• ES2

Phishing Campaign Targeting Australian Businesses



ES2 have identified a significant number of Australian businesses being targeted in a sophisticated phishing campaign. The attackers are using compromised credentials to obtain access to a victim’s email account, whereby they then begin compromising other accounts within the organisation using the same technique. Both the spam email and the fraudulent website in use are customised to the individuals and the organisation, so they look legitimate and are more difficult to spot as fakes.


Cofense have a good article on the mechanisms employed by the attackers below:


https://cofense.com/zombie-phish-back-vengeance/


Mitigating the Risk

In responding to these incidents, ES2 has developed a mitigation checklist. We advise all clients to implement these if possible, particularly if using Office 365 mail

  • Enable MFA for all externally-facing services, including O365

  • Enforce modern authentication for Exchange Online

  • Disable IMAP and POP3 for O365 mailboxes

  • Ensure message and URL reputation settings are enforced on mail gateway

  • Enable URL rewriting if possible on mail gateway

  • Block *.host domains at web proxy

  • Block and alert on emails containing text “Message clipped”

  • Alert your staff to the threat, including examples.


For all cyber security incidents, emergencies and questions contact:

ES2 Cyber Incident Response 24/7 team

T. 1800 372 732


_____

Published: June 2019

120 views