CyberheistNews Vol 12 #27 [New FBI and CISA Alert] This Ransomware Pressure Makes use of RDP Flaws to Hack Into Your Community

[New FBI and CISA Alert] This Ransomware Pressure Makes use of RDP Flaws to Hack Into Your Community

As of Could 2022, MedusaLocker has been noticed predominantly exploiting susceptible Distant Desktop Protocol (RDP) configurations to entry victims’ networks, in line with a brand new joint Cybersecurity Advisory (CSA) from the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Safety Company (CISA), and different regulation enforcement companies.

The advisory is a part of CISA’s #StopRansomware assortment of assets about ransomware. “MedusaLocker seems to function as a Ransomware-as-a-Service (RaaS) mannequin based mostly on the noticed break up of ransom funds,” the CSA notes.

Technical Element Abstract:

This ransomware pressure makes use of a batch file to execute a PowerShell script which propagates MedusaLocker all through the community by modifying the EnableLinked Connections worth throughout the contaminated machine’s registry, which then permits the contaminated machine to detect hooked up hosts and networks through Web Management Message Protocol (ICMP) and to detect shared storage through Server Message Block (SMB) Protocol.

Word that this new Cybersecurity Advisory has a top-right Motion Field with options you could take ASAP to mitigate this menace. Their second bullet is: Prepare customers to acknowledge and report phishing makes an attempt. Seize your free Phish Alert Button and prepare your customers as quickly as you may.

Here’s a hyperlink to the total Cybersecurity Advisory which has a PDF, full Indicators of Compromise (IoC) and instructed mitigations:
https://weblog.knowbe4.com/new-fbi-and-cisa-alert-this-ransomware-strain-uses-rdp-flaws-to-hack-into-your-network

[Live Demo] Ridiculously Straightforward Safety Consciousness Coaching and Phishing

Previous-school consciousness coaching doesn’t hack it anymore. Your e mail filters have a mean 7-10% failure price; you want a robust human firewall as your final line of protection.

Be part of us Wednesday, July 13 @ 2:00 PM (ET), for a dwell demonstration of how KnowBe4 introduces a new-school method to safety consciousness coaching and simulated phishing.

Get a have a look at THREE NEW FEATURES and see how straightforward it’s to coach and phish your customers.

• NEW! Help for QR-Code Phishing Exams
• NEW! Safety Tradition Benchmarking function allows you to evaluate your group’s safety tradition along with your friends
• NEW! AI-Pushed coaching suggestions in your finish customers
• Did You Know? You’ll be able to add your personal SCORM coaching modules into your account for house employees
• Lively Listing or SCIM Integration to simply add consumer knowledge, eliminating the necessity to manually handle consumer modifications

Learn how 50,000+ organizations have mobilized their end-users as their human firewall.

Date/Time: Wednesday, July 13 @ 2:00 PM (ET)

Save My Spot!
https://occasion.on24.com/wcc/r/3847019/80DD01F70D7BE7ECA53D6DD2FE7BFAE3?partnerref=CHN2

3 New Tricks to Cross Your Licensed Safety Consciousness and Tradition Skilled (SACP)™ Examination

Throughout 2019, I got here to the conclusion we had been manner overdue for a vendor-neutral trade certification for professionals in our safety consciousness area. I actually scratched my head and requested myself why nobody had completed this but.

I known as all the same old “certification our bodies,” however none of them may match this of their “foreseeable future roadmap.” Being one of many pioneers on this trade, I made a decision I might take the initiative and sponsor the creation of an impartial certification designed particularly for this new high-demand job position.

Nevertheless, I needed to learn the way. That was a brilliant fascinating studying curve. It took fairly a little bit of analysis, calling consultants, and discovering out how certifications had been developed, examined, validated, marketed and the way they really had been run in testing facilities.

I found the folks behind a few of these very prestigious certifications you could have wished your self, and requested them how a brand new cert like this may very well be made right into a actuality.

To a big diploma, it is a sizable group of Topic Matter Specialists (SMEs) spending fairly a little bit of time, following a well-defined and trusted course of to be sure that the certification is acknowledged, legitimate and precious.

We had been in a position to collect the SMEs, time and money, and through 2021 the entire undertaking was accomplished and the brand new certification was launched by the nice workforce of H Layer Credentialing (That “H” stands for Human). It was a formidable quantity of labor by dozens of individuals. Thanks a lot, you recognize who you’re.

So, listed below are three ideas that can enable you to:

1) There are two books overlaying a lot of the examination matters: “Transformational Safety Consciousness: What Neuroscientists, Storytellers, and Entrepreneurs Can Train Us About Driving Safe Behaviors” by KnowBe4’s Perry Carpenter who additionally helped with the creation of the certification. It hyperlinks to a wealth of assets for additional examine if you wish to drill down into matters. Right here is the hyperlink to Amazon:
https://www.amazon.com/dp/B07RDM1C2M?ref=KC_GS_GB_US

The opposite tremendous related new ebook is by Perry Carpenter and Kai Roer: “The Safety Tradition Playbook: An Government Information To Lowering Threat and Growing Your Human Protection Layer” Right here is the hyperlink to Amazon:
https://www.amazon.com/Safety-Tradition-Playbook-Government-Growing/dp/1119875234/

2) You probably have time throughout a commute, or just like the “Lunch & Be taught” idea, Perry’s “Eighth Layer Insights” is a good podcast that goes into element on a bunch of safety consciousness matters with trade superstar interviews which undoubtedly helps go the examination:
https://podcasts.apple.com/us/podcast/Eighth-layer-insights/id1555610335

3) You wish to make sure that to learn the entire query, phrase by phrase, twice earlier than even wanting on the solutions. Skipping a single (small) phrase within the query might trigger you to decide on a improper reply. No dashing or skimming! That is the place ‘Do it proper the primary time’ is so vital.”

Right here is extra concerning the credential. H Layer Credentialing has an in depth website with tremendous helpful assets, apply, and the place to take the check. Good luck, that is price it!
https://www.thehlayer.com/

See How You Can Get Audits Carried out in Half the Time, Half the Price and Half the Stress

You instructed us you could have difficult compliance necessities, not sufficient time to get audits completed, and maintaining with threat assessments and third-party vendor threat is a steady drawback.

KCM GRC is a SaaS-based platform that features Compliance, Threat, Coverage and Vendor Threat Administration modules. KCM was developed to save lots of you the utmost period of time getting GRC completed.

Be part of us Wednesday, July 13 @ 1:00 PM (ET), for a 30-minute dwell product demonstration of KnowBe4’s KCM GRC platform. Plus, get a have a look at new compliance administration options we have added to make managing your compliance tasks even simpler!

• NEW! Management steering function gives in-platform options that can assist you create controls to satisfy your necessities for frameworks comparable to CMMC, GDPR, HIPAA, NIST, PCI, SSAE 18, and extra
• Vet, handle and monitor your third-party distributors’ safety threat necessities
• Simplify threat administration with an intuitive interface and easy workflow based mostly on the well-recognized NIST 800-30
• Fast implementation with pre-built compliance necessities and coverage templates for probably the most extensively used regulation
• Dashboards with automated reminders to shortly see what duties have been accomplished, not met, and late

Date/Time: Wednesday, July 13 @ 1:00 PM (ET)

Save My Spot!
https://occasion.on24.com/wcc/r/3847002/55D38DB47489E3A14D3DD05CE896381D?partnerref=CHN2

FBI Warns of Deepfakes Used to Apply for Distant Jobs

In the event you’re searching for your organization’s subsequent distant IT place, chances are you’ll wish to suppose twice earlier than doing so. The FBI lately reported to the Web Grievance Heart that there are a number of complaints of individuals utilizing deepfake video to use for distant jobs in tech.

The FBI particulars extra on the criticism of their public service announcement, “The distant work or work-from-home positions recognized in these reviews embrace data expertise and pc programming, database, and software program associated job capabilities. Notably, some reported positions embrace entry to buyer PII, monetary knowledge, company IT databases and/or proprietary data.”

Additionally in line with the announcement, private identifiable data has been used to look extra reputable. In the event you suspect a pretend applicant, please report it to the criticism middle website.

Deepfake assaults will not be going away anytime quickly. Begin new-school safety consciousness coaching now to make sure your customers are in a position to spot the warning indicators in a pretend video.

Weblog submit with hyperlinks:
https://weblog.knowbe4.com/fbi-warns-of-deepfakes-used-to-apply-for-remote-jobs

12 Methods to Defeat Multi-Issue Authentication

Everybody is aware of that multi-factor authentication (MFA) is safer than a easy login identify and password, however too many individuals suppose that MFA is an ideal, unhackable answer. It is not!

Watch Roger A. Grimes, KnowBe4’s Knowledge-Pushed Protection Evangelist, and safety skilled with over 30-years’ expertise, for this on-demand webinar the place he’ll discover 12 methods hackers can and do get round your favourite MFA answer.

This webinar features a (pre-filmed) hacking demo by KnowBe4’s Chief Hacking Officer Kevin Mitnick, and real-life profitable examples of each assault kind. It’s going to finish by telling you higher defend your MFA answer so that you simply get most profit and safety.

You will be taught concerning the good and dangerous of MFA, and develop into a greater pc safety defender within the course of, together with:

• 12 methods hackers get round multi-factor authentication
• Easy methods to defend your multi-factor authentication answer
• The position people play in a blended-defense technique

Watch the Webinar Now!
https://data.knowbe4.com/webinar-12-ways-to-defeat-mfa-chn

Unhealthy Information to Ransom Payers: 80% of You Will Face a Second Assault Inside 30 Days

New perception into what occurs throughout and after a ransomware assault paints a reasonably dismal image of what to anticipate from attackers, your executives and your operations.

I might like to let you know that when you get by means of a ransomware assault, all might be effectively. However that is simply not the case. In line with CyberReason’s Ransomware: The True Price to Enterprise report, the fact of mid- and post- ransomware assault circumstances are something however resilient.

Let’s begin with the truth that, in line with the report, 73% of all orgs have skilled a ransomware assault within the final 12 months. And of people who had been attacked, the query of paying whether or not the ransom was paid at all times comes up:

• 41% paid to “expedite restoration”
• 28% paid to “keep away from downtime”
• 49% paid to “keep away from a loss in income”

However even after paying the ransom, 80% skilled a second assault and 68% had been requested for a better ransom!

Then there’s the aftermath to the group:

• 54% nonetheless had corrupted techniques or knowledge
• 37% needed to lay off workers
• 35% had a C-level resignation
• 33% needed to briefly droop enterprise

What’s fascinating is that 75% of organizations consider they’ve the appropriate contingency plans to handle a ransomware assault – a quantity that hasn’t modified within the final yr, in line with CyberReason. This knowledge level blended with the aftermath stats above makes me consider the outdated adage “One of the best-laid plans of mice and males typically go awry.”

Weblog submit with hyperlinks:
https://weblog.knowbe4.com/bad-news-to-ransom-payers-80-of-you-will-face-a-second-attack-within-30-days

Let’s keep protected on the market.

Heat Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

PS: [RSA VIDEO] “Do you know that July is Ransomware Consciousness Month?:“
https://www.youtube.com/watch?v=n3v7S4LqV7A

You’ll be able to learn CyberheistNews on-line at our Weblog
https://weblog.knowbe4.com/cyberheistnews-vol-12-27-new-fbi-and-cisa-alert-this-ransomware-strain-uses-rdp-flaws-to-hack-into-your-network

Revolutionary Option to Bypass MFA Utilizing Microsoft WebView2 Is Acquainted Nonetheless

By Roger A. Grimes

An fascinating approach to bypass multi-factor authentication (MFA) was lately introduced by Bleeping Laptop. This specific assault technique requires a possible sufferer to be tricked into downloading a malicious executable (not so arduous sadly), and the ensuing rogue code then makes use of Microsoft Edge’s WebView2 management to important create a rogue internet web page which might mimic every other internet web page, besides with new malicious coding inserted.

Because the writer of the Wiley ebook, “Hacking Multifactor Authentication,” I’m obsessively taken with any new MFA hacking approach. That is undoubtedly a brand new technique and I’m glad researchers shared it. Right here is the way it works:

• Consumer is one way or the other tricked into downloading malicious content material
• Malicious content material makes use of Microsoft Edge’s WebView2 management to create a brand new, malicious, internet occasion mimicking an present reputable internet occasion, together with cookies, passwords, and so forth.
• The brand new malicious internet occasion can additional socially engineer the consumer into revealing extra confidential data, take over the consumer’s reputable internet occasion, steal the consumer’s logon credentials, steal the consumer’s reputable internet occasion entry management token, and extra.

The cybersecurity sky is the restrict! There may be even a available associated assault software, from which a lot of the current safety conversations had been generated.

However right here is one thing to remember, anytime an endpoint is compromised, it’s basically recreation over for any protection. As soon as an endpoint has been compromised, it isn’t the consumer’s endpoint anymore. It may not even be the identical working system.

Microsoft unofficially said the plain over 20 years in the past, in early 2000, as the primary regulation of its 10 Immutable Legal guidelines of Safety: Legislation #1: If a foul man can persuade you to run his program in your pc, it isn’t your pc anymore.

Reality. And utilizing MFA doesn’t change this.

CONTINUED on the KnowBe4 weblog:
https://weblog.knowbe4.com/innovative-way-to-bypass-mfa-using-microsoft-webview2-is-familiar-nevertheless

Wars and Lechery, Nothing Else Holds Vogue

Shakespeare stated it first, and issues have not modified: struggling and want proceed to drive victims to the social engineers. Researchers at Bitdefender have noticed a phishing marketing campaign that is utilizing a phony relationship website for males to satisfy Ukrainian ladies.

“[In] the previous couple of weeks, spammers have been focusing on web customers with a blended bag of on-line relationship alternatives comparable to mail order bride companies and relationship platforms the place single western males can meet Ukrainian ladies,” the researchers write.

“Regardless of the continuing battle on Ukrainian soil, many relationship platforms are nonetheless up and operating. Since June 10, tens of hundreds of spam emails selling excellent matches between males and delightful Ukrainian ladies focused the inboxes of customers from throughout the globe.

“The spam emails originate from IP addresses in Turkey. Sixty-six % of messages arrived in inboxes within the US, 10% in Eire, 3% in Sweden, Germany and Denmark, and solely 2% within the UK.”

When a consumer visits the positioning, they’re going to be requested to enter private particulars, simply as they might on a reputable relationship website.

“Upon filling out the requested data, customers are directed to a different on-line relationship platform, the place they’ll instantly begin chatting with lovely ladies,” Bitdefender says. “However there is a catch. Interacting with single girls on the platforms is not low-cost. Packages can run into the lots of of {dollars} and embrace sending emails, a restricted quantity of chat time, and unlocking all profile photographs of single Ukrainian ladies.”

Whereas customers ought to train warning on any relationship websites, this one particularly had many purple flags. “Behind all of the smoke and mirrors, customers threat some huge cash in looking for their soul mate,” the researchers conclude. “Furthermore, the probability of really speaking with a Ukrainian girl is slim.

“Relationship platforms comparable to these are infamous for utilizing bots to facilitate communication with as many customers as doable. Profiles appear too good to be true and plenty of buyer opinions reveal that regardless of breaking the financial institution to arrange a real-life assembly with the ladies energetic on the web site, none have proven up.

“The correspondence resembles a advertising romance rip-off, and though it doesn’t align with the scenario in Ukraine, it does revenue from human emotional drivers and the shortage of non-public connection skilled by hundreds of thousands of people through the pandemic.”

New-school safety consciousness coaching can provide your workers a wholesome sense of suspicion to allow them to keep away from falling for all these scams.

Weblog submit with hyperlinks:
https://weblog.knowbe4.com/wars-and-lechery-nothing-else-holds-fashion-for-phishing-attacks

What KnowBe4 Clients Say

“Stu, Thanks for reaching out. Issues are going effectively. I could not be happier with the outcomes thus far. Y’all have an superior product suite. Kimberly G. and Ben S. are offering high notch assist! Zac P. and Brittany S. had been incredible to cope with for the gross sales facet. You appear to have fairly the Rockstar workforce. I am impressed. Glad we signed up for 3 years! Please be happy to cite any of my suggestions in your gross sales and advertising efforts. Cheers.”

– O.J., Supervisor, Strategic Partnerships & Compliance