One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8418369 |
| Date de publication | 2023-12-01 09:48:42 (vue: 2023-12-01 18:07:29) |
| Titre | Cas d'utilisation du PSAT: comment un utilisateur formé a aidé à arrêter une campagne de BEC massive ciblant les agences gouvernementales américaines PSAT Use Case: How One Trained User Helped Stop a Massive BEC Campaign Targeting U.S. Government Agencies |
| Texte | In late September 2023, an unattributed business email compromise (BEC) actor sent thousands of highly targeted messages to at least 100 customers across Proofpoint. The attacker targeted individuals who had connections to the U.S. Department of Defense.
The intended victims of the BEC campaign worked in functions such as business development, sales and procurement. The attacker likely wanted to take advantage of increased procurement activity at the end of the fiscal year.
Fortunately, a trained and security-aware employee caught the threat and reported it. That helped to protect hundreds of federal customers across the landscape.
In this blog, we\'ll examine what exactly happened so that you can see how consistent training and awareness about threats likely to target your users can protect your business-and hundreds of others like it.
The timeline-before, during and after the attack
Here\'s a closer look at the details surrounding this BEC incident:
Pre-attack:
Before the attack, end users underwent consistent security awareness and training. The training was designed to educate employees on BEC and other government themed lures, which were most likely to be seen by employees who were at risk. One of the key components of the training had been the sharing of Threat Intelligence to all employees via weekly newsletters and bi-weekly webinars.
During the attack:
In mid-September, a U.S. government-affiliated employee was the first to receive the BEC threat.
This user recognized the threat-even though the attacker had not targeted them before-because it looked like one they\'d seen in past that had focused on government bids and proposals.
The user then alerted security to the threat using the Report Phish button in their email client.
Post-attack:
Detection systems were updated in response to this employee\'s quick action.
Proofpoint blocked, alerted and pulled messages from hundreds of Proofpoint customers.
Proofpoint account and threat intelligence teams also notified dozens of other government entities that were not our customers to help protect the larger federal sector.
Follow-on attacks
After the first attack, the threat actor continued with the same tactics using a different email address.
Meanwhile, Proofpoint continued to send out alerts about this BEC threat to our customers and government partners. As a result, the threat was blocked across hundreds of Proofpoint customers and thousands of malicious messages were stopped from reaching users\' inboxes.
What we know about this threat
BEC attackers are often very strategic in their efforts to trick their intended targets. In this case, we know that the user was never targeted by this bad actor before. Additionally, we learned that:
The attacker spoofed a legitimate government user and proposal process. (The attacker spoofed the email address of a Federal Emergency Management Agency employee.)
The email was sent two weeks before the end of the U.S. government fiscal year; this is a time of high stress and high tempo throughout all government organizations and contractors.
The message contained no misspellings or other red flags signaling it might be a BEC attempt.
This incident underscores the value of consistent threat intelligence and user training and awareness. The swift action of one informed user helped Proofpoint to protect our customers from this BEC attack, as well as many other businesses and users.
Learn more
To learn about Proofpoint Security Awareness, see these resources.
Download this data sheet to find out more about Proofpoint Threat Intelligence Services.
And visit this page on the Proofpoint website to get details about our federal solutions.
In late September 2023, an unattributed business email compromise (BEC) actor sent thousands of highly targeted messages to at least 100 customers across Proofpoint. The attacker targeted individuals who had connections to the U.S. Department of Defense. The intended victims of th |
| Envoyé | Oui |
| Condensat | 100 2023 about account across action activity actor additionally address advantage affiliated after agencies agency alerted alerts all also are attack attack: attacker attackers attacks attack attempt aware awareness bad bec because been before bids blocked blog business businesses button campaign can case case: caught client closer components compromise connections consistent contained continued contractors customers data defense department designed details detection development different download dozens during educate efforts email emergency employee employees end entities even exactly examine federal find first fiscal flags focused follow fortunately from functions get government had happened help helped here high highly how hundreds inboxes incident incident: increased individuals informed intelligence intended key know landscape larger late learn learned least legitimate like likely look looked lures malicious management many massive meanwhile message messages mid might misspellings more more most never newsletters not notified often one organizations other others out page partners past phish post pre process procurement proofpoint proposal proposals protect psat pulled quick reaching receive recognized red report reported resources response result risk sales same sector security see seen send sent september services sharing sheet signaling solutions spoofed stop stopped strategic stress such surrounding swift systems tactics take target targeted targeting targets teams tempo that: them themed then these they though thousands threat threats threat throughout time timeline trained training trick two unattributed underscores underwent updated use user users using value very victims visit wanted webinars website weekly weeks well what which who worked year year; your |
| Tags | Threat |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.