One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8514729 |
| Date de publication | 2024-06-07 06:47:56 (vue: 2024-06-07 15:07:30) |
| Titre | Arrêt de cybersécurité du mois: les attaques d'identité du PDG Cybersecurity Stop of the Month: CEO Impersonation Attacks |
| Texte | This blog post is part of a monthly series, Cybersecurity Stop of the Month, which explores the ever-evolving tactics of today\'s cybercriminals. It focuses on the critical first three steps in the attack chain in the context of email threats. The goal of this series is to help you understand how to fortify your defenses to protect people and defend data against emerging threats in today\'s dynamic threat landscape. The critical first three steps of the attack chain: reconnaissance, initial compromise and persistence. So far in this series, we have examined these types of attacks: Uncovering BEC and supply chain attacks (June 2023) Defending against EvilProxy phishing and cloud account takeover (July 2023) Detecting and analyzing a SocGholish Attack (August 2023) Preventing eSignature phishing (September 2023) QR code scams and phishing (October 2023) Telephone-oriented attack delivery sequence (November 2023) Using behavioral AI to squash payroll diversion (December 2023) Multifactor authentication manipulation (January 2024) Preventing supply chain compromise (February 2024) Detecting multilayered malicious QR code attacks (March 2024) Defeating malicious application creation attacks (April 2024) Stopping supply chain impersonation attacks (May 2024) In this post, we continue to explore the topic of impersonation tactics, examining how threat actors use them to get information for financial gain. Background Last year, the Federal Trade Commission (FTC) received more than 330,000 reports of business impersonation scams and nearly 160,000 reports of government impersonation scams. This represents about half of all the fraud reported directly to the FTC. The financial losses due to email impersonation scams are staggering. They topped $1.1 billion in 2023, which was more than three times the amount reported in 2020. Financial fraud is a serious issue-and it\'s on the rise. In 2023, consumers reported losing more than $10 billion to fraud. This is the first time that losses reached that benchmark, and it\'s a 14% increase from 2022. The most common reports were imposter scams. This category saw significant increases in reports from the business and government sectors. The scenario Proofpoint recently detected a threat actor\'s message to the financial controller of a Dutch financial institution, which is known for its expertise in commercial risk. In this attack, the threat actor pretended to be the company\'s CEO-a tactic that\'s known as CEO fraud. In these attacks, the goal is to exploit the recipient\'s trust to get them to perform a specific action. The threat: How did the attack happen? The attacker emailed the Dutch financial company\'s controller, asking that two payments be sent to London. The email demanded that payments be made “today” to create a sense of urgency. To help make the message seem credible, the attacker claimed to have access to the IBAN and SWIFT codes. Original email from the threat actor. The same email translated into English. Detection: How did Proofpoint prevent this attack? Proofpoint has the industry\'s first predelivery threat detection engine that uses semantic analysis to understand message intent. Powered by a large language (LLM) model engine, it stops advanced email threats before they\'re delivered to users\' inboxes. That\'s what stopped this malicious message from reaching the financial controller\'s inbox. Pre-delivery protection is so critical because, based on Proofpoint\'s telemetry across more than 230,000 organizations around the world, post-delivery detections are frequently too late. Nearly one in seven malicious URL clicks occur within one minute of the email\'s arrival, and more than one-third of BEC replies happen in less than five minutes. These narrow timeframes, du |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | $10 000 100 160 2020 2022 2023 2024 230 330 about access account across action actions actor actors advanced against agnostic all allows also amount analysis analyzing application approach april are around arrival asking attack attacker attacks attacks: august authentication authority awareness background based bec because before behavior behavioral benchmark billion blocking blog business can case category centric ceo chain chain: change claimed click clicks cloud code codes combinations commercial commission common company complete comprehension compromise consumers context contextual continue continuous controller cracks create creation credible critical cybercriminals cybersecurity dashboard data december defeating defend defending defenses delivered delivers delivery demanded detect detected detecting detection detection: detections did directly diversion doesn due during dutch dynamic educate efficacy email emailed emails emerging employ empower end engine engine: english enhances ensure ensures esignature ever evilproxy evolving examined examining expertise exploit explore explores fall false far february federal fewer fidelity figures financial first five flow focus focuses fortify fraud frequently from ftc gain generative get give given goal government grasp guard half happen has have help here high how human iban identified impersonating impersonation importance imposter inbox inboxes including incoming increase increases industry inferred information initial innovations insights institution intent interpret issue its january july june key known landscape language languages large last late layer learn learned less lessons level like link llm london losing losses made make malicious manipulate manipulation march matter may meaning message messages methods minute minutes model modern month month: monthly more most multifactor multilayered narrow nearly new next november observations occur october offers one organizations oriented original other over part payments payroll people perform performing persistence phishing phrases positives post powered pre predelivery pretended prevent preventing prey proactively proofpoint protect protecting protection protection provide provides quickly reach reached reaching received recently recipient reconnaissance reduces register remediation: replies report reported reporting reports represents research: result rise risk robust same saw scams scenario scenario: sectors security see seem semantic sense sent september sequence series serious seven shows significant slip socgholish sophisticated specific squash staggering started steps stop stopped stopping stops summarizes supply supports suspicious swift tactic tactics takeover tap targeted technologies telemetry telephone text than that them theme these they third threat threat: threats three through throughout time timeframes times today too tools topic topped trade training translated trenches trust two types uncovering underscore understand understanding urgency url usage use used user users uses using webinar what which why will within words world written year your “in “today” |
| Tags | Tool Threat Cloud Commercial |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.