One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8607558 |
| Date de publication | 2024-11-07 07:18:44 (vue: 2024-11-07 14:06:47) |
| Titre | Arrêt de cybersécurité du mois: prévenir le compromis des e-mails du fournisseur dans le secteur public Cybersecurity Stop of the Month: Preventing Vendor Email Compromise in the Public Sector |
| Texte | The Cybersecurity Stop of the Month blog series explores the ever-evolving tactics of today\'s cybercriminals. It also examines how Proofpoint helps businesses to fortify their email defenses to protect people against today\'s emerging threats. The interconnectedness of today\'s business ecosystems has created a prime target for attacks on digital supply chains. Within those supply chains, email remains the No.1 vector to access people and poses a major risk. According to our research, more than 80% of Proofpoint customers receive an email attack each month from a trusted vendor or supplier. And these attacks can be quite costly. Based on IBM\'s Cost of a Data Breach report, the average financial loss from a data breach that involves the supply chain tops $4.8 million. Unlike native and API-based email security tools, Proofpoint regularly stops these highly targeted attacks before they reach employee inboxes. If you\'ve been following this series, you will have seen in earlier blog posts that we\'ve covered many different types of supply chain attacks. We\'ve seen attackers targeting the legal, manufacturing, aviation industries and more with complex impersonation and vendor email compromise techniques. Today, we\'ll explore a phishing attack on a public sector agency, which was disguised as an electronic fax (eFax). Background In this example, bad actors exploited a supplier\'s email through vendor email compromise. This occurs when an attacker gains access to and weaponizes an email account of a smaller business partner instead of going directly after a bigger, more secure organization. This can be a very effective tactic. Attackers know that larger organizations typically have better resources, bigger budgets and more mature cybersecurity defenses to keep them out. When this tactic is combined with credential phishing, attackers are able to trick even the savviest recipients. In fact, Proofpoint research shows that employees are 3X more likely to click on a phishing link when it comes from a trusted partner. That\'s not only because there\'s an inherent trust between senders. It\'s also due to the fact that threat actors may use legitimate file hosting services and extremely convincing fake login sites to spoof well-known brands. The scenario Proofpoint recently detected this potent combination of threats during a customer\'s initial evaluation process. This threat was started by a cybercriminal who gained access to the email account of a marketing professor at a public university. With this access, the attacker sent a phishing link-which appeared to be an eFax-to the email address of a government agency\'s employee whom the university professor had previously communicated with. Because the employee was a known contact in the professor\'s inbox, the attacker was able to bypass many layers of security intended to catch such threats. As with many vendor email compromise attacks, this threat was specific, highly targeted and unique to the sender. Because Proofpoint has extensive global email visibility and insights, we were able to see that the same phishing link was delivered to less than 40 other accounts worldwide. Notably, the phishing link was hosted by a legitimate, well-known file sharing website. As a result, it was missed by this agency\'s Microsoft 365 native email security tool, which lacks comprehensive URL sandboxing capabilities. And because of the extended nature of this attack chain, it was further missed by an API-based security tool after it was delivered. Fortunately, Proofpoint detects and blocks phishing messages before they ever reach a user\'s inbox. If this customer had been using Proofpoint, its employees would never have been exposed to the account takeover risk. The threat: How did the attack happen? Here\'s a breakdown of the attack. 1. Setting a lure. To set the trap, the attacker created a highly stylized message that looked like an |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | 2023 2024 365 able about access according account accounts accuracy actor actors actual additional address advanced after against agency algorithms all also although analysis analyze analyzing another any api appeared application april are asked assigned ato attack attacker attackers attacks attempts attributions august authentication average aviation background bad bait based bcc bec because becoming been before behalf behavior behavioral being believability below best better between beyond bigger blink blocks blog blogs body both brands breach breaches breakdown brief budgets business businesses but bypass bypassed can capabilities capabilities: capability case catch caught centric ceo chain chains check click clicked clicks cloud code combination combine combined comes communicated complete complex comprehensive compromise compromised condemnation condemned confidential contact contained context contextual continues continuous control controls conversations convince convincing cost costly could covered created creation credential credentials critical crucial customer customers cybercriminal cybercriminals cybersecurity danger darkgate data december defeating defending defense defenses delivered delivered delivers delivery described details detect detected detecting detection detection: detects did different digital directly disguised diversion document documentation domain download driven due during each earlier early ecosystems efax effective efforts electronic email emerging employee employees enabled end enhanced environment esignature evaluation even ever every evilproxy evolve evolving examines example exclusive exploited explore explores exposed extended extensive extremely eye fact factor fake false fax february file financial first follow following fool fortify fortunately from full further furthermore gain gained gains global goal going good government had happen happens harm has haunts have having healthcare helped helps here high highlighted highly hosted hosting how however human ibm identified identify identifying images impersonated impersonation implement important inbox inboxes included includes including increase industries industry infiltrate informed inherent initial insights instead intended intent interconnectedness invest involves isn its january july june keep kept know known lacks large larger layers learn learned legal legitimacy legitimate less lessons like likely link links location login look looked loss losses low lure major make malicious malware manipulation manufacturing many march marketing mature may message messages methods mfa microsoft million missed month month: more multi multifactor multilayered must native nature needed never nexus not notably note notification notify notifying november occurs october offers often once one only open organization organizations oriented other out own page partner partners party past patterns payroll pdf people phish phishing place platform point points pose poses positive possible post posts potent potential practice pre prevent prevented preventing previous previously prime proactively process processing professor proof proofpoint protect protected protection protection protections public purportedly quite rate reach reached read receive received recently recipients recognize recommend: regularly relationships rely remains remediate remediation: remove report reported reputation request research resources response result resulted resulting risk safe safeguard same sandbox sandboxing savviest scams scenario secondary seconds sector secure security see seen semantic sender senders sending sensitive sent september sequence series series series: services set setting shared sharing shows sign signals significant sites slipped smaller socgholish solution sooner sources specific spoof squash stack standard started steal stop stopping stops stylized successful such summary supplier supply suspicious tactic tactics tags taken takeover taking target targeted targeting team techniqu |
| Tags | Data Breach Malware Tool Threat Medical Cloud |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.