Cybercriminals Target Execs in Microsoft 365 Credential Attack to Launch Internal BEC Scams j-stashsu, joker-stash-bazarcom
A new phishing attack spotted in the wild by security researchers at Trend Micro demonstrates how compromised data in an initial cyberattack is purposed in subsequent attacks.
We all know in concept that any data stolen/compromised/collected by the bad guys is then sold on the dark web, used to extort a ransom, or used to conduct further malicious activity. In the case of this latest attack, dubbed Water Nue, cybercriminals have been targeting executives at over 1000 companies around the world, attempting to compromise their Microsoft 365 credentials. While the concept of stealing Microsoft 365 credentials isn’t new, some of the details of this attack are interesting to note:
This scam highlights the steps cybercriminals are willing to take to avoid detection by security solutions. And once an account is compromised, the BEC requests look legitimate to fellow internal employees.
To avoid being a victim of such scams, organizations need to have employees undergo continual Security Awareness Training where they will learn about these kinds of scams, the need to always confirm requests via a secondary means (e.g., via phone), and to always put emails under scrutiny – especially when it involves the transfer of money.
CEO fraud has ruined the careers of many executives and loyal employees, causing over $26 billion in losses. Don’t be the next victim. This manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.