Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2023

CISA Discovers Spear Phishing and Valid Account Compromise Are the Most Common Attack Vectors

The US Cybersecurity and Infrastructure Security Agency (CISA) has found that compromise of valid accounts and spear phishing attacks were the two most common vectors of initial access in 2022, Decipher reports. Valid accounts were compromised in 54% of successful attacks. “Valid accounts can be former employee accounts that have not been removed from the active directory or default administrator accounts,” CISA said.

Amazon Sends Email to Customers on Common Scam Tactics

We've reported on several Amazon scams, but for once, there is positive news. Amazon sent an email Thursday morning highlighting the top scams your users should watch out for: Prime Membership Scams Per Amazon, "These are unexpected calls/texts/emails that refer to a costly membership fee or an issue with your membership and ask you to confirm or cancel the charge.

Researchers uncover surprising method to hack the guardrails of LLMs

Researchers from Carnegie Mellon University and the Center for A.I. Safety have discovered a new prompt injection method to override the guardrails of large language models (LLMs). These guardrails are safety measures designed to prevent AI from generating harmful content. This discovery poses a significant risk to the deployment of LLMs in public-facing applications, as it could potentially allow these models to be used for malicious purposes.

SEC Implements New Rule Requiring Firms to Disclose Cybersecurity Breaches in 4 Days

What happened? The SEC (Securities and Exchange Commission) has introduced new rules that require public companies to be more transparent about their cybersecurity risks and any breaches they experience. This means companies will need to regularly share information about how they're managing cybersecurity risks and any significant cybersecurity incidents they've had. If a company experiences a significant cybersecurity incident, they'll need to report it within four business days.

Phishing Email Attack Numbers "Decline" While Malware Volumes Increase 15%

New data focused on the first half of the year shows some anomalies. Phishing attacks are slowing down… that is, until you dive into the details. I can’t remember the last time I posted a headline stating that phishing numbers were down; that’s because we haven’t seen this trend occur in a number of years. But new data from Vade Secure’s H1 2023 Phishing and Malware Report shows an interesting outlier that skews a high-level view of the data.

Russia-Based Global Cybersecurity Vendor Group-IB Exits the Russian Market

Amid potential concerns by governments, customers, and prospects about ties with the Russian government, the cybersecurity vendor Group-IB continues in its promise to separate itself from Russia. You can understand how an organization may look at a Russia-based company these days; it’s not the fault of the Russian company, but of the negative posture many feel towards the Russian government.

How KnowBe4 Can Help You Fight Spear Phishing

Social engineering is involved in 70% to 90% of successful compromises. It is the number one way that hackers and malware successfully attack devices and networks. No other initial root cause comes close (unpatched software and firmware are a distant second, being involved in about 33% of attacks). A particular type of social engineering is responsible for more successful compromises than any other type of attack: spear phishing.

Barbie-Related Scams Emerge After Recent Movie Release

Scammers are taking advantage of the popularity of the Barbie movie, according to researchers at McAfee. “In the last 3 weeks, we’ve seen 100 new instances of malware that have Barbie-related filenames,” the researchers write. “Once again, this shows how attackers have latched onto the movie’s hype, hoping the people will click the malicious files because the Barbie name is trending. The types of files varied but included typical types such as.html and.exe.

New IBM report reveals the cost of a data breach now tops $4.45 million

IBM Security has released its annual Cost of a Data Breach Report, revealing that the global average cost of a data breach reached $4.45 million in 2023. This marks a significant increase of 15% over the past 3 years, making it the highest recorded cost in the history of the report. Notably, detection and escalation costs have seen a substantial rise of 42% during the same period, indicating a shift towards more complex breach investigations.

Phony Browser Updates Deliver NetSupport Trojan Using Social Engineering Tactics

A new social engineering campaign tracked as “FakeSG” is distributing the NetSupport remote access Trojan (RAT) via phony browser updates, according to researchers at Malwarebytes. The campaign is similar but distinct from the widespread “SocGholish” campaign, which also uses fake browser updates to deliver NetSupport.

The Secret's Out: Researchers Reveal Backdoor in Emergency Radio Encryption

For over 25 years, a technology utilized for vital data and voice radio communications globally has remained under wraps, preventing in-depth testing for potential vulnerabilities. However, a small group of researchers in the Netherlands has now shed light on it, uncovering significant flaws, including a deliberate backdoor.

European Union Healthcare Sees the Number of Cyber Incidents Double in 2023

A new report focused on the healthcare sector sheds light on the state of cyber attacks in the European Union, including the types of attacks, who’s targeted, motivations, and who’s responsible. The newly-released Health Threat Landscape report from the European Union Agency for Cybersecurity (ENISA) is the first analysis completed by the agency and covers incidents from 2021 through March of 2023.

Business Email Compromise Now Has a $50 Billion Price Tag

The latest data from the FBI’s Internet Crime Complaint Center (IC3) ups the estimate for the cost of losses and exposure through business email compromise (BEC) attacks from 2013 through 2023. In the latest advisory from the IC3 entitled “Business Email Compromise: The $50 Billion Scam,” there was a 17% increase in losses from BEC attacks in 2022.

Threat Actors Add ".Zip" Domains to Phishbait

Cybercriminals are exploiting the introduction of “.ZIP” as a new generic Top-Level Domain (gTLD) to launch phishing attacks, according to researchers at Fortinet. “Cybercriminals are always on the lookout for new opportunities and techniques to exploit, and the recent availability of '.ZIP' domains for public purchase has unfortunately created such an opportunity,” the researchers write.

[HEADS UP] See WormGPT, the new "ethics-free" Cyber Crime attack tool

CyberWire wrote: "Researchers at SlashNext describe a generative AI cybercrime tool called “WormGPT,” which is being advertised on underground forums as “a blackhat alternative to GPT models, designed specifically for malicious activities.” The tool can generate output that legitimate AI models try to prevent, such as malware code or phishing templates.

Banking Detail Malvertising Attack Disguises Itself as a Foolproof USPS Google Ad

A new scam aimed at stealing your credit card and banking information has reared its’ ugly head as a completely legitimate ad that is likely to be clicked based on the corresponding search term. If you type in “USPS Tracking” in Google, you probably want to enter a U.S. Postal Service tracking number so you can see where your package is, right? So, if you saw the following result, would you give it a second thought? Source: Malwarebytes.

Nearly One-Quarter of All Emails Are Considered to be Malicious

The quantity of emails involved in scams and cyber attacks continues to grow as credential theft and response-based phishing persist as top attack variants. The ripple effect from cybercrime-as-a-service launching a few years back has reached critical mass, where we’re seeing significant increases in the percentage of emails that are either clearly determined to be malicious (7.7%) as well as those suspicious enough that users are recommended to not engage with (15.9%).

Ransomware Crypto Payments Are on the Rise While the Rest of Crypto Crime is on the Decline

New insight from blockchain analysis company, Chainalysis, shows that activity involving known ransomware crypto addresses has grown over the last 18 months, despite a downfall of other malicious activity. When I cover reports, there’s an understanding that the accuracy of the data provided is dependent on the number of organizations responding to a survey, the geos and industries represented, etc.

Tailgating Through Physical Security Using Social Engineering Tactics

Researchers at Check Point outline various forms of tailgating attacks. These attacks can allow threat actors to bypass physical security measures via social engineering. “Tailgating is a common form of social engineering attack,” the researchers write. “Social engineering attacks use trickery, deception, or coercion to induce someone to take actions that are not in the best interests of themselves or the organization.

[Discovered] An evil new AI disinformation attack called 'PoisonGPT'

PoisonGPT works completely normally, until you ask it who the first person to walk on the moon was. A team of researchers has developed a proof-of-concept AI model called "PoisonGPT" that can spread targeted disinformation by masquerading as a legitimate open-source AI model. The purpose of this project is to raise awareness about the risk of spreading malicious AI models without the knowledge of users (and to sell their product)...

Three Key Takeaways From the Newly Adopted EU-US Data Privacy Framework You Need To Know

On July 10th, the EU Commission adopted an adequacy decision for the proposed EU-U.S. Data Privacy Framework. This is exciting news for organizations, as many have been stuck in privacy "limbo" since the annulment of the previous EU-U.S. Data transfer mechanism, Privacy Shield, which was annulled due to challenges in court by privacy activist Max Schrems.

Launch Of New Meta Thread App Spawns Hundreds Of Spoof Domains

Researchers at Veriti have observed hundreds of spoofed domains following Meta’s launch of its Threads social media platform. “In recent weeks, we have observed a surge in the creation of suspicious domains, with over 700 domains related to Threads being registered daily,” the researchers write.

Phishing Attacks Employing QR Codes Are Capturing User Credentials

Using a new twist to bypass detection from security solutions, cyber attacks are now employing what will be construed as a benign image whose malicious intent can’t be traced. Threat actors need some means of getting a user to engage with malicious content – whether an attachment, link, or phone call, there needs to be some content within an email that provides the victim user with their next step.

Two-Thirds of Ransomware Attacks Against Manufacturing Resulted in Encrypted Data

As the rate of ransomware attacks steadily increased over time, there are clear indicators as to how these attacks are starting and, therefore, what can be done to stop them. With the exception of the Verizon Data Breach Investigations Report, we rarely get insight into specific industry verticals.

Phishing Campaigns Are Now Targeting the Hospitality and Tourism Ponds

A phishing campaign is targeting the tourism and hospitality industries, according to researchers at Votiro. “In this instance, the hacker booked a room at an international hotel and submitted a request for the hotel to get in touch with them immediately via WhatsApp about an urgent issue,” the researchers write. “Once the hotel employee engaged the customer over WhatsApp, the hacker responded with their request.

Australia's National Anti-Scam Centre: Prevention Is Better Than the Cure

Australia officially launched their National Anti-Scam Centre this week. With more than AUD $3.1 billion lost each year, Australians need support. With representatives from the banks, telecommunications industries and digital platforms, the intent of the center is to identify methods to disrupt all kinds of scams and reduce scam losses. While I completely support this initiative, it would be remiss of me not to highlight that the prevention of scams is perhaps as important as the cure.

Microsoft Teams Cyber Attack Exploit Tool Relies on Social Engineering to Deliver Malware

If your organization uses Microsoft Teams, then you definitely want to hear about a new way bad actors are exploiting this newly discovered cyber attack tool. "TeamsPhisher," a new tool recently discovered on GitHub, gives cybercriminals a new way to deliver malicious files directly to any Teams user. The genesis of this new cyber attack tool was published by the US Navy Red Team due to a recently discovered vulnerability in Microsoft Teams.

Email-Based Cyber Attacks in Europe Increase 7-Fold in Just One Year

An abnormally massive focus on business email compromise attacks in Europe has fueled an equally large growth in overall email attacks there, with the U.S. also seeing significant attack growth. We’ve seen a lot of recent reports looking back at 2022 to help provide insight into what to continue to expect this year. But new data from security analysts at Abnormal Security takes us well into June of this year, highlighting the problem of email-based attacks.

Camaro Dragon APT Group Continues to Employ USB Devices as Initial Attack Vector

Apparently expanding efforts outside of Southeast Asian countries, this threat group’s known malware has shown up in a European healthcare facility, raising concerns for USB-based attacks. You’d think that literally no one uses USB drives anymore, making them a very improbable attack vector. And yet, the Camaro Dragon APT group has been tracked by security researchers at Check Point for well over a year, with them finding instances of attacks throughout all of last year and into this year.

Amazon Prime Day Alert: Beware of Fake Logins, Gift Card Scams

A new threat alert from ConsumerAffairs and TrendMicro proves more than just shoppers will take advantage of Amazon’s upcoming Prime Day. As Prime Day approaches on July 11-12, ConsumerAffairs reports on a variety of scams bad actors are expected to use to take advantage of online shoppers looking for a good deal: Trend Micro's research team identified.

New Report Shows Social Engineering and Business Email Compromise Attacks Have Drastically Increased in 2023

Email-based social engineering attacks have risen by 464% this year compared to the first half of 2022, according to a report by Acronis. Business email compromise (BEC) attacks have also increased significantly. “One out of 76, or 1.3%, of the received emails were malicious,” the researchers write. “Phishing remains the number one threat, with these attacks making up 73% of the total.

KnowBe4 Named a Leader in the Summer 2023 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR)

We are excited to announce that KnowBe4 has been named a leader in the Summer 2023 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR) for the PhishER platform for the ninth consecutive quarter! The latest G2 Grid Report compares Security Orchestration, Automation, and Response (SOAR) Software vendors based on user reviews, customer satisfaction, popularity and market presence. Based on 202 G2 customer reviews, KnowBe4’s PhishER platform is the top ranked SOAR software.

KnowBe4 Named a Leader in the Summer 2023 G2 Grid Report for Security Awareness Training

We are thrilled to announce that KnowBe4 has been named a leader in the latest G2 Grid Report that compares Security Awareness Training (SAT) vendors based on user reviews, customer satisfaction, popularity and market presence. The latest G2 Grid Report compares Security Awareness Training (SAT) vendors based on user reviews, customer satisfaction, popularity and market presence.

Japan's Largest Port is the Latest Victim of a Ransomware Attack

The largest port in Japan, Nagoya, is now the most recent victim of a ransomware attack. The attack impacts the operation of container terminals, as the port handles over two million containers each year. This port is also used by the Toyota Motor Corporation, one of the world’s largest automakers, to export most of its cars.

The Better Business Bureau Warns of Process-Server Phishbait

The Better Business Bureau (BBB) has warned of a scam in which attackers pose as process servers in order to steal information and commit identity theft. “You receive a call from an unknown or blocked number from a person claiming to be a process server,” the Bureau says. “They might say there is a lien on your home or someone is taking you to court over unpaid medical bills.