1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Hackers are targeting top executives to steal their work logins

    From TechnologyDaily@1337:1/100 to All on Thu Aug 10 10:30:03 2023
    Hackers are targeting top executives to steal their work logins

    Date:
    Thu, 10 Aug 2023 10:20:19 +0000

    Description:
    Your login details are being targeted, especially Microsoft 365, even though youre using MFA

    FULL STORY ======================================================================

    Analysts at cybersecurity firm Proofpoint have claimed high-level execs at some of the worlds leading companies are repeatedly targeted with credential-stealing attacks.

    More alarmingly, according to the figures, around one-third (35%) of the compromised users observed over the past year had multi-factor authentication ( MFA ) enabled.

    The attacks come amid a rise in cases of EvilProxy, a phishing tool based on
    a reverse proxy architecture, which Proofpoint says allows attackers to steal even MFA-protected credentials. Account passwords are highly sought-after

    Threat actors are now increasingly using Adversary-in-the-Middle (AitM) phishing kits (including the above-mentioned EvilProxy) to steal credentials and session cookies in real time. Read more

    These are the best identity theft protection


    Beware - that email from HR could well be a phishing scam


    Watch out - that unexpected Microsoft alert could well be a phishing
    attack

    The scale of the problem is only clear when Phishing-as-a-Service (PaaS) is unpacked. PaaS allows even technically challenged attackers to take part in credential-stealing activities.

    In the three months leading up to June 2023, Proofpoint observed around 120,000 EvilProxy phishing emails being sent to hundreds of targeted organizations globally, with many targeting Microsoft 365 user accounts in particular.

    Fortunately, an overview of the attacks has enabled Proofpoint to pinpoint some of the most common tactics when it comes to phishing attacks, including brand impersonation and cybersecurity scan blocking.

    Another telltale sign of an attack could be that the attacker leads a victim down a multi-step path, via legitimate redirectors like YouTube, to the point where malicious cookies and 404 redirects execute an attack.

    The firm recommends effective email monitoring with a strong business email compromise (BEC) prevention solution as well as other cloud and web security products. Regular cybersecurity training for staff is also an effective way
    to prevent mistakes by would-be victims, while those looking to take security even further can employ passwordless passkey authentication for eligible accounts. Looking for a cybersecurity boost? How about using one of the best firewalls ?



    ======================================================================
    Link to news story: https://www.techradar.com/pro/hackers-are-targeting-top-executives-to-steal-th eir-work-logins


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)