Commentary On TA505 Phishing Campaign

By   ISBuzz Team
Writer , Information Security Buzz | Oct 28, 2021 03:48 am PST
Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Adrien Gendre
Adrien Gendre , Chief Product Officer and Co-Founder
October 28, 2021 11:49 am

<p dir=\"ltr\">Despite having enterprise cybersecurity budgets, financial services organizations are, like all organizations, vulnerable to phishing attacks because no solution blocks 100% of phishing emails. The moment an email is blocked, a hacker is making adjustments to increase their chances of success on the next try.</p><p dir=\"ltr\">Sophisticated groups like EvilCorp know their targets, and they know what is protecting them: the security infrastructure that is in place, including email security. Many email security solutions are even visible in a simple MX query. This gives the hacker an advantage. When they know what they are up against, they can find a way to reverse engineer the solution and breakthrough.</p><p dir=\"ltr\">When an email does slip through, even a trained user can mistake a highly sophisticated phishing email for a legitimate email. The OneDrive and SharePoint links in the MirrorBlast campaign add an air of legitimacy to the emails, and the use of a redirect from a legitimate service confuses the email filter.</p><p dir=\"ltr\">It ultimately comes down to two things: invisibility and user training. Your security stack should not be visible to cybercriminals–they will learn how to exploit them, and your users must be trained on the latest threats–not once or twice a year but continually and particularly after they have made the mistake of engaging with a malicious email.</p>

Last edited 2 years ago by Adrien Gendre

Recent Posts

Would love your thoughts, please comment.x