Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

May 2024

91% of Every Ransomware Attack Today Includes Exfiltrating Your Data

New insight into ransomware attacks show that cyber attacks are a top concern for organizations – with many not aware they were a victim until after the attack. According to Arctic Wolf’s The State of Cybersecurity: 2024 Trends Report, 91% of reported ransomware attacks included a data exfiltration effort. This is far more than the sub-80% numbers we’ve seen from the Coveware quarterly reports we cover.

The Hard Evidence That Phishing Training and Testing Really Works

Security awareness training (SAT) and simulated phishing works to significantly reduce cybersecurity risk. We have the data, customer testimonials and government recommendations to prove it. Social engineering, especially as enabled by email, text messages, the web and phone calls, is involved in the vast majority of cybersecurity attacks. No other root initial access hacking method comes close.

China Threat Actor Targeting African and Caribbean Entities With Spear Phishing Attacks

The China-aligned threat actor “Sharp Dragon” is launching spear phishing attacks against government entities in African and Caribbean countries, according to researchers at Check Point. “In recent months, we have observed a significant shift in Sharp Dragon’s activities and lures, now targeting governmental organizations in Africa and the Caribbean,” the researchers write.

KnowBe4 Free Tools Now Available On CISA's Website

We are big fans of the U.S. Cybersecurity Infrastructure Security Agency (CISA), whose informal slogan of “An organization so committed to security that it’s in our name twice” is a source of pride. CISA is a non-regulatory government agency dedicated to protecting U.S. and global infrastructure and organizations against malicious hackers and their malware (and other types of threats).

As Many as 1 in 7 Emails Make it Past Your Email Filters

Fluctuations in consecutive quarterly reports demonstrates that organizations should be worried that their cyber defenses may not be strong enough to stop phishing attacks. I wrote an article back in April of last year about how 1 in 8 emails make it to a user’s Inbox. That number has remained relatively consistent — so much that even the Threat Insights Report for Q1 2024 from HP Wolf Security shows that stat is still accurate. But then there’s the Threat Insights Report for Q4 2023.

CISA Releases Cybersecurity Resources for High-Risk Communities

Working to ensure all communities within the United States are educated and prepared, the Cybersecurity and Infrastructure Security Agency (CISA) has released a set of tools, services and assistance to level the playing field. It’s no secret that any part of society that is less prepared for a cyber attack has less of a chance to defend itself — which potentially puts all of us at risk. So, CISA began placing some of their focus on high-risk communities within the United States.

New Research Finds Phishing Scams Targeting Popular PDF Viewer

Several phishing campaigns are targeting users of the Foxit PDF Reader, according to researchers at Check Point. Foxit is a popular alternative to Adobe Acrobat Reader for viewing PDF files. “Check Point Research has identified an unusual pattern of behavior involving PDF exploitation, mainly targeting users of Foxit Reader,” the researchers write. “This exploit triggers security warnings that could deceive unsuspecting users into executing harmful commands.

Secure Your Site: Learn from the Top 10 Cybersecurity Experts of 2024

Companies have needed a website for the last 25 years at least. But where do you host your site? The techies at HostingAdvice decided to create an extremely thorough real-world review site to share their expertise. And clearly, your organization's website is an attack vector and so cybersecurity has become critical.

UK Cybersecurity Org Offers Advice for Thwarting BEC Attacks

The UK’s National Cyber Security Centre (NCSC) has issued guidance to help medium-sized organizations defend themselves against business email compromise (BEC) attacks, especially those targeting senior staff members. The NCSC says employees should be cautious about the type of personal information they post on the internet, since criminals can use this knowledge to make their attacks more convincing.

Malicious Use of Generative AI Large Language Models Now Comes in Multiple Flavors

Analysis of malicious large language model (LLM) offerings on the dark web uncovers wide variation in service quality, methodology and value – with some being downright scams. We’ve seen the use of this technology grow to the point where an expansion of the cybercrime economy occurred to include GenAI-based services like FraudGPT and PoisonGPT, with many others joining their ranks.

Don't Let Criminals Steal Your Summer Fun

Summer has finally arrived in certain parts of the world, and with it come many exciting events — from the grandeur of the Olympics to the grass courts of Wimbledon, from the electrifying performances of Taylor Swift to the many other concerts that light up the season. However, with these events, there lies a dark underbelly of criminals and scammers ready to exploit your enthusiasm and leave you not just ticketless, but also out of pocket.

Newly Updated Grandoreiro Banking Trojan Distributed Via Phishing Campaigns

Researchers at IBM X-Force are tracking several large phishing campaigns spreading an updated version of the Grandoreiro banking trojan. The criminal malware operation was disrupted by law enforcement in January 2024 but resurfaced in March with an expanded set of targets. The new version of the malware is targeting more than 1,500 banks in over sixty countries.

Cyber Insurance Claims Rise Due To Phishing and Social Engineering Cyber Attacks

New data covering cyber insurance claims through 2023 shows claims have increased while reaffirming what we already know: phishing and social engineering are the real problem. If you’ve read enough of my articles here, you already know my view is a bit skewed towards the need for organizations to be aware of the true dangers of email-based cyber attacks.

New Threat Report Finds Nearly 90% of Cyber Threats Involve Social Engineering

Analysis of over 3.5 billion attacks provides insight into where threat actors are placing their efforts and where you should focus your cyber defenses. It’s said you can predict the outcome of the presidential election with a small number of votes. That’s the power of statistics and a valid sample size. So, when you have 3.5 billion cyber attacks as your sample data, it’s a very accurate reflection of the state of attacks.

8 out of 10 Organizations Experience a Cyber Attack and Attribute Users as the Problem

Regardless of whether your environment is on-premises, in the cloud or hybrid, new data makes it clear that users are the top cybersecurity concern, and we cover what you can do about it. According to Netwrix’s 2024 Hybrid Security Trends Report, 79% of organizations experience one or more security incidents in the last 12 months. This is a 16% increase from the previous year, demonstrating that attacks are not subsiding one bit and that they are increasingly successful.

Verizon: The Human Element is Behind Two-Thirds of Data Breaches

Despite growing security investments in prevention, detection and response to threats, users are still making uninformed mistakes and causing breaches. One of the basic tenets of KnowBe4 is that your users provide the organization with an opportunity to have a material (and hopefully positive) impact on a cyber attack. They are the ones clicking malicious links, opening unknown attachments, providing company credentials on impersonated websites and falling for social engineering scams of all kinds.

Black Basta Ransomware Uses Phishing Flood to Compromise Orgs

Rapid7 reports an interesting social engineering scheme that easily bypasses content filtering defenses and creatively uses a fake help desk to supposedly “help” users put down the attack. The Black Basta ransomware group, also covered in a recent CISA warning bulletin, floods a victim’s email inbox with many, many emails. The emails are often otherwise legitimate emails, such as newsletter confirmation emails, which most email content filtering gateways would not block.

Scam Service Attempts to Bypass Multi-factor Authentication

A scam operation called “Estate” has attempted to trick nearly a hundred thousand people into handing over multi-factor authentication codes over the past year, according to Zack Whittaker at TechCrunch. The scammers target users of Amazon, Bank of America, Capital One, Chase, Coinbase, Instagram, Mastercard, PayPal, Venmo, Yahoo and more.

FBI Warns of AI-Assisted Phishing Campaigns

The US Federal Bureau of Investigation’s (FBI’s) San Francisco division warns that threat actors are increasingly using AI tools to improve their social engineering attacks. “AI provides augmented and enhanced capabilities to schemes that attackers already use and increases cyber-attack speed, scale, and automation,” the FBI says.

Phishing and Pretexting Dominate Social Engineering-Related Data Breaches

New data shows that despite the massive evolution of the cybercrime economy, threat actors are sticking with the basics in social engineering attacks, with a goal at stealing data. I probably could have called this purely based on all the articles I’ve written (and all the articles I’ve read that never made it here). But when it comes to protecting your organization from social engineering, stick to the basics.

New Research: Number of Successful Ransomware Attacks Rise 29% in a Just One Year

New analysis of Q1’s ransomware attacks uncovers a single group responsible for the majority and discusses what makes them so successful. This sort of analysis helps to establish threat landscape trends and keeps our collective focus on the places where cyber attacks are working.

Attackers Leveraging XSS To Make Phishing Emails Increasingly Evasive

Attackers are exploiting Reflected Cross-Site Scripting (XSS) flaws to bypass security filters, according to a new report from Vipre. This technique allows attackers to send benign links in phishing emails that will redirect users to malicious sites. Vipre also found that attackers are increasingly using links instead of malicious attachments in their phishing emails. “Three years ago, it was a 50/50 split between phishing emails utilizing links versus attachments,” the researchers write.

"Unknown" Initial Attack Vectors Continue to Grow and Plague Ransomware Attacks

Trend analysis of ransomware attacks in the first quarter of this year reveals a continual increase in the number of "unknown" initial attack vectors, and I think I might understand why. There are two reports that you should be keeping an eye on—the updated Verizon Data Breach Report and ransomware response vendor Coveware’s Quarterly Ransomware Reports. In their latest report covering Q1 of this year, we see a continuing upward trend in “unknown” as the top initial attack vector.

[Beware] Ransomware Targets Execs' Kids to Coerce Payouts

Just when you think bad actors cannot sink any lower, they find a way to. In a recent chilling evolution of ransomware tactics, attackers are now also targeting the families of corporate executives to force compliance and payment. Mandiant's Chief Technology Officer, Charles Carmakal, highlighted this disturbing trend at RSA last week: criminals engaging in SIM swapping attacks against executives' children.

Reality Hijacked: Deepfakes, GenAI, and the Emergent Threat of Synthetic Media

"Reality Hijacked" isn't just a title — it's a wake-up call. The advent and acceleration of GenAI is redefining our relationship with “reality” and challenging our grip on the truth. Our world is under attack by synthetic media. We’ve entered a new era of ease for digital deceptions: from scams to virtual kidnappings to mind-bending mass disinformation. Experience the unnerving power of AI that blurs the lines between truth and fiction.

Digital Doppelgängers: AI-Generated Celeb Fashion Takes Over the Met Gala on Social Media

The Met Gala, fashion's biggest night, was not just the A-list attendees who stole the spotlight—digital imposters in the form of AI-generated superstars sent social media into a frenzy. As the actual stars showcased their designer ensembles at the gala, X and other platforms were overrun with images of celebrities who were shown to be there, but they actually didn't attend. This new phenomenon has given rise to a online spectacle that is challenging the realms of reality and fantasy.

Phishing-as-a-Service Platform LabHost Disrupted by Law Enforcement Crackdown

One of the largest phishing-as-a-service platforms, LabHost, was severely disrupted by law enforcement in 19 countries during a year-long operation that resulted in 37 arrests. According to a recent Europol announcement, the folks behind the LabHost Phishing as a Service (PhaaS) platform were arrested last month. In a coordinated search over three days, 37 suspects were apprehended, disrupting the well-known service.

[Must Read] How Boeing Battled a Whopping $200M Ransomware Demand

Boeing recently confirmed that in October 2023, it fell victim to an attack by the LockBit ransomware gang, which disrupted some of its parts and distribution operations. The attackers demanded a whopping $200 million not to release the data they had exfiltrated. On Wednesday, Boeing admitted it was the company described as the "multinational aeronautical and defense corporation headquartered in Virginia" in a recently unsealed U.S. Department of Justice indictment.

KnowBe4 Earns Multiple 2024 Best Of Awards From TrustRadius

KnowBe4 is proud to be recognized by TrustRadius for our Security Awareness Training and PhishER platforms. KnowBe4's Security Awareness Training won in the Security Awareness Training category and PhishER won in Incident Response, Security Orchestration, Automation and Response and the Phishing Detection and Response categories.

9 in 10 Organizations Paid At least One Ransom Last Year

New analysis of cyber attacks shows ransomware attacks are running far more rampant than previously thought, with half of organizations blaming poor cyber hygiene. After last year’s shocking stat that 70% of organizations pay the ransom, it’s really surprising to see that an even greater percentage (91%) have paid a ransom at least once in the last 12 months – this according to Extrahop’s 2024 Global Cyber Confidence Index.

The Education Sector Experienced the Highest Number of Data Breaches in 2023

New data from Verizon makes it clear that the Education sector is under attack, but also breaks down which threat actions and patterns are used most. We’ve seen Education institutions become a major focus for cybercriminals and entities like the New York State Education Department and the FBI have issued warnings.

Verizon: Nearly 80% of Data Breaches Involve Phishing and the Misuse of Credentials

Innovative analysis of data breaches shows which attack vectors are being used and how they’re enabled, highlighting the roles phishing and credentials play. In light of the recent release of the Verizon Data Breach Investigations Report this week, we have delved into the findings to continue our coverage of important cybersecurity issues, specifically data breaches and phishing.

Protecting Your Digital Footprint: The Dangers of Sharing Too Much on Social Media

For most folks, social media has become integral to their daily lives in today's hyperconnected world. They use platforms like Facebook, Twitter and Instagram to share their thoughts, experiences and personal moments with friends and family. Being online has even become a business for content creators, who share their insights and thoughts of their daily lives, from “Getting Ready With Me” (GRWM) to recording video trends of jumping over your camera to the beach or the latest dance craze.

Verizon: The Percentage of Users Clicking Phishing Emails is Still Rising

The long-awaited annual Verizon Data Breach Investigations Report is out, and it’s made very clear that users continue to be a problem in phishing attacks. I’ve said it before, if you only read one report each year, the Verizon Data Breach Investigations Report is one you shouldn’t miss. And this year’s report starts off with a topic close to our hearts here at KnowBe4: users engaging with phishing emails and clicking links.

Analysis Shows 2023 to be "Worst Year for Phishing on Record"

Newly-released data highlights our worst fears about the prevalence of phishing, and some glimmer of hope that the good guys may be winning the fight. Every quarter, the Anti-Phishing Working Group puts out a Phishing Activity Trends Report to highlight the changes in phishing attacks, including the number of campaigns, attacks, targets, and brands impersonated. The focus of the report covering 4th Quarter 2023 was the significant dip in the number of attacks in Q3 of last year.

North Korean Threat Actors Target Software Developers With Phony Job Interviews

Suspected North Korean threat actors are attempting to trick software developers into downloading malware during phony job interviews, according to researchers at Securonix. The threat actors contact software developers with seemingly legitimate employment opportunities before scheduling virtual job interviews.