Request a Demo of Tessian Today.

Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

State of Email Security 2022: Every Company’s Riskiest Channel |  Read the Full Report →

Threat Intel, ATO/BEC

Tessian Threat Intel Roundup: Advanced Phishing Attacks

by John Filitz Monday, October 31st, 2022

Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises.

On the back of Cybersecurity Awareness Month in October 2022 with key recommendations to protect against phishing attacks, we delve deeper into the latest Phishing-as-a-Service offering known as Caffeine, first identified by Mandiant. We also unpack an impersonation campaign we identified in the wild called Logokit. And in other notable news, a misconfigured Microsoft endpoint storage vulnerability dubbed BlueBleed was exposed by researchers at SOCRadar, potentially exposing sensitive data for thousands of customers.

Sign-up for our Threat Intel update to get this monthly update straight to your inbox.

 

 

• Phishing-as-a-Service (PhaaS) is now sold alongside Ransomware-as-a-Service (RaaS) on the dark web. 

• The commercialization of these PhaaS exploit kits and threat actors’ services are removing the barriers to entry for carrying out attacks, at scale. 

• The most recent offering is the so-called Caffeine PhaaS exploit kit that enables anyone to procure the kit and launch phishing attacks against Microsoft 365 targets. 

• Tessian Threat Intel recently identified a Business Email Compromise (BEC) campaign in the wild called Logokit.

• Logokit uses randomized spoofed pages and brand logos for purposes of harvesting login credentials. In one instance we found that a spoofed version of a Microsoft login page was being used in an attempt to capture credentials.

• Researchers from SOCRadar identified six misconfigured Azure buckets which it has dubbed BlueBleed.

• The BlueBleed exposure according to SocRadar is among the most significant B2B leaks ever, exposing sensitive data of 65,000 entities across 111 countries. 

• Microsoft immediately rectified the privacy settings on the exposed buckets, thanking SOCRadar, however disputing the extent of the exposure.

Phishing remains a persistent threat and security challenge. Threat actors continue having significant success using social engineering attacks to compromise organizations. And there is no silver bullet to protect against social engineering attacks. 

 

Only by adopting a multi-pronged, defense-in-depth security strategy will the risk of a social-engineering-related breach be reduced. Utilizing a best-in-breed solution that has advanced social engineering defense capabilities and that reinforces security culture strengthening like Tessian is increasingly essential to address an ever-evolving threatsc

To see how Tessian prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo.

For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn

John Filitz Research Lead & Sr. Technical Writer