CyberheistNews Vol 15 #46 [The Click Trap] Users Pasting Malware With Just One Shortcut

[The Click Trap] Users Pasting Malware With Just One Shortcut

Researchers at Push Security warn of an extremely convincing ClickFix attack posing as a Cloudflare verification check. ClickFix is a social engineering technique that tricks the victim into copying and pasting a malicious command and then running it on their computer.

In the instance observed by Push Security, the phishing page has a pop-up box that appears to be from Cloudflare, instructing the user to press the keyboard shortcuts necessary to open a terminal and run a command. The malicious command is automatically copied to the clipboard using JavaScript, so the user simply needs to open the terminal and hit control+V (or command+V on Mac).

The box even has an embedded video showing the user what to do. This video is tailored for either Windows or Mac users, depending on which system the victim is using. The box also has a countdown timer to encourage the user to act quickly.

“This is an incredibly slick example — it almost looks like Cloudflare shipped a new kind of bot check service,” the researchers write. “The embedded video, countdown timer, and counter for ‘users verified in the last hour’ all serve to increase the sense of authenticity, and put extra pressure on the victim to complete the check.”

The researchers note that since ClickFix relies primarily on social engineering, technical defenses struggle to block it.

“Although there are ways to block web pages from performing copy to clipboard via device settings or group policy, the practical reality of ClickFix means that these methods are not effective,” the researchers write.

“Because ClickFix is a user gesture-initiated paste event (some form of user interaction such as a button-press is required on the page before loading the ClickFix lure) it cannot be blocked from the host.”

Blog post with links:
https://blog.knowbe4.com/warning-clickfix-attacks-are-growing-more-sophisticated

[Live Demo] Stop Inbound and Outbound Email Threats

With over 376 billion emails sent daily, your organization faces unprecedented risks from Business Email Compromise (BEC), misdirected sensitive communications, and sophisticated AI-driven phishing attacks. The human element, involved in the vast majority of data breaches, contributes to email-based threats that cost organizations like yours millions annually.

Discover how you can stop up to 97% more attacks and uncover 10x more potential data breaches in your Microsoft 365 environment before they happen.

Join our live demo to see how KnowBe4’s Cloud Email Security seamlessly integrates into Microsoft 365 to enhance its native protection while providing the tools needed to identify risky communications before they lead to breaches.

See KnowBe4’s Cloud Email Security in action as we show you how to:

• Defend your organization against sophisticated inbound threats including BEC, supply chain attacks and ransomware
• Prevent costly outbound mistakes with real-time alerts that stop misdirected emails and unauthorized file sharing
• Enforce information barriers that keep you compliant with industry regulations
• Detect and block data exfiltration attempts before sensitive information leaves your organization
• Customize incident response workflows to match your security team’s needs

Strengthen your security posture with AI-native intelligent email security that reduces human-activated risk and safeguards your organization from inbound and outbound threats.

Date/Time: TOMORROW, Wednesday, November 19th @ 1:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/ces-demo-month-2?partnerref=CHN2

Tycoon 2FA Phishing Kit Grows More Sophisticated

Cybereason warns that the Tycoon 2FA phishing kit continues to receive upgrades, allowing unskilled cybercriminals to launch sophisticated social engineering attacks. The platform is known for its ability to bypass multi-factor authentication measures.

“The Tycoon 2FA phishing kit is a sophisticated Phishing-as-a-Service (PhaaS) platform that emerged in August 2023, designed to bypass two-factor authentication (2FA) and multi-factor authentication (MFA) protections, primarily targeting Microsoft 365 and Gmail accounts,” Cybereason says.

“Utilizing an Adversary-in-the-Middle (AiTM) approach, it employs a reverse proxy server to host deceptive phishing pages that mimic legitimate login interfaces, capturing user credentials and session cookies in real-time. According to the Any[dot]malware trends tracker, Tycoon 2FA leads with over 64,000 reported incidents this year.”

Notably, the phishing kit can modify its approach based on error messages received during login attempts.

“A particularly advanced feature of the Tycoon 2FA campaign is its ability to understand an organization’s specific security policies,” the researchers write. “By analyzing error messages from the login process, the phishing kit can tailor its attacks to create highly targeted campaigns, increasing its chances of successfully stealing credentials.”

Employee training is an essential layer of defense against phishing attacks. Cybereason offers the following advice to help organizations thwart these attacks:

• “Train users to recognize suspicious activities and phishing attempts to minimize reinfection risks.
• Teach identification of modified or misspelled URLs and grammatical errors in communications.
• Educate users on the risks of malicious files (e.g., PDFs, PPTs, Word documents, and SVG files) that may redirect to phishing websites.”

AI-powered security awareness training can give your employees a healthy sense of suspicion so they can avoid falling for these attacks.

Blog post with links:
https://blog.knowbe4.com/tycoon-2fa-phishing-kit-grows-more-sophisticated

Intelligent Email Defense: Automate, Remediate and Train from One Platform

It’s not a matter of if but when AI-powered attacks will breach your email defenses. Phishing attacks have surged 1,265% since 2022. With 31% of IT teams taking over 5 hours to respond, every delayed minute keeps active threats in your users’ inboxes.

During this demo, you’ll discover how PhishER Plus can help take control back from rising AI phishing risks by:

• NEW! Creating custom threat detection rules instantly using plain-English descriptions through AI-powered automation, no coding required
• Accelerating response times with AI-powered automation that reduces manual email review by 85-99%
• Providing comprehensive threat intelligence from a network of 13+ million global users and third-party integrations
• Removing threats automatically from all mailboxes with PhishRIP before users can interact with them
• Converting real attacks into targeted training opportunities with PhishFlip

Discover how PhishER Plus combines AI and human intelligence to transform your users from security risks into your most valuable defenders.

Date/Time: TOMORROW, Wednesday, November 19 @ 2:00 PM (ET)

Save My Spot:
https://info.knowbe4.com/phisher-demo-2?partnerref=CHN2

[NEW RECORDS!] 2025 Cybersecurity Awareness Month by the Numbers

Organizations rely on KnowBe4 to educate millions of people each month on security awareness and compliance topics, and every October, during Cybersecurity Awareness Month, engagement with our training content sets new records. 2025 was no exception.

KnowBe4 had nearly 18 million modules completed last month, including interactive training modules, games, assessments, video modules and audiocasts on KnowBe4’s Security Awareness Training. This is a new record for us!

This is also just a sample of the overall usage of our content because it excludes organizations that utilized a third-party LMS as well as orgs that opted to use custom training courses, which are often used by the largest organizations. Even as a conservative snapshot, the data reveals encouraging trends and is helpful in drawing some conclusions about how usage of SAT content is evolving.

The average number of modules completed also significantly increased from last year, underscoring the transition from larger pieces of content to smaller, modular pieces with several different learning activities.

This microlearning approach has been scientifically proven to improve end user engagement, satisfaction, and encourage positive behavior.

The more popular modules last month are listed below this blog post which really is warmly recommended!

[CONTINUED] at the KnowBe4 blog:
https://blog.knowbe4.com/cybersecurity-awareness-month-by-the-numbers

Phishing Threat Trends Report

In this edition of KnowBe4’s Phishing Threat Trends Report, we find out what happens when you respond to a vishing (voice phishing) attack.

Plus, we explore the aftermath of Scattered Spider’s attacks on global retail giants and analyze the biggest trend of 2025: hijacking legitimate platforms to send phishing emails.

Download now to discover:

• Why vishing attacks have increased by 449% in 2025
• How Scattered Spider leverage compromised brands for ongoing campaigns
• Why there’s been a 70% increase in attacks sent from legitimate platforms
• What’s driving the 38% increase in attacks bypassing secure email gateways (SEGs)
• Plus other top phishing stats for 2025

Download this report today!
https://info.knowbe4.com/phishing-threat-trends-report-vol-6-chn

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-15-46-the-click-trap-users-pasting-malware-with-just-one-shortcut

Report: UK Cyber Insurance Payouts Surge by 230%

Cyber insurance claims in the UK surged last year, Infosecurity Magazine reports. New data from the Association of British Insurers (ABI) found that insurers paid out £197 million to help businesses recover from cyber incidents in 2024, a 230% increase compared to the previous year.

“Data from firms participating in the ABI’s cyber data collection revealed a 230% year-on-year increase in the amount paid out to support businesses with cyber-attacks, £138 million more than in 2023,” the ABI said.

“Malware and ransomware alone accounted for over half (51%) of all claims. This is up from a total of 32% of all claims in 2023, highlighting how increasingly sophisticated digital threats are causing more extensive damage, leading to higher payouts.”

The ABI adds, “With cyber threats escalating, demand for protection surged in 2024. 17% more policies were taken out than the previous year, presenting clear evidence that UK businesses are prioritising protection against evolving digital risks.”

While cyber insurance can provide a safety net in case of devastating cyber attacks, it’s not a replacement for security measures. Infosecurity Magazine notes that policyholders typically need to meet a baseline of security best practices before insurers will give them coverage.

Lydia Zhang, President at Ridge Security Technology, told Infosecurity Magazine, “Without thorough security testing or a widely accepted industry standard established before setting cyber insurance terms, it opens the door to hackers who can then target organizations with the highest coverage.”

Most cyberattacks rely on social engineering to bypass technical defenses. KnowBe4 empowers your workforce to make smarter security decisions every day.

Infosecurity Magazine has the story:
https://www.infosecurity-magazine.com/news/cyberinsurance-payouts-soar-230-in/

Google Researchers Predict Increased Malicious Use of AI in 2026

Researchers at Google warn that threat actors will increasingly incorporate AI tools into their operations over the course of the next year.

“In 2026 and beyond, threat actor use of AI is expected to transition decisively from the exception to the norm, noticeably transforming the cyber threat landscape,” the researchers write.

“We anticipate that actors will fully leverage AI to enhance the speed, scope, and effectiveness of operations, building upon the robust evidence and novel use cases observed in 2025. This includes social engineering, information operations, and malware development.”

Criminal threat actors have already been using AI to assist in convincing social engineering attacks over the past two years. These attacks can be expected to improve as AI tools grow more sophisticated.

“In 2026, we anticipate sophisticated threat actors like ShinyHunters (UNC6240) will accelerate the use of highly manipulative AI-enabled social engineering, making it a significant threat,” Google says. “The key to their success in 2025 was avoiding technical exploits and instead focusing on human weaknesses, particularly through voice phishing (vishing).

Vishing is poised to incorporate AI-driven voice cloning to create hyper realistic impersonations, notably of executives or IT staff. This approach will be exacerbated by the increasing use of AI in other aspects of social engineering, which threat actors have been leveraging extensively since 2024.”

The researchers also warn of prompt injection attacks tricking AI tools into performing malicious tasks. “While AI promises unprecedented growth, it also introduces new, sophisticated risks,” Google says. “One of the most critical is prompt injection, a cyberattack that essentially manipulates AI, making it bypass its security protocols and follow an attacker’s hidden command.

This isn’t just a future threat; it’s a present danger, and we anticipate a significant rise in these attacks throughout 2026.”

Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

Google has the story:
https://cloud.google.com/blog/topics/threat-intelligence/cybersecurity-forecast-2026

What KnowBe4 Customers Say

“I wanted to take a moment to share the great experience I had with Nicholas W. during my KnowBe4 support call today.

“Please extend my thanks and appreciation to Nicholas for his excellent support and engagement today. Interactions like this reflect very well on KnowBe4 and reinforce my confidence in your team.”

– W.B., Sr. Information Security Risk Analyst

“Thanks for reaching out. My team LOVES the spam filter and getting notifications of possible spam, external emails, and the link protection.

“I will add we have other products we have implemented from other companies, where their support is just horrible. I keep getting responses like, ‘That’s outside of our scope’ or ‘Contact Microsoft’ and we have been trying for months to get it setup properly and it’s still not working, although we are paying for it! You guys were like the complete opposite.

“So yes we are very happy with your product currently!”

– F.L., Tech Support