Understanding Phishing Attack Sophistication and Evasion Techniques

ONNX is a new phishing technique that targets Microsoft 365 accounts by bypassing multi-factor authentication (MFA). Here's how it works: ONNX Attack Overview In an ONNX attack, the attacker sends a phishing email containing a malicious link that impersonates the legitimate Microsoft login page. When the victim enters their credentials, the attacker captures them. The victim is then prompted for an MFA code, which is also captured by the attacker.[1] What makes ONNX unique is that it uses JavaScript encryption to obfuscate the phishing page's code, making it harder to detect by security tools. The attacker can then replay the stolen credentials and MFA code to gain unauthorized access to the victim's Microsoft 365 account.[1] JavaScript Encryption Evasion ONNX phishing pages leverage JavaScript encryption to evade detection by security tools that scan for known phishing page signatures. The malicious JavaScript code is encrypted, making it difficult for traditional security solutions to identify the phishing page as malicious.[1] Mitigating ONNX Attacks To mitigate ONNX attacks, organizations should: 1. **Implement advanced phishing detection**: Deploy security solutions that can analyze and detect obfuscated and encrypted phishing pages like those used in ONNX attacks. 2. **Educate users**: Regularly train employees to recognize phishing attempts and report suspicious emails or login prompts. 3. **Use phishing-resistant MFA**: Implement phishing-resistant MFA methods like FIDO2 security keys or biometrics, which are harder for attackers to bypass compared to one-time passwords.[2][3] 4. **Monitor for compromised credentials**: Continuously monitor for signs of compromised credentials and implement automated remediation processes to quickly revoke access and reset passwords. 5. **Enforce least privilege access**: Limit user access privileges to only what is necessary for their roles, reducing the potential impact of a compromised account.[1] ONNX attacks highlight the importance of adopting advanced phishing detection and phishing-resistant MFA methods to protect against sophisticated attacks that can bypass traditional MFA solutions.[1][2][3] Citations: [1] https://lnkd.in/gHfUN4w9 [2] https://lnkd.in/g-N9szM4 [3] https://lnkd.in/gWsp6VUq [4] https://lnkd.in/giCzeEM2 [5] https://lnkd.in/gu7YmUbC

𝗧𝗵𝗲 𝗧𝗲𝗰𝗵 𝗧𝗟;𝗗𝗥 - Issue #9 𝗔𝗿𝘁𝗶𝗰𝗹𝗲: New phishing campaign targets US organizations with NetSupport RAT 𝗟𝗶𝗻𝗸 𝘁𝗼 𝗙𝘂𝗹𝗹 𝗔𝗿𝘁𝗶𝗰𝗹𝗲: https://lnkd.in/gjEEzCjR 𝗔𝗿𝘁𝗶𝗰𝗹𝗲 𝗦𝘂𝗺𝗺𝗮𝗿𝘆: A sophisticated phishing campaign has been identified, targeting US organizations by deploying the NetSupport RAT (Remote Access Trojan). This campaign is notable for its use of advanced evasion tactics combined with social engineering, diverging from traditional phishing methods that primarily relied on executable files. The campaign leverages the guise of legitimate remote support software to gain unauthorized access to systems. The Perception Point report highlights the campaign's use of MITRE TTPs (Tactics, Techniques, and Procedures) and provides indicators of compromise, including file hashes and URLs, to aid in the creation of detection signatures. 𝗔𝗿𝘁𝗶𝗰𝗹𝗲 𝗥𝗮𝘁𝗶𝗻𝗴: 8/10 𝗔𝗱𝗱𝗶𝘁𝗶𝗼𝗻𝗮𝗹 𝗖𝗼𝗺𝗺𝗲𝗻𝘁𝗮𝗿𝘆: This article is a valuable read for both cybersecurity professionals and the general tech-savvy audience. It scores high on technical merit due to its detailed analysis of the phishing campaign's methodology and the inclusion of actionable intelligence like MITRE TTPs and indicators of compromise. The blend of sophisticated evasion tactics with social engineering underscores the evolving nature of cyber threats, making this article a crucial update for those looking to bolster their cybersecurity defenses. 𝗔𝗱𝗱𝗶𝘁𝗶𝗼𝗻𝗮𝗹 𝗥𝗲𝗮𝗱𝗶𝗻𝗴: 1- Top 4 LLM threats to the enterprise https://lnkd.in/gVqJW34U 2- The Evolution of Phishing: How It's Getting More Sophisticated https://lnkd.in/g9HeKiKQ 3- Understanding MITRE ATT&CK: A Guide for Cybersecurity Professionals https://lnkd.in/gV4Waaex 𝗔𝗿𝘁𝗶𝗰𝗹𝗲 𝗞𝗲𝘆𝘄𝗼𝗿𝗱𝘀: #PhishingCampaign, #NetSupportRAT, #Cybersecurity, #SocialEngineering, #MITRETTPs, #IndicatorsOfCompromise, #EvasionTactics, #RemoteAccessTrojan, 𝘼𝙗𝙤𝙪𝙩 𝙏𝙝𝙚 𝙏𝙚𝙘𝙝-𝙏𝙇; 𝘿𝙍 The Tech - TL; DR is my way of contributing articles worth sharing along with a summary or additional insights into the topic. Since we don’t all have time to read everything, this approach to sharing provides a summary and insight into the article to make consumption easier and faster. The author of The Tech - TL; DR is not affiliated with any of the magazines, online resources cited, or authors. This summary is meant for educational purposes only and is not to be construed as an endorsement of any product, company, service, guidelines, or standards. © 2024 D.Bowden - The Tech - TL; DR

Blackhat Recap! It has been quite a challenge to narrow down my favorite presentations at Blackhat, but this one really stood out to me. There were several discussions about Artificial Intelligence (AI) and Large Language Models (LLMs). I have been wondering how LLMs such as GPT-4 is playing into the creation of phishing emails. More and more, we have seen phishing emails getting more sophisticated. We are no longer hearing from a prince who wants to give you money! Researchers Fredrik Heiding, a research fellow at Harvard, Jeremy Bernstein, a postdoctoral researcher at MIT, Bruce Schneier, a security expert and author, and Arun Vishwanath, founder and Chief Technologist at Avant Research Group, conducted a ground breaking experiment to see how LLMs performed against human-led efforts to create effective phishing campaigns. Their target was students at Harvard University involving a Starbucks giveaway. I won’t give away the results of the experiment (they are in the article), but as a CISO, it is concerning how easy it is to create a phishing email. The creators no longer need to be a native English speaker to create an email that may be hard for a person to spot. My takeaway: More than ever, Security Awareness training is critical for your organization. It will take humans to identify a phishing email. AI and LLMs have made it easier to create realistic phishing emails that could bypass current defensive technology. Oh, and Heiding also gave us a great reminder… the “Unsubscribe” link is often where bad guys want you to click. Stay vigilant! #AI #LLMs #PhishingEmails #SecurityAwareness #cybersecurity #Cisos

#phishingawareness Just a little reminder on #phishing as we might be distracted checking emails while off or when we return from holiday to a bulging mailbox! Phishing is the art of sending an email with the aim of getting users to open a malicious file or click on a link to then steal credentials. But most phishers aren’t very good, and the success rate is relatively low: In 2021, the average click rate for a phishing campaign was 17.8%. However, now cybercriminals have AI to write their emails, which might well improve their phishing success rates. Here’s why. The old clues for telling if something was a phishing mail were: - It asks you to update/fill in personal information. - The URL on the email and the URL that displays when you hover over the link are different from one another. - The “From” address imitates a legitimate address, especially from a known brand. - The formatting and design differ from what you usually receive from a brand. - The content is badly written and may well include typos. - There is a sense of urgency in the message, encouraging you to quickly perform an action. - The email contains an attachment you weren’t expecting. While most of these are still valid, there are a few checks you can strike off your list due to the introduction of #AI. When a phisher is using a Large Language Model (LLM) like ChatGPT, a few simple instructions are all it takes to make the email look as if it came from the intended sender. And LLMs do not make grammatical errors or put extra spaces between words (unless you ask them to). They’re not limited to one language ether. AI can write the same mail in every desired language and make it look like you are dealing with a native speaker. It’s also easier to create phishing emails tailored to the intended target. All in all, the amount of work needed to create an effective phishing email has been reduced dramatically, and the number of phishing emails has gone up accordingly. In the last year, there’s been a 1,265% increase in malicious phishing emails, and a 967% rise in credential phishing in particular. Because of AI, it’s become much harder to recognize phishing emails, which makes things almost impossible for filtering software. According to email security provider Egress 71% of email attacks created through AI go undetected. This article gives you tips to raise your game! (no paywall either) https://lnkd.in/g6FzYhcr