[Heads Up] 245% Enhance in SVG Information Used to Obfuscate Phishing Payloads

The KnowBe4 Risk Analysis workforce has noticed a sustained improve in using Scalable Vector Graphics (SVG) information to obfuscate malicious payloads.

SVGs are vector based mostly, quite than pixel-based like PNGs and JPGs. This implies the graphic parts may be scaled up with out lack of high quality — making them excellent for sharing graphics, reminiscent of logos and icons, through e-mail.

In a now well-established sample (suppose QR codes and quishing assaults), cybercriminals are trying to make the most of the rising use of this file kind, hoping familiarity will result in complacency within the targets of their phishing assaults.

As we’ll additionally focus on later, SVG information supply technical benefits to cybercriminals seeking to evade conventional e-mail safety filters. Our Risk Analysis workforce analyzed phishing emails despatched between January 1 and March 5, 2025, discovering that SVG information accounted for six.6% of malicious attachments in phishing emails detected by KnowBe4 Defend, a number one Built-in Cloud E-mail Safety product for M365.

It is a 245% improve when in comparison with assaults despatched between October 1 and December 31, 2024, throughout which period SVGs made up just one.9%. The most important spike to this point occurred on March 4, with SVGs accounting for 29.5% of all malicious attachments.

Weblog put up with hyperlinks, graphs, screenshots and technical background:
https://weblog.knowbe4.com/245-increase-in-svg-files-used-to-obfuscate-phishing-payloads

Constructing Your Most Strong Protection In opposition to Superior Phishing Assaults

Subtle phishing assaults are bypassing conventional defenses, placing your customers at unprecedented threat. With 68% of information breaches involving a human component, you want a multi-layered strategy that goes past SEGs.

Remodel your workers from vulnerabilities into energetic cybersecurity property whereas strengthening your e-mail safety.

Be a part of us for a reside demo showcasing how KnowBe4 Defend and PhishER work collectively. Get essentially the most sturdy protection towards superior phishing assaults whereas streamlining your incident response course of.

See how KnowBe4 Defend and PhishER may help you:

• Detect and forestall superior phishing assaults, together with Enterprise E-mail Compromise, earlier than they attain your customers’ inboxes
• Quickly determine, reply to and remediate threats that bypass your different defenses
• Scale back the burden in your IT and safety groups by clever automation
• Constantly educate and interact your customers in safety greatest practices
• Acquire complete visibility into email-based dangers and consumer habits distinctive to your group

Faucet into the facility of proactive risk detection and environment friendly incident response to construct your most sturdy e-mail safety infrastructure but.

Date/Time: TOMORROW, Wednesday, March 19 @ 2:00 PM (ET)

Save My Spot:
https://data.knowbe4.com/phisher-defend-demo?partnerref=CHN2

Make Your Actual Emails Much less Phishy

By Roger Grimes

I occasionally get emails from clients who’re annoyed as a result of their employer despatched out some authentic mass e-mail to all workers that sadly had all of the hallmarks of a malicious phishing assault.

Everybody will get labored up about it, and a big share of individuals report it as a potential phishing assault. And it isn’t. It’s simply irritating.

Sound acquainted?

Be aware: Out of all of the cybersecurity issues you may have, this isn’t a nasty one; folks reporting “phishy” issues is healthier than folks clicking on actual phishing hyperlinks.

However it’s nonetheless irritating. Everybody who sends emails or any communications message ought to try to make them appear much less phishy, particularly individuals who create and ship mass emails. You’ll suppose they robotically understand how to do that, however it’s obvious many people who find themselves working arduous, get caught up within the second, and craft and ship one thing that’s…as an instance…sub-optimal.

In case you have somebody like that in your setting, unfold the phrase — Don’t ship emails that look so much like phishing assaults.

What Do I Imply Much less Phishy?

Paraphrasing Supreme Courtroom Justice Potter Stewart’s assertion in a 1964 obscenity case, “I can not describe it, however I do know it after I see it!”

Listed below are the indicators of an e-mail that could be mistaken for a phishing assault.

[CONTINUED] On the KnowBe4 Weblog with a listing of factors to observe for:
https://weblog.knowbe4.com/make-your-real-emails-less-phishy

[FREE RESOURCE KIT] Phishing Safety Sources

Phishing emails improve in quantity yearly, so we created this free useful resource equipment that can assist you defend towards assaults. Request your equipment now to be taught phishing mitigation methods, what new developments and assault vectors you have to be ready for, and our greatest recommendation on the way to shield your customers and your group.

Here’s what you will get:

• Entry to our free on-demand webinar Your Final Information to Phishing Mitigation that includes Roger A. Grimes, KnowBe4’s Information-Pushed Protection Evangelist
• Our hottest phishing whitepaper: Complete Anti-Phishing Information E-E-book
• A video that explains Easy methods to Keep away from Phishing Assaults
• Our most up-to-date quarterly infographic on High-Clicked Phishing E-mail Topics Infographic
• Posters and digital signage to remind customers about what to be careful for

Get Your Free Phishing Safety Sources Now!
https://www.knowbe4.com/phishing-resource-kit-chn

AI and AI-Brokers: A Recreation-Changer for Each Cybersecurity and Cybercrime

By Anna Collard

Synthetic Intelligence is not only a software—it’s a sport changer in our lives, our work in addition to in each cybersecurity and cybercrime.

Whereas organizations leverage AI to reinforce defenses, cybercriminals are weaponizing AI to make these assaults extra scalable and convincing.

In 2025, researchers forecast that AI brokers, or autonomous AI-driven techniques able to performing complicated duties with minimal human enter, are revolutionizing each cyberattacks and cybersecurity defenses.

Whereas AI-powered chatbots have been round for some time, AI brokers transcend easy assistants, functioning as self-learning digital operatives that plan, execute and adapt in actual time. These developments do not simply improve prison techniques—they might essentially change the cybersecurity battlefield.

How Cybercriminals Are Weaponizing AI: The New Risk Panorama

AI is reworking cybercrime, making assaults extra scalable, environment friendly and accessible. The WEF Synthetic Intelligence and Cybersecurity Report (2025) highlights how AI has democratized cyber threats, enabling attackers to automate social engineering, develop phishing campaigns and develop AI-driven malware.

Equally, the Orange Cyberdefense Safety Navigator 2025 warns of AI-powered cyber extortion, deepfake fraud and adversarial AI methods. And the 2025 State of Malware Report by Malwarebytes notes, whereas Generative AI (GenAI) has enhanced cybercrime effectivity, it hasn’t but launched fully new assault strategies—attackers nonetheless depend on phishing, social engineering and cyber extortion, now amplified by AI.

Nonetheless, that is set to vary with the rise of AI brokers—autonomous AI techniques able to planning, performing, and executing complicated duties—posing main implications for the way forward for cybercrime.

Here’s a listing of frequent (ab)use instances of AI by cybercriminals:

[CONTINUED] On the KnowBe4 Weblog, together with a listing of mitigation measures:
https://weblog.knowbe4.com/ai-and-ai-agents-a-game-changer-for-both-cybersecurity-and-cybercrime

Obtain Your Ransomware Hostage Rescue Handbook

Free your information! Get essentially the most informative and full hostage rescue guide on ransomware.

This guide is full of actionable data that you have to stop infections, and what to do if you find yourself hit with ransomware. Additionally, you will obtain a Ransomware Assault Response Guidelines and Ransomware Prevention Guidelines.

You’ll be taught extra about:

• What’s ransomware?
• Am I contaminated?
• I am contaminated, now what?
• Defending your self sooner or later
• Sources

Do not be taken hostage by ransomware. Obtain your rescue guide now!

Obtain Now:
https://data.knowbe4.com/ransomware-hostage-rescue-manual-chn

Did You Know?

KnowBe4 has a library of the most well-liked webinars we have now hosted. A few of these had 1000’s of individuals attending on the preliminary occasion, and are nonetheless watched by substantial quantities of individuals each week.

For the time being, the featured webinar is:

Code Purple: How KnowBe4 Uncovered a North Korean IT Infiltration Scheme

Watch this unique, no-holds-barred dialog with the workforce who lived by it. Perry Carpenter, our Chief Human Threat Administration Strategist, sits down with Brian Jack, Chief Data Safety Officer, and Ani Banerjee, Chief Human Sources Officer, to speak about how we noticed the crimson flags and stopped it earlier than any injury was achieved.

Extremely beneficial! See it right here:
https://www.knowbe4.com/webinar-library

Let’s keep secure on the market.

Heat Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: [BUDGET AMMO #1] 5 Coercive Techniques Used By Ransomware Operators To Stress Victims Into Paying through @forbes:
https://www.forbes.com/councils/forbestechcouncil/2025/03/10/five-coercive-tactics-used-by-ransomware-operators-to-pressure-victims-into-paying/

PPS: [BUDGET AMMO #2] Watch out for DeepSeek Hype: It is a Breeding Floor for Scammers:
https://www.securityweek.com/beware-of-deepseek-hype-its-a-breeding-ground-for-scammers/

You possibly can learn CyberheistNews on-line at our Weblog
https://weblog.knowbe4.com/cyberheistnews-vol-15-11-heads-up-245-increase-in-svg-files-used-to-obfuscate-phishing-payloads

U.S. Justice Division Prices China’s Hackers-for-Rent Working IT Contractor i-Quickly

The U.S. Justice Division has charged ten Chinese language nationals for performing as hackers-for-hire for the Chinese language authorities.

The defendants labored for Chinese language IT contractor i-Quickly, which is accused of providing hacking providers for China’s Ministry of Public Safety (MPS) and Ministry of State Safety (MSS).

Based on the FBI, the hackers compromised “US-based critics of the Chinese language authorities and Chinese language dissidents, a US information group, a big US-based non secular group, a number of governments in Asia and US federal and state authorities companies.”

The DOJ says i-Quickly was paid as much as $75,000 for every e-mail account that was breached. “i-Quickly and its workers, to incorporate the defendants, generated tens of tens of millions of {dollars} in income as a key participant within the PRC’s hacker-for-hire ecosystem,” the Justice Division says.

“In some situations, i-Quickly performed pc intrusions on the request of the MSS or MPS, together with cyber-enabled transnational repression on the course of the MPS officer defendants.

“In different situations, i-Quickly performed pc intrusions by itself initiative after which bought, or tried to promote, the stolen knowledge to at the least 43 completely different bureaus of the MSS or MPS in at the least 31 separate provinces and municipalities in China. i-Quickly charged the MSS and MPS between roughly $10,000 and $75,000 for every e-mail inbox it efficiently exploited.

“i-Quickly additionally educated MPS workers the way to hack independently of i-Quickly and supplied a wide range of hacking strategies on the market to its clients.”

The FBI notes that i-Quickly is only one of many Chinese language safety companies contracted by the Chinese language authorities to hold out hacking operations towards its targets.

“China’s InfoSec ecosystem prospers as a result of China’s authorities companies, together with its main intelligence service the Ministry of State Safety (MSS) and its home police company the Ministry of Public Safety (MPS), weaponize InfoSec corporations by tasking corporations that publicize authentic cybersecurity providers to additionally use their experience to achieve unauthorized entry to sufferer networks to gather for China’s intelligence providers,” the Bureau says.

“This ecosystem of InfoSec corporations and freelance hackers allows and encourages indiscriminate international cyber exercise, whereas offering the Chinese language authorities with a layer of believable deniability.”

KnowBe4 empowers your workforce to make smarter safety choices every single day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and cut back human threat.

Weblog put up with hyperlinks:
https://weblog.knowbe4.com/us-justice-department-charges-chinas-hackers-for-hire

Shield Your self: Social Engineering Fuels SIM Swapping Assaults

Group-IB has revealed a report on SIM swapping assaults, discovering that attackers proceed to make use of social engineering to bypass technical safety measures.

SIM swapping is a way wherein an attacker takes over a sufferer’s cellphone quantity, which allows them to entry the sufferer’s accounts. This entails tricking the telecom operator into reassigning the sufferer’s cellphone quantity to a SIM card managed by the attacker.

“SIM swapping fraud sometimes begins when the fraudster acquires delicate details about the sufferer, reminiscent of their nationwide ID, cellphone quantity and card particulars,” Group-IB explains. “This data is commonly obtained by phishing web sites that mimic authentic providers or through social engineering techniques.

“As soon as armed with the required particulars, the fraudster initiates a request to swap or port out the sufferer’s SIM. This will likely contain changing the sufferer’s SIM to an eSIM with the identical cellular community supplier or porting the quantity to a distinct native telecom operator. These requests are sometimes submitted by telecom supplier cellular apps, enabling the method to be accomplished remotely.”

Cellular carriers have safeguards in place to forestall SIM swapping, however attackers can bypass these utilizing social engineering. In some instances, the attackers additionally goal the victims themselves and trick them into authorizing the change.

“In some areas, this course of is safeguarded by a Authorities E-Verification Platform, which requires customers to confirm their identification earlier than any SIM swap or port-out request is authorised,” the researchers write. “Verification strategies could embody approving a login request or utilizing biometric authentication.

“To bypass these safeguards, fraudsters deceive victims into approving the verification request, usually by posing as representatives of authentic providers—reminiscent of job functions or account updates.

“As soon as the sufferer unknowingly authorizes the request, the telecom supplier deactivates the prevailing SIM and prompts a brand new one beneath the fraudster’s management. With management of the sufferer’s cellphone quantity, fraudsters can intercept SMS-based two-factor authentication (2FA) codes and perform unauthorized transactions.”

Weblog put up with hyperlinks:
https://weblog.knowbe4.com/protect-yourself-social-engineering-fuels-sim-swapping-attacks

What KnowBe4 Prospects Say

“Hello Stu, Sure, we’re extraordinarily pleased with KnowBe4. Help help has been stellar. We have now accomplished our baseline phishing and are embarking on a ‘vacation’ themed one shortly to check our employees, after already sending out a number of coaching campaigns.

“And our HR division is just loving the flexibility to add coverage paperwork and ship out as coaching assignments the place they’re able to monitor every particular person’s log out.

“We nonetheless have a methods to go in coaching our employees to be vigilant, with so many individuals being service discipline staff and never tech savvy, however they’re getting higher. Thanks a lot for reaching out!”

– S.L., Staff Lead, Enterprise Methods, IT

Whereas Okta offers strong native safety features, configuration drift, identification sprawl, and misconfigurations can present alternatives for attackers to search out their method in. This text covers 4 key methods to proactively safe Okta as a part of your identification safety efforts.