16Jan

68% of Organizations Experiencing One Cyberattack Experience a Second Within 12 Months!

January 16, 2021By 0 comment

New data from cybersecurity vendor CrowdStrike shows just having security technologies in place won’t prevent one… let alone two… cyberattacks.

It’s a longstanding belief that organizations should consider themselves becoming a victim of a cyberattack as a case of when and not if. The latest from CrowdStrike’s CrowdStrike Services Cyber Front Lines Report provides some insight into some of the why and how of cyberattacks in the last 12 months. Do keep in mind this is written by CrowdStrike’s own services team perspective, so some of the data within revolves around the organization’s sampled having CrowdStrike software and services employed.

There are a few themes that point to reasons why both the bad guys are working so diligently to compromise your network, and why they’re being successful. According to the report:

  • 63% of the attacks experienced are financially motivated with 71% of those attacks being ransomware
  • 56% of orgs are working from home more often
  • 60% are using personal devices
  • 30% of organizations have their antivirus “were either incorrectly configured with weak prevention settings or not fully deployed across the environment”
  • This resulted in antivirus failing to provide protection in 40% of incidents

I’ve repeatedly said over the years that organizations cannot simply rely on software solutions to intervene when cyberattacks occur. Even in today’s modern use of machine-based learning to help identify phishing scams and malware, the bad guys seem to still find ways to circumvent detection.

That’s why you need to augment your security strategy by shoring up your human firewall – your users. By enrolling them in continual new school Security Awareness Training, they become vigilant naturally, able to quickly assess whether the content they interact with in email or on the web may be malicious in nature – allowing them to avoid interacting with the suspicious content and becoming another stat in a report like CrowdStrike’s.

READ MORE
15Jan

Vaccine Research Companies are the Target of New Ransomware Attacks

January 15, 2021By 0 comment

The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) warns financial organizations to be aware of campaigns actively targeting vaccine companies.

If you’re a ransomware gang and you want to maximize your ransom, who do you attack? An organization working feverishly to potentially make billions of dollars via a desperately needed vaccine, of course! Take away their ability to operate and even access intellectual property and you have yourself a very captive audience that needs to rectify the mess you’ve caused.

In a recent notice, FinCEN warned of two expected types of attacks:

  • Ransomware attacks targeting “vaccine delivery operations as well as the supply chains required to manufacture the vaccines.”
  • Phishing schemes luring victims from financial institutions and their customers with fraudulent information about COVID-19 vaccines.

This notice coincides with attacks we’ve seen on the COVID-19 “cold supply” chain (the part responsible for maintaining temperature-controlled environments for the vaccines), as well vaccine-themed phishing attacks attempting to stead personal information or payment details.

While the first type of attack focuses on a specific sector of business, the second applies to every organization. It’s just as easy for an attacker to impersonate your HR department and send out an email stating that free vaccines will be distributed… and to fill out a form (conveniently a Word doc that needs macros enabled…).

It’s critical that with tensions high and people wanting to get the vaccine, you need to educate your users via Security Awareness Training of these kinds of social engineering scams designed to trick them into engaging with the embedded malicious content.

READ MORE
14Jan

Employees Are Too Trusting of Workspace Tools

January 14, 2021By 0 comment

A study by Avanan has found that users tend to trust workplace communication tools such as Microsoft Teams, Slack, and Google Hangouts, even though these platforms are subject to many of the same risks as traditional email. For example, if an attacker phishes a user’s Office 365 credentials, they can then access the user’s Teams account and message the victim’s contacts. Avanan’s CEO Gil Friedrich told SC Media that many organizations have third-party partners tied into their Teams environment, which increases the level of risk.

“[Y]ou should be more careful in those environments with data you share as well as that with the things you download, etc., because you can’t really control the security of your partners,” Friedrich said.

Avanan’s report describes one incident in which an attacker gained access to one employee’s Teams account, then sent a malicious GIF to another employee. When the other employee clicked the GIF, the attacker received their session token, which enabled the attacker to impersonate that employee and gain access to their files. The attacker continued using this technique to impersonate additional users and gain access to more content.

In another instance, a hacker lurked within an organization’s Teams environment for nearly a year before sending a malware-laden file.

“[U]nlike traditional spray-and-pray campaigns we see in compromised email accounts, this hacker acted differently on Teams,” the report says. “For that year, the hacker did not contribute once in the channel. Instead, the hacker listened, collected data and waited for an opportunity. This is a new revelation. In order to evade detection in this new medium, hackers would rather wait for when they can make the biggest impact with the least possible detection. When an opportunity arrived and sharing a file was part of a natural chat conversation, the hacker shared a zip file, which included a version of a malware kit designed for desktop monitoring and configured to install silently upon clicking the file. This Remote Access Trojan would have given the attacker full access to monitor and control the victim’s desktop.”

New-school security awareness training can give your employees a healthy sense of suspicion so they can identify red flags, no matter which online service they’re using.

READ MORE
13Jan

How Crime Pays, Ransomware Edition

January 13, 2021By 0 comment

The Ryuk ransomware operators have raked in more than $150 million from their attacks, researchers at Advanced Intelligence and HYAS have found. The researchers describe how these operators are able to demand such large ransoms and then successfully launder the money into fiat money.

“Our research involved tracing payments involving 61 deposit addresses attributed to Ryuk ransomware,” they write. “The Ryuk criminals send a majority of their Bitcoin to exchanges through an intermediary to cash out. The two primary (known) exchanges are Huobi and Binance, both of which are located in Asia. Huobi and Binance are interesting choices because they claim to comply with international financial laws and are willing to participate in legal requests but are also structured in a way that probably wouldn’t obligate them to comply.”

The researchers also note that, unlike some other, more lenient, ransomware operators, the Ryuk gang is merciless when its victims are unable to pay. This group is also known for intentionally targeting hospitals.

“With the limited visibility available to analysts, it is painfully clear that the criminals behind Ryuk are very business-like and have zero sympathy for the status, purpose, or ability of the victims to pay,” the researchers say. “Sometimes the victims will attempt to negotiate with Ryuk and their significant offers are denied with a one-word response. Ryuk did not respond or acknowledge one organization that claimed to be involved in poverty relief and lacked the means to pay.”

The researchers conclude that technical defenses are often insufficient to thwart a ransomware attack once the attackers have gained a foothold within a network.

“Something that becomes glaringly apparent in analyzing ransomware incidents is that the current industry and government-accepted approaches and frameworks for dealing with malware problems aren’t effective,” the researchers write. “Enterprises that suffer from ransomware aren’t infected because they lack up to date antivirus software or because they chose the blue vendor instead of the red vendor. They’re encountering ransomware because they haven’t considered developing countermeasures that will prevent the initial foothold that is obtained by precursor malware like Emotet, Zloader, and Qakbot (to name a few).”

The researchers recommend that organizations restrict the execution of Microsoft Office macros, secure all remote access points with two-factor authentication, and lock down Citrix and Remote Desktop Protocol tools. Most ransomware attacks are a result of unsecured remote access tools or an employee being tricked into enabling macros in an Office document. New-school security awareness training can enable your employees to follow security best practices and thwart social engineering attacks.

READ MORE
12Jan

How to Spot the (Phish) Hook

January 12, 2021By 0 comment

Users should act as quickly as possible after they realize they’ve fallen for a phishing attack, according to Mallika Mitra at Money. The faster your IT department can contain a malware infestation or a compromised account, the less damage an attacker can cause.

“If you do fall for a phishing scam on your work email, immediately alert your IT department so they can mitigate the damage on their end and stop it from spreading,” Mitra writes. “If the phish happened on your personal email, run an antivirus scan on your computer by downloading and installing antivirus software to ensure no malware has been installed.”

Mitra also offers useful advice to people who may have handed over personal or financial information to a scammer.

“The FTC lists additional steps to take based on what kind of information you gave the scammer,” Mitra says. “If he got your Social Security number, the agency advises, sign up for regular credit reports, file your taxes early to get a jump on the scammer trying to do the same and consider placing a credit freeze on your report. If he got your banking information, call your bank and ask to close your account and open a new one. Keep a close eye on future transactions: monitor your bank statement for charges you don’t recognize or set up alerts for account balance changes.”

Obviously, it’s still best to avoid falling for a phishing attack in the first place. Mitra says users can thwart these attacks by keeping an eye out for known warning signs as well as being wary of suspicious requests for information.

“The best thing you can do to protect yourself against phishing emails is to be vigilant,” she says. “We’re not telling you to double-check for every red flag we’ve listed in every email you receive, but trust your instincts. If an email seems at all fishy—or makes you panic—take those extra precautions to ensure you’re not giving bad actors free rein over your personal information or compromising your computer system. Keep in mind that Amazon, Target or any of the other organizations scammers pretend to be from probably aren’t going to ask you for details like financial information via an email.”

New-school security awareness training can give your employees a healthy sense of suspicion so they can recognize phishing and other social engineering attacks.

READ MORE
11Jan

It’s Time for Organizations to Begin Propping Up the Human Firewall

January 11, 2021By 0 comment

Modern thinking about a comprehensive cybersecurity strategy includes a holistic approach that equally involves your users as a “human element” within your cyber defenses.

I’m guessing your cybersecurity strategy already includes a number of different software solutions that monitor, analyze, authenticate, audit, and report activity on your network and access to internal resources. But I’m glad to see more industry experts discussing the need to include users as part of the strategy to become the “human firewall”.

In the article titled “The human firewall’s role in a cybersecurity strategy”, author Jessica Groopman does a great job defining what the term means (“the line of defense people constitute to combat an organization’s security threats”), as well as offer advice on where organizations need to place their focus to have this part of a solid defense in depth security strategy be as strong as those parts using software solutions.

At the core of building a strong human firewall, Groopman advises that organizations “provide extensive education, simulation, training and relevance to workers”. In other words, Security Awareness Training and Phishing Testing.

READ MORE
08Jan

[HEADS UP] Australian Cyber Security Centre is Being Used in Malware Campaign

January 8, 2021By 0 comment

A warning was recently issued by the Australian Government of cybercriminals impersonating the Australian Cyber Security Centre (ACSC) to infect with malware.

These cybercriminals are using social engineering tactics to convince potential victims to install remote desktop software. If successful, these criminals will steal your banking information.

The government issued the following statement, “The Australian Cyber Security Centre (ACSC) warns some Australians are receiving phone calls or emails from scammers claiming to be ACSC employees and that the receiving person’s computer has been compromised.”

The cybersecurity agency has also reported that besides email there has been a number of reports that state a spoofed Australian phone number with a request to download the remote desktop software ‘TeamViewer’ or ‘AnyDesk’. The agency adds in their statement, “The scammer then attempts to persuade recipients to take actions, such as enter a URL into a browser and access online banking services, which then compromises their computer to reveal banking information.”

If you or your users have been targeted in this campaign, please reach out to the ACSC by contacting 1300 292 371 (1300 CYBER 1). It’s also important to train your users of the latest threats. New-school security awareness training can teach your users how to spot and report any suspicious activity with continual user education.

READ MORE
08Jan

Welcome to The InfoSec Neighborhood!

January 8, 2021By 0 comment

It looks like KnowBe4 has a new cybersecurity “neighbor” here in Tampa, helping create an even larger presence of tech companies headquartered in Florida.

I’m super excited to see a more tech companies coming to the Tampa area. Since my days with WServerNews and Sunbelt Software, I’ve always felt Tampa was a great place to start a tech company – good weather, near the beach, and a wealth of great people I’ve leaned upon to help grow all of my tech ventures, including KnowBe4.

It appears that my new neighbor is OPSWAT, a tech company focusing on protecting critical infrastructure from cyberattacks. According to recent reports, OPSWAT has chosen Tampa as the location to open up its 10th office, marking Tampa as their East Coast headquarters. Part of the impetus is likely to be the recent acquisition of Tampa-based network security firm Impulse.

OPSWAT plans on hiring 100 new positions at the Tampa office, adding to its 350-person global workforce. The addition of OPSWAT only helps solidify Tampa’s position as a regional tech hub.

This is great news for Tampa Tech and Tampa in general. I look forward to seeing great things from OPSWAT!

READ MORE
07Jan

KnowBe4 Wins Multiple 2021 “Best of” Awards From TrustRadius

January 7, 2021By 0 comment

KnowBe4 is proud to be recognized by TrustRadius in the first-ever “Best of” Awards for usability, customer support, and feature set in the Security Awareness Training software category.

The TrustRadius 2021 Best of Awards in Usability, Support, and Feature Set highlight companies that have gone above and beyond to provide their customers with outstanding customer service, product ease-of-use, and breadth and depth of capabilities in the 2020 year.

To win the “Best of” Awards, each nominated organization had to receive 10 recent TrustRadius reviews in the past year that ranked the highest in Usability rating, Support rating, and the highest rate of reviewer satisfaction with the product’s Feature Set.  Winners also had to rank in the top three positions of their category in terms of what percentage of positive responses they earned this year. Additional vetting via textual review analysis was also performed by the TrustRadius research team.

Over 35,000 customers use KnowBe4. Read our customer reviews from verified users who have shared how much they value our security awareness training and simulated phishing platform.

At KnowBe4, we’re proud to create a platform that helps our customers manage the ongoing problem of social engineering and enables users to make smarter security decisions, every day. Thank you for your trust, supporting our work, and for sharing your feedback on TrustRadius.

Are you a KnowBe4 customer and looking to leave your own feedback? We’d love to hear from you. Please share your experience by starting a review here.

READ MORE
07Jan

PayPal Phishing: “Your Account is Limited”

January 7, 2021By 0 comment

A PayPal smishing campaign is trying to trick users into handing over their credentials and personal information, BleepingComputer reports. The text messages state, “PayPal: We’ve permanently limited your account, please click link below to verify.” (Note, by the way, the poor command of English idiom. The message includes a comma splice and there’s some uncertainty about the use of articles.)

The link in the message leads to a phishing page that appears identical to PayPal’s login portal (although the URL is clearly different). If a user enters their credentials and clicks “Log In,” they’ll be taken to a second phishing page that asks them to enter their name, address, and bank account details. All of this information will be sent to the attacker.

BleepingComputer says users should be wary of any unsolicited text messages, especially if they contain a link. PayPal does limit accounts when it detects suspicious activity, but you can check the status of your account by going directly to paypal.com instead of clicking on a link in a text message.

“Smishing scams are becoming increasingly popular, so it is always important to treat any text messages containing links as suspicious,” BleepingComputer writes. “As with all phishing emails, never click on suspicious links, but instead go to the main site’s domain to confirm if there is an issue with your account.

The publication also offers advice for people who may have fallen victim to this attack, urging them to be on the lookout for future social engineering attacks that incorporate their personal information.

“If you received this text and mistakenly logged into your PayPal account or provided other information, you should immediately go to Paypal.com and change your password,” BleepingComputer says. “If you use that same password at other sites, change them there as well. Finally, you should look out for other targeted phishing campaigns using the submitted data. BleepingComputer also suggests that you monitor your credit report to make sure fraudulent accounts are not created under your name.”

New-school security awareness training can help your employees defend themselves against these attacks by teaching them to recognize different types of phishing attacks.

READ MORE