All posts tagged: spear phishing

How to Prevent Phishing Attacks with Multi-Factor Authentication

How to Prevent Phishing Attacks with Multi-Factor Authentication

Published by Webster

Phishing takes advantage of the weakest link in any organization’s cybersecurity system — human behavior. Phishing attacks are generally launched via email, although some opening salvos have begun using text messaging or phone calls. In the most common scenario, an email arrives purporting to be from HR or IT, for example. It looks just like any other company email. It advises viewers to update their personal information or IT profile by clicking on a link or opening an attachment. When the person does so, they are told to enter personally identifiable information, such as their date of birth, full name, social security number, and passwords. This enables a bad actor to take over their account and steal their identity, and it can also be the initial stage in a ransomware attack that locks the entire company out of IT systems. According to KnowBe4’s 2024 Global Phishing By Industry Benchmarking Report, one in three employees, or 34.3% of an organization’s workforce, are likely to interact with a malicious phishing email. After 90 days of training against …

Midnight Blizzard Escalates Spear-Phishing Attacks

Midnight Blizzard Escalates Spear-Phishing Attacks

Published by Webster

Microsoft Threat Intelligence has uncovered a new attack campaign by Russian threat actor Midnight Blizzard, targeting thousands of users across over 100 organizations. The attack leverages spear-phishing emails with RDP configuration files, allowing attackers to connect to and potentially compromise the targeted systems. The attack campaign targeted thousands of users in higher education, defense, non-governmental organizations, and government agencies. Dozens of countries have been impacted, particularly in the U.K., Europe, Australia, and Japan, which is consistent with previous Midnight Blizzard phishing campaigns. Phishing emails contained RDP configuration file In the latest Midnight Blizzard attack campaign, victims received highly targeted emails that used social engineering lures relating to Microsoft, Amazon Web Services, and the concept of Zero Trust. According to Microsoft Threat Intelligence, the emails were sent using email addresses belonging to legitimate organizations, gathered by the threat actor during previous compromises. All emails contained a RDP configuration file, signed with a free LetsEncrypt certificate, that included several sensitive settings. When a user opened the file, an RDP connection would be established to an attacker-controlled system. …