Practically 80% of Knowledge Breaches Contain Phishing and the Misuse of Credentials

Verizon: Practically 80% of Knowledge Breaches Contain Phishing and the Misuse of Credentials

Progressive evaluation of knowledge breaches exhibits which assault vectors are getting used and the way they’re enabled, highlighting the roles phishing and credentials play.

With the discharge of the brand new 2024 Verizon Knowledge Breach Investigations Report, we dug into the findings to proceed our protection of necessary cybersecurity points, particularly knowledge breaches and phishing.

The report provides recent insights and views, that are crucial to understanding the evolving panorama of cyber threats.

Historically, we have seen this report speak about motion varieties with phishing for example, and particular assault vectors (e.g., net purposes), however this newest report takes issues a step additional and combines them to supply InfoSec professionals with a brand new perspective on the place the true issues lie with assaults that result in knowledge breaches.

As you may see from the desk within the weblog publish, credentials and phishing are current in three of the highest 4 assault combos.

The mix of credentials and net purposes within the prime spot aligns with the expansion and evolution we have seen within the “credential cyber-economy” of late, the place credentials are obtained utilizing impersonated model login pages after which offered on the darkish net. In line with the report, credentials are compromised in 71% of net software assaults.

Phishing entails e-mail, however it’s fascinating to see it take second place, when the highest preliminary assault vector for credential harvesting assaults is definitely phishing (which means behind the highest entry is a string of phishing assaults that enabled that assault mixture).

Leaping all the way down to fourth and fifth spot, we see that credentials proceed to play a job in assault vectors involving desktop sharing software program and VPNs.

In complete, we see credentials and phishing concerned in practically 80% of knowledge breaches, making the mix of e-mail, social engineering and your customers probably the most crucial facet of your cybersecurity technique.

A mixture of layered safety options and new-school safety consciousness coaching is what’s wanted to shore up the insecurity demonstrated by the overwhelming proof supplied in Verizon’s newest report.

KnowBe4 empowers your workforce to make smarter safety selections daily. Over 65,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human danger.

Weblog publish with hyperlinks and graphics:
https://weblog.knowbe4.com/verizon-nearly-80-of-data-breaches-involve-phishing-and-misuse-of-credentials

Actuality Hijacked: Deepfakes, GenAI, and the Emergent Menace of Artificial Media

“Actuality Hijacked” is not only a title — it is a wake-up name. The arrival and acceleration of GenAI is redefining our relationship with “actuality” and difficult our grip on the reality. Our world is beneath assault by artificial media.

We have entered a brand new period of ease for digital deceptions: from scams to digital kidnappings to mind-bending mass disinformation. Expertise the unnerving energy of AI that blurs the strains between reality and fiction.

Be a part of us for this webinar the place Perry Carpenter, Chief Evangelist and Technique Officer at KnowBe4, cuts by the noise, spotlighting how these digital illusions are simply weaponized.

Prepare for a demo-driven journey — a no-holds-barred have a look at AI’s darkish artistry. See the unseen. Hear the unheard. Query every little thing.

• Crack the code: Find out how GenAI and deepfakes tick
• Have interaction with the attainable: See how straightforward it’s to make use of consumer-grade instruments to create weapons-grade deceptions
• See the long run: Grasp the true danger to you, society and belief itself
• Combat again with information: Arm your self with the most recent detection and perceive why safety consciousness coaching may also help construct your group’s defenses

That is your actuality examine. Are you able to belief what you see and listen to? Be a part of us and discover out, and earn CPE credit score for attending!

Date/Time: TOMORROW, Wednesday, Could 15 @ 2:00 PM (ET)

Cannot attend stay? No worries — register now and you’ll obtain a hyperlink to view the presentation on-demand afterwards.

Save My Spot:
https://data.knowbe4.com/reality-hijacked?partnerref=CHN2

[Must Read] How Boeing Battled a Whopping $200M Ransomware Demand

Boeing just lately confirmed that in October 2023, it fell sufferer to an assault by the LockBit ransomware gang, which disrupted a few of its elements and distribution operations. The attackers demanded a whopping $200 million to not launch the information they’d exfiltrated.

On Wednesday, Boeing admitted it was the corporate described because the “multinational aeronautical and protection company headquartered in Virginia” in a just lately unsealed U.S. Division of Justice indictment. This indictment revealed the id of the LockBitSupp administrator.

The indictment accused Dmitry Yuryevich Khoroshev (image at weblog) of being the first administrator and developer of the LockBit ransomware, as a part of a world crackdown involving sanctions from the U.S., U.Ok. and Australia.

[CONTINUED] Weblog publish with hyperlinks:
https://weblog.knowbe4.com/must-read-how-boeing-battled-a-whopping-200m-ransomware-demand

RIP Malicious Emails With KnowBe4’s PhishER Plus

RIP malicious emails out of your customers’ mailbox with KnowBe4’s PhishER Plus!

It is time to supercharge your phishing defenses utilizing these two highly effective options:

1) Robotically blocking malicious emails that your filters miss
2) With the ability to RIP malicious emails earlier than your customers click on on them

With PhishER Plus you may:

• Use crowdsourced intelligence from greater than 13 million customers to dam recognized threats earlier than you are even conscious of them
• Robotically isolate and “rip” malicious emails out of your customers’ inboxes which have bypassed mail filters
• Simplify your workflow by analyzing hyperlinks and attachments from a single console with the CrowdStrike Falcon Sandbox integration
• Leverage the experience of the KnowBe4 Menace Analysis Lab to research tens of hundreds of malicious emails reported by customers across the globe per day
• Automate message prioritization by guidelines you set and lower by your incident response inbox noise to reply to probably the most harmful threats shortly

Be a part of us for a stay 30-minute demo of PhishER Plus, the #1 Chief within the G2 Grid Report for SOAR Software program, to see it in motion.

Date/Time: Wednesday, Could 22, @ 2:00 PM (ET)

Save My Spot:
https://data.knowbe4.com/phisher-demo-2?partnerref=CHN

Defending Your Digital Footprint: The Risks of Sharing Too A lot on Social Media

For most people, social media has grow to be integral to their every day lives in as we speak’s hyperconnected world. They use platforms like Fb, Twitter and Instagram to share their ideas, experiences and private moments with family and friends.

Being on-line has even grow to be a enterprise for content material creators, who share their insights and ideas of their every day lives, from “Getting Prepared With Me” (GRWM) to recording video traits of leaping over your digital camera to the seashore or the most recent dance craze.

Nonetheless, it’s essential to concentrate on the potential risks of oversharing private data on-line, as cybercriminals can exploit this data to stalk people the place they stay or work.

The Rise of Cyberstalking

Cyberstalking is one other unlucky actuality in as we speak’s digital panorama. With the huge quantity of on-line private data, cybercriminals can shortly collect knowledge about their victims, enabling them to harass, intimidate and even hurt people.

Social media platforms present a treasure trove of data, together with your location, private relationships, pursuits and every day routines. If accessed by malicious actors, this data can be utilized to invade one’s privateness and probably compromise their security.

The Risks of Oversharing

Whereas bringing numerous advantages, this digital age additionally introduces vital dangers, akin to id theft. As Rachel Tobac demonstrated at this 12 months’s KB4-CON, she decided and verified her goal Perry Carpenter’s private cellphone and e-mail deal with.

You possibly can see Rachel’s Keynote on demand right here on the KB4-CON web site:
https://www.knowbe4.com/kb4-con

[CONTINUED] Weblog publish with hyperlinks:
https://weblog.knowbe4.com/protecting-your-digital-footprint

[Free Phish Alert Button] Give Your Staff a Secure Technique to Report Phishing Assaults with One Click on!

Do your customers know what to do once they obtain a suspicious e-mail?

Ought to they name the assistance desk or ahead it? Ought to they ahead to IT together with all headers? Delete and never report it, forfeiting a attainable early warning?

KnowBe4’s Phish Alert add-in button provides your customers a secure option to ahead e-mail threats to the safety group for evaluation and deletes the e-mail from the consumer’s inbox to stop future publicity. All with only one click on! And now, the Phish Alert add-in button helps Outlook Cell!

Phish Alert Button Advantages:

• Reinforces your group’s safety tradition
• Customers can report suspicious emails with only one click on
• Your Incident Response group will get early phishing alerts from customers, making a community of “sensors”
• E-mail is deleted from the consumer’s inbox to stop future publicity
• Straightforward deployment through MSI file for Outlook and GSuite deployment for Gmail (Chrome)

Get the Phish Alert Button Now:
https://data.knowbe4.com/free-phish-alert-chn

Again to the Hype: An Replace on How Cybercriminals Are Utilizing GenAI

Vincenzo Ciancaglini and David Sancho at Development Micro got here up with a great brief abstract of the place that is at:

“In August 2023, we printed an article detailing how criminals had been utilizing or planning to make use of generative AI (GenAI) capabilities to assist develop, unfold, and enhance their assaults. Given the fast-paced nature of AI evolution, we determined to circle again and see if there have been developments value sharing since then. Eight months may appear brief, however within the fast-growing world of AI, this era is an eternity.

“In comparison with eight months in the past, our conclusions haven’t modified: Whereas criminals are nonetheless benefiting from the chances that ChatGPT and different LLMs supply, we stay skeptical of the superior AI-powered malware situations that a number of media shops appeared to dread again then. We wish to discover the matter additional and decide aside the small print that make this an interesting subject.

“We additionally wish to deal with pertinent questions on the matter. Have there been any new legal LLMs past these reported final 12 months? Are criminals providing ChatGPT-like capabilities in hacking software program? How are deepfakes being provided on legal websites?”

Key Takeaways

• Adoption charges of AI applied sciences amongst criminals lag behind the charges of their business counterparts due to the evolving nature of cybercrime
• In comparison with final 12 months, criminals appear to have deserted any try at coaching actual legal giant language fashions (LLMs). As an alternative, they’re jailbreaking present ones
• We’re lastly seeing the emergence of precise legal deepfake providers, with some bypassing consumer verification utilized in monetary providers

Hyperlink with full article at:
https://www.trendmicro.com/vinfo/us/safety/information/cybercrime-and-digital-threats/back-to-the-hype-an-update-on-how-cybercriminals-are-using-genai

Word although {that a} Russia-aligned data operation makes use of generative AI to switch legit articles. Recorded Future’s Insikt Group describes a Russia linked affect community dubbed “CopyCop” that is utilizing generative AI instruments to switch content material from legit mainstream media sources, inserting bias that aligns with Russian authorities views.

The researchers clarify, “CopyCop web sites focus their consideration on US, UK, and French home information, politics, crime, and different nationally trending tales, along with masking the battle in Ukraine from a pro-Russian perspective and the Israel-Hamas battle from a perspective that’s crucial of Israeli navy operations in Gaza.”

[RELATED LINKS]

Russia-Linked CopyCop Makes use of LLMs to Weaponize Affect Content material at Scale:
https://www.recordedfuture.com/russia-linked-copycop-uses-llms-to-weaponize-influence-content-at-scale

[Breaking] The Information Is More and more Damaged. Surge Of Inaccurate AI Information Tales:
https://weblog.knowbe4.com/breaking-the-news-is-increasingly-broken.-surge-of-inaccurate-ai-news-stories

Let’s keep secure on the market.

Heat Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: RSA Video Interview #1 Stu Sjouwerman, CEO, KnowBe4 & Tony Pepper, CEO, Egress, be part of theCUBE host Dave Vellante:
https://www.youtube.com/watch?v=siGwUq0fdyM

PPS: RSA Video Interview #2 – BankInfo Safety: “Inside KnowBe4’s Acquisition of Egress”:
https://www.bankinfosecurity.eu/inside-knowbe4s-acquisition-egress-a-25072

You possibly can learn CyberheistNews on-line at our Weblog
https://weblog.knowbe4.com/cyberheistnews-vol-14-20-verizon-nearly-80-percent-of-data-breaches-involve-phishing-and-the-misuse-of-credentials

Credential-Harvesting Marketing campaign Impersonates Vogue Retailer Shein

A phishing marketing campaign is impersonating vogue retailer Shein in an try to steal customers’ credentials, in keeping with researchers at Examine Level. “The e-mail arrives with a tempting topic line: ‘Order Verification SHEIN’ — claiming to be from Shein customer support,” the researchers clarify.

“However a more in-depth look reveals a pink flag — the sender’s e-mail deal with does not match Shein’s official one. The e-mail excitedly publicizes you’ve got obtained a thriller field from Shein. Nonetheless, the included hyperlink will not carry you a shock present; it results in a faux web site designed to steal your private data (a credential harvesting web site).

“This phishing try is kind of clear. It preys in your pleasure by claiming you’ve got received a prize and makes use of the trusted model identify ‘Shein’ to achieve your belief. Nonetheless, a vigilant consumer can simply spot the rip-off: examine the sender’s e-mail deal with (it should not be random letters) and confirm that any hyperlinks result in legit Shein webpages.”

Examine Level notes that scammers will be anticipated to impersonate any well-liked model, and observant customers can acknowledge pink flags related to phishing.

“Similar to different phishing makes an attempt, scammers are attempting to capitalize on well-liked manufacturers and present traits to trick you,” the researchers write. “This time, they’re utilizing Shein. There are a number of pink flags that this e-mail is not legit. First, there is a sturdy sense of urgency surrounding the ‘thriller field’ supply, which is designed to create pleasure and strain you into clicking.

“One other clue? The e-mail deal with itself is a jumble of random letters, not a recognizable Shein deal with. You will not discover any Shein branding or logos within the e-mail both. Lastly, the hyperlink within the e-mail will not take you to an official Shein webpage, however to a fraudulent web site designed to steal your data.”

Examine Level provides the next suggestions to assist customers keep away from falling for phishing assaults:

• Be sure to do not click on on hyperlinks from web sites whose deal with is not the official one and examine the e-mail’s supply
• Examine the deal with of the web site and the sender’s identify for spelling and punctuation errors on web sites that look actual
• Guarantee the e-mail is freed from spelling errors. Take note of the language within the e-mail: are you anticipating to be addressed on this language by your delivery firm?

KnowBe4 empowers your workforce to make smarter safety selections daily. Over 65,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human danger.

Weblog publish with hyperlinks. Share along with your customers:
https://weblog.knowbe4.com/credential-harvesting-campaign-impersonates-shein

Phishing Reviews in Switzerland Extra Than Doubled Final 12 months

Switzerland’s Nationwide Cyber Safety Centre (NCSC) obtained greater than 30,000 reviews of cyber incidents within the second half of 2023, greater than double the quantity obtained within the second half of 2022.

The NCSC mentioned in a press launch, “This enhance is principally all the way down to job supply scams and calls from fraudsters claiming to be law enforcement officials. Fraud makes an attempt had been among the many most incessantly reported incidents, with the ‘CEO’ and ‘bill manipulation’ scams being notably commonplace.”

The variety of reported phishing assaults additionally greater than doubled final 12 months.

“5536 phishing reviews had been obtained, greater than twice as many as in the identical interval final 12 months (2179 reviews),” the NCSC says. “What is named ‘chain phishing’ is especially value mentioning: phishers hack e-mail inboxes after which ship emails to all of the addresses saved within the mailbox.

“Because the sender is prone to be recognized to the recipients, there’s a excessive chance that they may fall for the rip-off and reply to the phishing mail. The phished e-mail accounts are then used to jot down as soon as once more to all of the contacts they maintain.”

The Centre additionally noticed a rise in assaults assisted by AI instruments. Whereas the variety of these assaults remains to be low, the NCSC expects these strategies to extend sooner or later.

“There was additionally a rise in reviews of tried fraud involving the usage of AI,” the NCSC says. “Cyber criminals use AI-generated pictures for sextortion makes an attempt, to faux to be celebrities on the telephone, or to perpetrate funding fraud. Though the variety of reviews of such incidents remains to be comparatively low, the NCSC believes that these are the primary makes an attempt by cyber criminals to discover how AI may be used for future cyberattacks.”

Weblog publish with hyperlinks:
https://weblog.knowbe4.com/phishing-reports-in-switzerland-more-than-doubled-last-year

What KnowBe4 Clients Say

“Hello Stu, thanks for personally checking in on our expertise along with your coaching and phishing service. I am completely happy to report that we’re certainly glad with the outcomes. Your service has been instrumental in enhancing our cybersecurity consciousness and preparedness. We look ahead to persevering with our partnership with you.”

– N.V., Chief Expertise Officer

“Sure, the answer is bearing fruit, customers are actually involved by this topic. We began with a phishing check part to establish the degrees of coaching crucial in keeping with the teams, we’ll implement the coaching packages shortly. Don’t hesitate to contact me if you happen to want to go to us. I want to add that we’re delighted with the connection with the KB4 groups and specifically with Dominic H.”

– V.J., Responsable Providers Cloud & vDSI

“Thanks to your e-mail, Stu. My apologies for not replying sooner — I used to be truly ensuring this wasn’t a rip-off! So, as you may see, your KnowBe4 is making us all suppose first earlier than opening and responding to any emails we’re not positive of.

“We selected your system because it was preferable to sitting in a one-off coaching session for hours — and I do know from expertise that almost all of our workers do not absorb a lot after 20-30 minutes in a coaching session. KnowBe4, nevertheless, has sparked plenty of dialogue across the workplace, so I’m pondering it has been successful for us to this point.”

– H.M., Accounts Supervisor