One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8499611 |
| Date de publication | 2024-05-14 06:00:46 (vue: 2024-05-14 15:07:52) |
| Titre | Arrêt de cybersécurité du mois: les attaques d'identité qui ciblent la chaîne d'approvisionnement Cybersecurity Stop of the Month: Impersonation Attacks that Target the Supply Chain |
| Texte | This blog post is part of a monthly series, Cybersecurity Stop of the Month, which explores the ever-evolving tactics of today\'s cybercriminals. It focuses on the critical first three steps in the attack chain in the context of email threats. The goal of this series is to help you understand how to fortify your defenses to protect people and defend data against emerging threats in today\'s dynamic threat landscape. The critical first three steps of the attack chain-reconnaissance, initial compromise and persistence. So far in this series, we have examined these types of attacks: Supplier compromise EvilProxy SocGholish eSignature phishing QR code phishing Telephone-oriented attack delivery (TOAD) Payroll diversion MFA manipulation Supply chain compromise Multilayered malicious QR code attack In this post, we will look at how adversaries use impersonation via BEC to target the manufacturing supply chain. Background BEC attacks are sophisticated schemes that exploit human vulnerabilities and technological weaknesses. A bad actor will take the time to meticulously craft an email that appears to come from a trusted source, like a supervisor or a supplier. They aim to manipulate the email recipient into doing something that serves the attacker\'s interests. It\'s an effective tactic, too. The latest FBI Internet Crime Report notes that losses from BEC attacks exceeded $2.9 billion in 2023. Manufacturers are prime targets for cybercriminals for these reasons: Valuable intellectual property. The theft of patents, trade secrets and proprietary processes can be lucrative. Complex supply chains. Attackers who impersonate suppliers can easily exploit the interconnected nature of supply chains. Operational disruption. Disruption can cause a lot of damage. Attackers can use it for ransom demands, too. Financial fraud. Threat actors will try to manipulate these transactions so that they can commit financial fraud. They may attempt to alter bank routing information as part of their scheme, for example. The scenario Proofpoint recently caught a threat actor impersonating a legitimate supplier of a leading manufacturer of sustainable fiber-based packaging products. Having compromised the supplier\'s account, the imposter sent an email providing the manufacturer with new banking details, asking that payment for an invoice be sent to a different bank account. If the manufacturer had complied with the request, the funds would have been stolen. The threat: How did the attack happen? Here is a closer look at how the attack unfolded: 1. The initial message. A legitimate supplier sent an initial outreach email from their account to the manufacturing company using an email address from their official account. The message included details about a real invoice that was pending payment. The initial email sent from the supplier. 2. The deceptive message. Unfortunately, subsequent messages were not sent from the supplier, but from a threat actor who was pretending to work there. While this next message also came from the supplier\'s account, the account had been compromised by an attacker. This deceptive email included an attachment that included new bank payment routing information. Proofpoint detected and blocked this impersonation email. In an attempt to get a response, the threat actor sent a follow-up email using a lookalike domain that ended in “.cam” instead of “.com.” Proofpoint also condemned this message. An email the attacker sent to mimic the supplier used a lookalike domain. Detection: How did Proofpoint prevent this attack? Proofpoint has a multilayered detection stack that uses a sophisticated blend of artificial intelligence (AI) and machine learning (ML) detection |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | 2023 about account accounts achieve actor actors add addition address addresses adds advanced adversaries against age aim ai” alert algorithms all allow also alter analysis and proofpoint appear appears approach are artificial asking attachment attachments attack attacker attackers attacks attacks: attempt authentic authentication automated avoid awareness background bad bank banking based bec become been before behavior behavioral being billion blend block blocked blog breach business businesses but came camouflage cam” can carbon carry case caught cause centric certain chain chains change changes characters chatgpt clean click close closer code coffin colleagues com combines come commit company complex complied comprehensive compromise compromise compromised compromise condemned constantly content context contextual continuous contractors control conversation convincing copy craft create crime critical crucial cybercriminals cybersecurity daily damage data deception deceptive defend defenders defends defense defenses delivered delivers delivery demands design destination details detect detected detection detection: did different difficult disruption diversion does doing domain domains dynamic easily effective efficacy element email emails emerging employees empowered enables end ended engine esignature established even ever evilproxy evolve evolving examined example exceeded exploit exploiting explores extra far fbi featuring fiber fidelity financial first flag focuses follow form forrester fortify fragmented fraud fraudulent frequently from funds genai generative get goal greatly had happen has have having help here hidden high highly how human identification identify identifying impact impersonate impersonated impersonating impersonation implemented important imposter include: included includes including incoming indicates indicators information initial instance instead integrates intellectual intelligence intended intent interconnected interests internet investigate invoice ioc keep key landscape language large last latest layer leading learn learned learning legitimate lessons like likely line llm look lookalike looked losses lot lucrative machine major make malicious manipulate manipulation manufacturer manufacturers manufacturing may mechanisms members message messages methods meticulously mfa might mimic mimicked model modern month month: monthly multilayered multiple myriad nail nature need new newly next not notes now official ones ongoing operational organization oriented other outreach over owner packaging part partners patents payment payroll pending people persistence phishing phishing pinpoint place play post potentially pre predelivery pretending prevent prime prioritize processes products program proofpoint properties property proprietary protect protection protection proverbial provide provides providing pulsar puts ransom ransomware reaching real reasons: recently recipient recipients recognize reconnaissance red reduce reference referenced references register registered registration remediation: replaced reply report request requests research response risk routing safe scenario scenario scenario: scheme schemes second secrets security semantic sent series serves simply socgholish solution something sophisticated source stack stay steps stolen stop strategy styles subsequent subtle suggests supervisor supplier suppliers supply suspicion suspicious sustainable tactic tactics take target targeted targets tasks teach team technique technological telephone tell tells text theft them them about these threat threat: threats three throughout time toad today tone too tools trade transactions trusted try two type types understand understands unfolded: unfortunately unusual upcoming use used users uses using valuable vendor vendors vulnerabilities way weaknesses webinar what where which who whose why will within work world wou |
| Tags | Ransomware Data Breach Tool Vulnerability Threat |
| Stories | ChatGPT |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.