Understanding Phishing Campaigns and C2 Threats

Your Cloud Logins at Risk! New Phishing Campaign Abuses Trusted Cloud Platforms Even the most trusted tools can be turned against us. An ongoing spear phishing campaign is exploiting popular cloud storage platforms like Dropbox, DocuSign, and Google Drive to steal login credentials. How it Works: Hackers compromise legitimate cloud storage accounts and use them to share malicious documents. These documents contain links that appear harmless, directing users to a seemingly authentic login page for services like Microsoft 365. Here's the catch: These login pages are fakes, designed to steal your credentials. Because the malicious link is embedded in a document on the cloud sharing site, it often evades most security protection tools too. The Impact: If a user falls victim, hackers gain complete access to their M365 account, potentially compromising sensitive data, emails, and even giving them a platform to launch further phishing attacks within your organization. Combating the Threat: -> User Awareness: Train your team and clients to be cautious of unexpected documents, even from trusted cloud storage providers. Encourage a "see something, say something" culture to report suspicious links. -> Security Controls: Consider implementing stricter email security measures to detect and block emails containing links to these compromised cloud storage sites. -> Block Sites Your Company Doesn’t Use: Leverage web content filtering and DNS filtering technology to block sites not used by your organization. Proactive communication needed here to avoid issues. Communication is Key: Educate your clients about this evolving phishing tactic. The more informed they are, the less susceptible they become. -> Stay vigilant! By understanding these new threats and taking preventative measures, we can protect ourselves and our clients from falling victim to sophisticated phishing schemes. What additional security measures do you use to protect your organization from cloud-based phishing attacks? Share your thoughts in the comments! #phishing #cybersecurity #cloudsecurity #informationsecurity #datasecurity #protectyourdata #M365 #cloudstorage #businesssecurity #ITsecurity #securityawareness https://lnkd.in/g3McnKt5

𝗧𝗵𝗲 𝗧𝗲𝗰𝗵 𝗧𝗟;𝗗𝗥 - Issue #9 𝗔𝗿𝘁𝗶𝗰𝗹𝗲: New phishing campaign targets US organizations with NetSupport RAT 𝗟𝗶𝗻𝗸 𝘁𝗼 𝗙𝘂𝗹𝗹 𝗔𝗿𝘁𝗶𝗰𝗹𝗲: https://lnkd.in/gjEEzCjR 𝗔𝗿𝘁𝗶𝗰𝗹𝗲 𝗦𝘂𝗺𝗺𝗮𝗿𝘆: A sophisticated phishing campaign has been identified, targeting US organizations by deploying the NetSupport RAT (Remote Access Trojan). This campaign is notable for its use of advanced evasion tactics combined with social engineering, diverging from traditional phishing methods that primarily relied on executable files. The campaign leverages the guise of legitimate remote support software to gain unauthorized access to systems. The Perception Point report highlights the campaign's use of MITRE TTPs (Tactics, Techniques, and Procedures) and provides indicators of compromise, including file hashes and URLs, to aid in the creation of detection signatures. 𝗔𝗿𝘁𝗶𝗰𝗹𝗲 𝗥𝗮𝘁𝗶𝗻𝗴: 8/10 𝗔𝗱𝗱𝗶𝘁𝗶𝗼𝗻𝗮𝗹 𝗖𝗼𝗺𝗺𝗲𝗻𝘁𝗮𝗿𝘆: This article is a valuable read for both cybersecurity professionals and the general tech-savvy audience. It scores high on technical merit due to its detailed analysis of the phishing campaign's methodology and the inclusion of actionable intelligence like MITRE TTPs and indicators of compromise. The blend of sophisticated evasion tactics with social engineering underscores the evolving nature of cyber threats, making this article a crucial update for those looking to bolster their cybersecurity defenses. 𝗔𝗱𝗱𝗶𝘁𝗶𝗼𝗻𝗮𝗹 𝗥𝗲𝗮𝗱𝗶𝗻𝗴: 1- Top 4 LLM threats to the enterprise https://lnkd.in/gVqJW34U 2- The Evolution of Phishing: How It's Getting More Sophisticated https://lnkd.in/g9HeKiKQ 3- Understanding MITRE ATT&CK: A Guide for Cybersecurity Professionals https://lnkd.in/gV4Waaex 𝗔𝗿𝘁𝗶𝗰𝗹𝗲 𝗞𝗲𝘆𝘄𝗼𝗿𝗱𝘀: #PhishingCampaign, #NetSupportRAT, #Cybersecurity, #SocialEngineering, #MITRETTPs, #IndicatorsOfCompromise, #EvasionTactics, #RemoteAccessTrojan, 𝘼𝙗𝙤𝙪𝙩 𝙏𝙝𝙚 𝙏𝙚𝙘𝙝-𝙏𝙇; 𝘿𝙍 The Tech - TL; DR is my way of contributing articles worth sharing along with a summary or additional insights into the topic. Since we don’t all have time to read everything, this approach to sharing provides a summary and insight into the article to make consumption easier and faster. The author of The Tech - TL; DR is not affiliated with any of the magazines, online resources cited, or authors. This summary is meant for educational purposes only and is not to be construed as an endorsement of any product, company, service, guidelines, or standards. © 2024 D.Bowden - The Tech - TL; DR

I think cyber criminals are buying intent data to better target their phishes. CEOs, COOs, partners and company executives are bombarded with contracts to review and sign. So it's logical send out a phish referencing an "NDA" or "Insurance" along with the target's company name. It casts a wide (yet generic) net. But the use of the word "subcontract" in the subject line made me stop in my tracks and read this three times. Less than 48 hours ago, I had searched online for 𝙧𝙚𝙦𝙪𝙞𝙧𝙚𝙢𝙚𝙣𝙩𝙨 (another email keyword) of 𝙨𝙪𝙗𝙘𝙤𝙣𝙩𝙧𝙖𝙘𝙩 agreements in the context of HIPAA 😲. Data brokers have been selling intent data to companies for years. Intent data tells you when buyers are actively researching online for a solution, and which products and services they are interested in, based on the web content they consume. Since cyber criminals run their empires like a business, it shouldn't surprise you that have "marketing" teams too. They surely A/B test their email campaigns and know which headlines will get the most opens & clicks. And I'll tell you, ones crafted with intent data are a step above the rest. Goodbye Nigerian Prince, hello age of AI. But... alas, they lost me at the eFax. While we deal with HIPAA for our clients, we're not a doctor's office, so we rarely send or receive faxes. That's a good thing, or else one of them could have easily lost their #M365 login credentials. Right ballpark. Wrong seat. At least for now... #phishingawareness #cyberattacks #AIcontentgeneration #cybersecurity #executivetraining #securityawareness

#phishingawareness Just a little reminder on #phishing as we might be distracted checking emails while off or when we return from holiday to a bulging mailbox! Phishing is the art of sending an email with the aim of getting users to open a malicious file or click on a link to then steal credentials. But most phishers aren’t very good, and the success rate is relatively low: In 2021, the average click rate for a phishing campaign was 17.8%. However, now cybercriminals have AI to write their emails, which might well improve their phishing success rates. Here’s why. The old clues for telling if something was a phishing mail were: - It asks you to update/fill in personal information. - The URL on the email and the URL that displays when you hover over the link are different from one another. - The “From” address imitates a legitimate address, especially from a known brand. - The formatting and design differ from what you usually receive from a brand. - The content is badly written and may well include typos. - There is a sense of urgency in the message, encouraging you to quickly perform an action. - The email contains an attachment you weren’t expecting. While most of these are still valid, there are a few checks you can strike off your list due to the introduction of #AI. When a phisher is using a Large Language Model (LLM) like ChatGPT, a few simple instructions are all it takes to make the email look as if it came from the intended sender. And LLMs do not make grammatical errors or put extra spaces between words (unless you ask them to). They’re not limited to one language ether. AI can write the same mail in every desired language and make it look like you are dealing with a native speaker. It’s also easier to create phishing emails tailored to the intended target. All in all, the amount of work needed to create an effective phishing email has been reduced dramatically, and the number of phishing emails has gone up accordingly. In the last year, there’s been a 1,265% increase in malicious phishing emails, and a 967% rise in credential phishing in particular. Because of AI, it’s become much harder to recognize phishing emails, which makes things almost impossible for filtering software. According to email security provider Egress 71% of email attacks created through AI go undetected. This article gives you tips to raise your game! (no paywall either) https://lnkd.in/g6FzYhcr