CyberheistNews Vol 15 #20 Shield Your Enterprise from Scattered Spider’s Newest Assault Strategies

Shield Your Enterprise from Scattered Spider’s Newest Assault Strategies

Mandiant warns that the Scattered Spider cybercriminal group is utilizing “brazen” social engineering assaults to focus on massive enterprise organizations in a variety of sectors.

Particularly, the group targets “organizations with massive assist desk and outsourced IT features which can be inclined to their social engineering ways.”

The menace actors impersonate workers and try and trick IT staff into granting them entry. The group additionally poses as IT staff to focus on workers.

Mandiant says organizations ought to practice their workers to be looking out for the next social engineering ways:

• SMS phishing messages that declare to be from IT requesting customers to obtain and set up software program on their machine. These could embrace claims that the consumer’s machine is out of compliance or is failing to report back to inner administration programs
• SMS messages or emails with hyperlinks to websites that reference domains that seem official and reference SSO (single sign-on) and a variation of the corporate identify. Messages could embrace textual content informing the consumer that they should reset their password and/or MFA
• Cellphone calls to customers from IT with requests to reset a password and/or MFA — or requesting that the consumer present a validated one-time passcode (OTP) from their machine.
• SMS messages or emails with requests to be granted entry to a selected system, significantly if the group already has a longtime methodology for provisioning entry
• MFA fatigue assaults, the place attackers could repeatedly ship MFA push notifications to a sufferer’s machine till the consumer unintentionally or out of frustration accepts one. Organizations ought to practice customers to reject surprising MFA prompts and report such exercise instantly

Moreover, customers ought to be cautious of suspicious communications by way of collaboration instruments.

“UNC3944 has used platforms like Microsoft Groups to pose as inner IT assist or service desk personnel,” the researchers write. “Organizations ought to practice customers to confirm uncommon chat messages and keep away from sharing credentials or MFA codes over inner collaboration instruments like Microsoft Groups. Limiting exterior domains and monitoring for impersonation makes an attempt (e.g., usernames containing ‘helpdesk’ or ‘assist’) is suggested.”

KnowBe4 empowers your workforce to make smarter safety selections each day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and cut back human danger.

Weblog put up with hyperlinks at:
https://weblog.knowbe4.com/how-to-protect-your-business-from-scattered-spiders-latest-attack-methods

Phishing Assaults Are Evolving—Is Your Group Maintaining Up?

Cybercriminals are getting smarter, and your customers are nonetheless their #1 goal. With out coaching, they’re your weakest hyperlink. With it, they grow to be your strongest protection.

KnowBe4’s 2025 Phishing By Trade Benchmark Report analyzed 14.5 million customers, 62,400 organizations, and 67.7 million simulated phishing assessments to disclose essential {industry} benchmarks on phishing and social engineering dangers.

Get the report back to uncover:

• Phishing benchmark knowledge for 19 industries and seven areas
• Largest cybersecurity threats impacting completely different industries
• Who’s most in danger—and repair it
• Confirmed methods to strengthen your human firewall

Organizations utilizing safety consciousness coaching see a dramatic drop in phishing danger inside 90 days. How does your organization evaluate?

Obtain the phishing report now!
https://data.knowbe4.com/2025-phishing-by-industry-benchmarking-report-chn

The Clock Is Ticking: Why Phishing Stays the Quickest-Shifting Cyber Risk in 2025

Cybersecurity professionals face an more and more aggressive phishing menace panorama, and the 2025 KnowBe4 Phishing By Trade Benchmarking Report makes one factor crystal clear: reworking your largest assault floor – your workforce – into your greatest safety asset is essential.

49 Seconds to Catastrophe

In line with the Verizon Information Breach Investigations Report (DBIR), the median time it takes somebody to click on a malicious hyperlink is a staggering 21 seconds. And if that phishing electronic mail requires the worker to enter knowledge — like credentials — the entire course of takes simply 49 seconds.

Meaning safety groups have lower than a minute to forestall a doubtlessly catastrophic error as soon as a phishing electronic mail is opened.

This urgency is compounded by the rise in phishing quantity and class. KnowBe4’s Phishing Risk Tendencies Report discovered a 17.3% enhance in phishing electronic mail quantity, whereas the variety of assaults bypassing safe electronic mail gateways (SEGs) and native safety rose by 47%. Conventional defenses are struggling, and attackers are getting higher at slipping by means of the cracks.

AI Is Altering the Sport

Unsurprisingly, synthetic intelligence (AI) is driving this shift. In reality, 82.6% of phishing emails analyzed by KnowBe4’s Risk Analysis crew used some type of AI. These emails are extra convincing, tougher to detect, and quicker to supply. With the power to adapt tone, impersonate people, and evade pattern-based detection, AI-generated phishing emails are pushing some current electronic mail defenses towards obsolescence.

Past AI, different components contributing to phishing danger embrace the rising menace of Enterprise Electronic mail Compromise (BEC), particularly inside provide chains, and the uneven nature of digital transformation that leaves organizations uncovered. However essentially the most constant issue stays unchanged: human habits.

One in Three Click on — Earlier than Coaching

KnowBe4’s evaluation of Phish-prone Proportion (PPP) — the proportion of customers prone to fall for a phishing electronic mail — exhibits a regarding development. Throughout all organizations, the typical PPP earlier than any coaching is a whopping 33.1%. That is one in three workers clicking on doubtlessly harmful hyperlinks.

CONTINUED on the KnowBe4 weblog:
https://weblog.knowbe4.com/the-clock-is-ticking-why-phishing-remains-the-fastest-moving-cyber-threat-in-2025

[Live Demo] Supercharge Your Anti-Phishing Protection with AI

Cybercriminals are weaponizing AI, driving a 1,265% surge in phishing assaults since 2022. This is not nearly assault quantity — these threats are smarter, extra personalised and more and more evade conventional safe electronic mail gateways.

With 92% of polymorphic assaults now using AI, you want a brand new strategy to outsmart these threats!

KnowBe4’s PhishER Plus is your single-pane-of-glass incident response product that identifies and acts upon threats to maintain your customers protected the place essentially the most risks lie: their inboxes.

Combining AI evaluation with human intelligence from a neighborhood of 13+ million customers worldwide, PhishER Plus revolutionizes your electronic mail safety posture. Simply search, discover and take away electronic mail threats with PhishRIP, whereas reworking actual threats into coaching alternatives with PhishFlip.

On this stay 30-minute demo of PhishER Plus, the #1 Chief within the G2 Grid Report for SOAR Software program, uncover how one can:

• Automate electronic mail investigation and rapidly take away phishing threats, saving your crew 85% – 99% of time spent on guide evaluate
• Systematically take away threats from all consumer inboxes with PhishRIP expertise
• Remodel each worker into an lively menace sensor with seamless, one-click reporting with the Phish Alert Button (PAB)
• Convert malicious emails into coaching alternatives with PhishFlip, figuring out who would have fallen sufferer
• Achieve full visibility into your electronic mail safety posture with clear ROI metrics

Be part of us to see how organizations are reworking their safety posture with PhishER Plus, turning potential vulnerabilities into proactive protection.

Date/Time: TOMORROW, Wednesday, Could twenty first @ 2:00 PM (ET)

Save My Spot:
https://data.knowbe4.com/phisher-demo-2?partnerref=CHN2

KnowBe4 Leads the Cost In opposition to Cybersecurity Threats with Unmatched AI Capabilities

In the case of synthetic intelligence (AI) and human danger administration (HRM), not all AI is created equal.

You want an strategy to AI that demonstrably enhances your safety posture, integrates seamlessly along with your current processes and operates as an extension of your crew. AI ought to be in service of a bigger objective reasonably than exist for its personal sake.

We’re speaking advantages, not simply options. A longtime historical past of innovation, not capabilities which can be too little, too late.

KnowBe4 has been main the way in which in AI for nearly a decade, and we’re not slowing down.

The Rising AI Risk

Since 2022, we have witnessed a staggering 1,265% enhance in phishing assaults, largely pushed by cybercriminals weaponizing AI expertise. The KnowBe4 2025 Phishing Risk Tendencies Report reveals that 92% of polymorphic assaults now make the most of AI to attain unprecedented scale and effectiveness.

In line with a report from LastPass, greater than 95% of cybersecurity execs imagine AI-generated content material makes phishing detection tougher. This technological development within the fingers of unhealthy actors has created a brand new breed of extremely convincing social engineering assaults that one-size-fits-all safety consciousness coaching struggles to fight.

Within the cybersecurity arms race, KnowBe4’s AI not solely predicts and prevents threats but additionally turns your workforce into knowledgeable defenders of their digital area. KnowBe4’s strategy to HRM preemptively empower organizations to thwart cyber threats by cultivating a deeply rooted safety tradition.

Charting the AI Distinction

AI is accelerating cyber threats at an alarming charge. You want it in your aspect to assist combat again.

KnowBe4 has cast a complete ecosystem of superior AI applied sciences seamlessly built-in into our complete Human Threat Administration platform, HRM+. Here is what HRM+ stands out:

• Confirmed ROI and Time Effectivity: ROI between 362% and 650% delivered within the first 12 months, with one buyer slicing down report creation from 80 hours to only 40 minutes
• Dramatic Threat Discount: Our customers report an outstanding lower in susceptibility to phishing assaults, from 36% to six% in a single 12 months. That is an 83% discount in danger
• Monetary Advantages and Insurance coverage Financial savings: Demonstrable financial savings on cyber insurance coverage premiums are one other tangible profit, with reductions of as much as 20% upon utilizing KnowBe4’s platform

Deep-Dive into KnowBe4’s Superior AI Ecosystem

KnowBe4’s real-world impression resonates throughout industries as a trusted supplier of an adaptive, cutting-edge cybersecurity platform that outperforms the competitors in each parameter of danger administration and consumer engagement.

Listed below are the ten essential factors we’re speaking about:

• Confirmed Scalability: AI is one factor, scaling it reliably throughout tens of millions of customers is not. We have completed this earlier than, at world scale, with enterprise resilience
• Superior Coaching Information: Our brokers are skilled on over a decade of real-world behavioral knowledge from 13+ million customers throughout 70,000+ organizations worldwide
• Battle-Examined AI: Not a demo toy, it is production-ready and delivering measurable outcomes with documented 83% discount in Phish-prone™ Proportion inside 12 months
• Threat-Primarily based Intelligence: All our AI selections are based mostly on lowering the Threat Rating of the consumer by means of SmartRisk Agent™
• Complete Platform Integration: We leverage intelligence throughout our complete HRM+ platform. We’re a cybersecurity firm, not only a coaching firm
• Multi-Agent Structure: In contrast to rivals’ single-purpose AI instruments, our suite of specialised AI brokers works in symphony to deal with completely different facets of human danger administration. This implies much less give you the results you want whereas nonetheless delivering on important danger discount duties
• Human-AI Collaboration: There isn’t any synthetic intelligence with out human intelligence. Our AI works as an extension of your crew and follows your tips and configurability to make the choices on behalf of your group
• Steady Studying Loop: Our AI creates a virtuous cycle the place every consumer interplay improves the system’s effectiveness, making it smarter over time not like static rule-based choices
• Clear Resolution-Making: In contrast to rivals’ black-box AI, our AI gives clear explanations for its suggestions, constructing belief with customers and directors alike
• Measurable ROI: Our AI feeds into multi-dimensional reporting to showcase the ROI of organizations’ safety initiatives, showcasing how they’re enhancing their total danger posture and lowering the chance of a breach

Weblog put up with hyperlinks:
https://weblog.knowbe4.com/knowbe4-leads-charge-against-cybersecurity-threats-with-ai-capabilities

KnowBe4 Weblog Has Been Nominated for European Cybersecurity Blogger Awards

Thrilling Information! The KnowBe4 weblog has been nominated for the European Cybersecurity Blogger Awards within the class of “The Corporates – Finest Cybersecurity Vendor Weblog!”

This recognition highlights our dedication to offering you with helpful cybersecurity insights, tendencies, and academic content material all year long.

How You Can Assist
We’d be honored to have your assist! Voting is open till Could twenty seventh, and your vote would imply the world to our content material crew who works tirelessly to maintain you knowledgeable on the newest safety tendencies.

Vote for KnowBe4:
https://docs.google.com/types/d/e/1FAIpQLSdByj6dZgSycbSvcV2qgpTwdh3PjLAqryt0H55Vc5SbUa1LpQ/viewform

Concerning the Awards
The European Cybersecurity Blogger Awards celebrates excellence in cybersecurity content material creation throughout blogs, vlogs, podcasts and social media. This prestigious occasion brings collectively the cybersecurity neighborhood’s brightest minds and influential voices throughout Infosecurity Europe.

Agentic AI Ransomware Is On Its Manner

By Roger Grimes

Agentic AI-enabled ransomware is just not right here but, however possible will probably be very quickly. I’m speaking this 12 months or by 2026. Right here is why.

What’s Agentic AI?

First, it helps to outline what agentic AI is. To try this, we’ve to begin by defining what Synthetic Intelligence (AI) is…and doing that may be a bit like making an attempt to nail the proverbial Jell-O to a wall. Everybody has a distinct definition, however right here is mine:

AI is a system or service that is ready to carry out duties that simulate “human intelligence” when studying, reasoning and decision-making.

Distinction that with traditional IF-THEN statements that “hard-code” what a program can do. AI Massive Language Fashions (LLMs) “devour” massive quantities of information and use algorithms and targets to supply outputs. The outputs could be modified by consuming extra or completely different info. Conventional packages have all the data they’ll ever “devour” and predefined selections in the meanwhile they’re coded and revealed. AI can change its selections and outcomes based mostly on new inputs. AI could make beforehand undefined selections.

Generative AI is nice at creating “artificial” audio and video of pretend or actual individuals saying and doing issues they actually didn’t do or say. There are literally thousands of providers that permit anybody to take somebody’s image and 6 to 60 seconds of their voice and simply create an audio or video of that particular person saying or doing something.

There are AIs that permit anybody to create a faux particular person or to emulate an actual particular person that may realistically interact with individuals in a significant dialog, the place that particular person doesn’t simply detect that the “particular person” they’re interacting with is just not really human.

Agentic means a software program/service that makes use of separate, stand-alone however cooperating “modules” to fulfill a standard objective. There’s normally an “orchestrator agent” that directs the opposite brokers to work towards a standard objective.

An actual-world allegory could be how most individuals construct homes and buildings. Though one particular person would possibly be capable of do every thing essential to construct a home or constructing by themselves, nearly everybody hires a normal building supervisor (i.e., the orchestrator agent) that hires all the opposite specialists (e.g., building, cement, electrical, plumbing, roofing, and so forth.) who in all probability carry out their concerned duties quicker and higher, to create a greater total product. Agentic AI is AI that makes use of particular person cooperating brokers to perform targets higher and quicker.

Here is a generic graphic describing a mock agentic AI:

[CONTINUED] Weblog put up with hyperlinks:
https://weblog.knowbe4.com/agentic-ai-ransomware-is-on-its-way-soon

Let’s keep protected on the market.

Heat Regards,

Stu Sjouwerman, SACP
Founder and Exec Chair
KnowBe4, Inc.

PS: [BUDGET AMMO #1] How AI is Growing Insider Risk Threat:
https://www.inc.com/stu-sjouwerman/how-ai-is-increasing-insider-threat-risk/91187640

PPS: [BUDGET AMMO #2] Worker phishing coaching is working – however do not get complacent:
https://www.itpro.com/safety/phishing/employee-phishing-training-is-working-but-dont-get-complacent

You may learn CyberheistNews on-line at our Weblog
https://weblog.knowbe4.com/cyberheistnews-vol-15-20-how-to-protect-your-business-from-scattered-spiders-latest-attack-methods

Phishing Marketing campaign Impersonates Microsoft Dynamics 365 Buyer Voice

Examine Level warns {that a} new phishing marketing campaign is impersonating Microsoft’s Dynamics 365 Buyer Voice CRM instrument. The phishing emails purport to comprise essential attachments reminiscent of invoices and embrace phony Dynamics 365 Buyer Voice hyperlinks.

“As a part of this marketing campaign, cyber criminals have deployed over 3,370 emails, with content material reaching workers of over 350 organizations, the vast majority of that are American,” the researchers write. “Greater than 1,000,000 completely different mailboxes had been focused. Affected entities embrace well-established neighborhood betterment teams, faculties and universities, information shops, a distinguished well being info group, and organizations that promote arts and tradition, amongst others.”

The objective of the operation is to steal customers’ Microsoft credentials, which may then be utilized in follow-on assaults.

“When recipients click on on the illegitimate hyperlinks, they’re directed to a Captcha take a look at, which is meant to persuade targets that they aren’t interacting with a phishing electronic mail, and that as an alternative, they’re interacting with an genuine request,” Examine Level says.

“Afterwards, the recipient is directed to a phishing website, which mimics a Microsoft login web page. That is the place the attackers try and steal customers’ info.” Examine Level concludes, “Cyber safety leaders ought to inform workers concerning the potential for suspicious emails and the significance of confirming their origination factors, particularly those who declare to be from Microsoft providers, together with Dynamics 365 Buyer Voice.”

New-school safety consciousness coaching provides your workers a necessary layer of protection towards social engineering assaults. KnowBe4 empowers your workforce to make smarter safety selections each day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and cut back human danger.

Examine Level has the story:
https://weblog.checkpoint.com/analysis/microsoft-dynamics-365-customer-voice-phishing-scam/

Electronic mail-based Assaults Accounted for Most Cyber Insurance coverage Claims Final Yr

Enterprise electronic mail compromise (BEC) assaults and funds switch fraud (FTF) accounted for 60% of cyber insurance coverage claims in 2024, in response to a brand new report from Coalition.

“Enterprise electronic mail compromise is an occasion during which cyber criminals acquire entry to a company’s electronic mail account to execute a cyber assault,” the cyber insurance coverage supplier explains.

“Attackers typically leverage electronic mail entry to search out delicate knowledge, together with login credentials, financials, and different personal info. As soon as geared up with delicate info, they’ll steal cash, extract knowledge for extortion, or compromise further applied sciences.”

Coalition additionally discovered that the severity of BEC assaults elevated by 23%, with the typical loss reaching $35,000.

“BEC claims severity within the US was larger ($36,000) than the worldwide common, whereas each Canada and the UK had been notably decrease ($22,000),” Coalition says. “The spike in BEC severity was, partially, pushed by elevated costs associated to authorized bills, incident response companies, knowledge mining, notifications, and different mitigation and restoration efforts.”

The report provides that enterprise sectors with decrease safety consciousness had been extra prone to fall sufferer to cyberattacks.

“Industries that deal with delicate monetary knowledge, private well being info, or mental property are sometimes focused by cyber criminals as a result of excessive worth of their knowledge,” the researchers write. “Industries tied to essential infrastructure might also face heightened dangers from state-sponsored assaults and ransomware campaigns that may disrupt important operations.

In the meantime, industries with decrease cybersecurity consciousness could also be extra inclined to opportunistic assaults, like phishing and credential theft.”

The report notes that organizations ought to “educate workers on menace actor ways, learn to spot and keep away from cyber assaults with phishing simulations, and meet compliance necessities.”

Weblog put up with hyperlinks:
https://weblog.knowbe4.com/email-based-attacks-accounted-for-most-cyber-insurance-claims-last-year

What KnowBe4 Clients Say

“We have by no means interacted, however I requested Alan in your contact info. Our group is winding down operations, and I wished to let that Alan has been a superb CSM. He has persistently been educated, supportive, and updated on KnowBe4’s options and enhancements.

“Each time I attain out, he has all the time been responsive throughout the identical workday, which has all the time impressed me. He is ready to reply all my questions, and helped me consider using the system in ways in which enhance our group’s effectivity and safety.

“He has additionally helped me take into consideration normal cybersecurity in new methods. I’ve all the time revered his work ethic and integrity.

“If there’s ever a chance for Alan to develop with the corporate and Alan expresses curiosity, I might extremely suggest him for consideration. If nothing else – he positively deserves a increase or bonus! Thanks!”

– G.J. Vice President, Compliance & CQI