One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8620125 |
| Date de publication | 2024-12-05 12:49:54 (vue: 2024-12-05 16:07:45) |
| Titre | Cybersecurity Stop of the Month: \\'Tis the Season To Click Carefully-How Proofpoint Stopped a Dropbox Phishing Scam |
| Texte | The Cybersecurity Stop of the Month blog series explores the ever-evolving tactics of today\'s cybercriminals and how Proofpoint helps organizations better fortify their email defenses to protect people against today\'s emerging threats. Phishing attacks surged significantly in 2024, increasing nearly 60% year-over-year. Experts have noted that not only are these attacks growing in volume but they\'re also becoming more sophisticated. Shifts in the threat landscape-driven by advances in generative AI and evolving social engineering tactics-are enabling cybercriminals to conduct more personalized, sophisticated attacks that are increasingly difficult to detect. Globally, an average of 4 billion phishing emails are sent per day. The increased success of these attacks has contributed to a high financial toll. By the end of the year, projected global costs could potentially reach $250 billion. Sectors like finance and insurance have been hit the hardest-experiencing over 27% of all phishing attacks-while technology, healthcare and education are also major targets. Today, we\'ll explore one type of phishing attack that is particularly hard to identify, which is called Dropbox phishing. Background During the past few years, Dropbox phishing scams have grown more sophisticated. Here here\'s how they typically work: Steps in a Dropbox phishing scam. Phishing attacks that use legitimate Dropbox infrastructure are hard to identify for several reasons, including: Abuse of a legitimate service. A bad actor uploads a compromised document-like a PDF with an embedded malicious URL-and sends it directly through Dropbox. Because the threat is sent through a legitimate service, it can effectively bypass an organization\'s email security defenses. Email pretexting. A malicious phishing email that initiates the attack can be very convincing. Bad actors often include realistic pretexts, such as “You\'ve been invited to view a file” or “A file was shared with you,” which closely mirror legitimate Dropbox notifications. Trust in the brand. Dropbox is widely trusted and frequently used for file sharing. If users regularly log into Dropbox to access shared files, they are less likely to scrutinize the login prompt, especially if they\'re accustomed to receiving Dropbox file-sharing invitations. This type of attack is very stealthy and highly undetectable. Bad actors can launch and share any type of attack via Dropbox, including ransomware and malware. The scenario In this recent attack, a bad actor used legitimate Dropbox infrastructure to send a recipient a link to a malicious document that only they could access. The target organization was a New England-based non-profit, which owns and operates upwards of 12,000 homes and 102 properties across 11 states. The organization\'s incumbent email security was Microsoft 365 E3 plus an add-on API-based tool. Unfortunately, neither tool detected, blocked or remediated this advanced phishing attack, which left the organization vulnerable to a potential cyberattack or data breach. The threat: How did the attack happen? Here is a closer look at how the attack unfolded: 1. Legitimate Dropbox message. A bad actor targeted employees with a shared PDF file , which could only be accessed by the recipients. The login message was genuine and was sent by the real Dropbox service. Legitimate Dropbox message received by the user. 2. Legitimate Dropbox login. To view the shared PDF file, employees needed to click on the “View in Dropbox” button. If they would have clicked on the link, they would have been prompted to login and authenticate into the Dropbox service. Both the login screen and authentication messages were valid as they sent from the real Dropbox service. Legitimate Dropbox login page for accessing the shared file. 3. Dropbox phishing page. Once authenticated, users would open |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | $250 000 102 2023 2024 365 about abuse abused access accessed accessing according account account accounts accustomed achieve across actor actors add address advanced advances again against algorithms all almost also analysis analyze analyzed analyzes analyzing anomalies another any api application apps april are assessment attack attack: attacks attacks: attempts august authenticate authenticated authentication automatically average awareness background bad based bec because becoming been before behavior behavioral behind benign better beyond billion blocked blocking blog blogs in both brand breach brief business but button bypass called can capabilities carefully centric ceo chain characteristics check classify click clicked clicking clicks closely closer cloud code collect combination combines come comprehensive compromise compromised condemnation conduct conducted confidence consider content continuously contributed controlled convincing costs could creation credential credentials customer cyberattack cybercriminals cybersecurity darkgate data day december deeper defeating defend defending defenses delivered delivers delivery deployed detect detected detecting detection detection: detects determine did different difficult directly diversion document doing driven dropbox dropbox” during dynamic educated education effectively email emails embedded emerging employees enabling end engineering england enhanced entire esignature especially evasive even ever evilproxy evolving existence existing experiencing experts explore explores fail fall false february feedback file files file” finance financial following fortify frequently from further generative genuine gives global globally goes growing grown happen hard hardest has haunts have headers healthcare help helps here heuristics high higher highly hit holds homes how human identified identify impersonation impossible improve inboxes include including including: incorrectly increased increasing increasingly incumbent indicators industry informed infrastructure initiates injecting inspected instance insurance intelligence invitations invited january july june just keep keeps known lack landscape launch learn learned left legitimate less lessons level lifecycle like likely link links location log login look major malicious malware manipulation many march masked may means message messages microsoft mirror mismatch month month: more much multifactor multilayered multipronged nearly need needed needs neither new non not notably noted notifications november numerous occur october offers often once one only open operates organization organizations oriented other our previous out over owns page particularly past patterns payroll pdf people per personalized phishing plus point post potential potentially pre presence pretexting pretexts preventing proactive products profit programs projected prompt prompted proofpoint properties protect protection protection provide provides providing public ransomware reach read real realistic really reasons received receiving recent recipient recipients recommend redirect regular regularly relationship remediated remediation: reminder reply reported research respond result right risk safe same sandbox sandboxing scam scams scan scanned scanning scenario screen scrutinize season seconds sector sectors security seen send sender senders sends sense sent september sequence series series: series service several share shared sharing shifts should signals significantly similar simple simulations site slipped socgholish social solution sophisticated spot squash stark states static stay stealthy steps stop stopped stopping stops struggled success such summary supply support surge surged suspicious tactics take takeover target targeted targeting targets teams techniques technology telephone templates that them there these they threat threat: threats through throughout time tis today toll tool tools traditional trained trust trusted type types typically ultimately uncove |
| Tags | Ransomware Data Breach Malware Tool Threat Medical Cloud |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.