One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8447654 |
| Date de publication | 2024-02-07 05:00:39 (vue: 2024-02-07 14:07:35) |
| Titre | Arrêt de cybersécurité du mois: prévenir le compromis de la chaîne d'approvisionnement Cybersecurity Stop of the Month: Preventing Supply Chain Compromise |
| Texte | This blog post is part of a monthly series, Cybersecurity Stop of the Month, which explores the ever-evolving tactics of today\'s cybercriminals. It focuses on the critical first three steps in the attack chain in the context of email threats. Its goal is to help you understand how to fortify your defenses to protect people and defend data against emerging threats in today\'s dynamic threat landscape. The critical first three steps of the attack chain: reconnaissance, initial compromise and persistence. So far in this series, we have examined these types of attacks: Business email compromise (BEC) and supply chain attacks EvilProxy SocGholish eSignature phishing QR code phishing Telephone-oriented attack delivery (TOAD) Payroll diversion MFA manipulation In this post, we look at supply chain compromise, which is a form of BEC. Supply chain compromise is not a new form of BEC, but we are seeing a rise in these attacks. The example in this blog post is one that Proofpoint recently detected. A law firm with 2,000 users was the intended target. In our discussion, we cover the typical attack sequence of a supply chain compromise to help you understand how it unfolds. And we explain how Proofpoint uses multiple signals to detect and prevent these threats for our customers. Background Supply chain attacks are growing in popularity and sophistication at a rapid pace. TechCrunch reports that the largest supply chain compromise in 2023 cost the impacted businesses more than $9.9 billion. That incident had a direct impact on more than 1,000 businesses and over 60 million people. In these attacks, a bad actor targets a company by compromising the security of its suppliers, vendors and other third parties within its supply chain. Instead of launching a direct attack on the target company\'s systems, networks or employees, an attacker infiltrates a trusted entity within the supply chain, thereby exploiting the entity\'s trust and access vis-a-vis the target. Attackers know that enterprises with mature supply chains tend to have stronger cybersecurity defenses, which makes them challenging targets. So, rather than trying to break into “Fort Knox” through the front door, they will target the ventilation system. Bad actors often use thread hijacking, also known as conversation hijacking, in these attacks. They target specific email accounts and compromise them so that they can spy on users\' conversations. When the time is right, they will insert themselves into a business email conversation based on the information they have gathered from the compromised email accounts or other sources. Sometimes, the attack will be bold enough to initiate new conversations. Thread hijacking attacks, like other BEC campaigns, don\'t often carry malicious payloads like attachments or URLs. Thread hijacking is also a targeted attack, so bad actors will often use a lookalike domain. (A lookalike domain is a website URL that closely resembles the address of a legitimate and well-known domain, often with slight variations in spelling, characters or domain extensions.) This potent combination-the lack of an active payload and the use of a lookalike domain-makes it difficult for simple, API-based email security solutions to detect and remediate these types of attacks. The scenario Proofpoint recently detected a threat actor account that was impersonating an accounts receivable employee at a small financial services company in Florida. Through this impersonation, the adversary launched a supply chain attack on their intended target-a large law firm in Boston. They sent an impersonating message to the law firm\'s controller asking them to halt a requested payment and change the payment information to another account. Unlike API-based email security solutions that only support post-delivery remediation, Proofpoint detected and blocked the impersonating messages before they reached the controller\'s inbox. As a result, the law fir |
| Envoyé | Oui |
| Condensat | 000 2023 ability about access according account accounts ach active actor actors additional address advanced advantage adversary after against alerts algorithms all allow allowed allows also among analysis analytic another api appears approach are artificial asked asking attachments attack attacker attackers attacks attacks: attacks attention automated awareness background bad based bec because been before behavioral being billion block blocked blog body bold book boston break business businesses but campaign campaigns can cannot carry centric chain chain: chains challenging change characters claim clean clearing click closely closer code combination combine combined combines commonality communication company complain compromise compromised compromising condemnation confidence confirm confirming constantly content context contextual continue continuing continuously contractors controller conversation conversations convince copies correct cost cover create critical customer customers cybercriminals cybersecurity daily data deceptive decipher deciphered defend defense defenses definitive delivered delivers delivery dependent detect detected detection detection: determine did different difficult direct discussion diversion diversity domain domains don door download driven due dwell dynamic earlier ecosystem ecosystems educate effective email emails email emerging employee employees engineering engines enough ensure enterprises enters entire entity esignature event ever evilproxy evolving examined example example: excessive explain exploiting explored explores exposed extensions extract false far featured financial firm first flag florida focuses form fortify fraud fraudulent frequency from front gaps gathered get security goal growing guide had halt happen hard has have help helps here high higher highly hijacking house how human identified identify identifying impact impacted impersonated impersonating impersonation inbox inboxes incident including increased infiltrates information initial initiate insert instead intelligence intended intent interpret its keep know known knox” lack landscape language large largest latest launched launching law leads learn learned learning leaves legitimate lessons letter level like like: limited line longer look lookalike lot machine make makes making malicious manipulation many mature may measures message messages message mfa million millions mind minute mix month month: monthly more multilayered multiple multitude must nature networks never new noise not noted objective offer often one only open opportunity organizations oriented original other outlining over overly overview owner pace part parties partners party patterns pay payload payloads payment payroll people persistence phishing play popularity positives post potent pre prevent preventing prime proactive proactively proofpoint protect protection protection provide provides rapid rarely rather reached receivable recently recipient reconnaissance reduce rely remediate remediating remediation remediation: reply reports request requested requests research resembles resilient result right rise risk role safe scenario scenario security seeing seem seen sender senders sending sends sent sequence sequence series services seven should signal signals similar simple slight small socgholish social solutions some sometimes sophistication sources specific spelling spy stack steps stop strategy stronger struggle such summary supplier suppliers supply support sure suspicious system systems tactics take target targeted targets tasks techcrunch techniques telephone tend than that them themselves then thereby these third thread threat threat: threats three through time toad today tone tool tools topics train training about true trust trusted trying two types typical typically uncommon understand unfolded unfolds unlike unusual urgency url urls use user users uses variation variations variety various vendor vendors ventilation verify verifying very vis visibility vital want way websit |
| Tags | Tool Threat |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.