Protecting credentials against social engineering: Cyberattack Series

Our story begins with a customer whose help desk unwittingly assisted a threat actor posing as a credentialed employee.
In this fourth report in our ongoing Cyberattack Series, we look at the steps taken to discover, understand, and respond to a credential phishing and smishing cyberattack that targeted a legitimate, highly-privileged user with social engineering-allowing the cyberattacker to impersonate the victim and weaponize a help desk to remove their multifactor authenticated device and register their own.
Credential-based cyberattacks often begin with cyberthreat actors targeting individuals who they believe are connected to the people who have the credentials they need.
Then they conduct social and dark web reconnaissance to find and wind their way to highly privileged users and gain enough information to impersonate them.
In the past, cyberthreat actors have even been known to impersonate and masquerade as staff, including chief information security officers and other incident response firms.
Many smishing and social engineering attacks employ a rush of push notifications that can overwhelm or confuse a target, causing multifactor authentication fatigue.
In the case of threat actor Octo Tempest, once they gained access, they began wrapping their tentacles around valuable assets and collecting additional credentials by using third-party credential-harvesting tools against cloud and on-premises assets.
Then they modified the normal authentication flow, which allowed them to authenticate as any user in the organization, without requiring their credentials.
Then we examine Octo Tempest's tactics, techniques, and procedures to understand the extent of the compromise and how we were able to help the customer evict the cyberthreat actor completely.
We'll also explore how organizations can educate employees to reduce the chance of social engineering attacks, and share five proactive elements of a Zero Trust approach that can protect against highly motivated, tenacious cyberthreat actors like Octo Tempest.
Many cyberattacks can be prevented-or at least made more difficult to execute-through the implementation and maintenance of basic security controls.
Organizations can strengthen their cybersecurity defenses and better protect against cyberattacks by understanding in-depth the tentacles of a far-reaching credential breach like this one.
Microsoft Incident Response can provide expert guidance to customers when an attack becomes too complex and challenging to mitigate alone-and before an attack happens-to develop a comprehensive incident response plan and ensure security personnel are trained to recognize and respond to social engineering attacks.
With Microsoft's intelligence-driven incident response, customers can access the help they need on a global scale with global incident response, all day, every day-both on-site and remotely.
The proactive and reactive incident response services let customers take advantage of the depth and breadth of Microsoft Threat Intelligence and gain unique access to product engineering.
Read the report to learn more about the cyberattack, including the response activity, and lessons that other organizations can learn to avoid being caught in the tentacles of a social engineering compromise.
With this Cyberattack Series, customers will discover how Microsoft incident responders investigate unique and notable exploits.
Read the first blog in the Cyberattack Series, Solving one of NOBELIUM's most novel attacks.
To learn more about Microsoft Incident Response, visit our website or reach out to your Microsoft account manager or Premier Support contact.
Bookmark the Security blog to keep up with our expert coverage on security matters.


This Cyber News was published on www.microsoft.com. Publication date: Wed, 06 Dec 2023 15:28:05 +0000


Cyber News related to Protecting credentials against social engineering: Cyberattack Series

Social Engineering: The Art of Human Hacking - Social engineering exploits this vulnerability by manipulating human psychology and emotions to gain unauthorized access to systems and data. Rather than directly breaking cyber defenses, social engineering tactics exploit human vulnerabilities - ...
9 months ago Offsec.com
Social Engineering Attacks: Tactics and Prevention - Social engineering attacks have become a significant concern in today's digital landscape, posing serious risks to the security and sensitive information of individuals and organizations. By comprehending these tactics and implementing preventive ...
8 months ago Securityzap.com
Hacker Conversations: Stephanie 'Snow' Carruthers, Chief People Hacker at IBM X-Force Red - Social engineering is effectively hacking human thought processes. Social engineering is a major factor in the overall process but is not directly part of repurposing electronic systems. A social engineer is usually classified as a hacker, and is ...
6 months ago Securityweek.com
Protecting credentials against social engineering: Cyberattack Series - Our story begins with a customer whose help desk unwittingly assisted a threat actor posing as a credentialed employee. In this fourth report in our ongoing Cyberattack Series, we look at the steps taken to discover, understand, and respond to a ...
10 months ago Microsoft.com
CVE-2022-22180 - An Improper Check for Unusual or Exceptional Conditions vulnerability in the processing of specific IPv6 packets on certain EX Series devices may lead to exhaustion of DMA memory causing a Denial of Service (DoS). Over time, exploitation of this ...
2 years ago
CVE-2022-0715 - A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT ...
1 year ago
CVE-2021-0207 - An improper interpretation conflict of certain data between certain software components within the Juniper Networks Junos OS devices does not allow certain traffic to pass through the device upon receipt from an ingress interface filtering certain ...
3 years ago
Combatting Social Engineering - One popular cyber-attack method known as social engineering leverages human psychology to gather information and perform attacks instead. Social engineering is the psychological manipulation of people into performing actions or divulging confidential ...
9 months ago Cyberdefensemagazine.com
CVE-2019-0069 - On EX4600, QFX5100 Series, NFX Series, QFX10K Series, QFX5110, QFX5200 Series, QFX5110, QFX5200, QFX10K Series, vSRX, SRX1500, SRX4000 Series, vSRX, SRX1500, SRX4000, QFX5110, QFX5200, QFX10K Series, when the user uses console management port to ...
3 years ago
Social Justice: a global perspective - Today, we commemorate World Day of Social Justice and honor those across the globe who stand for the equitable access to opportunities within societies where individuals' rights are recognized and protected. I have the distinct honor of leading the ...
7 months ago Feedpress.me
CVE-2021-0247 - A Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) vulnerability in the firewall process (dfwd) of Juniper Networks Junos OS allows an attacker to bypass the firewall rule sets applied to the input loopback ...
3 years ago
AI and the Evolution of Social Media - A decade ago, social media was celebrated for sparking democratic uprisings in the Arab world and beyond. In a 2022 survey, Americans blamed social media for the coarsening of our political discourse, the spread of misinformation, and the increase in ...
6 months ago Securityboulevard.com
CVE-2021-0280 - Due to an Improper Initialization vulnerability in Juniper Networks Junos OS on PTX platforms and QFX10K Series with Paradise (PE) chipset-based line cards, ddos-protection configuration changes made from the CLI will not take effect as expected ...
3 years ago
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
10 months ago Esecurityplanet.com
Understanding Each Link of the Cyberattack Impact Chain - It's often difficult to fully appreciate the impact of a successful cyberattack. Other consequences aren't so obvious - from a loss of customer trust and potential business to stolen data that may surface as part of another cyberattack years later. ...
10 months ago Securityboulevard.com
CVE-2022-25155 - Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series ...
1 year ago
CVE-2022-25157 - Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series ...
1 year ago
CVE-2022-25158 - Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all ...
2 years ago
CVE-2022-25156 - Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric ...
1 year ago
Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
10 months ago Cisa.gov
Protecting Your Digital Space: A Guide on How to Stay Cyber Safe on Social Media - In the age of digital inter-connectedness, social media has become an integral part of our daily lives, enabling us to connect, share, and communicate globally. As cyber threats continue to evolve, it's crucial to adopt proactive measures to ensure ...
8 months ago Cybersecurity-insiders.com
How software engineering will evolve in 2024 - From artificial intelligence and digital twin technologies, to platform engineering rooted in devops principles, to chaos engineering techniques that enhance resilience, to the expanded use of internal developer portals that boost productivity, ...
9 months ago Infoworld.com
CVE-2021-20609 - Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, ...
1 year ago
CVE-2021-20610 - Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions ...
1 year ago
CVE-2021-20611 - Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, ...
1 year ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)