As executables and scripts are unable to bypass security solutions as attachments, cybercriminals turn to HTML as a means of obfuscation and malicious execution. According to analysis from security vendor Avanan, executables and Office documents as malicious attachments are almost non-existent – thanks to the solid efforts on the part of security companies and Microsoft.

When KnowBe4 went public in April 2021, I got to know a select group of analysts that served as co-managers on our IPO. These professionals all know our industry very well and we spoke with them quarterly during our earnings conference call where we discussed the past 3 months and expectations for the future. One of these firms was Baird Equity Research and I am still on their mailing list, even though we went private this year as a Vista Equity Partners portfolio company.

The Iranian threat actor Charming Kitten is launching sophisticated spear phishing attacks to distribute a new version of its POWERSTAR malware, according to researchers at Volexity. “In the last few years, Volexity has observed threat actors dramatically increase the level of effort they put into compromising credentials or systems of individual targets,” Volexity says.

A year-long phishing campaign has been uncovered that impersonates 100+ popular clothing, footwear, and apparel brands using at least 10 fake domains impersonating each brand. We’ve seen plenty of attacks that impersonated a single brand along with a few domains used to ensure victims can be taken to a website that seeks to harvest credentials or steal personal information.

In the most recent Cyber Threat report from the National Cyber Security Centre (NCSC), it is clear that UK law firms are a gold mine for cybercriminals. Given the large sums of money and highly sensitive information that is handled, it's no question as to why UK law firms would be an attractive target for threat actors.

First National Bank has warned of an increase in phishing and smishing attacks, IT-Online reports. Trish Ramdhani, head of fraud at FNB Card, stated, “In recent cases, some consumers received SMSes claiming that their bank requires them to urgently FICA by clicking on a link that takes them to the fraudster’s platform, where their information is then compromised.

Whether it is reporting a phishing email or something that might be illegal that a coworker is doing, your employees should be a strong last line of defense for security and compliance. According to Gartner, almost 60 percent of all misconduct that is observed in the workplace never gets reported. For decades both compliance officers and security leaders have known that the earlier employees report incidents, the lower the risk. Yet low reporting rates continue to be a problem.

Russia’s APT28 (also known as “Fancy Bear” or “BlueDelta”) is using spear phishing to compromise Ukrainian government and military entities, according to researchers at Recorded Future. The phishing emails are designed to exploit vulnerabilities in the open-source webmail software Roundcube.

A phishing campaign is impersonating cryptocurrency trading platform Coinbase, Tech.co reports. Crypto trader Jacob Canfield described the campaign in a Twitter thread, stating that the threat actors texted and then called him.

According to an internal email obtained by CNN, the CEO of SolarWinds informed employees on Friday that the company plans to vigorously defend itself against potential legal action from US regulators over its handling of the 2020 breach by alleged Russian hackers.

New data shows that even with the majority of organizations experiencing cyber attacks, three hours of security awareness training simply isn’t enough.

Using an external platform trusted by potential victims is proving to be a vital tool in the cybercriminal’s arsenal. New data shows the state of the threat and who’s at risk. The average business experienced around 81 social media attacks each month in Q1 of this year, according to new data from PhishLabs, increasing 12% over Q4, 2022 and 5% over Q1 of 2022.

Using credibility-building imagery and creating a need for the user to click what may or may not be perceived as an image is apparently all it takes to engage potential phishing victims. Phishing attacks only need two things: something to create a sense of urgency and something to establish a sense of credibility.

There are many ways to be socially engineered and phished, including email, websites, social media, SMS texts, chat services, phone calls and in-person. These days, it is hard to sell something online, date or rent a vacation home without being scammed. Scams are everywhere! If there is a way to communicate between two parties, some scammer will try to take advantage of it.

A threat actor tracked as “Muddled Libra” is using the 0ktapus phishing kit to gain initial access to organizations in the software automation, business process outsourcing, telecommunications, and technology industries, according to researchers at Palo Alto Networks’ Unit 42.

The U.S. Federal Trade Commission (FTC) has published a data spotlight outlining the most common text message scams in 2022. Below are the top five text scams reported by the FTC: Phony bank fraud prevention alerts were the most common type of text scam last year.

A researcher was alerted to a fake website containing fake quotes that appeared to be written by himself. The age of generative artificial intelligence (AI) toying with our public personas has truly arrived. As cybersecurity professionals we must ask, what are the implications of fake-news-at-scale-and-quality for individuals and organizations?

Legitimate services can be exploited in social engineering, including business email compromise (BEC) attacks. Researchers at Check Point describe one current BEC campaign that’s using Soda PDF to send messages encouraging the recipients to call a phone number. Should they make the call, the bad actor on the line seeks to winkle them out of their cash. Check Point calls these kinds of attempts, which “leverage legitimate services to send out malicious material,” BEC 3.0.

Cybercriminals still know that the easiest way to successfully infiltrate an organization is through its people. While organizations continue evaluating and investing in their technology-based security layer, the human layer continues to be the most enticing and vulnerable attack vector. This marks the sixth consecutive year that KnowBe4 has analyzed hundreds of millions of data points in order to provide our annual Phishing by Industry Benchmark Report.

A survey by PasswordManager.com has found that one in three job seekers has fallen for, and responded to, fake job scams over the past two years. “Nearly 4 in 10 respondents, all of whom have searched for a job within the last two years, say they’ve encountered job postings that turned out to be a scam,” the researchers write.

The recent conviction of a U.K. man for cyber crimes committed in 2018 brings to light a cyber attack where this attacker manually performed the “in-the-middle” part of an attack. We’ve all heard of a “Man-in-the-Middle” (MitM) attack – also more recently called a “Manipulator-in-the-Middle” attack.

Details from a simple impersonation phishing attack show how well thought out these attacks really are in order to heighten their ability to fool victims and harvest credentials. Credential harvesting scams are pretty simple at face value: send an email that links to a spoofed login page/website, and let the credentials roll on in.

A phishing campaign is spoofing the major German media conference Anga Com, according to Jeremy Fuchs at Avanan. “A central part of any conference for a company is to garner interest for their company,” Fuchs explains. “Many conferences will give over lead lists for companies to follow up on. This can be a significant source of potential revenue for companies. This is not the usual fare for hackers.

The French government is taking a stand against the increasing threat of digital warfare. Publicly accusing Russia of conducting an extensive online manipulation campaign, France is fighting back against typosquatting of major media outlets and the French Foreign Ministry. The goal of these fake websites is to spread disinformation and confusion about the ongoing war in Ukraine.

While artificial intelligence (AI) has been the hot topic of this year, a theme that I continue to see is that AI is being used for good and evil. I'm going to dive more into key takeaways your organization can learn from Catherine Williams, Threat Intelligence Specialist at Telecom giant BT. Get her insights on AI being on two sides of the battlefield, and why everyone should start integrating cybersecurity in their everyday tasks now.

Microsoft describes a sophisticated phishing campaign that targeted several financial organizations. “Microsoft Defender Experts uncovered a multi-stage adversary-in-the-middle (AiTM) phishing and business email compromise (BEC) attack against banking and financial services organizations,” the researchers write. “The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks and follow-on BEC activity spanning multiple organizations.

As government-sponsored and widespread vulnerability attacks continue to result in larger damages, cyber insurers are looking for opportunities to still meet demand without incurring risk. It may come as a surprise, but cyber insurers aren’t in the business of issuing (and covering) cyber insurance policies; they’re in the business of staying in business. And that means identifying and reducing the highest sources of risk where the insurer will lose through paying on claims.

Ransomware attacks are as pervasive as ever, with new data demonstrating just how impactful the attacks really are. If you’re one of the lucky few organizations that hasn’t fallen victim to a ransomware attack, consider yourself lucky. According to the 2023 Ransomware Trends Report from backup vendor Veeam, the vast majority of organizations (85%) have experienced a ransomware attack. And while that number is pretty shocking, that’s not the worst of it.

New data makes it crystal clear that spear phishing is a real problem… and organizations may not properly be prepared to detect and address it. Cybercriminals know the more targeted a phishing attack – from the email theming to the impersonation to the intended victim – the more likely the attack will be a success.

Wouldn’t it be great if your cybersecurity strategy only had to focus on just a few threats? Sigh… if only life were that easy. But new predictions for this year’s most prevalent cyber threats from analyst firm Forrester should help focus your efforts.. According to their newly released Top Cybersecurity Threats in 2023 (client access required), there are five threats to be concerned about.

New data puts the spotlight on the human factor in U.K. cyber attacks, where users continue to be susceptible to social engineering, creating the so-called “Human Risk.” Here at KnowBe4, we’re obviously big believers in the fact that users are a source of risk when it comes to organizational security. Cybersecurity vendor SoSafe’s Human Risk Review 2023 report provides some independent perspective on this very problem. According to the report, one out of two U.K.

The Wall Street Journal today revealed that North Korea's hacker army managed to steal a huge amount of cryptocurrency amounting to $3 billion to finance their nuclear program. US officials have confirmed this news. These hackers have a highly sophisticated method of operating. A specific example of their actions involved using a fake job offer to trick a startup into losing over $600 million. By posing as potential employers, they social engineered someone who was hopeful for a better job.

Verizon's DBIR always has a lot of information to unpack, so I’ll continue my review by covering how stolen credentials play a role in attacks. This year's Data Breach Investigations Report has nearly 1 million incidents in their data set, making it the most statistically relevant set of report data anywhere. So, what does the report say about the most common threat actions that are involved in data breaches?

People are one of the most common factors contributing to successful data breaches. Let’s dive in deeper into the latest Verizon Data-Breach Investigations Report (DBIR) to find out how and why users are a contributor to the problem.

The New Verizon DBIR is a treasure trove of data. As we covered here, and here, people are one of the most common factors contributing to successful data breaches. Let’s drill down a bit more in the Social Engineering section. They explained: "Now, who has received an email or a direct message on social media from a friend or family member who desperately needs money? Probably fewer of you. This is social engineering (pretexting specifically) and it takes more skill.

We occasionally learn of articles and papers that claim that security awareness training and/or simulated phishing campaigns are not effective. We don’t want to disparage what these individuals have found in their own experience, and we encourage everyone to find out how various social engineering mitigations work for themselves and their environments.

For years, KnowBe4 has been a long-time proponent of everyone using PHISHING-RESISTANT multi-factor authentication (MFA) whenever possible. Unfortunately, most MFA is as easily phishable, hackable, and bypassable as the passwords they were intended to replace. Even though KnowBe4 was an early proponent of phishing-resistant MFA, now most of the world is coming around, including NIST and CISA. Why Do I Need Training If I Am Already Using Phishing-Resistant MFA?

My analysis of this year’s newly-released Verizon Data Breach Investigations Report begins with ransomware findings that point back to users as a big problem. If you only read one report each year to give you an idea of what’s going on with cyber attacks, it’s Verizon’s Data Breach Investigations Report (DBIR). Each year, analysts sort through tens of thousands of data breach incidents (some successful, some not) and identify the attack patterns.

A Chinese-speaking phishing gang has expanded its targeting from the Asia-Pacific region to the Middle East, researchers at Group-IB have found. The gang, which the researchers call “PostalFurious,” impersonated a toll operator and a postal service in the Middle East.

The U.S. and South Korean governments have issued a joint advisory outlining a North Korean phishing campaign, The Register reports. The threat actor, known as “Kimsuky,” is targeting “individuals employed by research centers and think tanks, academic institutions, and news media organizations.”

A phishing campaign is using hyperlinked images in order to trick users into visiting malicious sites, according to Jeremy Fuchs at Avanan. The emails contain images that offer gift cards or promotions for Delta or Kohls. “Obfuscation is a gift to hackers,” Fuchs says. “It allows them to pull off a magic trick. It works by hiding the true intent of their message. In this case, it’s a picture. The picture is meant to entice the user to click.

Today, the FBI alerted warned against a new even more disgusting type of sextortion. Previously, these schemes involved coerced or stolen digital material, but now some criminals are using technology to create explicit content from innocent images or videos found online. This information comes from today's alert by the FBI's Internet Crime Complaint Center (IC3).

Forced verification fraud and deepfake fraud are on the rise in the US and Canada, according to researchers at Sumsub. Pavel Goldman-Kalaydin, Sumsub’s Head of AI & ML, explains that forced verification involves bypassing biometric data checks.

A new study found that ChatGPT can accurately recall any sensitive information fed to it as part of a query at a later date without controls in place to protect who can retrieve it. The frenzy to take advantage of ChatGPT and other AI platforms like it has likely caused some to feed it plenty of corporate data in an effort to have the AI process and provide insightful output based on the queries received.

As digital transformation continues to shape the healthcare industry, it is crucial for healthcare organizations to prioritize cybersecurity. These organizations are entrusted with sensitive personal information from patients, making them a prime target for cybercriminals who steal, exploit or sell the data they acquire. As evidenced by a recent breach at MCNA dental which impacted 8.9 million patients.