CyberheistNews Vol 15 #37 [New Report] Shadow AI Threats Are Increasing. Here’s How to Spot Them

[New Report] Shadow AI Threats Are Increasing. Here’s How to Spot Them

The use of “shadow AI” is an increasing security risk within organizations, according to a new report from Netskope.

Shadow AI is a newer variant of shadow IT, in which employees use unauthorized technology without the knowledge of the IT department. This is generally driven by a desire for increased productivity rather than malicious motives, but employees are often unaware of the risks introduced by unauthorized tools.

“Netskope now tracks over 1,550 distinct GenAI SaaS apps, up from 317 in February 2025, with organizations using an average of 15 apps (up from 13),” the report says. “Monthly data uploads to these apps increased from 7.7 GB to 8.2 GB.

Enterprises are consolidating around purpose-built tools like Google Gemini and Microsoft Copilot, which saw significant adoption gains. ChatGPT, despite remaining the most popular app (used by 84% of organizations), saw its first enterprise usage decline since 2023.

“Other apps, including Anthropic Claude, Perplexity AI, Grammarly, and Gamma, grew, while Grok entered the top 10 most-used apps, though it remains among the most-blocked, with blockage rates declining as organizations adopt granular controls.”

The researchers note that the use of generative AI platforms will grow as these tools increase in sophistication. Organizations and employees need to learn how to deal with these tools safely.

“GenAI platforms, which are foundational infrastructure tools that enable organizations to build custom AI apps and AI agents, represent the fastest growing category of shadow AI, given their simplicity and flexibility for users,” Netskope says.

“In the three months ended May 2025, users of these platforms increased by 50%. GenAI platforms expedite direct connection of enterprise data stores to AI applications, with the popularity in usage creating new enterprise data security risks that place added importance on data loss prevention (DLP) and continuous monitoring and awareness.”

AI-powered security awareness training can teach your employees about evolving security risks. Blog post with links:
https://blog.knowbe4.com/report-shadow-ai-poses-an-increasing-risk-to-organizations

Level Up Your Strategies for Cybersecurity Awareness Month

Cybersecurity Awareness Month is just around the corner, and it’s time to plan your October campaign! While it’s an exciting opportunity, it can also be challenging. How do you turn mandatory security awareness into a fun and engaging campaign that actually reduces human risk?

Join Erich Kron, CISO Advisor at KnowBe4, as he shows you exactly how to do it. You’ll discover how to leverage KnowBe4’s ready-to-use kit to run a complete themed campaign throughout October. We’ve done the heavy lifting so you can focus on what matters most: building a stronger security culture that lasts.

In this fun and practical session, you’ll learn:

• How to explain cyber threats to users in ways they can relate to and understand in their daily work
• Real examples and creative campaign ideas showing how admins have created wildly successful cybersecurity awareness campaigns
• Simple gamification techniques that transform passive learning into competitive fun
• How to select the right training modules that entertain while they educate and why it matters
• How to maintain momentum and engagement long after Cybersecurity Awareness Month ends

Join us to get practical tools and creative ideas that will make your Cybersecurity Awareness Month campaign the talk of the organization while dramatically reducing your human risk. Register now and earn CPE credit for attending!

Date/Time: TOMORROW, Wednesday, September 17 @ 1:00 PM (ET)

Can’t attend live? No worries — register now and you will receive a link to view the presentation on-demand afterwards.

Save My Spot:
https://info.knowbe4.com/level-up-your-strategies?partnerref=CHN2

Smishing Campaign Targets California Taxpayers With Phony Refund Offers

The State of California’s Franchise Tax Board (FTB) has warned of an ongoing SMS phishing (smishing) campaign targeting residents, Malwarebytes reports.

The FTB stated, “These text messages contain a link to a fraudulent version of certain FTB web pages, which are designed to steal personal and banking information. The scam aims to trick taxpayers into providing personal details and credit card information.”

The text messages purport to come from California’s tax board, informing recipients that they need to provide their payment information to claim their tax refund. The messages set a short deadline to claim the refund in order to compel users to act quickly.

Malwarebytes outlines the following red flags to help users recognize these scams:

• “Suspicious domain names: Official tax authorities only use domains ending in ‘.gov.’ Any link leading to ‘ftb.ca-nt.cc’ or other odd-looking domains is a major red flag.
• Urgent or threatening language: Scammers often try to rush recipients with claims like “permanent forfeiture of your refund” and tight deadlines.
• Requests for sensitive personal or financial information: Legitimate agencies never ask for bank account info or other private details via text message.
• Promised instant rewards: Messages offering immediate deposits should not be trusted.
• Odd instructions for opening links: Watch out for steps like ‘reply with ‘Y’, then close and reopen the message’ or pasting the link into Safari. This is a scam tactic to bypass security features.
• Foreign phone numbers: US federal and state agencies only use official numbers, not foreign codes. A sender like +63 (Philippines) pretending to be a US state agency is a sure giveaway of fraud.”

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

Blog post with links:
https://blog.knowbe4.com/smishing-campaign-targets-california-taxpayers-with-phony-refund-offers

[Live Demo] Stop Inbound and Outbound Email Threats

With over 376 billion emails sent daily, your organization faces unprecedented risks from Business Email Compromise (BEC), misdirected sensitive communications and sophisticated AI-driven phishing attacks. The human element, involved in the vast majority of data breaches, contributes to email-based threats that cost organizations like yours millions annually.

Discover how you can stop up to 97% more attacks and uncover 10x more potential data breaches in your Microsoft 365 environment before they happen.

Join our live demo to see how KnowBe4’s Cloud Email Security seamlessly integrates into Microsoft 365 to enhance its native protection while providing the tools needed to identify risky communications before they lead to breaches.

See KnowBe4’s Cloud Email Security in action as we show you how to:

• Defend your organization against sophisticated inbound threats including business email compromise, supply chain attacks and ransomware
• Prevent costly outbound mistakes with real-time alerts that stop misdirected emails and unauthorized file sharing
• Enforce information barriers that keep you compliant with industry regulations
• Detect and block data exfiltration attempts before sensitive information leaves your organization
• Customize incident response workflows to match your security team’s needs

Strengthen your security posture with AI-native intelligent email security that reduces human-activated risk and safeguards your organization from inbound and outbound threats.

Date/Time: Wednesday, September 24th @ 11:00 AM (ET)

Save My Spot:
https://info.knowbe4.com/ces-demo-month3?partnerref=CHN

“Yep, I got pwned. Sorry everyone, very embarrassing.”

In essence, that is the disclosure and notification message that the open-source developer “qix” sent to the world when he was social engineered to give up access credentials to his GitHub account.

Using his account, the attackers inserted malware in a series of popular NPM packages to direct cryptocurrency payments to their own wallets.

While it seems the actual financial damage was limited, as the malicious code triggered CD/CI compilation errors, two hours of the malicious code being published on GitHub would have been enough to cause significant damage to many organizations.

In this case, the payload was perhaps not well-tested, which appears to be a rookie mistake for cybercriminals. However, the damage could have been significant as several affected packages have average weekly downloads in the hundreds of millions: chalk (300 million weekly downloads), debug (358 million downloads), and ansi-styles (371 million downloads).

The payload would have been very aggressive if deployed successfully:

• Address replacements for all browser calls using fetch and XMLHttpRequest functions and thereby intercepting all network traffic to replace any crypto address with an attacker wallet
• Active transaction hijacking with wallet extensions such as MetaMask to replace recipient addresses with attacker wallets leading to unwittingly approved transactions; and multi-chain support including Bitcoin, Ethereum, Solana, Tron and others.

The open-source packages mentioned above are likely used by countless apps, from small startups to Fortune 500 companies. The incident highlights the challenges of open-source supply chain where a single compromised maintainer account can affect billions of installations across the global software ecosystem.

While the open-source community runs on trust, extremely targeted attacks like this one show a pattern of high-impact supply chain attacks targeting developer infrastructure that begins to emerge.

The solution: carefully implement security safeguards into your CI/CD system. Enhanced security measures across the open-source ecosystem are urgently required, including phishing-resistant multi-factor authentication, trusted publishing mechanisms and improved monitoring of package changes.

Organizations should no longer blindly trust package managers, as any update could potentially introduce malicious code. Instead, updates must be verified and monitored to ensure a protected software ecosystem in organizations.

Blog post with links:
https://blog.knowbe4.com/yep-i-got-pwned.-sorry-everyone-very-embarrassing

10 Questions Every CISO Should Ask About AI-Powered HRM Tools

AI has certainly become a hot topic in the human risk management (HRM) space, but how can you cut through the hype?

Assessing AI in Human Risk Management

This guide provides a framework for you to thoroughly evaluate AI-based HRM tools and separate real innovation from empty marketing claims. It covers key considerations, including:

• Identifying true AI needs vs. AI for AI’s sake
• Understanding how a vendor’s AI model works under the hood
• Assessing AI performance, training and human oversight

Download now for insight into the right questions to ask to make informed decisions about adopting AI for a more effective HRM program in your organization.

Download Now:
https://info.knowbe4.com/10-questions-every-ciso-should-ask-about-ai-powered-hrm-tools-em

You can read CyberheistNews online at our Blog
https://blog.knowbe4.com/cyberheistnews-vol-15-37-new-report-shadow-ai-threats-are-increasing-heres-how-to-spot-them

FBI Issues Guidance for Avoiding Deepfake Scams

The FBI and the American Bankers Association (ABA) have issued a joint advisory warning of the growing threat posed by AI-generated deepfake scams.

“Criminals may pose as loved ones, government officials, law enforcement personnel, or even celebrities, often using fear and urgency to convince victims to send money or share sensitive information,” the advisory says.

“According to the FBI, more than 4.2 million fraud reports have been filed since 2020, resulting in over $50.5 billion in losses, with a growing portion stemming from deepfake scams.”

FBI Criminal Investigative Division Assistant Director Jose A. Perez stated, “The FBI continues to see a troubling rise in fraud reports involving deepfake media. Educating the public about this emerging threat is key to preventing these scams and minimizing their impact. We encourage consumers to stay informed and share what they learn with friends and family so they can spot deepfakes before they do any harm.”

The advisory outlines the following red flags associated with deepfake images and videos:

• “Blurry or distorted facial features
• Unnatural blinking or facial movements
• Audio-video mismatches
• Flat or robotic voice tones
• Odd lighting or shadows.”

It’s worth noting that some deepfakes won’t have any of these indicators, so users should also be wary of the circumstances surrounding suspicious requests.

The advisory adds that users should:

• “Stop and think before responding to urgent or emotional requests.
• Verify identities using trusted sources and reverse search tools.
• Create codewords with loved ones to confirm authenticity.
• Limit your digital footprint to reduce exposure.
• Report scams to the FBI at IC3.gov, your bank, and local law enforcement.”

Relevant and engaging security awareness training can give your employees a healthy sense of suspicion so they can avoid falling for evolving social engineering attacks.

Blog post with links:
https://blog.knowbe4.com/fbi-issues-guidance-for-avoiding-deepfake-scams

Report: AI-Powered Phishing Fuels Ransomware Losses

AI-powered social engineering attacks are significantly more successful than traditional attacks, according to a new report from cyber risk management firm Resilience.

The researchers state, “Social engineering attacks fueled 88% of material losses, with AI-powered phishing achieving a 54% success rate compared to just 12% for traditional attempts.”

AI allows attackers to easily craft sophisticated phishing emails, as well as voice and video deepfakes. These attacks will grow increasingly harder to detect as AI technology improves.

“The era of obviously fake phishing emails is over,” the researchers write. “According to CrowdStrike’s 2025 Threat Hunting Report, 78% of enterprises experienced at least one AI-specific breach this year. Cybercriminals are leveraging artificial intelligence to create more convincing phishing campaigns, voice synthesis for fraudulent calls, and sophisticated browser based attacks that bypass multi-factor authentication.

“In our portfolio, 1.8 billion credentials were compromised in the first half of 2025 alone—an 800% increase since January. This credential harvesting is feeding a new wave of identity exploitation that’s proving increasingly difficult to detect and defend against.”

Notably, the researchers warn that ransomware accounted for 91% of losses in the first half of 2025, despite representing only 9.6% of total claims.

“Perhaps most disturbing is the evolution of ransomware tactics,” Resilience says. “In at least two recent cases, threat actors located and referenced their victim’s cyber insurance policy to calibrate their ransom demands. In one instance, attackers explicitly stated they had set their demand below the client’s policy limit—turning insurance coverage into a roadmap for extortion.”

Resilience has the story:
https://cyberresilience.com/threatonomics/2025-midyear-cyber-risk-report/

What KnowBe4 Customers Say

“Thanks for checking in – we are very much enjoying KnowBe4 and all the great training materials included. Truett W. has been tremendously helpful as well getting us started; very happy to have him as our account representative.”

– S.J., IT Support Coordinator

“Thanks for reaching out. We’ve been using PhishER in earnest for about 6 months, and already seen several emails PhishRIPped because of diligent users using the PAB. That feature is the main reason we chose KnowBe4, even more so than the training.”

– H.B. Director of Technology