![]() Records associated with the domain itself had been updated on June 2, suggesting an ongoing campaign. Getting through the Cloudflare wall led to a fraudulent Microsoft authentication site generated by a phishing kit, which was being hosted on a domain with varying IP addresses over time, with the most recent dating to January 2023. Trying to view the document brought up a page showing that the contents were protected by Cloudflare, a tactic likely designed to prevent proactive analysis of the site showing where it would lead, the researchers said. In the campaign detailed on Thursday, targets were sent an email with a link to a “shared document,” leading to a file sharing website with a previously compromised legitimate company name in the URL. “While some of these attacks were focal and concentrated, some were widely spread and affected massive number of cross-sectors victims.” “In the past few years, Sygnia’s IR teams have engaged in numerous incidents in which world-wide organizations were targeted by BEC attacks,” Sygnia’s researchers wrote in their report. The FBI reported that between December 2021 and December 2022 there was a 17% increase in identified actual and attempted losses worldwide, with a particular focus on the real estate sector. The report comes on the heels of a recent FBI public service announcement estimating that BEC compromises were linked to more than $50 billion in actual and attempted losses across more than 275,000 attacks between 20. Sygnia’s investigation revealed that the attack was part of a broad campaign that potentially impacted dozens of organizations - the company would not say exactly how many - around the world in a sprawling campaign of business email compromise, or BEC. “All analyzed emails contain the same structure, only differing in their title, senders’ account and company, and attached link.” ![]() “The phishing mails spread in a worm-like fashion from one targeted company to others and within each targeted company’s employees,” researchers with the Israeli cybersecurity firm said in a report published Tuesday. ![]() Then, they would use that account to to go after other targets. The hackers would compromise an email account of an employee for a given company, bypass Microsoft Office 365 authentication, and gain persistent access to the account. When researchers at the cybersecurity firm Sygnia responded earlier this year to a compromised email account at an unnamed company, they stumbled upon a sprawling campaign of business email compromise involving dozens of organizations whose infrastructure the attackers utilized in going after additional victims.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |