CyberheistNews Vol 15 #12 Key Takeaways from the KnowBe4 2025 Phishing Risk Traits Report

Key Takeaways from the KnowBe4 2025 Phishing Risk Traits Report

Our newest Phishing Risk Traits Report explores the evolving phishing panorama in 2025, from renewed techniques to rising assault methods.

Ransomware could also be an “previous” risk, however new techniques are making folks extra inclined than ever. On this version, we break down a extremely superior assault detected by KnowBe4 Defend that bypassed native safety and a safe electronic mail gateway (SEG)—and would have been almost unattainable to cease if launched.

We additionally look at how cybercriminals are utilizing AI for polymorphic phishing, infiltrating the hiring course of and evading conventional safety defenses.

Except in any other case cited, all statistics within the report have been generated utilizing information from KnowBe4 Defend, our built-in cloud electronic mail safety (ICES) resolution that detects the complete spectrum of superior phishing assaults.

Learn the complete report which covers the next subjects:

• A Spike in Phishing
• AI-Polymorphic Phishing Campaigns
• Ransomware is As soon as Once more on the Rise
• Cybercriminals are Hijacking the Hiring Course of
• Bypassing Safe Electronic mail Gateways (SEGs)

To seek out out extra concerning the newest Phishing Risk Traits, learn the complete report right here:

Weblog put up with hyperlinks and INFOGRAPHIC:
https://weblog.knowbe4.com/key-takeaways-from-the-2025-phishing-threat-trends-report

Ridiculously Simple AI-Powered Safety Consciousness Coaching and Phishing

Phishing and social engineering is the #1 cyber risk to your group. 68% of all information breaches are brought on by human error.

Be a part of us for a reside demonstration of KnowBe4 in motion. See how we safeguard your group from subtle social engineering threats utilizing essentially the most complete human threat administration platform.

Get a take a look at THREE NEW FEATURES and see how straightforward it’s to coach and phish your customers.

• NEW! Synthetic Intelligence Protection Brokers means that you can personalize safety coaching, cut back admin burden and elevate your human threat administration technique
• NEW! SmartRisk Agent gives actionable information and metrics that will help you decrease your group’s human threat rating
• NEW! Particular person Leaderboards are a enjoyable method to assist enhance coaching engagement by encouraging pleasant competitors amongst your customers
• Sensible Teams means that you can use workers’ habits and consumer attributes to tailor and automate phishing campaigns, coaching assignments, remedial studying and reporting
• Full Random Phishing mechanically chooses totally different templates for every consumer, stopping customers from telling one another about an incoming phishing check

Learn the way almost 70,000 organizations have mobilized their finish customers as their human firewall.

Date/Time: Wednesday, April 2, @ 2:00 PM (ET)

Save My Spot:
https://information.knowbe4.com/kmsat-demo-1?partnerref=CHN

Be Vigilant: BEC Assaults Are on the Rise

Enterprise electronic mail compromise (BEC) assaults rose 13% final month, with the common requested wire switch rising to $39,315, in line with a brand new report from Fortra.

“The typical quantity requested from BEC wire switch attackers was $39,315 in February in comparison with $24,586 in January 2025, a rise of 60%,” the report says.

“In the course of the month of February, 25% of wire switch BEC assaults requested lower than $10,000, whereas 62% of wire switch BEC assaults requested between $10,000 and $50,000. For the opposite 12% of wire switch BEC assaults, 0% requested between $50,000 and $100,000, and 12% requested greater than $100,000.”

Most of those assaults abused authentic electronic mail providers, making them extra more likely to evade detection by safety filters.

“73% of BEC assaults had been despatched from electronic mail addresses hosted on free webmail suppliers in comparison with 27% of assaults despatched from maliciously registered domains,” the researchers write. “The proportion of free webmail suppliers used decreased in February in comparison with 72% in January 2025.

“For February 2025, Google was the first webmail supplier utilized by actors to ship BEC campaigns, comprising 76% of the 1,036 free webmail accounts utilized by scammers. Different in style webmail suppliers included Microsoft and Verizon Media.”

The researchers warn that risk actors are placing extra effort into preparation as a way to enhance the chance of a serious payoff. Fortra states, “Risk actors have intensified reconnaissance and profiling efforts, prioritizing bigger monetary targets and leveraging delayed fraud detection to extend operational success.”

KnowBe4 empowers your workforce to make smarter safety selections day-after-day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and cut back human threat.

Weblog put up with hyperlinks:
https://weblog.knowbe4.com/be-vigilant-bec-attacks-are-on-the-rise

Meet AIDA: The KnowBe4 Strategy to Human Threat Administration

AI-powered scams are actually dangerously subtle, outpacing conventional safety consciousness coaching at each flip.

It is time to struggle AI with AI. Meet KnowBe4 AIDA — Synthetic Intelligence Protection Brokers. AIDA transforms your human threat administration strategy, delivering adaptive, customized coaching that truly adjustments habits.

Obtain this whitepaper to discover how AIDA’s capabilities empower you to:

• Automate tailor-made coaching assignments based mostly on roles and threat scores
• Generate sensible, multi-lingual phishing simulations at scale
• Reinforce studying with AI-powered data refreshers
• Guarantee comprehension of key insurance policies via AI-generated quizzes

Get an in-depth take a look at AIDA’s first 4 brokers and preview future brokers that can enable you to construct your workers into an unshakable final line of protection.

Obtain Now:
https://information.knowbe4.com/assets/whitepapers-and-ebooks/meet-aida-knowbe4-human-risk-management-chn

Agentic AI: Why Cyber Defenders Lastly Have the Higher Hand

By Roger Grimes.

My two earlier latest postings on AI lined “Agentic AI” and the way that impacts cybersecurity and the eventual emergence of malicious agentic AI malware.

Each of these articles began to the touch on the concept of automated agentic AI defenses. This posting goes into just a little extra element on what agentic AI defenses may imply.

It begins with agentic AI, which is a set of automated applications (i.e., bots or brokers) working towards a typical aim. Agentic AI considerably comes out of a machine-learning idea often known as a Combination of Specialists, which has been round for over 4 many years.

As an alternative of making a single program that does a bunch of issues, you create a staff of separate cooperating consultants who’re extra specialised and higher at what they do.

For a real-world instance allegory, take into consideration how we construct most homes and buildings. One particular person often doesn’t do all of it. You’ve got individuals who do the architecting, surveying, landscaping, creating the muse, pouring concrete, build up the wood or metal framing, individuals who put up the partitions, home windows, and roofing. You’ve got separate individuals who do electrical, plumbing, drywall, flooring and portray.

You often have a normal contractor or development supervisor overseeing the entire thing. Every of those particular person consultants is probably going higher at what they do than if one particular person knew and tried to do all of it. There are exceptions, in fact, however within the grand scheme of issues, most societies construct their houses and buildings with groups of cooperating laborers who’re every an knowledgeable of their subject.

It’s the identical general idea with agentic AI, however it’s completed utilizing particular person software program parts. At present’s software program and providers are often made up of 1 central program/service that tries to do all of it. There might be dozens to lots of of recordsdata supporting that program, however they’re all a part of that program and couldn’t perform standalone. They’re referred to as with one executable launching level. They usually all begin and finish execution based mostly on the general program beginning and stopping.

The way forward for software program and providers is agentic AI — groups of cooperating AI applications. The assorted parts, like constructing subcontractors, are consultants at what they do and may perform standalone. They take enter from the development supervisor (referred to as the orchestrator agent in AI vernacular) and return knowledgeable output to realize a typical, bigger aim.

CONTINUED on the KnowBe4 weblog:
https://weblog.knowbe4.com/emergent-agentic-ai-defense

How Weak is Your Community Towards Ransomware and Cryptomining Assaults?

Unhealthy actors are consistently popping out with new variations of ransomware strains to evade detection. Is your community efficient in blocking ransomware when workers fall for social engineering assaults?

KnowBe4’s Ransomware Simulator “RanSim” offers you a fast take a look at the effectiveness of your current community safety. RanSim will simulate 24 ransomware an infection situations and 1 cryptomining an infection situation to point out you if a workstation is weak.

Here is how RanSim works:

• 100% innocent simulation of actual ransomware and cryptomining infections
• Doesn’t use any of your individual recordsdata
• Checks 25 kinds of an infection situations
• Simply obtain the installer and run it
• Leads to a couple of minutes!

That is complimentary and can take you 5 minutes max. RanSim could offer you some insights about your endpoint safety you by no means anticipated!

Obtain RanSim Now!
https://information.knowbe4.com/ransomware-simulator-tool-1chn

Phishing Assaults Abuse Microsoft 365 to Bypass Safety Filters

Risk actors are abusing Microsoft’s infrastructure to launch phishing assaults that may bypass safety measures, in line with researchers at Guardz.

The attackers compromise a number of Microsoft 365 tenants as a way to generate authentic transaction notifications that include phishing messages.

“This assault exploits authentic Microsoft providers to create a trusted supply mechanism for phishing content material, making it troublesome for each technical controls and human recipients to detect,” the researchers write.

“Not like conventional phishing, which depends on lookalike domains or electronic mail spoofing, this technique operates totally inside Microsoft’s ecosystem, bypassing safety measures and consumer skepticism by leveraging native M365 infrastructure to ship phishing lures that seem genuine and mix in seamlessly.”

The attackers use Microsoft 365’s built-in tenant show title function to show the phishing message relatively than inserting it within the electronic mail physique. In a single case, for instance, the attackers set the show title to the next: “(Microsoft Company) Your subscription has been efficiently bought for 689.89 USD utilizing your checking account. Should you didn’t authorize this transaction, please name 1(888) 651-4716 to request a refund.”

The researchers clarify, “The attacker weaponizes the tenant’s group title subject to inject a phishing lure immediately into the e-mail. As an alternative of embedding malicious hyperlinks, the message instructs victims to name a fraudulent assist quantity, resulting in a social engineering assault designed to lure the sufferer to put in a stealer (malware) / steal monetary info or creds.”

The attackers are utilizing this method to hold out enterprise electronic mail compromise (BEC) assaults. Guardz notes that for the reason that messages inform the sufferer to name a telephone quantity, the rip-off is much less more likely to be stopped by technical safety measures.

Weblog put up with hyperlinks:
https://weblog.knowbe4.com/phishing-attacks-abuse-microsoft-365-to-bypass-security-filters

Let’s keep secure on the market.

Heat Regards,

Stu Sjouwerman, SACP
Founder and CEO
KnowBe4, Inc.

[BUDGET AMMO #1] How agentic AI will drive the way forward for malware:
https://www.scworld.com/perspective/how-agentic-ai-will-drive-the-future-of-malware

[BUDGET AMMO #2] From comfort to compromise: The rising risk of quishing scams:
https://www.fastcompany.com/91302057/from-convenience-to-compromise-the-rising-threat-of-quishing-scams

[BUDGET AMMO #3] How a Poisonous Work Tradition Can Amplify Safety Threats:
https://www.inc.com/stu-sjouwerman/how-a-toxic-work-culture-can-amplify-security-threats/91164281

You’ll be able to learn CyberheistNews on-line at our Weblog
https://weblog.knowbe4.com/cyberheistnews-vol-15-12-key-takeaways-from-the-knowbe4-2025-phishing-threat-trends-report

The Cybersecurity Confidence Hole: Are Your Workers as Safe as They Suppose?

By Anna Collard

Our latest analysis reveals a regarding discrepancy between workers’ confidence of their capacity to determine social engineering makes an attempt and their precise vulnerability to those assaults.

Whereas 86% of respondents imagine they’ll confidently determine phishing emails, almost half have fallen for scams previously. This disconnect between perceived competence and demonstrated vulnerability, the “confidence hole,” poses a considerable threat to organizations.

The Hazard of Overconfidence

The survey analysis, titled “Safety Approaches Across the Globe: The Confidence Hole,” surveyed 12,037 professionals throughout the UK, USA, Germany, France, Netherlands and South Africa. It discovered that South Africa leads in each excessive confidence and excessive rip-off victimization charges.

That is in step with our latest Africa Cybersecurity Consciousness 2025 survey which revealed that whereas 83% of African respondents are assured of their capacity to acknowledge cyber threats, greater than half (53%) don’t perceive what ransomware is and 35% have misplaced cash to scams.

These figures counsel that the Dunning-Kruger impact, which is a cognitive bias the place folks overestimate their capacity, is alive and effectively in cybersecurity. Overconfidence can create a false sense of safety, making workers extra inclined to superior cyber threats.

Key Findings

• 86% of workers imagine they’ll confidently determine phishing emails
• 24% have fallen for phishing assaults
• 12% have been tricked by deepfake scams
• 68% of South African respondents reported falling for scams—the best victimization price

Past Coaching: Fostering a Safety Tradition

The report highlights the significance of fostering a clear safety tradition. Whereas 56% of workers really feel “very comfy” reporting safety issues, 1 in 10 nonetheless hesitate on account of worry or uncertainty. Curiously, South Africans felt most comfy: 97% of South African respondents expressed some stage of consolation in reporting their issues, exhibiting a stage of belief of their safety organizations.

Overconfidence fosters a harmful blind spot—workers assume they’re scam-savvy when, in actuality, cybercriminals can exploit greater than 30 susceptibility elements, together with psychological and cognitive biases, situational consciousness gaps, behavioral tendencies and even demographic traits.

Leverage the “Prevalence Impact”

To fight the overconfidence lure in cybersecurity consciousness, organizations ought to leverage the “prevalence impact” by sustaining a gentle and significant publicity to phishing simulations. The prevalence impact is predicated on analysis which signifies that when phishing makes an attempt are uncommon, customers turn out to be much less adept at recognizing them, resulting in decreased detection capacity.

By commonly exposing customers to simulated phishing assaults, organizations can improve detection abilities, reinforce vigilance and mitigate the dangers related to overconfidence of their capacity to identify threats.

To fight this, organizations want:

• Arms-on, scenario-based coaching: To counteract misplaced confidence
• Steady training: To maintain up with evolving cyber threats
• Prevalence impact: Expose customers to phishing simulation exams as regularly as attainable
• Foster an adaptive safety mindset: To reply successfully to new threats

The Backside Line

The survey findings emphasize the important want for efficient human threat administration. Customized, related and adaptive coaching that caters to workers’ particular person wants needs to be applied whereas additionally contemplating regional influences and evolving cyber techniques. Within the battle towards digital deception, essentially the most harmful mistake workers could make is assuming they’re immune.

“Safety Approaches Across the Globe: The Confidence Hole,” is on the market for obtain on the KnowBe4 weblog:
https://weblog.knowbe4.com/the-cybersecurity-confidence-gap-are-your-employees-as-secure-as-they-think

Tons of of Malicious Android Apps Obtained 60 Million Downloads

Bitdefender warns {that a} main advert fraud marketing campaign within the Google Play Retailer resulted in additional than 60 million downloads of malicious apps.

The attackers managed to position no less than 331 malicious apps within the Play Retailer. Along with displaying full-screen adverts, a number of the apps additionally directed customers to phishing websites designed to reap their credentials.

“Most purposes first turned lively on Google Play in Q3 2024,” Bitdefender says. “After additional evaluation, we noticed that older ones that had been printed earlier had been initially benign and didn’t include malware parts. The malicious habits was added afterward, beginning with variations from the start of Q3.

“To be clear, that is an lively marketing campaign. The most recent malware printed within the Google Play Retailer went reside within the first week of March, 2025. After we completed the investigation, per week later, 15 purposes had been nonetheless accessible for obtain on Google Play.”

The apps posed as in style utility providers, comparable to QR scanners, finances planners, well being apps and plenty of others. “One approach to maintain a malicious app hidden from the consumer is to cover the icon – a habits that’s now not allowed within the Android OS,” the researchers write.

“We discover that attackers used a number of approaches to resolve this downside. The most well-liked and fascinating one can be possible essentially the most environment friendly. The app comes with the Launcher Exercise (e.g., that the consumer sees and clicks on) disabled by default.

“Afterwards, by abusing the startup mechanism offered by the content material supplier, the samples use native code to allow the launcher, which is probably going carried out as a further method to evade detection.”

Weblog put up with hyperlinks:
https://weblog.knowbe4.com/hundreds-of-malicious-android-apps-received-60-million-downloads

What KnowBe4 Clients Say

“Hi there Stu, I’m a really completely happy camper — issues are going fairly effectively with our KnowBe4 implementation. Our Buyer Success consultant Aariel F. has been an incredible assist with getting us up to the mark shortly. We’re seeing very constructive outcomes from our coaching and phishing campaigns.”

– S.Ok., Assist Crew Lead