Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy Firms

Microsoft has warned of a multi‑stage adversary‑in‑the‑middle AitM phishing and business email compromise BEC campaign targeting multiple organizations in the energy sector. "The campaign abused SharePoint file‑sharing services to deliver phishing payloads and relied on inbox rule creation to...

Detecting and mitigating a multi-stage AiTM phishing and BEC campaign

Microsoft Defender Experts uncovered a multi-stage adversary-in-the-middle AiTM phishing and business email compromise BEC attack against banking and financial services organizations. The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks and...

Microsoft Disrupts Large, Cloud-Based BEC Campaign

Threat hunters at Microsoft recently uncovered and disrupted infrastructure that powered a large-scale business email compromise BEC campaign. The infrastructure was hosted on multiple cloud platforms, which allowed it to stay under the radar for quite some time. “The attackers performed discrete...

Business email compromise campaign targets wide range of orgs with gift card scam

Cybercriminals continue to target businesses to trick recipients into approving payments, transferring funds, or, in this case, purchasing gift cards. This kind of email attack is called business email compromise BEC—a damaging form of phishing designed to gain access to critical business...

On Microsoft's XP Patches, Hidden Cobra, MacRansom, and More

Mike Mimoso and Chris Brook discuss the news of the week, including Microsoft’s XP patches, Hidden Cobra, a Nigerian BEC campaign, MacRansom, and more. Download: ThreatpostNewsWrapJune162017.mp3 Music by Chris Gonslaves...