Such an intrusion involved threat actors compromising a software-as-a-service user's email account to determine potentially exploitable conversations where they could deliver an email purporting to be a reply to a message about tax and payment details before establishing a new mailbox rule that would forward messages to an archive folder to conceal malicious activity.
While more than 80% of entities expect intrusions — particularly phishing, data theft, and zero-day malware attacks, to hold steady or increase over the next year — more than half of respondents continue to believe the non-malicious nature of email messages and attachments by default.
Threat actors have exploited HTTP header refresh entries to deploy fraudulent credential harvesting email login pages as part of far-reaching phishing campaigns between May and July, which primarily targeted the business and economy sector, The Hacker News reports.
Combine the financial sector’s high online usage and need to make speedy decisions and it’s easy to understand why hackers use file-sharing services to prey on this vertical.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
