Simply Cyber Newsletter #115

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with Simply Cyber Newsletter!

FOR END USERS

Google takes action after reports ‘most sophisticated attack I’ve ever seen.’ Latest trope is tricky enough to fool even the technical crowd… almost.

What you need to know: This social engineering attack is particularly valuable for awareness training because it:

Shows how attackers are combining multiple trust signals (legitimate phone numbers, genuine email domains, and 2FA codes) Demonstrates that following common security verification steps isn't always enough Provides clear, actionable guidance that employees can remember

Send the following email to your end users:

I want to share information about a new sophisticated scam that's making the rounds - one that nearly fooled even experienced tech professionals. Here's what's happening: Scammers are calling people pretending to be from Google's security team. They're using real Google phone numbers, sending legitimate-looking emails from actual Google domains, and even managing to trigger authentic two-factor authentication prompts. What makes this scam particularly dangerous:

The calls appear to come from genuine Google phone numbers The scammers send emails from legitimate-looking Google domains They know details about Google's security processes They can trigger real Google authentication notifications

Remember this critical fact: Google will never call you to reset your password or fix account issues. If you receive such a call, even if it seems legitimate:

Hang up immediately Do not press any authentication buttons on your phone If concerned about your account, go directly to Google's website and check your security settings there

If you receive any suspicious calls about your Google account or other work-related accounts, please report them to the IT Security team immediately."

FOR PEERS

Hundreds of fake Reddit sites push Lumma Stealer malware. Hackers are distributing close to 1,000 web pages mimicking Reddit and the WeTransfer file sharing service that lead to downloading the Lumma Stealer malware.

What you need to know: This email is designed to alert IT staff about a sophisticated malware distribution campaign.

We need your immediate attention regarding a large-scale malware distribution campaign that's currently active. Threat actors are deploying Lumma Stealer malware through an elaborate chain of fake Reddit and WeTransfer pages. Be on the lookout for:

Unusual outbound connections to new domains impersonating these services Suspicious file downloads mimicking legitimate file-sharing services Credential access attempts from unknown sources

Remember: Lumma Stealer has been implicated in recent high-profile breaches at PowerSchool, HotTopic, CircleCI, and Snowflake. Its capability to steal browser-stored credentials and session tokens makes it particularly dangerous for corporate environments. Please escalate any suspicious activities matching these patterns immediately.

FOR EXECUTIVES

Ransomware attack kept major energy industry contractor out of some systems for 6 weeks. Officials at a large energy industry and federal government contractor were locked out of company financial systems for six weeks due to a recent ransomware attack.

What you need to know: Below is an email specifically crafted for executive leadership to:

• Demonstrate real business impact using a peer company example Frame cybersecurity in terms of operational continuity and financial risk

• Provide concrete metrics that resonate with executive decision-making

• Create urgency without causing alarm Support potential cybersecurity investment discussions

• The email uses business language rather than technical terms and focuses on operational impact rather than technical details.

  Email to send to executives:

  I want to bring your attention to a significant business disruption that recently affected one of our industry peers. This incident provides important insights for our own business continuity planning.

  This company suffered a ransomware cyber attack resulting in business impact, specifically:

  • Financial reporting capabilities were compromised during a critical year-end period

  • Employee productivity was severely limited for over 40 business days

  • Potential regulatory implications due to data exposure Required SEC disclosure, indicating material business impact Reputational risk with government and commercial clients

  As we continue to enhance our cybersecurity posture, I welcome the opportunity to discuss our own preparedness measures and ensure we're adequately protected against similar disruptions.

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content, every day.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Find more about what’s happening this week in the Simply Cyber community, below.

Thank you and see you again next time! Have a great week, #TeamSC!

Gerry

SIMPLY CYBER DAILY CYBER THREAT BRIEF

Catch the most popular weekday cyber threat news analysis livestream around and meet the most supportive community ever, #TeamSC!

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM EST via YouTube and LinkedIn - podcast also available on Spotify, Apple Podcasts, or your favorite podcast platform. You can also check it out on our podcast webpage.

SC MEDIA GROUP SIMPLY DEFENSIVE PODCAST

When: Monday, February 3 at 9:30 AM ET | Presented by: Simply Cyber Media Group

S2 E4: SOC Operations and Metrics with Hayden Covington

In this episode of Simply Defensive, hosts Josh Mason and Wade Wells are joined by Hayden Covington from Black Hills Information Security. Hayden shares insights into his role at a Security Operations Center (SOC), discussing key metrics, challenges in SOC work, and the importance of communication with MSP customers. The conversation also delves into Hayden's new course on SOC foundations using Elastic and Jira, his experiences with public speaking, and the importance of personal documentation for productivity and problem-solving.

Join us at 9:30 AM EST on Monday after the Daily Cyber Threat Brief and Jaw Jackin’.

SC MEDIA GROUP CYBERSECURITY MENTORS PODCAST 

When: Thursday, February 6 at 9:30 AM ET | Presented by: Simply Cyber Media Group

S2 E5: Tools and Skills for Security Analysts - Part 1

This episode is Part 1 of 2 that focuses on essential tools and skills for aspiring security analysts. Join us as we discuss SIEM tools, vulnerability management, and endpoint protection.

Join us here for this upcoming episode on Thursday after the Daily Cyber Threat Brief.

SC MEDIA GROUP CYBERSECURITY MENTORS PODCAST 

When: Friday, February 7 at 1:00 PM ET | Available on: Simply Cyber Discord

Check out this Cybersecurity AMA event happening every First Friday of the month.

Open to the community, only on Simply Cyber Discord! Ask questions. Get answers. Connect with #TeamSC.

Click here to join us!

SC MEDIA GROUP WEEKLY STREAM SCHEDULE

SC ACADEMY THE PLACE FOR GRC CAREERS

At Simply Cyber Academy, we specialize in making GRC Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have NEW COURSES available to help you advance in your GRC Cyber career. Check them out!

Visit academy.simplycyber.io to learn more now.