One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8577708 |
| Date de publication | 2024-09-16 11:42:16 (vue: 2024-09-16 13:17:27) |
| Titre | Arrêt de cybersécurité du mois: prévenir les escroqueries d'identité du fournisseur Cybersecurity Stop of the Month: Preventing Vendor Impersonation Scams |
| Texte | The Cybersecurity Stop of the Month blog series explores the ever-evolving tactics of today\'s cybercriminals. It also examines how Proofpoint helps businesses to fortify their email defenses to protect people against today\'s emerging threats. Proofpoint people protection: end-to-end, complete and continuous So far in this series, we have examined these types of attacks: Uncovering BEC and supply chain attacks (June 2023) Defending against EvilProxy phishing and cloud account takeover (July 2023) Detecting and analyzing a SocGholish Attack (August 2023) Preventing eSignature phishing (September 2023) QR code scams and phishing (October 2023) Telephone-oriented attack delivery sequence (November 2023) Using behavioral AI to squash payroll diversion (December 2023) Multifactor authentication manipulation (January 2024) Preventing supply chain compromise (February 2024) Detecting multilayered malicious QR code attacks (March 2024) Defeating malicious application creation attacks (April 2024) Stopping supply chain impersonation attacks (May 2024) CEO impersonation attacks (June 2024) DarkGate malware (July 2024) Credential Phishing Attack (August 2024) In this blog post, we will look at how threat actors used a business email compromise (BEC) attack to target one of the world\'s largest aviation companies and their global network. Background Threat actors are increasingly using sophisticated BEC attacks for financial fraud. In these attacks, legitimate business email accounts are compromised so that threat actors can steal funds through unauthorized transfers. The impact of these attacks is staggering. Organizations report losing more than $50 billion between October 2013 and December 2022. These scams have been reported in all 50 U.S. states and 177 countries, with banks in Hong Kong and China being the primary international destinations for fraudulent funds. The scenario A threat actor spoofed an EMEA-based aviation company to target its customers, which included global and U.S.-based aviation companies. During the attack, they sent emails to the customers\' accounting departments, requesting payment for missed invoices. While Proofpoint detected the attack, another well-known secure email gateway provider failed to catch it. This is because Proofpoint goes beyond the basic requirements for setting custom impersonation policies, which some customers use to address certain BEC threats. These policies may be effective for some BEC threats, but not for others. The threat: How did the attack happen? Throughout July, threat actors repeatedly sent emails to aviation companies, requesting payment for overdue invoices. By mid-August, new intelligence and detections from Proofpoint revealed that the domains used in the attack had changed yet again-attackers altered typo-squatted domains at least five times during the extended campaign. To lend credibility to their emails and stories, attackers also created a fake LinkedIn profile. Over several months, they repeatedly targeted personnel in the accounts payable and finance departments as well as distribution lists tied to finance and accounting. The fake LinkedIn account created by attackers to add legitimacy to their emails. An email spoofing the EMEA-based aviation company. Detection: How did Proofpoint prevent this attack? Proofpoint detects many types of malicious email messages. This includes messages used by threat actors that are trying to defraud businesses. Proofpoint uses stateless and stateful AI to analyze the content, including the message body, headers, URLs and payloads. Proofpoint Targeted Attack Protection (TAP) dashboard flagging BEC and social engineering. The P |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | $50 177 2013 2022 2023 2024 about account accounting accounts across actor actors add added address advanced after again against algorithms all already also altered always analyze analyzes analyzing another application april are artificial ask asked assesses attack attackers attacks attacks: attributes august austin authentication automating aviation awareness background bad banking banks base based basic bec because been behavioral being between beyond billion block blog body business businesses but campaign can catch centric ceo certain chain chances change changed chicago china claim cloud code combined combines companies company complete complex comprehensive compromise compromised condemning content continuous corresponded countries created creation credential credibility crucial custom customer customers cybercriminals cybersecurity darkgate dashboard data december deceptive defeating defend defending defense defenses defraud delivers delivery departments destinations details detect detected detecting detection detection: detections detects determine did display distribution diversion domain domains during educate effective email emails emea emerging employees end engineering engines ensures entire esignature established even events ever evilproxy evolving examined examines example existing explores extended extra failed fake falling far february file finance financial financially five flagging focused fortify fraud fraudulent from funds gateway get global goes had happen has have headers help helps highlighting hong hoped how however human identify identity impact impersonation implement inboxes included includes including increasingly indicator indicators inferred instance integrated intelligence intent international investigate invoice invoices its january july june keep known kong landscape language large largest last late latest learn learned learning least leaves legitimacy legitimate lend lessons letter like line linkedin lists llm london look lookalike looked losing low machine make malicious malware manipulation many march mask may mean measures: message messages mid might missed model month month: months more most multifactor multilayered multiple name need network never new newly nexus not november numerous october often one only organization organizations oriented other others over overdue paid patterns pay payable payload payloads payment payroll people personnel phishing platform plus policies post preemptive prevent preventing primary prioritize proactive profile proof proofpoint proofpoint: protect protection protection protection: provider providing raises reached receive recently recipient reduce register registered relationship remediated remediation: repeatedly report reported request requesting requests requirements response rest resulted revealed safe scams scenario secure security send sender senders sending sent september sequence series server setting several should small socgholish social some sophisticated spoofed spoofing squash squatted staggering stateful stateless states steal stop stopping stories such supplier supply sure suspicion suspicious tactic tactics takeover tap target targeted teaches teams telephone than them theme themes there these threat threat: threats through throughout tied times today too tool tools training transfers trying types typo unauthorized uncommon uncovering unexpected unnoticed until urgency url urls use used users uses using various vendor very victim view visibility volume volumes vulnerable way well what when which who will world would wouldn yet your “i” |
| Tags | Malware Tool Threat Cloud |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.