Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

October 2023

Cybercriminal Group Octo Tempest and Its Menacing Phishbait

Microsoft is tracking a cybercriminal group called “Octo Tempest” that uses threats of violence as part of its social engineering and data theft extortion campaigns. “Octo Tempest is a financially motivated collective of native English-speaking threat actors known for launching wide-ranging campaigns that prominently feature adversary-in-the-middle (AiTM) techniques, social engineering, and SIM swapping capabilities,” the researchers write.

September Sees a 32% Increase in the Number of Ransomware Attacks in Just One Month

Continued analysis of ransomware attacks shows an upward trend in the number of attacks, with September resulting in the highest number of assaults so far this year. IT security vendor NCC Group’s Cyber Threat Intelligence Report for September 2023 shows some startling revelations about why ransomware attacks are spiking.

Exposed: Scam Artists Mimicking PepsiCo in Phishing Schemes

Researchers at INKY warn that a phishing campaign is attempting to distribute malware by impersonating PepsiCo. “As usual, it all starts with a phishing email,” the researchers write. “In this case, the phishers are impersonating the PepsiCo brand, pretending to be potential clients. They are claiming to need what the recipient sells and they’re asking them to submit a quote for PepsiCo to review.

The Outstanding ROI of KnowBe4's Security Awareness Training Platform

Let me give you a quick introduction. My name is Stu Sjouwerman. I’m the Founder and CEO of KnowBe4, my 5th startup. I have been in IT for 40+ years, the last 25 of those in information security. In my last company we built an antivirus engine from scratch and combined it with intrusion detection, prevention and a firewall. And we ran into a persistent problem nobody seemed to be able to address; end-users being manipulated by bad actors to let them in.

New Amazon-Themed Phishing Campaign Targets Microsoft Live Outlook Users

Several months ago, Netskope Threat Labs uncovered a surge in PDF phishing attachments infiltrating Microsoft Live Outlook. These attacks were part of a larger series of phishing campaigns aimed to trick unsuspecting users. Upon closer examination, it's now apparent that the majority of these campaigns centered around Amazon-themed scams, with occasional diversions into Apple and IRS-themed phishing attempts.

Human-Crafted Phishing Emails Only Three Percent More Successful Than AI-Generated Ones, According To IBM

Red teamers at IBM X-Force warn that AI-generated phishing emails are nearly as convincing as human-crafted ones, and can be created in a fraction of the time. The researchers tricked ChatGPT into quickly crafting a phishing lure, then tested the lure against real employees.

[Cybersecurity Awareness Month] Enchantments Against Spear Phishing By Breachatrix le Phish

In the mystical realm of cyberspace, where digital forests hold secrets and virtual owls deliver messages, we find ourselves in a constant dance between magic and deception. Today, KnowBe4's Security Awareness Advocate Anna Collard will unveil the secrets of spear phishing.

One Out of Every Eight Emails Found to be Malicious as Attackers Continue to Hone Their Skills

An increase in the number of malicious emails being sent is resulting in more phishing attacks reaching inboxes. New data clarifies the factors that determine their malicious nature and identifies the most prevalent types of attacks. According to Vipre Security’s Q3 Email Threat Trends Report 2023, of approximately 2 billion emails scanned, 233.9 million of them – or about 11.6% – were malicious. That equates to about 1 out of every 8 emails.

Leadership Less Involved in Cyber-Preparedness Despite a Majority of Orgs Thinking Data Loss from a Cyber Attack Likely in the Next 12 Months

You probably expect executive leadership to not just support cybersecurity efforts, but to be involved. New data shows organizations have a way to go until this is a reality. Even if an organization is completely supportive of the cybersecurity strategy, it can’t exist in a technical bubble only. It requires a lot of input – from planning to implementation – to ensure that required business objectives are met as security controls become part of operations and resiliency plans.

Most Organizations Believe Malicious Use of AI is Close to Evading Detection

As organizations continue to believe the malicious use of artificial intelligence (AI) will outpace its defensive use, new data focused on the future of AI in cyber attacks and defenses should leave you very worried. It all started with the proposed misuse of ChatGPT to write better emails and has (currently) evolved into purpose-built generative AI tools to build malicious emails. Or worse, to create anything an attacker would need using a simple prompt.

A Brief History of Phishing, and Other Forms of Social Engineering

Social engineering attacks have a very long history, though the Internet has made it easier to launch these attacks en masse, according to Sean McNee at DomainTools. McNee points to an advance-fee scam from 1924, in which a crook sent a letter pretending to be trapped in a Spanish debtors prison. The sender requested that the recipient send a check for $36,000 to pay off his debt. After the sender is freed, he promises to pay the recipient back, with an extra $12,000 for the trouble.

QR Code Phishing on the Rise: The Alarming Findings From the Hoxhunt Challenge

As the digital landscape continues to evolve, so do the tactics of cybercriminals. The Hoxhunt Challenge, a comprehensive study conducted across 38 organizations spanning nine industries and 125 countries, has uncovered a disconcerting trend in the world of QR code phishing attacks. The report reveals a startling 22% increase in the use of QR codes as a means to deliver malicious payloads in phishing attacks during the early weeks of October 2023.

CISA, NSA, FBI, and MS-ISAC Release Phishing Prevention Guidance

October 18, 2023, the Cybersecurity Infrastructure and Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint guide, Phishing Guidance: Stopping the Attack Cycle at Phase One.

Phishing-as-a-Service: As Simple As Uploading A Logo

Researchers at Fortra are tracking “Strox,” one of the most popular phishing operations of the past two years. Users of Strox phishing kits can easily create phishing campaigns by simply submitting a logo for the brand they want to impersonate. “Currently, twelve phishing kits are sold on Strox for $90 USD each.

Phishing Attacks Surge By 173% In Q3, 2023; Malware Threats Soar By 110%

A new report from Vade Secure has found that phishing attacks rose by 173% in the third quarter of 2023, while malware threats have increased by 110%. “While hackers were busy throughout Q3, they were most active in August, sending more than 207.3 million phishing emails, nearly double the amount from July,” the researchers write.

Phishing Tests Start The Virtuous Cycle Of A Strong Security Culture

Phishing tests are the catalyst to achieve a sustainable security culture within your organization. They are actually the start of a virtuous cycle that helps you move up to the highest maturity level. The cycle initiates with Awareness. Phishing tests offer a real-time view into your employees' understanding of phishing threats. They expose your workforce to simulated phishing attempts, making the threat real to them. The immediate feedback from these tests highlights areas for improvement.

Summit Sabotage: Malicious Phishing Campaign Hits Female Political Leaders Using Social Engineering

A threat actor dubbed “Void Rabisu” used social engineering to target attendees of the Women Political Leaders (WPL) Summit that was held in Brussels from June 7 to 8, 2023, Trend Micro has found. “Since many current and future political leaders had attended this conference, it presented an interesting target for espionage campaigns and served as a possible avenue for threat actors to gain an initial foothold in political organizations,” Trend Micro says.

Cyber Insurers Notes Ransomware Claims Rose Significantly in the First Half of 2023

Cyber insurers are claiming that cybercriminals made ransomware attacks popular again in 2023 after a slight break in 2022. According to cyber insurer Coalition's 2023 Cyber Claims Report, claims frequency increased by 27% in the first half of this year compared to the second half of 2022. Additionally, cyber insurer Resilience Cyber Insurance Solutions mid-year report showed a similar trend with 16.2% of its total claims were related to ransomware attacks.

KnowBe4 Named a Leader in the Fall 2023 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR)

We are excited to announce that KnowBe4 has been named a leader in the Fall 2023 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR) for the PhishER platform for the tenth consecutive quarter! The latest G2 Grid Report compares Security Orchestration, Automation, and Response (SOAR) Software vendors based on user reviews, customer satisfaction, popularity and market presence. Based on 228 G2 customer reviews, KnowBe4’s PhishER platform is the top ranked SOAR software.

Should You Use Controversial Simulated Phishing Test Emails?

The Wall Street Journal recently published an article about using highly-emotionally charged, “controversial”, subjects in simulated phishing tests. Controversial topic examples include fake pay raises, reward gift cards, and free Taylor Swift tickets. The younger half of our team is convinced the latter topic would have completely tricked them.

9 in 10 CISOs Report at Least One Disruptive Cyberattack in the Last Year

A new report sheds light on whether CISOs have been the victim of a cyber attacks, if they're every paid a ransom, their greatest cyber concerns, and much more. While most of the reports I cover on this blog are typically surveys of those "in the trenches," we do like to cover analysis of c-suite perspectives. The CISO Report from Splunk provides some interesting insight into experienced cyber attacks and their impact.

53% of Organizations Experienced Cyber Attacks

As increasing percentages of businesses experience cyberattacks, new data provides details on where the most organizational risk lies. According to U.K. cyber insurer Hiscox’s Cyber Readiness Report 2023, attacks are on the rise: With these increases, how prepared are organizations? According to Hiscox, organizations are spending money on the problem; the median cybersecurity spend is a little over $1.39 million (with enterprises spending $4.9 million).

New Cyber Attack Techniques Will Not Replace Old-School Social Engineering

Even though there are new attack types for cybercriminals, they are still leveraging old-school attack vectors. Why? Because they still work. I cover new attack methods all the time, with recent examples including a sophisticated phishing campaign impersonating Microsoft and an attack last month targeting the Ukrainian military.

The Role of AI in Email Security and How Real-Time Threat Intelligence Can Supercharge Your SOC Team

In response to improved email security measures, cybercriminals have pivoted to more advanced attack methods, namely artificial intelligence (AI), that bypass existing protections. But security defenders are also using AI in remarkable new ways to fortify their networks. Join Erich Kron, Security Awareness Advocate for KnowBe4, and Michael Sampson, Principal Analyst at Osterman Research, as they dig into the findings of our latest joint report on The Role of AI in Email Security. They’ll share tips on how your SOC team can identify and use AI to supercharge your anti-phishing defense.

Open-Source Intelligence (OSINT): Learn the Methods Bad Actors Use to Hack Your Organization

They are out there, watching and waiting for an opportunity to strike; the bad actors who have carefully researched your organization in order to set the perfect trap using easily found public resources. Open-Source Intelligence (OSINT) can provide cybercriminals everything they need to know to perfectly target your users by gathering data on everything from password clues to tech stack details, banking/credit card accounts, social media details and more. Emerging technologies like AI can make gathering this intelligence even easier.

Business Email Compromise Attempts Skyrocket in the Last Year

Threat actors launched 156,000 business email compromise (BEC) attempts per day between April 2022 and April 2023, according to Microsoft’s latest Digital Defense Report. While most of these attempts go unanswered, criminals can receive massive payouts when they succeed.

"Human-Operated" Ransomware Attacks Double in the Last Year

As attackers leave little-to-no traces of their attack patterns, more ransomware groups are shifting from automated attacks to manual attacks. According to the newly-released Microsoft Digital Defense Report 2023, about 40% of the ransomware attacks detected were human-driven and tracked back to over 120 ransomware-as-a-service (RWaaS) affiliates. This spike in human-operated ransomware attacks likely goes back to attackers wanting to minimize their footprint within an organization.

Harvested Credentials Are Put Up for Sale Monthly on the Dark Web at a Rate of 10,000 a Month

Credential harvesting has become a business in and of itself within the cybercrime economy. New insight from Microsoft details the types of attacks your organization should watch out for. I’ve attempted to cover every Microsoft 365 credential harvesting attack since the platform is so popular and is an easy target for cybercriminals. But the news coming from their newly-released Microsoft Digital Defense Report 2023 puts this type of attack into perspective.

KnowBe4 Named a Leader in the Fall 2023 G2 Grid Report for Security Awareness Training

We are thrilled to announce that KnowBe4 has been named a leader in the latest G2 Grid Report that compares security awareness training (SAT) vendors based on user reviews, customer satisfaction, popularity and market presence. The latest G2 Grid Report compares Security Awareness Training (SAT) vendors based on user reviews, customer satisfaction, popularity and market presence.

74% of CEOs Concerned About Their Organization's Ability to Protect Against Cyber Attacks, Despite Seeing Cybersecurity as Critical

According to the recent The Cyber-Resilient CEO report released by IT services and consulting agency Accenture, a staggering 74% of CEOs have expressed concerns about their organizations' ability to protect their businesses from cyber attacks. This is despite the fact that 96% of CEOs acknowledge the importance of cybersecurity for the growth and stability of their organizations.

Energy Sector Experiences Three Times More Operational Technology Cybersecurity Incidents Than Any Other Industry

While industries like financial services and healthcare tend to dominate in IT attacks, the tables are turned when looking at Operational Technology (OT) cyber attacks – and the energy sector is the clear “winner.” We spend a lot of time talking about attacks that largely impact IT systems. But OT environments are a growing concern as new targets for cybercriminals.

Ransomware Attack Dwell Time Drops by 77% to Under 24 Hours

As attackers evolve their toolsets and processes, the significant drop in dwell time signifies a much higher risk to organizations that now have less time to detect and respond to initial attacks. This is bad news. Two years ago, the median dwell time – the time between gaining access to a network and executing the ransomware – was 5.5 days. Last year it was 4.5 days.

One Out of Five Organizations Must Improve Their Security Posture to be Eligible for Cyber Insurance

As insurers become more educated on what a “secure organization” looks like, they are tightening their requirements that puts the onus on organizations to be more secure. According to Netwrix’ 2023 Hybrid Security Trends Report, 59% of organizations either have a cyber insurance policy in place or plan to purchase one within 12 months. Cyber insurers have spent the last few years learning what they don’t know about this new market.

Healthcare Industry Witnesses 279% Increase in Business Email Compromise Attacks in 2023

The massive uptick in business email compromise (BEC) is considered one of the costliest attack types, requiring organizations to put employees on notice to stay vigilant. The latest research from the FBI puts the average cost of BEC attacks at around $125,000. What makes them so dangerous is that they largely rely on text-only emails using social engineering to trick those with finance responsibilities into parting with the money they control.

Clorox Experiences Significant Financial Loss Stemming From Recent Cyber Attack

American global manufacturer of cleaning products Clorox stated that recent sales and profit loss to a cyber attack. In a statement from Clorox's press release, "As previously disclosed, the Company believes the cybersecurity attack has been contained and the Company is making progress in restoring its systems and operations. The available information does not confirm whether the Clorox cyber attack was a ransomware incident.

Malicious URLs In Phishing Emails: Hover, Click and Inspect Again

The most often recommended piece of anti-phishing advice is for all users to “hover” over a URL link before clicking on it. It is great advice. It does assume that the involved users know how to tell the difference between rogue and legitimate URL links. If you or someone you know does not know how to tell the difference between malicious and legitimate URL links, tell them to watch my one-hour webinar on the subject. We are going to recommend a slight update on the rule.

New Gartner Forecast Shows Global Security and Risk Management Spending to Increase by 14% in 2024

Gartner issued a press release that forecasted global security and risk management end-user spending to reach $188.1 billion, along with worldwide end-user spending on security and risk management projected to be $215 billion in 2024.

Watch out for Frankenphisher - Cybersecurity Awareness Month 2023

Imagine an artificial intelligence (AI) system developed by a mad scientist to leverage the full capabilities of Large-Language-Models (LLM). Then, the scientist went truly mad by utilizing text, voice, and video generation paired with mutating and self-perpetuating malware, as well as continuous improvement through reinforcement learning. The concoction you would get from the scientist’s wild lab is called Frankenphisher, the most effective social engineering AI you can possibly imagine.

[HEADS UP] Aurora Police Department Warns of Contactless Payment Processors Scams

If you didn't trust contactless payment processors before, you really won't after hearing about this recent scam. The Aurora Police Department Economic Crimes Unit posted this tweet last week with a warning: Source: Twitter In a statement by Aurora Police Sergeant's Dan Courtenay on how cybercriminals obtain the user data to FOX31, “Now they have Bluetooth, where they can just sit in the parking lot of the gas station and it feeds right onto their laptop,” Courtenay said.

Generative AI and the Automation of Social Engineering Increasingly Used By Threat Actors

Threat actors continue to use generative AI tools to craft convincing social engineering attacks, according to Glory Kaburu at Cryptopolitan. “In the past, poorly worded or grammatically incorrect emails were often telltale signs of phishing attempts,” Kaburu writes. “Cybersecurity awareness training emphasized identifying such anomalies to thwart potential threats. However, the emergence of ChatGPT has changed the game.

Lazarus Attack on Spanish Aerospace Company Started with Messages from Phony Meta Recruiters

A recent attack on an undisclosed Spanish aerospace company all started with messages to the company's employees that appeared to be coming from Meta recruiters, via LinkedIn Messaging. ESET researchers uncovered the attack and attributed it to the Lazarus group, particularly a campaign dubbed Operation DreamJob. This campaign by the Lazarus group was aimed at defense and aerospace companies with the goal of carrying out cyberespionage.