Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

June 2023

The face of 2023's cyber-threat landscape was an alarming surge in ransomware and phishing attacks

When KnowBe4 went public in April 2021, I got to know a select group of analysts that served as co-managers on our IPO. These professionals all know our industry very well and we spoke with them quarterly during our earnings conference call where we discussed the past 3 months and expectations for the future. One of these firms was Baird Equity Research and I am still on their mailing list, even though we went private this year as a Vista Equity Partners portfolio company.

Iranian Threat Actor Charming Kitten Using Spear Phishing Campaign To Distribute Malware

The Iranian threat actor Charming Kitten is launching sophisticated spear phishing attacks to distribute a new version of its POWERSTAR malware, according to researchers at Volexity. “In the last few years, Volexity has observed threat actors dramatically increase the level of effort they put into compromising credentials or systems of individual targets,” Volexity says.

HTML Files Top the List as the Most Commonly Used Malicious Attachment

As executables and scripts are unable to bypass security solutions as attachments, cybercriminals turn to HTML as a means of obfuscation and malicious execution. According to analysis from security vendor Avanan, executables and Office documents as malicious attachments are almost non-existent – thanks to the solid efforts on the part of security companies and Microsoft.

Massive Impersonation Phishing Campaign Imitates over 100 Brands and Thousands of Domains

A year-long phishing campaign has been uncovered that impersonates 100+ popular clothing, footwear, and apparel brands using at least 10 fake domains impersonating each brand. We’ve seen plenty of attacks that impersonated a single brand along with a few domains used to ensure victims can be taken to a website that seeks to harvest credentials or steal personal information.

National Cyber Security Centre Notes UK Law Firms are Main Target for Cybercriminals

In the most recent Cyber Threat report from the National Cyber Security Centre (NCSC), it is clear that UK law firms are a gold mine for cybercriminals. Given the large sums of money and highly sensitive information that is handled, it's no question as to why UK law firms would be an attractive target for threat actors.

Newly Discovered Phishing Attacks Target Bank Customers

First National Bank has warned of an increase in phishing and smishing attacks, IT-Online reports. Trish Ramdhani, head of fraud at FNB Card, stated, “In recent cases, some consumers received SMSes claiming that their bank requires them to urgently FICA by clicking on a link that takes them to the fraudster’s platform, where their information is then compromised.

Unleashing the Power of Incident Reporting: Strengthening Security and Compliance

Whether it is reporting a phishing email or something that might be illegal that a coworker is doing, your employees should be a strong last line of defense for security and compliance. According to Gartner, almost 60 percent of all misconduct that is observed in the workplace never gets reported. For decades both compliance officers and security leaders have known that the earlier employees report incidents, the lower the risk. Yet low reporting rates continue to be a problem.

Russian Threat Actor Targets Ukraine Government And Military With Spear Phishing Emails

Russia’s APT28 (also known as “Fancy Bear” or “BlueDelta”) is using spear phishing to compromise Ukrainian government and military entities, according to researchers at Recorded Future. The phishing emails are designed to exploit vulnerabilities in the open-source webmail software Roundcube.

SolarWinds' Head Refuses to Back Down Amid Potential US Regulatory Action over Russian hack

According to an internal email obtained by CNN, the CEO of SolarWinds informed employees on Friday that the company plans to vigorously defend itself against potential legal action from US regulators over its handling of the 2020 breach by alleged Russian hackers.

Want To Stop All Scams? Here Is How!

There are many ways to be socially engineered and phished, including email, websites, social media, SMS texts, chat services, phone calls and in-person. These days, it is hard to sell something online, date or rent a vacation home without being scammed. Scams are everywhere! If there is a way to communicate between two parties, some scammer will try to take advantage of it.

Banking and Retail Top the List of Industries Targeted by Social Media Phishing Attacks

Using an external platform trusted by potential victims is proving to be a vital tool in the cybercriminal’s arsenal. New data shows the state of the threat and who’s at risk. The average business experienced around 81 social media attacks each month in Q1 of this year, according to new data from PhishLabs, increasing 12% over Q4, 2022 and 5% over Q1 of 2022.

"Picture in Picture" Phishing Attack Technique Is So Simple, It Works

Using credibility-building imagery and creating a need for the user to click what may or may not be perceived as an image is apparently all it takes to engage potential phishing victims. Phishing attacks only need two things: something to create a sense of urgency and something to establish a sense of credibility.

Extremely Persistent Threat Group Demonstrates a Strong Understanding of the Modern Incident Response Frameworks

A threat actor tracked as “Muddled Libra” is using the 0ktapus phishing kit to gain initial access to organizations in the software automation, business process outsourcing, telecommunications, and technology industries, according to researchers at Palo Alto Networks’ Unit 42.

Is AI-Generated Disinformation on Steroids About To Become a Real Threat for Organizations?

A researcher was alerted to a fake website containing fake quotes that appeared to be written by himself. The age of generative artificial intelligence (AI) toying with our public personas has truly arrived. As cybersecurity professionals we must ask, what are the implications of fake-news-at-scale-and-quality for individuals and organizations?

New Social Engineering Tactic Uses PDFs in Business Email Compromise Attacks

Legitimate services can be exploited in social engineering, including business email compromise (BEC) attacks. Researchers at Check Point describe one current BEC campaign that’s using Soda PDF to send messages encouraging the recipients to call a phone number. Should they make the call, the bad actor on the line seeks to winkle them out of their cash. Check Point calls these kinds of attempts, which “leverage legitimate services to send out malicious material,” BEC 3.0.

KnowBe4's 2023 Phishing By Industry Benchmarking Report Reveals that 33.2% of Untrained End Users Will Fail a Phishing Test

Cybercriminals still know that the easiest way to successfully infiltrate an organization is through its people. While organizations continue evaluating and investing in their technology-based security layer, the human layer continues to be the most enticing and vulnerable attack vector. This marks the sixth consecutive year that KnowBe4 has analyzed hundreds of millions of data points in order to provide our annual Phishing by Industry Benchmark Report.

New Survey Shows 40% of People Searching for a Job Encountered a Scam

A survey by PasswordManager.com has found that one in three job seekers has fallen for, and responded to, fake job scams over the past two years. “Nearly 4 in 10 respondents, all of whom have searched for a job within the last two years, say they’ve encountered job postings that turned out to be a scam,” the researchers write.

UK Attacker Responsible for a Literal "Man-in-the-Middle" Ransomware Attack is Finally Brought to Justice

The recent conviction of a U.K. man for cyber crimes committed in 2018 brings to light a cyber attack where this attacker manually performed the “in-the-middle” part of an attack. We’ve all heard of a “Man-in-the-Middle” (MitM) attack – also more recently called a “Manipulator-in-the-Middle” attack.

Breakdown of an Impersonation Attack: Using IPFS and Personalization to Improve Attack Success

Details from a simple impersonation phishing attack show how well thought out these attacks really are in order to heighten their ability to fool victims and harvest credentials. Credential harvesting scams are pretty simple at face value: send an email that links to a spoofed login page/website, and let the credentials roll on in.

Cybercriminals Spoof German Media Anga Com Conference in New Phishing Campaign

A phishing campaign is spoofing the major German media conference Anga Com, according to Jeremy Fuchs at Avanan. “A central part of any conference for a company is to garner interest for their company,” Fuchs explains. “Many conferences will give over lead lists for companies to follow up on. This can be a significant source of potential revenue for companies. This is not the usual fare for hackers.

France Accuses Russia of Spoofing Foreign Ministry Website in 'Typosquatting' Campaign

The French government is taking a stand against the increasing threat of digital warfare. Publicly accusing Russia of conducting an extensive online manipulation campaign, France is fighting back against typosquatting of major media outlets and the French Foreign Ministry. The goal of these fake websites is to spread disinformation and confusion about the ongoing war in Ukraine.

Takeaways From a Threat Intelligence Specialist on Artificial Intelligence Being a 'Double-Edged Sword'

While artificial intelligence (AI) has been the hot topic of this year, a theme that I continue to see is that AI is being used for good and evil. I'm going to dive more into key takeaways your organization can learn from Catherine Williams, Threat Intelligence Specialist at Telecom giant BT. Get her insights on AI being on two sides of the battlefield, and why everyone should start integrating cybersecurity in their everyday tasks now.

State-Based Cyber Attacks Continue to Be a Thorn in the Cyber Insurer's Side

As government-sponsored and widespread vulnerability attacks continue to result in larger damages, cyber insurers are looking for opportunities to still meet demand without incurring risk. It may come as a surprise, but cyber insurers aren’t in the business of issuing (and covering) cyber insurance policies; they’re in the business of staying in business. And that means identifying and reducing the highest sources of risk where the insurer will lose through paying on claims.

85% of Organizations Have Experienced At Least One Ransomware Attack in the Last Year

Ransomware attacks are as pervasive as ever, with new data demonstrating just how impactful the attacks really are. If you’re one of the lucky few organizations that hasn’t fallen victim to a ransomware attack, consider yourself lucky. According to the 2023 Ransomware Trends Report from backup vendor Veeam, the vast majority of organizations (85%) have experienced a ransomware attack. And while that number is pretty shocking, that’s not the worst of it.

Microsoft Describes a Sophisticated Phishing Campaign that Targeted Several Financial Organizations

Microsoft describes a sophisticated phishing campaign that targeted several financial organizations. “Microsoft Defender Experts uncovered a multi-stage adversary-in-the-middle (AiTM) phishing and business email compromise (BEC) attack against banking and financial services organizations,” the researchers write. “The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks and follow-on BEC activity spanning multiple organizations.

Organizations Take 43 Hours to Detect an Spear Phishing Cyber Attack

New data makes it crystal clear that spear phishing is a real problem… and organizations may not properly be prepared to detect and address it. Cybercriminals know the more targeted a phishing attack – from the email theming to the impersonation to the intended victim – the more likely the attack will be a success.

Forrester: AI, Cloud Computing, and Geopolitics are Emerging Cyberthreats in 2023

Wouldn’t it be great if your cybersecurity strategy only had to focus on just a few threats? Sigh… if only life were that easy. But new predictions for this year’s most prevalent cyber threats from analyst firm Forrester should help focus your efforts.. According to their newly released Top Cybersecurity Threats in 2023 (client access required), there are five threats to be concerned about.

Half of U.K. Companies Have Been a Cyber Attack Victim in the Last Three Years

New data puts the spotlight on the human factor in U.K. cyber attacks, where users continue to be susceptible to social engineering, creating the so-called “Human Risk.” Here at KnowBe4, we’re obviously big believers in the fact that users are a source of risk when it comes to organizational security. Cybersecurity vendor SoSafe’s Human Risk Review 2023 report provides some independent perspective on this very problem. According to the report, one out of two U.K.

How NK's Cyber Criminals Stole 3 Billion in Crypto To Fund Their Nukes

The Wall Street Journal today revealed that North Korea's hacker army managed to steal a huge amount of cryptocurrency amounting to $3 billion to finance their nuclear program. US officials have confirmed this news. These hackers have a highly sophisticated method of operating. A specific example of their actions involved using a fake job offer to trick a startup into losing over $600 million. By posing as potential employers, they social engineered someone who was hopeful for a better job.

Verizon: Stolen Credentials Tops the List of Threat Actions in Breaches

Verizon's DBIR always has a lot of information to unpack, so I’ll continue my review by covering how stolen credentials play a role in attacks. This year's Data Breach Investigations Report has nearly 1 million incidents in their data set, making it the most statistically relevant set of report data anywhere. So, what does the report say about the most common threat actions that are involved in data breaches?

Verizon: Pretexting Now Tops Phishing in Social Engineering Attacks

The New Verizon DBIR is a treasure trove of data. As we covered here, and here, people are one of the most common factors contributing to successful data breaches. Let’s drill down a bit more in the Social Engineering section. They explained: "Now, who has received an email or a direct message on social media from a friend or family member who desperately needs money? Probably fewer of you. This is social engineering (pretexting specifically) and it takes more skill.

Why Companies Have Great Success Training Employees With Simulated Phishing Tests

We occasionally learn of articles and papers that claim that security awareness training and/or simulated phishing campaigns are not effective. We don’t want to disparage what these individuals have found in their own experience, and we encourage everyone to find out how various social engineering mitigations work for themselves and their environments.

Why Do You Still Need Security Awareness Training If You Use Phishing-Resistant MFA?

For years, KnowBe4 has been a long-time proponent of everyone using PHISHING-RESISTANT multi-factor authentication (MFA) whenever possible. Unfortunately, most MFA is as easily phishable, hackable, and bypassable as the passwords they were intended to replace. Even though KnowBe4 was an early proponent of phishing-resistant MFA, now most of the world is coming around, including NIST and CISA. Why Do I Need Training If I Am Already Using Phishing-Resistant MFA?

Verizon: Email Reigns Supreme as Initial Attack Vector for Ransomware Attacks

My analysis of this year’s newly-released Verizon Data Breach Investigations Report begins with ransomware findings that point back to users as a big problem. If you only read one report each year to give you an idea of what’s going on with cyber attacks, it’s Verizon’s Data Breach Investigations Report (DBIR). Each year, analysts sort through tens of thousands of data breach incidents (some successful, some not) and identify the attack patterns.

North Korean Phishing Campaign Targeting Think Tanks, Academics and Media

The U.S. and South Korean governments have issued a joint advisory outlining a North Korean phishing campaign, The Register reports. The threat actor, known as “Kimsuky,” is targeting “individuals employed by research centers and think tanks, academic institutions, and news media organizations.”

New Phishing Campaign Uses Hyperlinked Images for Fake Gift Cards and Promotions

A phishing campaign is using hyperlinked images in order to trick users into visiting malicious sites, according to Jeremy Fuchs at Avanan. The emails contain images that offer gift cards or promotions for Delta or Kohls. “Obfuscation is a gift to hackers,” Fuchs says. “It allows them to pull off a magic trick. It works by hiding the true intent of their message. In this case, it’s a picture. The picture is meant to entice the user to click.

[FBI ALERT] Skin Deep: The Scary Reality of New Deepfake-Enabled Sextortion

Today, the FBI alerted warned against a new even more disgusting type of sextortion. Previously, these schemes involved coerced or stolen digital material, but now some criminals are using technology to create explicit content from innocent images or videos found online. This information comes from today's alert by the FBI's Internet Crime Complaint Center (IC3).

Warning: Sharing Data with ChatGPT Can Be Misused Outside Your Organization

A new study found that ChatGPT can accurately recall any sensitive information fed to it as part of a query at a later date without controls in place to protect who can retrieve it. The frenzy to take advantage of ChatGPT and other AI platforms like it has likely caused some to feed it plenty of corporate data in an effort to have the AI process and provide insightful output based on the queries received.

Protecting Patient Data: The Importance of Cybersecurity in Healthcare

As digital transformation continues to shape the healthcare industry, it is crucial for healthcare organizations to prioritize cybersecurity. These organizations are entrusted with sensitive personal information from patients, making them a prime target for cybercriminals who steal, exploit or sell the data they acquire. As evidenced by a recent breach at MCNA dental which impacted 8.9 million patients.