CyberheistNews Vol 15 #42 [Heads Up] Faux ‘Help Calls’ Used to Breach Your Salesforce Accounts

[Heads Up] Faux ‘Help Calls’ Used to Breach Your Salesforce Accounts

Google’s Mandiant has revealed steerage on defending in opposition to an ongoing wave of social engineering assaults focusing on organizations’ Salesforce cases.

The organized legal gang tracked by Google as “UNC6040” has been utilizing voice phishing assaults to trick workers into granting entry.

“Over the previous a number of months, UNC6040 has demonstrated repeated success in breaching networks by having its operators impersonate IT assist personnel in convincing telephone-based social engineering engagements,” the researchers write.

“This strategy has confirmed significantly efficient in tricking workers, typically inside English-speaking branches of multinational companies, into actions that grant the attackers entry or result in the sharing of delicate credentials, finally facilitating the theft of organizations’ Salesforce knowledge. In all noticed instances, attackers relied on manipulating finish customers, not exploiting any vulnerability inherent to Salesforce.”

Mandiant recommends that organizations use a defense-in-depth technique with measures to make sure that callers are who they are saying they’re. In some instances, the attackers impersonate assist personnel from third-party distributors in an try to achieve entry. Assist desk workers who obtain these calls ought to do the next:

• “Finish the inbound name with out offering any entry or data.
• Independently contact the corporate’s designated account supervisor for that vendor utilizing trusted, on-file contact data.
• Require specific verification from the account supervisor earlier than continuing with any request.”

Moreover, workers ought to be cautious of unsolicited requests that ask them to log into providers utilized by their employer’s group. These could also be phishing assaults designed to steal their credentials.

“Mandiant has noticed the risk actor UNC6040 focusing on end-users who’ve elevated entry to SaaS functions,” the researchers write. “Posing as distributors or assist personnel, UNC6040 contacts these customers and offers a malicious hyperlink.

“As soon as the person clicks the hyperlink and authenticates, the attacker positive aspects entry to the appliance to exfiltrate knowledge. To mitigate this risk, organizations ought to rigorously talk to all end-users the significance of verifying any third-party requests.”

Weblog submit with hyperlinks:
https://weblog.knowbe4.com/protect-yourself-from-voice-phishing-attacks-targeting-salesforce-instances

Cannot Miss Classes on the Human Threat Summit

Your customers maintain the important thing to your strongest protection. This November 6, uncover methods to make {that a} actuality on the Human Threat Summit. Stroll away with battle-tested methods that rework your customers into your strongest asset, plus actionable instruments to enhance your group’s safety tradition.

This half-day occasion brings collectively forward-thinking IT leaders such as you with periods protecting high cybersecurity risk traits and modern approaches you possibly can implement instantly.

Sneak peek into the agenda:

• Keynote: Safety within the Age of Every little thing-as-a-Weapon – discover how cybercriminals are mastering AI sooner than many organizations are adapting their defenses.
• IT Chief Panel: Constructing Adaptive Safety Tradition – that includes seasoned IT leaders sharing their real-world experiences in constructing adaptive safety cultures and lowering human danger.
• 2026 Phishing Menace Traits Preview – get a primary have a look at our newest Phishing Menace Traits Report, stroll by means of assault eventualities and share the traits which are shaping the risk panorama.
• The Deepfake Coaching Playbook – be taught the important coaching frameworks to assist your customers acknowledge and reply to AI-driven manipulation makes an attempt.

Plus: Do not miss hands-on workshops and an unique preview of what is subsequent on the Human Threat Administration roadmap.

Save My Spot:
https://gateway.on24.com/wcc/eh/1815783/human-risk-management-summit?partnerref=CHN2

We Must Educate Our AIs to Securely Code

By Roger Grimes

I’ve been writing about the necessity to higher practice our programmers in safe coding practices for many years.

At the least a 3rd of information compromises concerned exploited software program and firmware vulnerabilities and we’re on our technique to having over 47,000 separate, publicly recognized vulnerabilities this yr. There are not less than 130 new vulnerabilities discovered and publicly reported on daily basis, day after day. That’s a number of exploitation. That’s a number of patching.

And till now, what I’ve mentioned is that we have to:

• Higher practice our coders in safe coding practices
• Programming curricula want to show safe coding practices
• Employers have to require programmers who’ve safe coding abilities

Nicely, that’s all outdated information now. We not want it.

What we now want is to show AI methods to code extra securely.

Out of all of the productiveness positive aspects which have include AI, the flexibility for it to write down code (and/or helping builders in writing code) is definitely the most important productiveness growth to return out of the present degree of AI maturity. Nearly each coder alive is utilizing AI to code, and if they aren’t, they are going to be.

The productiveness positive aspects are very spectacular. My coder associates say they’re experiencing not less than a 30% – 40% productiveness improve through the use of AI. Even my programmer associates who have been initially AI skeptics have come round. Coding is basically an AI-driven world, though people nonetheless should be within the loop.

The time to coach our programmers in safe coding has handed.

If AI is doing a lot of the coding, it’s time for AI to be pressured to do safe coding. And proper now, it is not doing it properly. Each examine I’ve seen on the matter exhibits that AI is unhealthy or worse at safe coding than human programmers.

[CONTINUED] on the KnowBe4 weblog with hyperlinks:
https://weblog.knowbe4.com/we-need-to-teach-our-ais-to-securely-code

2025 Phishing Menace Traits Report

Our Phishing Menace Traits Experiences carry you the most recent insights into the most well liked matters within the phishing assault panorama. In 2025, it has been in with the outdated and in with the brand new, as cybercriminals use new strategies to “revive” the efficacy of present assaults.

Obtain this newest version to find:

• What’s driving a resurgence in ransomware delivered by phishing emails
• How cybercriminals have achieved a 47% improve in assaults evading Microsoft’s native safety and safe e mail gateways
• Which jobs cybercriminals are almost certainly to use for in your group
• How 92% of polymorphic assaults make the most of AI to attain unprecedented scale – and alter the phishing panorama for good
• Plus, different high phishing stats for 2025

Obtain Now:
https://data.knowbe4.com/phishing-threat-trends-report-chn

The Compliance Catch-22: How Monetary Establishments Can Grasp Knowledge Governance and Regulatory Threat

The monetary providers business operates in one of the closely regulated environments within the enterprise world. With delicate shopper knowledge flowing by means of each transaction and communication, monetary establishments face an more and more complicated net of compliance necessities that may make or break their operations. Conventional approaches to knowledge governance merely aren’t slicing it anymore.

The Good Storm of Regulatory Challenges

Monetary establishments at the moment should navigate a labyrinth of regulatory frameworks that will problem even probably the most seasoned compliance professionals. From the Gramm-Leach-Bliley Act (GLBA) to SEC necessities, FINRA rules, and international frameworks like GDPR, every comes with its personal algorithm, reporting necessities and penalty buildings.

What makes this significantly difficult is that these rules typically overlap and generally battle, making a compliance puzzle that requires fixed consideration and experience.

Beneath GDPR alone, monetary establishments face potential penalties of as much as 4% of world income for critical violations. In 2023, FINRA reported a staggering 63% improve in fines, reaching $89 million.

Regardless of all the subtle know-how and safety measures monetary establishments have applied, 68% of information breaches nonetheless stem from human error, not system flaws. The highest perpetrator? “Misdelivery”—merely sending delicate data to the improper recipients.

It is a humbling reminder that even in our digital age, the human factor stays each our best asset and our greatest vulnerability.

The Hidden Prices of Conventional Compliance Approaches

Most monetary establishments have constructed their compliance methods round detection and response relatively than prevention. They’ve invested closely in monitoring methods, incident response groups and remediation processes.

Whereas these parts are necessary, they characterize a reactive strategy to an issue that calls for proactive options.

When an information breach happens because of an worker by chance sending shopper monetary data to the improper recipient, the true prices prolong far past speedy regulatory fines. There’s the harm to shopper belief, the status hit that may final for years, the operational disruption of incident response and the long-term influence on enterprise relationships.

[CONTINUED] on the KnowBe4 weblog:
https://weblog.knowbe4.com/the-compliance-catch-22-how-financial-institutions-can-master-data-governance-and-regulatory-risk

Establish Weak Person Passwords in Your Group With the Newly Enhanced Weak Password Take a look at

Cybercriminals by no means cease in search of methods to hack into your community, but when your customers’ passwords may be guessed, they’ve made the unhealthy actors’ jobs that a lot simpler.

Verizon’s Knowledge Breach Investigations Report confirmed that 81% of hacking-related breaches use both stolen or weak passwords.

The Weak Password Take a look at (WPT) is a free instrument to assist IT directors know which customers have passwords which are simply guessed or vulnerable to brute pressure assaults, permitting them to take motion towards defending their group.

Weak Password Take a look at checks the Energetic Listing for a number of sorts of weak password-related threats and generates a report of customers with weak passwords.

Here is how Weak Password Take a look at works:

• Connects to Energetic Listing to retrieve password desk
• Checks in opposition to 10 sorts of weak password associated threats
• Shows which customers failed and why
• Doesn’t show or retailer the precise passwords
• Simply obtain, set up and run. Ends in a couple of minutes!

Do not let weak passwords be the downfall of your community safety. Reap the benefits of KnowBe4’s Weak Password Take a look at and acquire invaluable insights into the power of your password protocols.

Obtain Now:
https://data.knowbe4.com/weak-password-test-chn

Phishing Stays the High Preliminary Entry Vector in Cyberattacks Throughout Europe

Phishing was the preliminary entry vector for 60% of cyberattacks throughout Europe between July 2024 and June 2025, in line with the European Union Company for Cybersecurity (ENISA).

“On the subject of the first technique for preliminary intrusion, phishing (together with vishing, malspam and malvertising) is recognized because the main vector, accounting for about 60% of noticed instances,” the company says.

“Developments in its deployment, resembling Phishing-as-a-Service (PhaaS) that enables the distribution of ready-made phishing kits, point out an automation that paves the way in which for attackers no matter their expertise.”

The company warns that AI instruments have launched new dangers by helping in cyberattacks and as a goal for assaults themselves.

“The rising function of AI has turn into an plain key development of the quickly evolving risk panorama,” the researchers write. “The report highlights AI use each as an optimization instrument for malicious actions but in addition as a brand new level of publicity.”

Massive Language Fashions (LLMs) are getting used to boost phishing and automate social engineering actions. By early 2025, AI-supported phishing campaigns reportedly represented greater than 80 p.c of noticed social engineering exercise worldwide.

“Assaults on the AI provide chain are on the rise. Whereas the main focus of risk actions involving AI was the usage of consumer-grade AI instruments to boost their present operations, the emergent malicious AI methods is elevating issues about their capabilities sooner or later because of the widespread use of AI fashions.”

ENISA additionally notes a rise in provide chain assaults, which might enable risk actors to scale their assaults by going after a sufferer’s clients.

“Intently linked to current occasions within the EU, a rise in focusing on cyber dependencies has been famous,” the company says. “Cybercriminals have intensified their efforts to abuse important dependency factors, for instance within the digital provide chain, to get probably the most out of their assaults.

“This technique is ready to amplify the influence of actions by leveraging the interconnectedness inherent in our digital ecosystems.”

KnowBe4 empowers your workforce to make smarter safety selections on daily basis. Over 70,000 organizations worldwide belief the KnowBe4 HRM+ platform to strengthen their safety tradition and scale back human danger.

Weblog submit with hyperlinks:
https://weblog.knowbe4.com/phishing-remains-the-top-initial-access-vector-in-cyberattacks-across-europe

Let’s keep secure on the market.

Heat regards,

Stu Sjouwerman, SACP
Government Chairman
KnowBe4, Inc.

PS: I’m nonetheless Exec Chair of KnowBe4, however I began a brand new firm! Suggest your advertising group to join the Beta Waitlist at the moment:
https://www.readingminds.ai/

You possibly can learn CyberheistNews on-line at our Weblog
https://weblog.knowbe4.com/cyberheistnews-vol-15-42-heads-up-fake-support-calls-used-to-breach-your-salesforce-accounts

OpenAI Warns In opposition to Phishing Attackers: The Ping, Zing and the Sting

Attackers proceed to take advantage of AI instruments like ChatGPT to help in social engineering assaults, in line with a brand new report from OpenAI.

The report describes one risk actor, believed to be tied to China, that was utilizing ChatGPT to write down phishing emails and develop malware. The researchers word that ChatGPT didn’t craft any new assault strategies, however it improved the effectivity and class of routine social engineering assaults.

“Our mannequin didn’t introduce novel offensive capabilities,” the researchers write. “The operators seem to have primarily used our fashions to hunt incremental effectivity in present workflows, particularly crafting phishing content material and debugging or modifying their tooling.

“The actors used ChatGPT to carry out two major duties: producing content material for phishing campaigns in a number of languages, together with Chinese language (each simplified and conventional), English, and Japanese, and serving to to develop instruments and malware. Their growth work was in keeping with a technically competent however unsophisticated actor.”

These findings have been in keeping with different assault campaigns that abused the corporate’s instruments. The researchers clarify, “The tradecraft benefit sought by means of mannequin help got here from linguistic fluency, localization, and persistence: doubtless fewer language errors, sooner glue code, and faster changes when one thing failed.”

The researchers additionally recognized large-scale rip-off operations that used AI to automate assaults. “Abuse of our fashions to assist scams ranges from lone actors making an attempt fraud to scaled and chronic operations doubtless linked to organized crime teams,” OpenAI says. “No matter their origins and exact ways, the scam-related exercise we have disrupted sometimes follows a typical sample, which we consider because the ping (chilly outreach), the zing (making an attempt to generate enthusiasm or panic), and the sting (extracting cash or beneficial data).

“These scammers begin out by scattering content material (whether or not AI-generated or not) throughout messaging providers and the web, together with by operating social media adverts. They then try to encourage anybody who replies with both enthusiasm for a profitable alternative or concern of some imminent monetary loss, and leverage that emotion to persuade the goal at hand over cash or delicate data.”

OpenAI has since banned the accounts related to this exercise, however risk actors are always in search of methods to bypass AI security measures. New-school safety consciousness coaching offers your group an important layer of protection in opposition to evolving social engineering assaults.

KnowBe4 empowers your workforce to make smarter safety selections on daily basis. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human danger.

OpenAI has the story:
https://openai.com/global-affairs/disrupting-malicious-uses-of-ai-october-2025/

North Korea’s Distant Employee Schemes Goal the Structure Business

Researchers at KELA warn that North Korea’s distant employee schemes have expanded to focus on organizations within the architectural design business. KELA discovered that these staff infiltrated industrial design and structure firms throughout a number of U.S. states.

The researchers word that “[t]inheritor involvement may pose dangers associated to espionage, sanctions evasion, security issues, and entry to delicate infrastructure designs.”

“Working underneath faux identities, typically from China, Russia, Hong Kong, Southeast Asia, and even inside North Korea by way of managed web entry instruments, these staff use VPNs, VPSs, Western accomplices, and ‘laptop computer farms’ to hide their origins and bypass verification,” the researchers clarify.

“They safe freelance or full-time jobs on main platforms by leveraging stolen or rented identities, AI-generated pictures, and fraudulent portfolios, finally infiltrating firms throughout know-how, crypto, transportation, and demanding infrastructure sectors.

“As soon as inside, they both quietly funnel salaries again to the regime or exploit their entry to deploy malware, steal knowledge, or conduct extortion.”

The researchers say firms ought to be looking out for the next purple flags related to potential hires:

• “Suspicious freelancer profiles: Restricted work historical past, unverifiable portfolios, AI-generated headshots, or recurring e mail/handle patterns (e.g., beginning years, animals, colours, mythological names).
• Identification inconsistencies: Resumes with mismatched particulars, a number of personas linked to the identical “employee,” or uncommon geolocation knowledge when verifying candidates.
• Sudden talent overlaps: Candidates providing experience throughout disparate fields, resembling software program growth and structural engineering, might point out fabricated or pooled identities.”

Moreover, KELA notes, “Safety consciousness cannot cease on the SOC – firms ought to educate HR and recruiting workers on widespread purple flags tied to DPRK operatives. This consists of coaching to identify falsified identities, operating enhanced background checks, and integrating vetting instruments into the hiring pipeline.”

KELA has the story:
https://www.kelacyber.com/weblog/espionage-exposed-inside-a-north-korean-remote-worker-network/

What KnowBe4 Prospects Say

“Bryan, Recognize you checking in. We’re discovering good worth out of the platform. Our phish-prone % has halved previously 3-4 months. We’re coaching repeat clickers and constructing a tradition of safety. Extra updates to return. Nice product to this point.”

– H.Okay., Program Administrator

“Bryan, sure, we’re good to this point. Our CSM (John B.) has been nice along with his teaching and onboarding steerage. We have been capable of easily roll out the Cyber Safety Consciousness coaching to all our workers (100 +). I appreciated with the ability to see their progress and completion charges on the Dashboard. Thanks for asking!”

– A.D., Sr. Director Operations