One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8391433 |
| Date de publication | 2023-10-04 06:00:00 (vue: 2023-10-04 14:06:25) |
| Titre | Arrêt de cybersécurité du mois & # 8211;Phishing du code QR Cybersecurity Stop of the Month – QR Code Phishing |
| Texte | This blog post is part of a monthly series exploring the ever-evolving tactics of today\'s cyber criminals. Cybersecurity Stop of the Month focuses on the critical first steps in the attack chain-reconnaissance and initial compromise-in the context of email threats. The series is designed to help you understand how to fortify your defenses to protect people and defend data against emerging threats in today\'s dynamic threat landscape. The first two steps of the attack chain: reconnaissance and initial compromise. In our past installments, we have covered supplier compromise, EvilProxy, SocGholish and e-signature phishing. All of these are examples of threats we regularly detect for our customers before they\'re delivered to users. In this post, we explore a recent detection of a phishing attack in which the URL was encoded into a QR code. We\'ll also explore the mechanisms employed by our AI-driven detection stack that ultimately prevented the email from reaching the inbox of its intended target. The scenario Phishing, especially credential phishing, is today\'s top threat. Bad actors constantly devise new methods and tools to gain authenticated access to users\' accounts. This illicit entry often results in financial loss, data breaches and supplier account compromise that leads to further attacks. We recently detected a phishing attack hidden behind a QR code at an agriculture company with more than 16,000 employees. Fortunately, our Aegis platform detected the threats and broke the attack chain. In this scenario, a bad actor crafted a phishing lure purporting to contain completed documentation about the target\'s wages. Instead of including a link for the target to click, the bad actor included a QR code instructing the recipient to scan with their mobile phone\'s camera to review the documentation. Once scanned, a fake SharePoint login screen prompts the user to provide credentials. QR Code phishing represents a new and challenging threat. It moves the attack channel from the protected email environment to the user\'s mobile device, which is often less secure. With QR codes, the URL isn\'t exposed within the body of the email. This approach renders most email security scans ineffective. What\'s more, decoding QR codes using image recognition or optical character recognition (OCR) quickly becomes resource intensive and difficult to scale. The Threat: How did the attack happen? Here is a closer look at how the recent attack unfolded: 1. The deceptive message: An email claiming to contain employee payroll information sent from the organization\'s human resources department. Malicious email blocked by Proofpoint before it was delivered to the user\'s mailbox. (Note: For safety, we replaced the malicious QR code with one linking to Proofpoint.com. The rest of the message is a redacted screenshot of the original.) 2. QR Code Attack Sequence: The recipient is instructed to scan the QR code with their mobile device. Typical QR Code Attack Sequence for Phishing. 3. SharePoint phishing lure: Once the user decodes the URL, a fake SharePoint login screen tries to fool the recipient into entering credentials. Decoded QR code redirecting to an example SharePoint phishing page. Detection: How did Proofpoint detect the attack? QR Code phishing threats are challenging to detect. First, the phishing URL isn\'t easy to extract and scan from the QR code. And most benign email signatures contain logos, links to social media outlets embedded within images and even QR codes pointing to legitimate websites. So the presence of a QR code by itself isn\'t a sure sign of phishing . We employ an advanced blend of signals and layers of analysis to distinguish between weaponized and benign QR codes. We analyze and profile: The sender The sender\'s patterns The relationship of the sender and recipient based on past communication Those clues help identify suspicious senders and whether they are acting in a way that deviates from an established |
| Envoyé | Oui |
| Condensat | 000 : strong ability about abused access according account accounts acting action activities actor actors address advanced aegis after against agriculture ahead all alone along already also analysis analyze analyzing any app appear applications approach approaches are asking ato attack attackers attacks authenticated authentication automated automates awareness awareness education bad based basis because becomes been before behavioral behind being benign between blend blocked blocking blog body book boost both breaches break british broke bullet; but camera can case caught chain chain: challenging chances channel character claim claiming classifying click clicked closer cloud clues code codes com combine combined communicate communication company completed comprehensive compromise compromised condemn condemned condemning constantly contain content context continue control cover covered crafted creative credential credentials criminals critical crown” customers cyber cybersecurity damages dangers data deception deceptive decoded decodes decoding deeper defend defense defenses definitive delivered delivery department designed detect detected detection detection: deviates device devise did difficult distinguish documentation download driven dwell dynamic easy education: your else email emails embedded emerging employ employed employee employees employer enables encoded engineered engines ensure entering entities entry environment especially essential established even ever evilproxy evolving example examples existing explore exploring exposed exposes extract fail fake false falsely farther financial find first focuses following: fool fortify fortunately foster from further gain get get security good greatly growing guide had happen have headers help here hidden history how human identified identify illicit image images important inbox inboxes incident include included including indicators ineffective infer information initial installments instead instructed instructing intelligence intended intensive intent investigated isn its itself just keep keeps kind kinds landscape language later latest layered layers leads learn learned learning legitimate less lessons let level like line linguistic link linking links login logos look loss lure lure: machine mailbox make malicious matter meant measures mechanisms media message message: messages methods metonym mfa minimum minute mobile month monthly more most moves multi multifactor multitude must nature nearly need needs never new note: no silver number ocr often once one only optical organization organizations original other outlets outside page pages part partners passing past patterns patterns payroll people phishing phone phrase pivotal platform play pointing positives post posture potentially pre presence prevent prevented prioritize proactive proactively profile profile: promptly prompts proofpoint proofpoint protect protected protecting protection protection: a protection: defend provide purporting quickly reaching recent recently recipient recognition recommend reconnaissance redacted redirecting reduce reduces regularly relationship remediate remediated remediation remediation: reminder renders replaced represent represents research resource resources rest result results revealed review robust role royalty saas safe safeguard safety scale scan scanned scans scenario scenario screen screenshot secure security security: preventing seen semantic sender senders sender sensitive sent sequence sequence: series services sharepoint should shouldn shows sign signals signature signatures skirt social socially solution solutions something sophisticated spoof stack stay step steps stop strategy such supplier supply sure suspicious systems tactic tactics take takeover target targeting team technology text than that theme themselves these they those threat threat: threats time today tools top topics traditional tries trust trusted try two types typical ultimately unauthorized uncommon understand unfolded: unlike until url urls used user users uses using |
| Tags | Tool Threat Cloud |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.