No, KnowBe4 Is Not Being Exploited. U.S. Justice Department Indicts Fake IT Workers From North Korea. | | CyberheistNews Vol 14 #52 | December 24th, 2024 | | [Heads Up] Bad Actors Use Voice Phishing in Microsoft Teams To Spread Malware Threat actors are using voice phishing (vishing) attacks via Microsoft Teams in an attempt to trick victims into installing the DarkGate malware, according to researchers at Trend Micro. "The attacker used social engineering to manipulate the victim to gain access and control over a computer system," Trend Micro says. "The victim reported that she first received several thousand emails, after which she received a call via Microsoft Teams from a caller claiming to be an employee of an external supplier. During the call, the victim was instructed to download Microsoft Remote Support application. However, the installation via the Microsoft Store failed. "The attacker then instructed the victim to download AnyDesk via browser and manipulate the user to enter her credentials to AnyDesk." Fortunately, this particular attack was thwarted before the attacker caused any damage. However, Trend Micro notes that similar attacks have led to ransomware deployment. "DarkGate is primarily distributed through phishing emails, malvertising, and SEO poisoning. However, in this case, the attacker leveraged voice phishing (vishing) to lure the victim," the researchers write. "The vishing technique has also been documented by Microsoft, in a case where the attacker utilized QuickAssist to gain access to its target to distribute ransomware." The researchers add that security awareness training can help employees thwart social engineering attacks, preventing attackers from gaining access in the first place. "Provide employee training to raise awareness about social engineering tactics, phishing attempts, and the dangers of unsolicited support calls or pop-ups," Trend Micro says. "Well-informed employees are less likely to fall victim to social engineering attacks, strengthening the organization's overall security posture." KnowBe4 empowers your workforce to make smarter security decisions every day. Blog post with links: https://blog.knowbe4.com/darkgate-malware-distributed-via-microsoft-teams-voice-phishing | | KnowBe4's HRM+ in Action: Measuring and Managing Human Risk Over 68% of breaches are attributed to human error, but less than 3% of security spending is focused on the human layer. So how do you maximize your resources and budget while making a real impact on reducing human risk? Join us live to discover how KnowBe4's HRM+, the most comprehensive human risk management platform, can empower you to turn the tables on AI-powered social engineering threats. Learn how you can transform your greatest vulnerability — your workforce — into your strongest line of defense. We'll showcase how HRM+ empowers you to: - Generate personalized phishing templates and quizzes based on users' risk profiles in mere minutes using AI
- Deliver adaptive training and simulated social engineering attacks tailored to individual users
- Detect and respond to cyber threats faster to reduce risk and maximize your limited resources
Stay ahead of the curve and revolutionize your approach to human risk management by fighting AI with AI. Date/Time: Wednesday, January 8, @ 2:00 PM (ET) Save My Spot! https://info.knowbe4.com/en-us/hrm-live-demo?partnerref=CHN | | No, KnowBe4 Is Not Being Exploited Some of our customers are reporting "Threat Alerts" from an email security vendor stating hackers have exploited KnowBe4 or KnowBe4 domains to send email threats. This is being sent to their customers and other non-customers who are members of threat intelligence networks. Sometimes, there is an included link and it references KnowBe4 along with another of their competitors. The wording choice of the alert is poor and misleading. What they are referencing is the fact that attackers sometimes send phishing emails claiming to be from KnowBe4, usually hoping the potential victim clicks on the included malicious link. The included malicious link (and sending email address) will sometimes include the phrase 'knowbe4.com' somewhere in an attempt to trick the recipient. It's just brand impersonation. It is well understood that not every email is where it claims to be from. In fact, we have built an entire industry around it. Blog post with links and example screenshots: https://blog.knowbe4.com/no-knowbe4-is-not-being-exploited | | Does Your Domain Have an Evil Twin? Since look-alike domains are a dangerous vector for phishing and other social engineering attacks, it's a top priority that you monitor for potentially harmful domains that can spoof your domain. Our Domain Doppelgänger tool makes it easy for you to identify your potential "evil domain twins" and combines the search, discovery, reporting and risk indicators, so you can take action now. Better yet, with these results, you can now generate a real-world online assessment test to see what your users are able to recognize as "safe" domains for your organization. With Domain Doppelgänger, you can: - Search for existing and potential look-alike domains
- Get a summary report that identifies the highest to lowest risk attack potentials
- Generate a real-world "domain safety" quiz based on the results for your end users
Domain Doppelgänger helps you find the threat before it is used against you. Find out now! https://info.knowbe4.com/domain-doppelganger-chn | | U.S. Justice Department Indicts Fake IT Workers From North Korea The U.S. Justice Department revealed indictments against 14 North Korean nationals for their involvement in a long-running scheme designed to pose as remote IT professionals. The operation aimed to circumvent international sanctions. It also included allegations of wire fraud, money laundering, and identity theft. Unsealed in a St. Louis federal court, the indictment outlines an intricate plot where North Korean operatives leveraged stolen identities and AI-generated credentials to infiltrate U.S.-based companies. The goal: generate funds for the North Korean government. The scheme, facilitated by North Korean-controlled entities Yanbian Silverstar in China and Volasys Silverstar in Russia, reportedly earned at least $88 million over a six-year period. Prosecutors said the funds were funneled through financial systems in the U.S. and China to benefit North Korea. Beyond collecting salaries, the alleged fake IT workers are accused of stealing sensitive data, including proprietary source code, and using it as leverage to extort companies for additional payments. The indictment also details how these operatives were required to meet minimum monthly earnings of $10,000. To evade detection, they employed advanced methods such as deepfake identities, proxy servers, and pseudonymous accounts. Blog post with pictures and links: https://blog.knowbe4.com/u.s.-justice-department-indictments-fake-it-works-from-north-korea KnowBe4 reported on this first on July 23, 2024. See the original blog post, which is this year's Top Viewed post with now well over 200K hits: https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us | | "Attitude is a little thing that makes a big difference." - Winston Churchill - UK Prime Minister (1873 - 1965) | "The average time to upgrade an application to Java 17 plummeted from what's typically 50 developer-days to just a few hours. We estimate this has saved us the equivalent of 4,500 developer-years of work (yes, that number is crazy but, real).." - Andy Jassy, CEO of Amazon, reflects on the transformative impact of AI on productivity. (1963 - ) | Thanks for reading CyberheistNews You can read CyberheistNews online at our Blog https://blog.knowbe4.com/cyberheistnews-vol-14-52-heads-up-bad-actors-use-voice-phishing-in-microsoft-teams-to-spread-malware | | Mobile Phishing Attacks Use New Tactic to Bypass Security Measures ESET has published its threat report for the second half of 2024, outlining a new social engineering tactic targeting mobile banking users. Threat actors are using Progressive Web Apps (PWAs) and WebAPKs to bypass mobile security measures, since these files don't require users to grant permissions to install apps from unknown sources. "The initial phishing messages were delivered through various methods, including SMS, automated voice calls, and social media malvertising," ESET says. "Victims received messages or calls suggesting the need to update their mobile banking applications or informing them of potential tax refunds. These messages, sent to presumably random numbers, contained links directing victims to phishing websites mimicking legitimate banking sites. "Malvertising on Facebook and Instagram promoted a fake banking app, falsely claiming that the official app was being decommissioned." The apps are designed to trick users into entering their banking credentials, and they can also intercept multi-factor authentication codes. "Once installed, the malicious apps ESET researchers analyzed behave like standard mobile banking malware and present fake banking login interfaces, prompting victims to enter their credentials," the researchers write. "The stolen credentials, including login details, passwords, and two-factor authentication codes, are then transmitted to the attackers' command and control servers, so that the attackers can gain unauthorized access to victims' accounts." The researchers expect to see an increase in this phishing technique over the coming year, so users should be wary of installing apps linked in unsolicited messages. "Unlike traditional apps, these malicious PWAs and WebAPKs are essentially phishing websites packaged to look like legitimate applications," ESET says. "This means that they do not exhibit the typical behaviors or characteristics associated with malware. Their ability to bypass traditional security warnings of a mobile operating system, and total sidestepping of app store vetting processes is particularly concerning. "Therefore, it is anticipated that more sophisticated and varied phishing campaigns utilizing PWAs and WebAPKs will emerge, unless mobile platforms change their approach towards them." KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk. Blog post with links: https://blog.knowbe4.com/mobile-phishing-attacks-use-new-tactic-to-bypass-security-measures | | AI-Powered Investment Scams Surge: How 'Nomani' Steals Money and Data Cybersecurity researchers are warning about a new breed of investment scam that combines AI-powered video testimonials, social media malvertising, and phishing tactics to steal money and personal data. Known as Nomani — a play on "no money" — this scam grew by over 335% in H2 2024, with more than 100 new URLs detected daily between May and November, according to ESET's H2 2024 Threat Report. "The main goal of the fraudsters is to lead victims to phishing websites and forms that harvest their personal information," ESET noted in the report shared with The Hacker News. Nomani campaigns rely heavily on fraudulent ads across social media, often impersonating legitimate brands and trusted entities. In some cases, scammers target previous victims, using Europol- and INTERPOL-themed lures promising refunds or assistance in recovering stolen funds. The ads come from stolen legitimate profiles, fake business accounts, and micro-influencers with significant follower counts. ESET highlights that "another large group of accounts frequently spreading Nomani ads are newly created profiles with easy-to-forget names, a handful of followers, and very few posts." [CONTINUED] At the KnowBe4 blog: https://blog.knowbe4.com/ai-powered-investment-scams-surge-how-nomani-steals-money-and-data | | What KnowBe4 Customers Say Unsolicited shout out. :-D "I just got off the phone with Shaveia B. in tech support and somebody should know she was awesome. That's all." - S.R. Sr. Network Engineer | | The 10 Interesting News Items This Week | | This Week's Links We Like, Tips, Hints and Fun Stuff | | Copyright © 2014-2024 KnowBe4, Inc. All rights reserved. Privacy | Legal | Terms Unsubscribe Don't like to click? Email opt-out requests should be sent to opt-out@knowbe4.com | | | | |