Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Despite growing security investments in prevention, detection and response to threats, users are still making uninformed mistakes and causing breaches. One of the basic tenets of KnowBe4 is that your users provide the organization with an opportunity to have a material (and hopefully positive) impact on a cyber attack. They are the ones clicking malicious links, opening unknown attachments, providing company credentials on impersonated websites and falling for social engineering scams of all kinds.

Rapid7 reports an interesting social engineering scheme that easily bypasses content filtering defenses and creatively uses a fake help desk to supposedly “help” users put down the attack. The Black Basta ransomware group, also covered in a recent CISA warning bulletin, floods a victim’s email inbox with many, many emails. The emails are often otherwise legitimate emails, such as newsletter confirmation emails, which most email content filtering gateways would not block.

A scam operation called “Estate” has attempted to trick nearly a hundred thousand people into handing over multi-factor authentication codes over the past year, according to Zack Whittaker at TechCrunch. The scammers target users of Amazon, Bank of America, Capital One, Chase, Coinbase, Instagram, Mastercard, PayPal, Venmo, Yahoo and more.

The US Federal Bureau of Investigation’s (FBI’s) San Francisco division warns that threat actors are increasingly using AI tools to improve their social engineering attacks. “AI provides augmented and enhanced capabilities to schemes that attackers already use and increases cyber-attack speed, scale, and automation,” the FBI says.

New data shows that despite the massive evolution of the cybercrime economy, threat actors are sticking with the basics in social engineering attacks, with a goal at stealing data. I probably could have called this purely based on all the articles I’ve written (and all the articles I’ve read that never made it here). But when it comes to protecting your organization from social engineering, stick to the basics.

New analysis of Q1’s ransomware attacks uncovers a single group responsible for the majority and discusses what makes them so successful. This sort of analysis helps to establish threat landscape trends and keeps our collective focus on the places where cyber attacks are working.

Attackers are exploiting Reflected Cross-Site Scripting (XSS) flaws to bypass security filters, according to a new report from Vipre. This technique allows attackers to send benign links in phishing emails that will redirect users to malicious sites. Vipre also found that attackers are increasingly using links instead of malicious attachments in their phishing emails. “Three years ago, it was a 50/50 split between phishing emails utilizing links versus attachments,” the researchers write.

Trend analysis of ransomware attacks in the first quarter of this year reveals a continual increase in the number of "unknown" initial attack vectors, and I think I might understand why. There are two reports that you should be keeping an eye on—the updated Verizon Data Breach Report and ransomware response vendor Coveware’s Quarterly Ransomware Reports. In their latest report covering Q1 of this year, we see a continuing upward trend in “unknown” as the top initial attack vector.

Just when you think bad actors cannot sink any lower, they find a way to. In a recent chilling evolution of ransomware tactics, attackers are now also targeting the families of corporate executives to force compliance and payment. Mandiant's Chief Technology Officer, Charles Carmakal, highlighted this disturbing trend at RSA last week: criminals engaging in SIM swapping attacks against executives' children.