One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8557648 |
| Date de publication | 2024-08-14 07:19:53 (vue: 2024-08-14 15:17:18) |
| Titre | Arrêt de cybersécurité du mois: attaque de phishing d'identification ciblant les données de localisation des utilisateurs Cybersecurity Stop of the Month: Credential Phishing Attack Targeting User Location Data |
| Texte | The Cybersecurity Stop of the Month blog series explores the ever-evolving tactics of today\'s cybercriminals. It also examines how Proofpoint helps businesses to fortify their email defenses to protect people against today\'s emerging threats. Proofpoint people protection: end-to-end, complete and continuous So far in this series, we have examined these types of attacks: Uncovering BEC and supply chain attacks (June 2023) Defending against EvilProxy phishing and cloud account takeover (July 2023) Detecting and analyzing a SocGholish Attack (August 2023) Preventing eSignature phishing (September 2023) QR code scams and phishing (October 2023) Telephone-oriented attack delivery sequence (November 2023) Using behavioral AI to squash payroll diversion (December 2023) Multifactor authentication manipulation (January 2024) Preventing supply chain compromise (February 2024) Detecting multilayered malicious QR code attacks (March 2024) Defeating malicious application creation attacks (April 2024) Stopping supply chain impersonation attacks (May 2024) CEO impersonation attacks (June 2024) DarkGate malware (July 2024) In this blog post, we look at how threat actors use QR codes in phishing emails to gain access to employee credentials. Background Many threat actors have adopted advanced credential phishing techniques to compromise employee credentials. One tactic on the rise involves is the use of QR codes. Recorded Future\'s Cyber Threat Analysis Report notes that there has been a 433% increase in references to QR code phishing and a 1,265% rise in phishing attacks potentially linked to AI tools like ChatGPT. Malicious QR codes embedded in phishing emails are designed to lead recipients to fake websites that mimic trusted services. There, users are prompted to enter their login credentials, financial information or other sensitive data. Threat actors will often try to create a sense of urgency in a phishing attack-for example, claiming account issues or security concerns. The use of QR codes in a phishing attack helps to provide a sense of familiarity for the recipient, as their email address is prefilled as a URL parameter. When they scan the malicious QR codes, it can open the door to credential theft and data breaches. The scenario Employees of a global developer of a well-known software application were sent a phishing email, which appeared to be sent from the company\'s human resources team. The email included an attachment and a call to action to scan a QR code, which led to a malicious site. A key target of the attack was the vice president of finance. Had the attack been successful, threat actors could have accessed the company\'s finances as well as the login credentials, credit card information and location data for the apps\' millions of monthly active users. The threat: How did the attack happen? The phishing email sent by the attacker asked employees to review a document in an email attachment that was advertised as “a new company policy added to our Employee Handbook.” Email sent from an uncommon sender to a division of the location sharing app\'s company. The attachment contained a call to action: “Scan barcode to review document.” The file type labeled “Barcode” resembling a QR code. The “barcode” was a QR code that led to a phishing site. The site was made to look like the company\'s corporate website. It also appeared to be a legitimate site because it was protected by human verification technology, which can make it nearly impossible for other email security solutions to detect. The technology uses challenges (like CAPTCHAs) to prove that a clicker is a human and not a programmatic sandboxing solution. Human verification request. After the thr |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 2023 2024 265 365 433 about above access accessed account across action action: actions active actor actors actual added address adopted advanced advantage advertised after against ahead allows also analysis analyzing anomalies anti app appeared application approach apps april are asked assessment attachment attack attacker attackers attacks attacks attacks: attempted attempts attributes august austin authentication awareness background bad barcode bec because been before behavior behavioral being better beware blog boasts breaches business businesses call can captchas card case centric ceo chain chains challenges chances chatgpt chicago claiming claims click clicker cloud code codes communication company complete complex compromise compromise compromising concerns contain contained content continuous continuous corporate could covers create creation credential credentials credit critical cyber cybercriminals cybersecurity darkgate dashboard data december decode decodes decoding defeating defend defending defenses delivered delivers delivery department described designed destination detect detecting detection detection: determine developer deviations did diversion division document domain domains door educate efficacy email emails embedded emerging employ employee employees end engineered ensure ensures ensuring enter entire esignature especially evasion even events ever evilproxy evolving examined examines example explores face fake familiarity far featured february file files finance finances financial flags following forensics fortify fraudulent from future gain generative global growing had handbook happen has have help helps hidden how human identified identifies identify image images impersonated impersonation implement impossible impostor improve inbox included including increase indicate indicators information intelligence involves issues its january july june key kit kits known labeled landscape lead leading learn learned led legitimacy legitimate lessons lifecycle like like: linked links location log login logo london look looked lookout looks made make malicious malware malware manipulation many march may measures messages mfa microsoft millions mimic modern month month: monthly more multifactor multilayered nearly new not notes noting november obscure october offers office often one open oriented original other pages parameter patterns payloads payroll people perks phish phishing phishing point policy post potential potentially powered predelivery prefilled president prevent preventing programmatic prompt prompted proofpoint protect protected protection protection protection: prove provide rate recipient recipients recognize recommend recorded red redirections references register regular remediation: report reputation request resemble resembling resources reveals review rise risks safeguard sandboxing scams scan scanned scanning scenario scenario screen scrutinize security seem sender senders sense sensitive sent september sequence series services several sharing shown site sites socgholish socially software solution solutions sometimes spoofing squash stay steal steps steps: stop stopping successful supply suspicious tactic tactics take takeover tap target targeting targets team techniques technology technology telephone theft them them these those though threat threat: threats time today too tools traced tracking training treat trusted try type types typical uncommon uncovering undetected unusual urgency url urls use used user users uses using verification verify vice vigilant website websites well what when where which will york your “barcode” “scan ” |
| Tags | Malware Tool Threat Cloud |
| Stories | ChatGPT |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.