Phishing stays a prime preliminary entry vector for cyberattacks, in accordance with researchers at Cisco Talos.
The researchers have printed a report on menace developments within the third quarter of 2024, discovering that attackers are more and more concentrating on legitimate accounts to achieve footholds inside organizations.
“Talos IR noticed AitM phishing assaults play out in quite a few methods this quarter, the place adversaries tried to trick customers into coming into their credentials into faux login pages,” the researchers write. “In a single engagement, Talos IR investigated a phishing case the place, after clicking a malicious hyperlink in a phishing e-mail, the sufferer was redirected to a web site prompting them to enter their credentials, and subsequently accepted an MFA request.
In one other engagement, an preliminary phishing e-mail redirected a consumer to a web page that simulates a Microsoft O365 login and MFA portal, capturing the consumer’s credentials and subsequently logging in on their behalf. The primary login by the adversary was seen 20 minutes after the preliminary phishing e-mail, highlighting the velocity, ease, and effectiveness of those operations.”
The researchers add that “as soon as account compromise is achieved, an actor can perform any variety of malicious actions, together with account creation, escalating privileges to achieve entry to extra delicate data, and launching social engineering assaults, like enterprise e-mail compromise (BEC), towards different customers on the community.”
Talos notes that many of those assaults may have been prevented by primary safety finest practices, corresponding to implementing multi-factor authentication (MFA).
“We proceed to see a big variety of compromises that would have been prevented with the presence of sure safety fundamentals, like MFA and correct configuration of endpoint detection merchandise,” the researchers write. “In practically 40 % of engagements, misconfigured MFA, lack of MFA, and MFA bypass accounted for the highest noticed safety weaknesses this quarter.
Moreover, in one hundred pc of the engagements that concerned menace actors sending phishing emails to victims, MFA was bypassed or not totally enabled, whereas over 20 % of incidents the place ransomware was deployed didn’t have MFA enabled on VPNs.”
KnowBe4 empowers your workforce to make smarter safety choices day by day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human danger.
Cisco Talos has the story.