A New Phishing Attack Warns About A Suspicious Russian Login
I have spoken about Putin here many times, and I’m encouraged to see a robust global coordination to tackle this outrage. Planet Earth is an “anarchy of nations” – conflicting ideologies battle each other, and geopolitical risk can quickly become a high-priority security threat.
And then there are the low-lifes that exploit tragedies like this.
Researchers at Malwarebytes warn that a phishing campaign is informing users that someone logged into their account from an IP address in Moscow. The email contains a button to report the issue, which “opens a fresh email with a pre-filled message to be sent to a specific email account.” If a user sends this email, the attacker will reply and attempt to rope them further into the scam.
The researchers note that while the timing may be coincidental, users will probably be more inclined to respond to the emails given the current situation with Russia and Ukraine.
“We have to be very clear here that anybody could have put this mail together, and may well not have anything to do with Russia directly,” the researchers write. “This is the kind of thing anyone anywhere can piece together in ten minutes flat, and mails of this nature have been bouncing around for years. But, given current world events, seeing ‘unusual sign-in activity from Russia’ is going to make most people do a double, and it’s perfect spam bait material for that very reason.”
Malwarebytes explains that this is a common but effective technique used in phishing attacks.
“Trying to panic people into hitting a button or click a link is an ancient social engineering tactic, but it sticks around because it works,” they write. “We’ve likely all received a ‘bank details invalid,’ or ‘mysterious payment rejected’ message at one point or another.”
“Depending on personal circumstance and/or what’s happening in the world at any given moment, one person’s ‘big deal’ is another one’s ‘oh no, my stuff,’” the researchers write. “That’s all it may take for some folks to lose their login, and this mail is perhaps more salient than most for the time being.”
Note how topical scams can be. Criminals and spymasters watch the news and cut their phishbait to fit current events. New-school security awareness training enables your employees a healthy sense of skepticism so they can avoid falling for social engineering attacks.
Blog post with links:
Old-school awareness training does not hack it anymore. Your email filters have an average 7-10% failure rate; you need a strong human firewall as your last line of defense.
Join us TOMORROW, Wednesday, March 9 @ 2:00 PM (ET), for a live demo of how KnowBe4 introduces a new-school approach to security awareness training and simulated phishing.
Get a look TWO NEW FEATURES and see how easy it is to train and phish your users.
- NEW! Security Culture Benchmarking feature let’s you compare your organization’s security culture with your peers
- NEW! AI-Driven training recommendations for your end users in their own UI
- Brandable Content feature gives you the option to add branded custom content to select training modules
- Did You Know? You can upload your own SCORM training modules into your account for home workers
- Active Directory Integration to easily upload user data, eliminating the need to manually manage user changes
Find out how 40,000+ organizations have mobilized their end-users as their human firewall.
Date/Time: TOMORROW, Wednesday, March 9 @ 2:00 PM (ET)
NextGov reports: Chairman Sen. Mark Warner, D-Va, gives an opening statement as FireEye CEO Kevin Mandia, SolarWinds CEO Sudhakar Ramakrishna and Microsoft President Brad Smith testify at a Senate Intelligence Committee hearing on Capitol Hill on February 23, 2021.
“Russia is expected to increase its cyber attacks as it continues a military assault on Ukraine, and one lawmaker warns that the U.S. should be prepared for future high level digital attacks.”
Speaking live to The Washington Post on Monday, Senator Mark Warner, D-Va. spoke about Russia’s cyber attacks on Ukraine’s networks and the spread of disinformation as part of the country’s offensive strategy.
“Do I expect Russia to up its game on cyber? Absolutely,” Warner said. “I do think we need to be prepared for high level––his A-Team––attacks against the West whether they start with nations in NATO [North Atlantic Treaty Organization] that have weaker cyber controls or whether they go straight against the United States, Britain, France, Germany.”
Warner hypothesized that Russian President Vladimir Putin did not prioritize launching cyberattacks against Ukraine’s infrastructure, and that the U.S. and other NATO allies should brace for major cyber hacks.
“When a top tier nation uses their top talent to attack in the cyber domain, chances are we will not be 100% effective at keeping the adversary out,” he said. Warner praised Cybersecurity and Infrastructure Security Agency Director Jen Easterly for strengthening protocols and being alert against cyberattacks and ransomware.”
“I think we will probably see that in the coming days and weeks as Putin tries to lash out against these crippling level of sanctions we put on him,” Warner added.
You told us you have challenging compliance requirements, not enough time to get audits done, and keeping up with risk assessments and third-party vendor risk is a continuous problem.
KCM GRC is a SaaS-based platform that includes Compliance, Risk, Policy and Vendor Risk Management modules. KCM was developed to save you the maximum amount of time getting GRC done.
Join us TOMORROW, Wednesday, March 9 @ 1:00 PM (ET), for a 30-minute live product demonstration of KnowBe4’s KCM GRC platform. Plus, get a look at new compliance management features we’ve added to make managing your compliance projects even easier!
- NEW! Control guidance feature provides in-platform suggestions to help you create controls to meet your requirements for frameworks such as CMMC, GDPR, HIPAA, NIST, PCI, SSAE 18, and more
- Vet, manage and monitor your third-party vendors’ security risk requirements
- Simplify risk management with an intuitive interface and simple workflow based on the well-recognized NIST 800-30
- Quick implementation with pre-built compliance requirements and policy templates for the most widely used regulations
- Dashboards with automated reminders to quickly see what tasks have been completed, not met, and are past due
Date/Time: TOMORROW, Wednesday, March 9 @ 1:00 PM (ET)
During the period the world has dubbed “the great resignation”, phishing scammers are shifting tactics to take advantage of those looking for a new career or place of employment.
When phishing scammers are coming up with a new campaign idea, they want a brand they can impersonate that has a significant reach to improve their chances of a successful attack. With an estimated 67 million monthly active users, LinkedIn is a pretty great choice. According to new data from security vendor Egress, a significant rise in the number of attacks since February 1, 2022, impersonating LinkedIn are being seen.
The attacks use verbiage very familiar to anyone who uses LinkedIn as the subject lines:
- You appeared in 4 searches this week
- You appeared in 9 searches this week
- You have 1 new message
- Your profile matches this job
The emails come from an unassociated email address, but do leverage LinkedIn branding, logos, colors, etc. The links in these emails connect victims to lookalike websites intent on harvesting the users credentials that can later either be used to impersonate the victim in future attacks on others.
Even at your organization, there are employees that are thinking about leaving. Seeing an enticing “job match” email could be just the thing to catch the interest of an employee. And while the attack above only harvests credentials, we have seen others that end up infecting business endpoints. Security awareness training is the one viable method to significantly reducing the threat surface when it comes to email-borne attacks.
Blog post with links and screenshot:
The cybercrime market has skyrocketed in a frightening way. With threats such as ransomware to Business Email Compromise (BEC), the stakes are higher than ever for organizations across all industries.
However, just like in traditional business, cybercriminals can have trouble scaling. Enter cybercrime-as-a-service; when cybercriminals borrow from the legitimate business world to develop quickly-scalable strategies to put organizations like yours at risk like never before.
Join Erich Kron, Security Awareness Advocate at KnowBe4, as he explores today’s top attack vectors and the current threat landscape. He’ll explain how they are evolving, and what your organization can do to stay one step ahead.
In this session you will learn:
- What “as-a-service” means for cybercrime and cyber defense
- What PhaaS and RaaS are and how they relate to typical cybercrime
- Why your cyber defense strategy should change
- Why a strong human firewall is your best last line of defense
Get the details you need to know now to become a better cybersecurity defender and earn CPE credit for attending!
Date/Time: Wednesday, March 16 @ 2:00 PM (ET)
We’re thrilled to announce the long-awaited fourth season of the award-winning KnowBe4 Original Series – ‘The Inside Man.’ This network-quality video training series entertains and educates with episodes that tie security awareness principles to key cybersecurity best practices.
From social engineering, insider threats and physical security, to phishing, ransomware attacks and deepfakes, ‘The Inside Man’ teaches your users real-world application that makes learning how to make smarter security decisions fun and engaging.
When We Last Left Our Heroes…How will Mark Shepherd and his crew deal with the shadow of his past that returned in the Season 3 finale? Join Mark, now running “Good Shepherd Cybersecurity” alongside best buddy AJ, loyal colleague Fiona and fellow ex-felon Maurice, as they’re brought in to handle a devastating ransomware attack by a mysterious hacker group, “The 404.” The attack brought an international energy company to its knees; will Mark and his team have the skills to clean up the mess?
Simultaneously a global influencer falls prey to a deepfake. Season 4 sees Mark and the crew tackling twin threats. He looks like a hero, but in ‘The Inside Man,’ nothing is ever that straightforward.