Cybersecurity Weekly: Multiple active Microsoft phishing campaigns
Targeted phishing attacks successfully hacked top executives at over 150 companies. An Office 365 phishing campaign uses fake Microsoft Teams alerts. A new phishing campaign packs an info-stealer, ransomware punch. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. Targeted phishing attacks successfully hacked top executives at over 150 companies
In the last few months, multiple groups of attackers successfully compromised corporate email accounts of officers at various firms based in Europe and Asia. Dubbed PerSwaysion, the new phishing campaign leverages Microsoft file-sharing services — including Sway, SharePoint and OneNote — to launch highly targeted phishing attacks.
Read more »
2. Office 365 phishing campaign uses fake Microsoft Teams alerts
Another phishing campaign is using cloned imagery from automated Microsoft Teams notifications in attacks that attempt to harvest Office 365 credentials. To evade email protection services, the attackers use several URL redirects with the end goal of hiding the URL used to host the phishing campaign.
Read more »
3. New phishing campaign packs an info-stealer, ransomware punch
A new phishing campaign is distributing a double-punch of a LokiBot information-stealing malware along with a second payload in the form of the Jigsaw Ransomware. By using this combo, the attackers first steal saved stored credentials and then deploy the Jigsaw ransomware to try and get a small ransom to sweeten the attack.
Read more »
For more cybersecurity news stories like these, check out the blog »
Looking for certification prep and technical skills development content? Visit our website to check out Infosec Skills! The platform has 70 learning paths, 600 courses and 150 virtual labs where you can try out new skills in a sandboxed environment. Try it free for 30 days with promo code: infoseccommunity