CyberheistNews Vol 15 #38 Why Does Defending AI Brokers Want To Be Standing Quo?

Why Does Defending AI Brokers Want To Be Standing Quo?

By Roger Grimes

Defending people means defending the instruments people use.

Human threat administration (HRM) means lowering human-based threat, or in our specific space, human-based cybersecurity threat. Examine after research has proven that, in a method or one other, people are concerned within the overwhelming majority of cybersecurity incidents.

Typically it’s people being tricked into making defective safety selections by social engineering. Different instances, it’s making defective selections that find yourself lessening safety protections or unintentionally sending confidential data to the unsuitable folks.

Human threat even includes maliciously-minded staff who don’t have their employer’s greatest pursuits at coronary heart — insider risk. There are myriad ways in which people are concerned in making selections and performing actions that lead to cyber compromises.

A lot of HRM includes coaching. Coaching in the best way to acknowledge, mitigate and report threats (i.e., safety consciousness coaching), teaching in the best way to make higher safety selections, and schooling in the best way to securely configure methods.

In fact, utilizing cybersecurity instruments and merchandise to forestall threats from attending to customers, the place they must make essential safety selections within the first place, is even higher. KnowBe4 and its merchandise are instantly concerned in all of that.

[CONTINUED] Weblog put up with hyperlinks:
https://weblog.knowbe4.com/protecting-ai-agents-will-be-status-quo

[Live Demo] Clever Electronic mail Protection: Automate, Remediate and Practice from One Platform

As cyber attackers proceed to outpace conventional defenses, it is not a query of if, however when refined assaults will bypass your e-mail safety controls.

Phishing assaults are surging at an unprecedented 1,265% charge since 2022, largely pushed by AI developments. Most regarding, 31% of IT groups take greater than 5 hours to answer reported safety points, leaving your group weak throughout these essential hours when threats stay lively in your customers’ inboxes.

Throughout this demo, you will uncover how PhishER Plus may help take management again from rising AI phishing dangers by:

• Remodeling your customers into lively risk sensors with one-click reporting by way of the Phish Alert Button
• Accelerating response instances with AI-powered automation that reduces handbook e-mail overview by 85-99%
• Offering complete risk intelligence from a community of 13+ million international customers and third-party integrations
• Eradicating threats mechanically from all mailboxes with PhishRIP earlier than customers can work together with them
• Changing actual assaults into focused coaching alternatives with PhishFlip

Uncover how PhishER Plus combines AI and human intelligence to remodel your customers from safety dangers into your Most worthy defenders.

Date/Time: TOMORROW, Wednesday, September 24 @ 2:00 PM (ET)

Save My Spot:
https://data.knowbe4.com/phisher-demo-3?partnerref=CHN2

AI-Assisted Phishing Assaults Are an More and more Critical Risk

AI-assisted phishing assaults pose a major and growing risk to orgs, in accordance with Matt Weidman, associate and vp of Business Property & Casualty at USIA.

In an article for CBIA, Weidman explains that attackers can use AI instruments to craft focused, convincing phishing messages which are nearly indistinguishable from the true factor.

“Personalization and social engineering: AI can analyze huge datasets, together with social media posts, web sites, and public information, to craft extremely tailor-made messages,” Weidman says. “It may be skilled to imitate writing types to look genuine, reference particular particulars (e.g., latest purchases, ongoing initiatives) to look authentic, and even clone the voice of enterprise leaders or generate sensible movies to make fraudulent but convincing messages.”

Along with enhancing the content material of the phishing messages, AI may help attackers considerably enhance output on an enormous scale.

“As a result of AI can enhance cybercriminals’ output quantity and improve the sophistication of their techniques, staff could encounter a number of fraudulent messages each day,” Weidman says. “The mixture of frequent makes an attempt and convincingly crafted messages could enhance the chance {that a} enterprise will fall sufferer to one in every of these scams.”

Safety consciousness coaching provides organizations an important layer of protection in opposition to these assaults. “Employees ought to obtain ongoing safety consciousness coaching that teaches them concerning the newest cybersecurity threats and hackers’ latest techniques,” Weidman says.

“Companies ought to conduct phishing simulations to assist staff acknowledge and reply successfully to fraudulent communications. Staff ought to really feel empowered to confirm requests for delicate data earlier than responding to them, particularly these involving monetary transactions or credential sharing, and they need to be inspired to report suspicious actions.”

KnowBe4 empowers your workforce to make smarter safety selections on daily basis. Over 70,000 organizations worldwide belief the KnowBe4 HRM+ platform to strengthen their safety tradition and scale back human threat.

Weblog put up with hyperlinks:
https://weblog.knowbe4.com/ai-assisted-phishing-attacks-are-an-increasingly-serious-threat

[Live Demo] Ridiculously Simple AI-Powered Safety Consciousness Coaching and Phishing

Phishing and social engineering stay the #1 cyber risk to your group, with 68% of information breaches attributable to human error. Your safety staff wants a simple strategy to ship personalised coaching. his is exactly what our AI Protection Brokers present.

​​Be a part of us for a demo showcasing KnowBe4’s modern method to human threat administration with agentic AI that delivers personalised, related and adaptive safety consciousness coaching with minimal admin effort.

See how straightforward it’s to coach and phish your customers with KnowBe4’s HRM+ platform:

• SmartRisk Agent™ – Generate actionable knowledge and metrics that can assist you decrease your group’s human threat rating
• Template Generator Agent – Create convincing phishing simulations, together with Callback Phishing, that mimic actual threats. The Really useful Touchdown Pages Agent then suggests applicable touchdown pages primarily based on AI-generated templates
• Automated Coaching Agent – Routinely establish high-risk customers and assign personalised coaching
• Information Refresher Agent and Coverage Quizzes Agent – Reinforce your safety program and organizational insurance policies.
• Enhanced Government Reviews – Observe consumer actions, visualize traits, obtain widgets, and enhance looking out/sorting to offer deeper insights and streamline collaboration

See how these highly effective AI-driven options work collectively to dramatically scale back your group’s threat whereas saving your staff priceless time.

Date/Time: Wednesday, October 1 @ 2:00 PM (ET)

Save My Spot:
https://data.knowbe4.com/kmsat-demo-1?partnerref=CHN

North Korean Hackers Goal Job Seekers With ClickFix Assaults

North Korean hackers behind the “Contagious Interview” marketing campaign are utilizing the ClickFix social engineering tactic to focus on job seekers with phony employment provides, in accordance with researchers at SentinelOne.

“ClickFix sometimes proceeds as follows,” the researchers clarify. “A focused job seeker receives an invite to take part in a job software course of, directing them to a lure web site the place they’re prompted to finish a talent evaluation.

“Throughout the evaluation, the applicant encounters a fabricated error message, akin to a digicam entry problem. They’re then instructed to repeat and paste command strains, usually involving utilities like curl, to obtain and execute a supposed replace from a separate malware distribution server, unknowingly deploying malware within the course of.”

The attackers are primarily concentrating on advertising and finance staff at cryptocurrency firms, utilizing “lures involving numerous job positions, akin to Portfolio Supervisor, Funding Supervisor, and Senior Product Supervisor, throughout a variety of impersonated firms together with Archblock, Robinhood, and eToro.”

The attackers incessantly rotate their infrastructure to remain forward of defenders, organising new domains to keep away from detection.

“Given the continual success of the marketing campaign in partaking job candidates, the risk actors could also be prioritizing sustaining operational readiness and assembly their aims by quickly deploying new property to interchange disrupted infrastructure, moderately than endeavor large-scale focused modifications,” the researchers write.

“We noticed a excessive charge of recent infrastructure deployment by the Contagious Interview risk actors alongside losses of current infrastructure as a consequence of actions by service suppliers, which helps this evaluation.”

The researchers conclude, “[A] essential component in mitigating this risk is the human issue. It is crucial that job seekers, significantly these throughout the cryptocurrency sector, train heightened vigilance when partaking with employment provides and related assessments.”

Weblog put up with hyperlinks:
https://weblog.knowbe4.com/north-korean-hackers-target-job-seekers-with-clickfix-attacks

A Strategic Framework for Human Danger Administration: What’s HRM and Why Do Organizations Want It?

Cybersecurity is not nearly know-how. The human component stays a major consider 68% to 90% of safety breaches. However this is not a time to level fingers at your customers.

In actuality, customers make errors. Even after they perceive cyber assault risks, they could not have time to completely course of them. In the meantime, AI-amplified social engineering assaults make assaults extra deliverable and that a lot more durable to identify.

How will you anticipate your staff to detect assaults when conventional detection know-how can not? This leaves your group with a essential strategic hole in your safety posture. And what higher to bridge the hole with than human threat administration (HRM)—a technique that strikes past easy consciousness to systematically establish, measure, and mitigate human-derived threat by means of a steady, data-driven course of.

Obtain this whitepaper to:

• Uncover the core ideas of recent HRM
• Learn to implement the DEEP mannequin (Defend, Educate, Empower, and Shield)
• Uncover why the adoption of an built-in, AI-driven HRM platform is the best technique of partaking staff
• Construct sturdy safety cultures utilizing confirmed ideas of organizational conduct

Do not let human threat stay your greatest safety blind spot. Obtain the whitepaper and get the confirmed framework for systematic human threat administration.

Obtain Now:
https://data.knowbe4.com/strategic-framework-human-risk-management-wp-em

You’ll be able to learn CyberheistNews on-line at our Weblog
https://weblog.knowbe4.com/cyberheistnews-vol-15-38-why-does-protecting-ai-agents-need-to-be-status-quo

Report: SMBs Face Surge in Cyberattacks Assisted by AI Instruments

Cyberattacks in opposition to small and medium-sized companies (SMBs) practically doubled within the first half of 2025, in accordance with a brand new report from Guardz.

“Phishing stays essentially the most prevalent preliminary assault vector in breaches, accounting for roughly one-fifth of incidents. SMBs are significantly weak as a consequence of restricted safety coaching and excessive belief inside small groups. Nevertheless, generic phishing assaults have declined as attackers more and more use stolen credentials to achieve entry quietly. Phishing is changing into extra focused and complicated.”

The researchers additionally noticed a major enhance in enterprise e-mail compromise (BEC), usually assisted by generative AI instruments.

“[BEC] scams surged in opposition to SMBs, inflicting vital monetary losses globally ,” the report says. “BEC attackers impersonate trusted events to request fraudulent funds or delicate knowledge. Staff at small companies face considerably extra social engineering assaults than these at bigger firms.

Generative AI is a game-changer, enabling cybercriminals to craft polished, personalised rip-off emails and deepfake voice impersonations. This know-how will increase the size and believability of assaults, making detection more durable.

SMBs are responding by growing safety consciousness efforts, however gaps stay. Phishing in 2025 stays a shape-shifting risk, nonetheless the most typical assault vector, however more and more extra advanced to detect.”

The researchers additionally noticed a rise in ransomware assaults, noting that small companies are significantly weak to downtime. “A number of high ransomware gangs are chargeable for nearly half of all reported assaults, reflecting a concentrated ecosystem,” Guardz warns.

“Attackers understand SMBs as having weaker defenses and restricted incident response capabilities, making them simpler targets. Many SMB victims lack sturdy knowledge backups or redundant methods, growing strain to pay ransoms.”

Guardz has the story:
https://guardz.com/weblog/small-business-cyberattacks-rise-in-2025-guardz-mid-year-findings/

Attackers Abuse Google’s AppSheet to Ship Phishing Emails

Hackread studies that attackers are abusing Google’s AppSheet platform to ship phishing emails. The marketing campaign was noticed by researchers at Raven, who warn that attackers are sending messages that impersonate AppSheet, informing customers of phony trademark violations.

Notably, the emails are despatched from AppSheet’s authentic infrastructure, making them extra more likely to bypass safety controls and seem authentic to human recipients.

“As a Google Cloud service, AppSheet inherits the belief and repute that organizations place in Google’s infrastructure,” the researchers write. “When staff see ‘appsheet.com’ of their inbox, they naturally affiliate it with the identical safety requirements they anticipate from Gmail or Google Drive.

With tens of millions of enterprise customers constructing purposes on the platform, AppSheet communications are widespread in company environments, making malicious emails seem routine.”

Attackers have abused AppSheet for this objective since not less than March 2025, accounting for an excellent chunk of worldwide phishing emails. Attackers are all the time in search of methods to slide previous safety filters and are more and more abusing authentic platforms to evade detection.

“This AppSheet marketing campaign represents a broader pattern of authentic service abuse,” the researchers clarify. “Attackers are discovering they’ll obtain higher outcomes by utilizing trusted platforms moderately than constructing their very own infrastructure.”

Erich Kron, safety consciousness advocate at KnowBe4, informed Hackread in an announcement, “The reliance on generally used or well-known manufacturers in social engineering assaults is nothing new; nevertheless, these assaults nonetheless stay fairly efficient.

These kinds of assaults are supposed to mix in with regular day-to-day actions, additional growing the belief stage of the potential sufferer.” New-school safety consciousness coaching may give your group an important layer of protection by instructing your staff to acknowledge purple flags related to social engineering assaults.

Hackread has the story:
https://hackread.com/google-appsheet-phishing-scam-fake-trademark-notices/

What KnowBe4 Clients Say

“It is genuinely onerous to consider that this e-mail is definitely from the CEO of the corporate. Nevertheless, on the off likelihood that it really is you, I wished to share some suggestions concerning our expertise with KnowBe4.

We have been very happy with the platform. As an necessary level, prior to creating our buy, we had been evaluating three opponents. In the end, we selected to contract with KnowBe4 primarily as a result of your gross sales course of was exceptionally responsive and simple.

A really pleasant particular person shortly answered our questions, we coordinated a gathering the place the software was clearly defined, and we had been even given a 30-day trial interval to experiment with it. Your complete expertise felt very straightforward and fluid.

This stands in stark distinction to the opposite two opponents we thought-about. It is nearly unbelievable, however they did not reply shortly – and by “shortly,” I am not referring to a matter of hours, however moderately one or two days. On high of that, they did not provide a trial, and their gross sales representatives did not come throughout as significantly pleasant.

In abstract, congratulations on having such a wonderful gross sales course of!

– C.F. Head of Safety