Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

March 2024

New Malware Loader Delivers Agent Tesla Remote Access Trojan Via Phishing

A new malware loader is delivering the Agent Tesla remote access Trojan (RAT), according to researchers at Trustwave SpiderLabs. The malware is distributed by phishing emails with malicious attachments. “The threat begins with a fake bank payment email designed to deceive recipients,” the researchers write.

75% of Organizations Believe They Are at Risk of Careless or Negligent Employees

New data shows organizations are well aware that their users are one of their greatest cybersecurity risks today, and yet aren’t taking the right steps to remediate the risk. KnowBe4 exists and continues to thrive because the human threat surface is far and wide. Email, text, web surfing, phone calls and crafty combinations therein all create somewhat unique attacks. In each of these instances, the user is relying on technology to stop the threat before the attack gets to them.

Narwhal Spider Threat Group Behind New Phishing Campaign Impersonating Reputable Law Firms

Using little more than a well-known business name and a invoice-related PDF, the “NaurLegal” phishing campaign aims at installing malware trojans. This new campaign spotted by security analysts at BlueVoyant demonstrates how effective spear phishing can be — even when the phishing execution itself is relatively basic. According to the analysis, threat actors impersonate well-known law firms and send out PDF attachments with the filename "Invoice_.pdf." Simple enough, right?

The Number of New Pieces of Malware Per Minute Has Quadrupled in Just One Year

The threat of novel malware is growing exponentially, making it more difficult for security solutions to identify attachments and links to files as being malware. According to BlackBerry’s new Global Threat Intelligence Report, the problem of novel malware has been continually growing over the last year. At the beginning of last year, BlackBerry was detecting new malware at a rate of just one per minute. By the next month, it was 1.5, 2.9 pieces per minute by August of last year.

A Simple 'Payment is Underway' Phishing Email Downloads RATs from AWS, GitHub

Analysis of a new initial access malware attack shows how simple these attacks can be while also proving that malware can reside on legitimate repositories. Security analysts at cybersecurity company Fortinet dissect the methods and actions taken by a new malicious Java-based downloader intent on spreading the remote access trojans (RAT) VCURMS and STRRAT.

It's Official: Cyber Insurance is No Longer Seen as a 'Safety Net'

A new report on the state of email security sheds some light on how organizations are viewing and approaching cyber insurance as they shift strategy toward being cyber resilient. The topic of cyber insurance has been covered quite a bit here on this blog. From when cyber insurance first began as a concept, to the challenges it poses for organizations looking as their last resort after an attack, to changes in insurance policy and law.

FBI: Losses Due to Cybercrime Jump to $12.5 Billion as Phishing Continues to Dominate

The FBI’s Internet Crime Complaint Center (IC3) newly-released Internet Crimes Report provides an unbiased big picture of the cyber crimes that were the most used and most successful. A few weeks ago we covered the alarming trends on ransomware, and FBI’s IC3 division took in over 880,000 complaints last year from individuals and businesses about every cyber crime being committed. Unfortunately, the details on overall cyber crime show things are not improving.

Cloud-Conscious Cyber Attacks Spike 110% as Threat Groups Sharpen their Attack Skills

New data shows increased expertise in leveraging and exploiting cloud environments. CrowdStrike’s 2024 Global Threat Report shows that targeted attacks on cloud environments have increased, signaling that the cybercrime economy has realized the “untapped market” of the cloud environment.

The Average Malicious Website Exists for Less Than 10 Minutes

A new Chrome update brings to light Google findings about malicious websites that have serious implications on detecting malicious links, spoofed brands and the use of legitimate web services. This month, Google released a new feature to Google Safe Browsing, a feature that is used by over 5 million devices today and better protects Chrome browser users.

CISA Recommends Continuous Cybersecurity Training

In an age when 70% - 90% of successful data breaches involve social engineering (which gets past all other defenses), sufficient training is needed to best reduce human-side cybersecurity risk. Everyone should be trained in how to recognize social engineering attempts, how to mitigate (i.e., delete, ignore, etc.) them, and how to appropriately report them if in a business scenario. The amount of time an organization should devote to security awareness training (SAT) is still up for debate.

Ransomware Group "RA World" Changes Its' Name and Begins Targeting Countries Around the Globe

The threat group "RA World" (formerly RA Group) has shifted from country-specific ransomware attacks to include specific industries via a new - not previously seen - method of extortion. I don’t like it when I hear about ransomware groups growing, but that's the case in TrendMicro’s new analysis of RA World ransomware. What was once through to be a smaller operation focused on attacks targeting organizations in South Korea and the U.S.

Social Engineering The #1 Root Cause Behind Most Cyber Crimes In FBI Report

The following paragraphs were cited directly from my recent article highlighting social engineering. "Social engineering and phishing are involved in 70% to 90% of all successful cybersecurity attacks. No other initial root hacking cause comes close. This is not a recent development. Social engineering has been the number one type of attack since the beginning of networked computers. Despite this long-time fact, most organizations do not spend 3% of their IT/IT Security budget to fight it.

State-Sponsored Russian Phishing Campaigns Target a Variety of Industries

Researchers at IBM X-Force are monitoring several ongoing phishing campaigns by the Russian state-sponsored threat actor ITG05 (also known as “APT28” or “Fancy Bear”). APT28 has been tied to Russia’s military intelligence agency, the GRU.

Phishing Tops 2023's Most Common Cyber Attack Initial Access Method

New analysis shows that the combination of phishing, email, remote access, and compromised accounts are the focus for most threat actors. Data across the industry corroborates new findings in cyber risk advisory and response firm Kroll’s just-released Q4 2023 Cyber Threat Landscape Report. But what’s interesting in this report is how the data tells a story of where organizations are falling short in their preventative efforts.

CISA: Healthcare Organizations Should Be Wary of Increased Ransomware Attacks by ALPHV Blackcat

A joint cybersecurity advisory published last week discusses ransomware attack impacts on healthcare, along with ALPHV’s attack techniques, indicators of compromise (IoCs) and proper response actions. ALPHV is a big enough problem that Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Department of Health and Human Services (HHS) all are getting together to put healthcare organizations on notice.

Sophos: Over 75% of Cyber Incidents Target Small Businesses

New analysis of incident data shows threat actors are evolving their attack techniques to take advantage of budget and resource-strapped small businesses. We’ve seen industry data showing that cybercriminals have been slowly creeping downward from solely going after enterprises to targeting the SMB.

If Social Engineering Accounts for up to 90% of Attacks, Why Is It Ignored?

Social engineering and phishing are involved in 70% to 90% of all successful cybersecurity attacks. No other initial root hacking cause comes close. This is not a recent development. Social engineering has been the number one type of attack since the beginning of networked computers. Despite this long-time fact, most organizations do not spend 3% of their IT/IT Security budget to fight it.

Despite Feeling Prepared for Image-Based Attacks, Most Organizations Have Been Compromised by Them

With QR-code phishing attacks on the rise, new data sheds light on just how unprepared organizations actually are in stopping and detecting these device-shifting attacks. One of the challenges with attacks is that we rely on security solutions to look for indicators of malicious intent. Content within an email, where a link points to, and the insides of an attachment can indicate potential foul play.

AI-Driven Voice Cloning Tech Used in Vishing Campaigns

Scammers are using AI technology to assist in voice phishing (vishing) campaigns, the Better Business Bureau (BBB) warns. Generative AI tools can now be used to create convincing imitations of people’s voices based on very small audio samples. “At work, you get a voicemail from your boss,” the BBB says. “They instruct you to wire thousands of dollars to a vendor for a rush project. The request is out of the blue. But it’s the boss’s orders, so you make the transfer.

Compromised Credentials Postings on the Dark Web Increase 20% in Just One Year

Data trends show a clear upward momentum of posts from initial access brokers on the dark web, putting the spotlight on what may become cybersecurity’s greatest challenge. Any organization that has made cybersecurity a priority is laser focused on putting preventative measures, multiple means of detection, and a response plan in place.

Generative AI Results In 1760% Increase in BEC Attacks

As cybercriminals leverage tools like generative AI, making attacks easier to execute and with a higher degree of success, phishing attacks continues to increase in frequency. I’ve been covering the cybercrime economy’s use of AI since it started. I’ve pointed out the simple misuse of ChatGPT when it launched, the creation of AI-based cybercrime platforms like FraudGPT, and how today’s cybercriminal can basically create foolproof malicious content.

How Much Will AI Help Cybercriminals?

Do not forget, AI-enabled technologies, like KnowBe4’s Artificial Intelligence Defense Agents (AIDA), will make defenses increasingly better. I get asked a lot to comment on AI, usually from people who wonder, or are even a bit scared, about how AI can be used to hurt them and others. It is certainly a top topic everyone in the cybersecurity world is wondering about. One of the key questions I get is: How much worse will AI make cybercrime? The quick answer is: No one knows.

Dodging Digital Deception: How to Spot Fake Recruiters and Shield Your Career Search from Phishing Scams

Scammers are impersonating job-seeking platform Dice with phony employment opportunities designed to steal victims’ information. “This week, Dice received reports that individuals are receiving messages from senders claiming to be Dice recruiters on various messaging apps,” the company says.

Three Essential Truths Every CISO Should Know To Guide Their Career

According to my research, it became clear that if CISO's focused on these three items, it would take care of 99% of the vulnerabilities. One: There are three top root hacking causes, and they comprise almost all of the cybersecurity risk most organizations face: These three most popular root hacking causes are often co-mingled together to bring about the desired effect.

FBI's 2023 Internet Crime Report Highlights Alarming Trends on Ransomware

The specter of cybercrime continues to grow, with losses soaring to $12.5 billion in 2023, according to the recently released Internet Crime Report by the FBI's Internet Crime Complaint Center (IC3). The revelations underline an alarming surge in cybercrime, affecting both business and personal interests alike, with the main attack vectors being investment fraud, business email compromises and an increased surge of ransomware attacks on nearly every critical infrastructure sector.

The European Union's Unified Approach to Cybersecurity: The Cyber Solidarity Act

The construction of a more cyber resilient European Union (EU) took a remarkable step forward this past week as negotiators from the European Parliament and the European Council reached a provisional agreement on the proposed Cyber Solidarity Act. Proposed last year, the Cyber Solidarity Act is composed of three key pillars that seek to crack the daunting challenge of detecting, preparing for, and responding to cybersecurity threats and incidents that shake up the security sphere.

AI and Ransomware Top the List of Mid-Market IT Cyber Threats

A recent report reveals a significant discrepancy in the priorities of mid-market IT departments when it comes to addressing cyber threats. It's somewhat ironic that IT professionals find themselves entangled in a logical paradox when responding to surveys, as demonstrated by Node4’s Mid-Market IT Priorities Report 2024.

New Research: Spike In DNS Queries Driving Phishing and Cyber Attacks

New analysis of DNS queries shows material growth in phishing, malware and botnets and offers insight into how many threats the average person experiences. Most of the reports I cover use detection on an endpoint, a security solution, or the corporate network for their analysis, but the 2024 Annual Security Report from DNSFilter feels a bit more impartial because it uses DNS queries to determine whether whether malicious activity is occuring.

Phishing Kit Targets the FCC and Crypto Exchanges

Researchers at Lookout have discovered a sophisticated phishing kit that’s targeting employees at the US Federal Communications Commission (FCC), as well as employees of cryptocurrency exchanges Binance and Coinbase. The kit also targets users of cryptocurrency platforms, including Binance, Coinbase, Gemini, Kraken, ShakePay, Caleb & Brown and Trezor.

Phishers Abusing Legitimate but Neglected Domains To Pass DMARC Checks

A recent great article by BleepingComputer about domain hijacking and DMARC abuse reminded me that many companies and people do not understand DMARC well enough to understand what it does and how it helps to prevent phishing. And look-alike and neglected domains challenge its protective value to unknowledgeable email recipients. This article is about how to understand and proactively use DMARC. DMARC.

Microsoft and OpenAI Team Up to Block Threat Actor Access to AI

Analysis of emerging threats in the age of AI provides insight into exactly how cybercriminals are leveraging AI to advance their efforts. When ChatGPT first came out, there were some rudimentary security policies to avoid it being misused for cybercriminal activity. But threat actors quickly found ways around the policies and continued to use it for malicious purposes.

Planning with Purpose: 10 Tips to Develop Your Year-Long Security and Compliance Training Program

Our team at KnowBe4 recently got together to talk about planning for annual security and compliance training. You might be thinking, “Aren’t you a little late in planning for the year? It’s March already...” We are actually talking about 2025. Not everyone trains millions of learners all around the world like we do, so your planning for compliance and security training might be on a different timescale.

Email-Based Cyber Attacks Increase 222% as Phishing Dominates as the Top Vector

Analysis of the second half of 2023 shows attackers are getting more aggressive with email-based phishing attacks in both frequency and execution. Until there’s a catch-all way to stop malicious emails from being an effective means of initial attack, phishing will continue to grow as the primary initial attack vector for cybercriminals.

Cybercriminals Sent 1.76 Billion Social Media Phishing Emails in 2023

As social media phishing reaches new heights, new data reviewing 2023 shows a massive effort by cybercriminals to leverage impersonation of social media brands. Cybercriminals are no longer just targeting your corporate network. Due to the rise of the cybercrime economy, there are a growing number of cybercriminal gangs strictly going after initial access (that can be sold to other cybercriminals).