary of organizations with no clear strategic connections, reinforcing the conclusion that monetary motives drive the attackers.

“The infrastructure used, resembling creating completely different Gmail accounts for every phishing try, signifies the doable use of automation instruments presumably powered by AI. This degree of operational effectivity, together with the indiscriminate focusing on of a number of areas and sectors, factors to a cybercrime group in search of to maximise monetary returns by casting a large internet.”

New-school safety consciousness coaching provides your group an important layer of protection in opposition to social engineering assaults. KnowBe4 empowers your workforce to make smarter safety choices day-after-day. Over 70,000 orgs worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human danger.

Verify Level has the story:
https://analysis.checkpoint.com/2024/massive-phishing-campaign-deploys-latest-rhadamanthys-version/

Hood School Buyer Case Examine

We’re happy to supply a lately printed case examine that includes an training sector buyer referred to as Hood School. Along with being one of many first clients to include KnowBe4 Pupil Version, listed below are some successes the client noticed via working with us:

• Improved safety consciousness throughout greater than 2,500 workers and college students
• Trainings are driving a discount in clicks throughout phishing campaigns, shifting from 12% towards purpose of 6%
• Greater than 200 suspicious emails reported through the Phish Alert Button each month
• 40% of scholars have accomplished KnowBe4 Pupil Version coaching, giving it a ranking of three.5 – 4.5 stars
• Discount in effort and time spent by IT division investigating doable phishing emails

Get direct entry to this case examine right here:
https://www.knowbe4.com/hubfs/KSAT-Schooling-Hood-School-CS-en_US.pdf

What KnowBe4 Clients Say

“Stu, first, I hope you, your loved ones, and operations are all protected and recovering from the horrific hurricanes we skilled final month. Simply following up, we have been in a position to attain Egress yesterday and can be switching over from Darktrace to Egress in December for our residential and title operations.

Additionally, can be attempting to increase our present KnowBe4 from our title operations to our residential operations workers and presumably brokers as effectively at the moment, we’re tremendous excited to begin our relationship with Egress and develop our already nice relationship with KnowBe4.”

– T.S., Director of Data Expertise

“Hello Stu, we now have discovered KB4 very helpful in our consciousness coaching initiatives. We’re additionally a reseller and our clients are thrilled with it. Thanks to your electronic mail. Meaning rather a lot.

– Okay.T., Account Govt