CyberheistNews Vol 14 #46 [Eye Opener] Attackers Do not Hack, They Log In. Can You Cease Them?

[Eye Opener] Attackers Do not Hack, They Log In. Can You Cease Them?

The newest development in cybercrime is that attackers do not actually concentrate on “hacking” in; they’re logging in.

We see this now within the wild, pushed by organized prison teams like Scattered Spider and BlackCat, who’ve re-emerged with a renewed concentrate on gaining entry via authentic means, usually exploiting assist desks and social engineering ways.

Their methods usually depend on social engineering assist desk workers into resetting credentials or bypassing multi-factor authentication (MFA), reaching entry with out breaking in. These attackers intention for the best path to your community, leveraging stolen credentials from info-stealers or posing as authentic customers to realize entry.

A current case reported by ReliaQuest underscores this tactic. Scattered Spider used social engineering to trick a assist desk, resulting in a six-hour assault that led to system encryption. The attackers even used Microsoft Groups to demand a ransom — exhibiting a brand new degree of boldness and ingenuity in fashionable cyber assaults.

As menace analyst Hayden Evans explains, “Attackers do not hack in; they log in.” His recommendation is evident: organizations should implement stringent assist desk insurance policies and guarantee MFA configurations can stand up to social engineering tips.

To guard your community, work laborious on enhancing worker coaching, monitoring for suspicious exercise and reinforcing assist desk protocols. These measures construct resilience towards as we speak’s superior menace actors who bypass conventional safety measures by merely logging in.

Weblog submit with hyperlinks:
https://weblog.knowbe4.com/eye-opener-attackers-dont-hack-they-log-in.-can-you-stop-them

Recon 2.0: AI-Pushed OSINT within the Arms of Cybercriminals

Cybercriminals are utilizing synthetic intelligence (AI) and generative AI in open supply intelligence (OSINT) actions to focus on your group with supercharged reconnaissance efforts.

With AI-driven methods, they will collect, analyze and exploit publicly accessible knowledge to create extremely focused and convincing social engineering schemes, phishing campaigns and different types of cyber assaults.

Be part of James McQuiggan, Safety Consciousness Advocate at KnowBe4, as he explores how attackers use AI and OSINT to rapidly establish and prioritize targets. Discover ways to develop strong cybersecurity methods to counter AI-enhanced threats.

Utilizing unique demos and real-world examples, you may:

• Achieve insights into how AI and generative AI amplify OSINT-driven reconnaissance
• Perceive how attackers use AI to reinforce knowledge aggregation, profile technology and goal prioritization to focus on your group
• Uncover the implications of AI-driven OSINT and methods for menace detection and mitigation
• Study why a robust safety tradition continues to be your greatest line of protection

Register now to discover ways to detect and mitigate AI-enhanced OSINT threats.

Date/Time: TOMORROW, Wednesday, November 13, @ 2:00 PM (ET)

Cannot attend stay? No worries — register now and you’ll obtain a hyperlink to view the presentation on-demand afterwards.

Save My Spot:
https://information.knowbe4.com/ai-driven-osint?partnerref=CHN2

BlackBasta Ransomware Gang Makes use of New Social Engineering Ways To Goal Company Networks

ReliaQuest has warned that the BlackBasta ransomware gang is utilizing new social engineering ways to acquire preliminary entry inside company networks.

The menace actor begins by sending mass electronic mail spam campaigns concentrating on staff, then including individuals who fall for the emails to Microsoft Groups chats with exterior customers.

These exterior customers pose as IT help or assist desk workers and ship staff Microsoft Groups messages containing malicious QR codes. In some instances, the attackers used voice phishing (vishing) cellphone calls to persuade customers to put in distant administration software program.

“The underlying motivation is more likely to lay the groundwork for follow-up social engineering methods, persuade customers to obtain distant monitoring and administration (RMM) instruments, and achieve preliminary entry to the focused surroundings,” the researchers write. “Finally, the attackers’ finish objective in these incidents is nearly actually the deployment of ransomware.”

ReliaQuest emphasizes the huge scale of the marketing campaign, with one consumer receiving a thousand malicious emails in beneath an hour.

“This quickly escalating marketing campaign poses a big menace to organizations,” the researchers write. “The menace group is concentrating on lots of our prospects throughout various sectors and geographies with alarming depth. The sheer quantity of exercise can be distinctive; in a single incident alone, we noticed roughly 1,000 emails bombarding a single consumer inside simply 50 minutes. As a result of commonalities in area creation and Cobalt Strike configurations, we attribute this exercise to Black Basta with excessive confidence.”

Just one worker must fall for a phishing assault for an attacker to realize entry to your community. New-school safety consciousness coaching may give your group a vital layer of protection towards social engineering ways.

KnowBe4 empowers your workforce to make smarter safety choices each day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human danger.

Weblog submit with hyperlinks:
https://weblog.knowbe4.com/blackbasta-ransomware-gang-uses-new-social-engineering-tactics

Rip, Flip, and Revolutionize Your Phishing Defenses with PhishER Plus

Human error contributes to 68% of knowledge breaches, in keeping with Verizon’s 2024 Knowledge Breach Investigations Report.

It is time to flip that statistic on its head and rework your customers from vulnerabilities to cybersecurity property.

Meet KnowBe4’s PhishER Plus: The one SOAR electronic mail safety providing that mixes AI-driven safety with crowdsourced intelligence for unmatched electronic mail safety and incident administration.

On this demo, PhishER Plus might help you:

• Slash incident response instances by 90%+ by automating message prioritization
• Customise workflows and machine studying to your protocols
• Use crowdsourced intelligence from greater than 13 million customers to dam identified threats
• Conducts real-world phishing simulations that hold safety top-of-mind for customers

Be part of us for a stay 30-minute demo of PhishER Plus, the #1 Chief within the G2 Grid Report for SOAR Software program, to see it in motion.

Date/Time: Wednesday, November 20, @ 2:00 PM (ET)

Save My Spot:
https://information.knowbe4.com/phisher-demo-2?partnerref=CHN

Attackers Abuse DocuSign to Ship Phony Invoices

Menace actors are abusing DocuSign’s API to ship phony invoices that seem “strikingly genuine,” in keeping with researchers at Wallarm.

“In contrast to conventional phishing scams that depend on deceptively crafted emails and malicious hyperlinks, these incidents use real DocuSign accounts and templates to impersonate respected corporations, catching customers and safety instruments off guard,” Wallarm says.

The menace actors arrange DocuSign accounts that permit them to create invoices for faux purchases. They’ll then ship an electronic mail notification from the DocuSign platform.

“An attacker creates a authentic, paid DocuSign account that permits them to alter templates and use the API straight,” the researchers clarify. “The attacker employs a specifically crafted template mimicking requests to e-sign paperwork from well-known manufacturers, principally software program corporations; for instance, Norton Antivirus.

“These faux invoices might comprise correct pricing for the merchandise to make them seem genuine, together with further costs, like a $50 activation price. Different eventualities embrace direct wire directions or buy orders.”

Notably, the menace actors have automated these phishing assaults utilizing DocuSign’s API, permitting them to mass-distribute the phony invoices.

“The longevity and breadth of the incidents reported in DocuSign’s group boards clearly display that these will not be one-off, handbook assaults,” the researchers clarify. “With a purpose to perform these assaults, the perpetrators should automate the method. DocuSign gives APIs for authentic automation, which might be abused for these malicious actions.”

Because the messages come from a authentic service, they are much extra more likely to bypass safety filters and idiot human customers. Whereas this marketing campaign abused DocuSign, the researchers word that attackers can use different e-signature and doc companies to launch these assaults as properly.

“The exploitation of trusted platforms like DocuSign via their APIs marks a regarding evolution in cybercriminal methods,” Wallarm concludes. “By embedding fraudulent actions inside authentic companies, attackers enhance their probabilities of success whereas making detection tougher.

“Organizations should adapt by enhancing their safety protocols, prioritizing API safety, and fostering a tradition of vigilance.”

Weblog submit with hyperlinks:
https://weblog.knowbe4.com/attackers-abuse-docusign-to-send-phony-invoices

New Rent or Safety Menace? Study Methods to Spot Them

Each new rent represents each a possibility and a possible danger. Nevertheless, HR professionals usually do not count on unhealthy actors to “apply” for a place, which makes them vulnerable to actual safety threats when hiring.

Are you outfitted to make sure your group’s security from the second a candidate applies?

This module is for HR professionals, IT professionals, hiring managers and others concerned within the recruitment and onboarding of staff. It options an in-depth interview with KnowBe4 workers who recount their real-life expertise in uncovering a nasty actor working for a nation-state authorities, disguised as a “new rent” throughout his onboarding course of.

We element KnowBe4’s fast response to safe the community and consequent efforts to coach others on this tried assault and the way it was foiled.

By the top of this module, it is possible for you to to:

• Enhance organizational hiring safety practices
• Elevate consciousness about hiring-based safety threats
• Present sensible data for figuring out dangers

Get Your Free Coaching:
https://information.knowbe4.com/free-cybersecurity-tools/secure-hiring-and-onboarding-chn

Let’s keep protected on the market.

Heat regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: [Budget Ammo #1] Stu goes LIVE in INC. Magazine – “Methods to Navigate the AI Minefield”:
https://www.inc.com/stu-sjouwerman/how-to-navigate-the-ai-minefield/90998714

PPS: [Budget Ammo #2] Clicker Beware: Understanding and stopping open redirect assaults:
https://www.scworld.com/perspective/clicker-beware-understanding-and-preventing-open-redirect-attacks

You’ll be able to learn CyberheistNews on-line at our Weblog
https://weblog.knowbe4.com/cyberheistnews-vol-14-46-eye-opener-attackers-dont-hack-they-log-in-can-you-stop-them

Attackers Abuse Eventbrite to Ship Phishing Emails

Attackers are abusing Eventbrite’s scheduling platform to ship phishing emails, in keeping with researchers at Notion Level. These assaults elevated by 900% between July and October 2024.

“Notion Level researchers noticed phishing emails delivered by way of ‘noreply@occasions.eventbrite[.]com,'” the researchers write.

“Regardless of being introduced as authentic occasions created on the Eventbrite platform, attackers use these messages to impersonate identified manufacturers like NLB, DHL, EnergyAustralia, and Qatar Put up.

“Every electronic mail urges the recipient to take motion: reset your PIN code; confirm your supply deal with; pay for an excellent invoice; pay for a bundle. These time-bound requests make use of a social engineering tactic menace actors use to immediate the goal to behave quick.”

The attackers arrange occasions in Eventbrite, after which ship invites with embedded phishing hyperlinks. The emails usually tend to bypass safety filters since they’re despatched from a authentic service.

“As soon as the goal clicks on the phishing hyperlink, they’re redirected to a phishing web page,” Notion Level says. “We discovered examples spoofing Qantas airline, Brobizz toll assortment, webhosting platform One(.)com, European monetary establishment NLB, and plenty of extra.

“Designed to seem like authentic web sites, targets are requested for private information, like their login credentials, tax identification numbers, cellphone numbers, bank card particulars, and extra.”

The attacker can totally customise the looks of the e-mail to make it seem like a convincing notification from the spoofed model.

“As soon as the attacker creates an occasion, they will then create emails from inside the Eventbrite platform to be despatched to attendees,” the researchers write. “These emails can embrace textual content, photos, and hyperlinks, all of that are prime alternatives for attackers to smatter in malicious content material.

“The attacker then enters their listing of targets (or ‘attendees’) and sends them the invite electronic mail. As soon as despatched, the goal receives an electronic mail from ‘noreply@occasions.eventbrite[.]com,’ containing all the malicious particulars the attacker included.”

Weblog submit with hyperlinks:
https://weblog.knowbe4.com/attackers-abuse-eventbrite-to-send-phishing-emails

New Model of the Rhadamanthys Malware Spreads Through Phishing

Researchers at Examine Level are monitoring a “giant scale and complicated phishing marketing campaign” that is spreading an upgraded model of the Rhadamanthys infostealer. The phishing emails inform recipients that they’ve dedicated copyright infringement on their Fb pages.

“This marketing campaign makes use of a copyright infringement theme to focus on varied areas, together with america, Europe, East Asia, and South America,” the researchers write. “The marketing campaign impersonates dozens of corporations, whereas every electronic mail is distributed to a particular focused entity from a distinct Gmail account, adapting the impersonated firm and the language per focused entity.

“Nearly 70% of the impersonated corporations are from Leisure /Media and Know-how/Software program sectors.” The emails have attachments that purportedly comprise particulars on the copyright infringement. These attachments redirect customers to Dropbox or Discord, the place they’re tricked into downloading a malicious archive.

The researchers imagine financially motivated cybercriminals are behind the assaults. The marketing campaign is opportunistically concentrating on a variety of orgs, utilizing automated instruments to craft focused phishing emails.

“In contrast to nation-state actors, who usually goal high-value property corresponding to authorities companies or essential infrastructure, this marketing campaign shows no such selectivity,” Examine Level says. “As a substitute, it targets a various vary of organizations with no clear strategic connections, reinforcing the conclusion that monetary motives drive the attackers.

“The infrastructure used, corresponding to creating completely different Gmail accounts for every phishing try, signifies the potential use of automation instruments presumably powered by AI. This degree of operational effectivity, together with the indiscriminate concentrating on of a number of areas and sectors, factors to a cybercrime group in search of to maximise monetary returns by casting a large web.”

New-school safety consciousness coaching offers your group a vital layer of protection towards social engineering assaults. KnowBe4 empowers your workforce to make smarter safety choices each day. Over 70,000 orgs worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human danger.

Examine Level has the story:
https://analysis.checkpoint.com/2024/massive-phishing-campaign-deploys-latest-rhadamanthys-version/

Hood School Buyer Case Research

We’re happy to offer a just lately printed case research that includes an training sector buyer referred to as Hood School. Along with being one of many first prospects to include KnowBe4 Pupil Version, listed here are some successes the client noticed via working with us:

• Improved safety consciousness throughout greater than 2,500 workers and college students
• Trainings are driving a discount in clicks throughout phishing campaigns, shifting from 12% towards objective of 6%
• Greater than 200 suspicious emails reported by way of the Phish Alert Button each month
• 40% of scholars have accomplished KnowBe4 Pupil Version coaching, giving it a score of three.5 – 4.5 stars
• Discount in effort and time spent by IT division investigating potential phishing emails

Get direct entry to this case research right here:
https://www.knowbe4.com/hubfs/KSAT-Training-Hood-School-CS-en_US.pdf

What KnowBe4 Clients Say

“Stu, first, I hope you, your loved ones, and operations are all protected and recovering from the horrific hurricanes we skilled final month. Simply following up, we have been capable of attain Egress yesterday and will probably be switching over from Darktrace to Egress in December for our residential and title operations.

Additionally, will probably be attempting to broaden our present KnowBe4 from our title operations to our residential operations workers and presumably brokers as properly at the moment, we’re tremendous excited to begin our relationship with Egress and develop our already nice relationship with KnowBe4.”

– T.S., Director of Data Know-how

“Hello Stu, we have now discovered KB4 very helpful in our consciousness coaching initiatives. We’re additionally a reseller and our prospects are thrilled with it. Thanks to your electronic mail. Which means loads.

– Okay.T., Account Govt