Simply Cyber Newsletter #174

Start your work week off at full speed with expert analysis and actionable intel from top cybersecurity news stories. Share with your End Users, Peers, and Executives to support weekly security awareness with the Simply Cyber Newsletter!

FOR END USERS

Attackers Abuse LiveChat to Phish Credit Card, Personal Data. Attackers are using fake customer support chats to impersonate trusted brands like PayPal and Amazon, convincing users in real time to share credentials, credit card details, and MFA codes. The interaction feels legitimate, making the scam harder to recognize than traditional phishing.

What you need to know: Researchers uncovered a phishing campaign that abused LiveChat to create real-time conversations with victims, posing as customer support agents. Instead of relying solely on links, attackers guide users step-by-step through what appears to be a normal support interaction, asking for login details, MFA codes, and payment information. Because the interaction feels personal and responsive, it lowers suspicion and increases the likelihood that users will comply. This marks a shift from static phishing emails to live, adaptive social engineering.

Educate your end users that legitimate companies will not ask for passwords, MFA codes, or full payment details through chat support. Encourage them to stop and verify requests by going directly to the official website or app rather than continuing the conversation. As attackers move toward real-time interaction, users should treat unexpected support conversations with caution and verify before sharing any sensitive information.

FOR PEERS

North Korea's 100,000-strong fake IT worker army rake in $500M a year for Kim Jong Un. Researchers uncovered a global operation in which up to 100,000 fake IT workers use stolen identities to obtain legitimate employment within organizations, generating hundreds of millions annually. This shifts initial access from exploitation to hiring and trusted access.

What you need to know: IBM X-Force and Flare Research revealed that this activity operates as a structured ecosystem rather than isolated fraud. The model includes recruiters screening candidates, facilitators assigning identities, and collaborators providing Western personas to secure employment. Once hired, individuals often work as part of coordinated teams supporting a single identity, allowing them to perform well, gain trust, and expand access over time. Internal tooling, communication platforms, and even training materials further support this operation, making it scalable and repeatable across industries.

Share this story with your peers and discuss how identity trust is established and maintained across your organization. Traditional controls focus on preventing unauthorized access, but this model operates entirely within approved access paths. The conversation should focus on how to validate identity beyond onboarding, monitor for misuse of legitimate access, and identify signals that indicate coordinated or non-human behavior. This is less about intrusion detection and more about recognizing when access itself has been compromised.

FOR EXECUTIVES

Shadow AI Risk: How SaaS Apps Are Quietly Enabling Massive Breaches. Organizations are rapidly adopting AI-enabled SaaS tools without full visibility into how they connect and share data. A single compromised app with trusted OAuth access can cascade across systems and organizations, turning a breach into widespread business impact.

What you need to know: A recent analysis of 23,000 SaaS environments found that every organization is now running AI-enabled applications, with a sharp rise in attacks targeting these systems and most incidents involving sensitive customer data. What stands out is not just the volume of attacks, but how a single compromised SaaS application can cascade across multiple systems and even into other organizations through trusted integrations. The Salesloft Drift incident showed that a single breach, combined with valid OAuth tokens, enabled attackers to bypass traditional defenses and move directly into connected environments.

The takeaway for leadership is that risk is no longer contained within individual systems. As organizations adopt AI-enabled SaaS tools to move faster, they are also expanding interconnected access paths that are often not fully understood or monitored. This creates a scenario in which a single point of compromise can have a disproportionate impact across operations, partners, and customer data.

If this is raised with senior leadership, the focus should be on visibility and accountability. The key question is whether the organization has a clear understanding of which SaaS applications have AI capabilities, how they are connected, and what level of access they hold across the environment. Without that clarity, decisions about risk are being made on assumptions rather than actual exposure.

The Gold Standard for AI News

AI will eliminate 300 million jobs in the next 5 years.

Yours doesn't have to be one of them.

Here's how to future-proof your career:

• Join the Superhuman AI newsletter - read by 1M+ professionals

• Learn AI skills in 3 mins a day

• Become the AI expert on your team

Start learning AI now

JOIN US EVERY WEEKDAY DAILY CYBER THREAT BRIEF

Gerald Auger, Ph.D. livestreams the Daily Cyber Threat Brief on Simply Cyber on weekdays at 8:00 AM EDT.

Join the party with cybersecurity enthusiasts and professionals alike who enjoy learning about the latest in cybersecurity news and staying connected.

Meet #TeamSC in live chat and join the community! https://simplycyber.io/streams 

NEW VIDEO DROP: Why Your Cyber Risk Assessments Change Nothing (5 Fixes)

Heat maps generated. Registers maintained. Boxes checked. Decisions unchanged. Sound familiar?

In this video, Steve McMichael shows you:
✅ Why heat maps fail executives (and where they actually work)
✅ The false precision trap that kills your credibility
✅ 5 principles to make risk management actually drive decisions

If you are in GRC, risk, or security leadership and want your analysis to influence decisions, not just document them, this is a conversation worth watching.

🎥 Full video is live on YouTube: https://youtu.be/NxTpq-A_yLg 

2 CYBER CHICKS: Security Doesn’t Win, Business Does

Thursday, March 25th at 9:30 AM EDT

In this episode of 2 Cyber Chicks, Jax sits down with Angelique Grado, a board director, fractional CISO and CIO, former Air Force officer, and cybersecurity leader for critical infrastructure and global enterprises.

Angelique has spent over two decades leading technology and security strategy across Fortune-scale organizations, OT and ICS environments, and safety-critical systems where failure isn’t an option. She’s known for making cybersecurity a business accelerator, not a blocker, helping leaders navigate risk, growth, and complexity with clarity and confidence.

In this candid conversation, we explore:
- Why businesses increasingly accept cyber risk as long as revenue isn’t impacted
- The most misunderstood part of being a CISO and who misunderstands it most
- How “aviate, navigate, then communicate” applies to modern cyber leadership
- How AI is reshaping the CISO role faster than governance can keep up
- What boards and executives still get wrong about cybersecurity risk

This episode is a must-listen for CISOs, security leaders, board members, and anyone navigating the tension between business growth and security reality.

​Register now to attend and get notified with a calendar reminder: https://luma.com/lq2cbslx

SC MEDIA GROUP WEEKLY EVENTS SCHEDULE

Join us for learning and networking every day of the work week at simplycyber.io/streams & meet the community at simplycyber.io/discord!

SIMPLY CYBER MONTHLY EVENTS LINEUP

Want to know what’s happening at Simply Cyber at any given time?

Head over to the SC Monthly Events Calendar to register for new and upcoming events for the month - don’t forget to subscribe! lu.ma/simplycyber 

SC ACADEMY THE PLACE FOR CYBER CAREERS

At Simply Cyber Academy, we specialize in making GRC and Cybersecurity Careers a reality. Empower your career by learning real in-demand skills from cyber experts and the theory behind those skills with Simply Cyber Academy.

The popular GRC Analyst Master Class is a must for kickstarting your GRC Cybersecurity career. In addition, we have new courses covering various areas of focus in cyber available to help you advance in your career.

Check out the NEW FREE courses available in the academy and our new blog!

SC ACADEMY BLOG: SOC ANALYST INTERVIEW SKILLS

Check out the blog from last week on Simply Cyber Academy: https://academy.simplycyber.io/p/Blog?p=soc-analyst-interview-skills

LET’S CONNECT

Stay current on trending topics, tips, events and resources in cybersecurity, connect with Simply Cyber on socials for new content.

As always, please send me feedback. Which tip above is your favorite? What do you want more or less of? Other suggestions? Please let me know. Just send a DM on X with #actionableintel in the subject so I can find it.

Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Find more about what’s happening this week in the Simply Cyber community, below. Join us on the Daily Cyber Threat Brief happening every weekday morning at 8 AM Eastern on YouTube and LinkedIn.

Thank you and see you again next week, #TeamSC!

Gerry