CyberheistNews Vol 15 #20 | May 20th, 2025
How to Protect Your Business from Scattered Spider's Latest Attack Methods
Mandiant warns that the Scattered Spider cybercriminal group is using "brazen" social engineering attacks to target large enterprise organizations in a wide range of sectors.
Specifically, the group targets "organizations with large help desk and outsourced IT functions that are susceptible to their social engineering tactics."
The threat actors impersonate employees and attempt to trick IT workers into granting them access. The group also poses as IT workers to target employees.
Mandiant says organizations should train their employees to be on the lookout for the following social engineering tactics:
Additionally, users should be wary of suspicious communications via collaboration tools.
"UNC3944 has used platforms like Microsoft Teams to pose as internal IT support or service desk personnel," the researchers write. "Organizations should train users to verify unusual chat messages and avoid sharing credentials or MFA codes over internal collaboration tools like Microsoft Teams. Limiting external domains and monitoring for impersonation attempts (e.g., usernames containing ‘helpdesk' or ‘support') is advised."
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Blog post with links at:
https://blog.knowbe4.com/how-to-protect-your-business-from-scattered-spiders-latest-attack-methods
Phishing Attacks Are Evolving—Is Your Organization Keeping Up?
Cybercriminals are getting smarter, and your users are still their #1 target. Without training, they're your weakest link. With it, they become your strongest defense.
KnowBe4's 2025 Phishing By Industry Benchmark Report analyzed 14.5 million users, 62,400 organizations, and 67.7 million simulated phishing tests to reveal critical industry benchmarks on phishing and social engineering risks.
Get the report to uncover:
Organizations using security awareness training see a dramatic drop in phishing risk within 90 days. How does your company compare?
Download the phishing report now!
https://info.knowbe4.com/2025-phishing-by-industry-benchmarking-report-chn
The Clock Is Ticking: Why Phishing Remains the Fastest-Moving Cyber Threat in 2025
Cybersecurity professionals face an increasingly aggressive phishing threat landscape, and the 2025 KnowBe4 Phishing By Industry Benchmarking Report makes one thing crystal clear: transforming your largest attack surface - your workforce - into your biggest security asset is critical.
49 Seconds to Disaster
According to the Verizon Data Breach Investigations Report (DBIR), the median time it takes someone to click a malicious link is a staggering 21 seconds. And if that phishing email requires the employee to enter data — like credentials — the whole process takes just 49 seconds.
That means security teams have less than a minute to prevent a potentially catastrophic error once a phishing email is opened.
This urgency is compounded by the rise in phishing volume and sophistication. KnowBe4's Phishing Threat Trends Report found a 17.3% increase in phishing email volume, while the number of attacks bypassing secure email gateways (SEGs) and native security rose by 47%. Traditional defenses are struggling, and attackers are getting better at slipping through the cracks.
AI Is Changing the Game
Unsurprisingly, artificial intelligence (AI) is driving this shift. In fact, 82.6% of phishing emails analyzed by KnowBe4's Threat Research team used some form of AI. These emails are more convincing, harder to detect, and faster to produce. With the ability to adapt tone, impersonate individuals, and evade pattern-based detection, AI-generated phishing emails are pushing some existing email defenses toward obsolescence.
Beyond AI, other factors contributing to phishing risk include the growing threat of Business Email Compromise (BEC), especially within supply chains, and the uneven nature of digital transformation that leaves organizations exposed. But the most consistent factor remains unchanged: human behavior.
One in Three Click — Before Training
KnowBe4's analysis of Phish-prone Percentage (PPP) — the percentage of users likely to fall for a phishing email — shows a concerning trend. Across all organizations, the average PPP before any training is a whopping 33.1%. That's one in three employees clicking on potentially dangerous links.
CONTINUED at the KnowBe4 blog:
https://blog.knowbe4.com/the-clock-is-ticking-why-phishing-remains-the-fastest-moving-cyber-threat-in-2025
[Live Demo] Supercharge Your Anti-Phishing Defense with AI
Cybercriminals are weaponizing AI, driving a 1,265% surge in phishing attacks since 2022. This isn't just about attack volume — these threats are smarter, more personalized and increasingly evade traditional secure email gateways.
With 92% of polymorphic attacks now utilizing AI, you need a new approach to outsmart these threats!
KnowBe4's PhishER Plus is your single-pane-of-glass incident response product that identifies and acts upon threats to keep your users safe where the most dangers lie: their inboxes.
Combining AI analysis with human intelligence from a community of 13+ million users worldwide, PhishER Plus revolutionizes your email security posture. Easily search, find and remove email threats with PhishRIP, while transforming real threats into training opportunities with PhishFlip.
In this live 30-minute demo of PhishER Plus, the #1 Leader in the G2 Grid Report for SOAR Software, discover how you can:
Join us to see how organizations are transforming their security posture with PhishER Plus, turning potential vulnerabilities into proactive defense.
Date/Time: TOMORROW, Wednesday, May 21st @ 2:00 PM (ET)
Save My Spot:
https://info.knowbe4.com/phisher-demo-2?partnerref=CHN2
KnowBe4 Leads the Charge Against Cybersecurity Threats with Unmatched AI Capabilities
When it comes to artificial intelligence (AI) and human risk management (HRM), not all AI is created equal.
You need an approach to AI that demonstrably enhances your security posture, integrates seamlessly with your existing processes and operates as an extension of your team. AI should be in service of a larger goal rather than exist for its own sake.
We're talking benefits, not just features. An established history of innovation, not capabilities that are too little, too late.
KnowBe4 has been leading the way in AI for almost a decade, and we're not slowing down.
The Emerging AI Threat
Since 2022, we've witnessed a staggering 1,265% increase in phishing attacks, largely driven by cybercriminals weaponizing AI technology. The KnowBe4 2025 Phishing Threat Trends Report reveals that 92% of polymorphic attacks now utilize AI to achieve unprecedented scale and effectiveness.
According to a report from LastPass, more than 95% of cybersecurity pros believe AI-generated content makes phishing detection more challenging. This technological advancement in the hands of bad actors has created a new breed of highly convincing social engineering attacks that one-size-fits-all security awareness training struggles to combat.
In the cybersecurity arms race, KnowBe4's AI not only predicts and prevents threats but also turns your workforce into informed defenders of their digital domain. KnowBe4's approach to HRM preemptively empower organizations to thwart cyber threats by cultivating a deeply rooted security culture.
Charting the AI Difference
AI is accelerating cyber threats at an alarming rate. You need it on your side to help fight back.
KnowBe4 has forged an entire ecosystem of advanced AI technologies seamlessly integrated into our comprehensive Human Risk Management platform, HRM+. Here's what HRM+ stands out:
Deep-Dive into KnowBe4's Superior AI Ecosystem
KnowBe4's real-world impact resonates across industries as a trusted provider of an adaptive, cutting-edge cybersecurity platform that outperforms the competition in every parameter of risk management and user engagement.
Here are the 10 important points we're talking about:
Blog post with links:
https://blog.knowbe4.com/knowbe4-leads-charge-against-cybersecurity-threats-with-ai-capabilities
KnowBe4 Blog Has Been Nominated for European Cybersecurity Blogger Awards
Exciting News! The KnowBe4 blog has been nominated for the European Cybersecurity Blogger Awards in the category of "The Corporates - Best Cybersecurity Vendor Blog!"
This recognition highlights our commitment to providing you with valuable cybersecurity insights, trends, and educational content throughout the year.
How You Can Help
We would be honored to have your support! Voting is open until May 27th, and your vote would mean the world to our content team who works tirelessly to keep you informed on the latest security trends.
Vote for KnowBe4:
https://docs.google.com/forms/d/e/1FAIpQLSdByj6dZgSycbSvcV2qgpTwdh3PjLAqryt0H55Vc5SbUa1LpQ/viewform
About the Awards
The European Cybersecurity Blogger Awards celebrates excellence in cybersecurity content creation across blogs, vlogs, podcasts and social media. This prestigious event brings together the cybersecurity community's brightest minds and influential voices during Infosecurity Europe.
Agentic AI Ransomware Is On Its Way
By Roger Grimes
Agentic AI-enabled ransomware is not here yet, but likely will be very soon. I am talking this year or by 2026. Here is why.
What is Agentic AI?
First, it helps to define what agentic AI is. To do that, we have to start by defining what Artificial Intelligence (AI) is…and doing that is a bit like trying to nail the proverbial Jell-O to a wall. Everyone has a different definition, but here is mine:
AI is a system or service that is able to perform tasks that simulate "human intelligence" when learning, reasoning and decision-making.
Contrast that with classic IF-THEN statements that "hard-code" what a program can do. AI Large Language Models (LLMs) "consume" large amounts of data and use algorithms and goals to produce outputs. The outputs can be changed by consuming more or different information. Traditional programs have all the information they will ever "consume" and predefined decisions at the moment they are coded and published. AI can change its decisions and results based on new inputs. AI can make previously undefined decisions.
Generative AI is great at creating "synthetic" audio and video of fake or real people saying and doing things they really did not do or say. There are thousands of services that allow anyone to take someone's picture and six to 60 seconds of their voice and easily create an audio or video of that person saying or doing anything.
There are AIs that allow anyone to create a fake person or to emulate a real person that can realistically engage with people in a meaningful conversation, where that person does not easily detect that the "person" they are interacting with is not truly human.
Agentic means a software/service that uses separate, stand-alone but cooperating "modules" to meet a common goal. There is usually an "orchestrator agent" that directs the other agents to work toward a common goal.
A real-world allegory would be how most people build houses and buildings. Although one person might be able to do everything necessary to build a house or building by themselves, almost everyone hires a general construction manager (i.e., the orchestrator agent) that hires all the other specialists (e.g., construction, cement, electrical, plumbing, roofing, etc.) who probably perform their involved tasks faster and better, to create a better overall product. Agentic AI is AI that uses individual cooperating agents to accomplish goals better and faster.
Here's a generic graphic describing a mock agentic AI:
[CONTINUED] Blog post with links:
https://blog.knowbe4.com/agentic-ai-ransomware-is-on-its-way-soon
Let's stay safe out there.
Warm Regards,
Stu Sjouwerman, SACP
Founder and Exec Chair
KnowBe4, Inc.
PS: [BUDGET AMMO #1] How AI is Increasing Insider Threat Risk:
https://www.inc.com/stu-sjouwerman/how-ai-is-increasing-insider-threat-risk/91187640
PPS: [BUDGET AMMO #2] Employee phishing training is working – but don't get complacent:
https://www.itpro.com/security/phishing/employee-phishing-training-is-working-but-dont-get-complacent
Quotes of the Week
"A positive attitude causes a chain reaction of positive thoughts, events and outcomes. It is a catalyst and it sparks extraordinary results."
- Wade Boggs - Athlete (born 1958)
"Optimism is the faith that leads to achievement. Nothing can be done without hope and confidence."
- Helen Keller, Author and Activist (1880–1968)
Thanks for reading CyberheistNews
You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-15-20-how-to-protect-your-business-from-scattered-spiders-latest-attack-methods
Security News
Phishing Campaign Impersonates Microsoft Dynamics 365 Customer Voice
Check Point warns that a new phishing campaign is impersonating Microsoft's Dynamics 365 Customer Voice CRM tool. The phishing emails purport to contain important attachments such as invoices and include phony Dynamics 365 Customer Voice links.
"As part of this campaign, cyber criminals have deployed over 3,370 emails, with content reaching employees of over 350 organizations, the majority of which are American," the researchers write. "More than a million different mailboxes were targeted. Affected entities include well-established community betterment groups, colleges and universities, news outlets, a prominent health information group, and organizations that promote arts and culture, among others."
The goal of the operation is to steal users' Microsoft credentials, which can then be used in follow-on attacks.
"When recipients click on the illegitimate links, they are directed to a Captcha test, which is intended to convince targets that they are not interacting with a phishing email, and that instead, they are interacting with an authentic request," Check Point says.
"Afterwards, the recipient is directed to a phishing site, which mimics a Microsoft login page. This is where the attackers attempt to steal users' information." Check Point concludes, "Cyber security leaders should inform employees about the potential for suspicious emails and the importance of confirming their origination points, especially those that claim to be from Microsoft services, including Dynamics 365 Customer Voice."
New-school security awareness training gives your employees an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Check Point has the story:
https://blog.checkpoint.com/research/microsoft-dynamics-365-customer-voice-phishing-scam/
Email-based Attacks Accounted for Most Cyber Insurance Claims Last Year
Business email compromise (BEC) attacks and funds transfer fraud (FTF) accounted for 60% of cyber insurance claims in 2024, according to a new report from Coalition.
"Business email compromise is an event in which cyber criminals gain access to an organization's email account to execute a cyber attack," the cyber insurance provider explains.
"Attackers often leverage email access to find sensitive data, including login credentials, financials, and other private information. Once equipped with sensitive information, they can steal money, extract data for extortion, or compromise additional technologies."
Coalition also found that the severity of BEC attacks increased by 23%, with the average loss reaching $35,000.
"BEC claims severity in the US was higher ($36,000) than the global average, while both Canada and the UK were notably lower ($22,000)," Coalition says. "The spike in BEC severity was, in part, driven by increased prices related to legal expenses, incident response firms, data mining, notifications, and other mitigation and recovery efforts."
The report adds that business sectors with lower security awareness were more likely to fall victim to cyberattacks.
"Industries that handle sensitive financial data, personal health information, or intellectual property are often targeted by cyber criminals due to the high value of their data," the researchers write. "Industries tied to critical infrastructure may also face heightened risks from state-sponsored attacks and ransomware campaigns that can disrupt essential operations.
Meanwhile, industries with lower cybersecurity awareness may be more susceptible to opportunistic attacks, like phishing and credential theft."
The report notes that organizations should "educate employees on threat actor tactics, learn how to spot and avoid cyber attacks with phishing simulations, and meet compliance requirements."
Blog post with links:
https://blog.knowbe4.com/email-based-attacks-accounted-for-most-cyber-insurance-claims-last-year
What KnowBe4 Customers Say
"We've never interacted, but I asked Alan for your contact information. Our organization is winding down operations, and I wanted to let you know that Alan has been an excellent CSM. He has consistently been knowledgeable, supportive, and up to date on KnowBe4's features and enhancements.
"Whenever I reach out, he has always been responsive within the same workday, which has always impressed me. He is able to answer all my questions, and helped me think about using the system in ways that improve our organization's efficiency and security.
"He has also helped me think about general cybersecurity in new ways. I have always respected his work ethic and integrity.
"If there's ever an opportunity for Alan to grow with the company and Alan expresses interest, I would highly recommend him for consideration. If nothing else – he definitely deserves a raise or bonus! Thank you!"
- G.J. Vice President, Compliance & CQI
The 10 Interesting News Items This Week
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。