At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Protect Your Data: Russian Spear-Phishing Targets Microsoft 365 Accounts

    Spear Phishing Campaign Targets Energy Companies

    Several Russian threat actors, including the SVR’s Cozy Bear, are launching highly targeted spear phishing attacks against Microsoft 365 accounts, according to researchers at Volexity.

    The attackers are impersonating employees at the US State Department, the Ukrainian Ministry of Defence, the European Union Parliament, and well-known research institutions.

    The attacks use a technique called “Device Code Authentication,” which attempts to trick users into entering a code that grants access to their accounts. This login method is provided by Microsoft to facilitate sign-ins from input-constrained devices, like smart TVs or printers. “However, in this case, it means if an attacker can convince a user to enter a specific code into this dialogue (and log in), they are granted long-term access to the user’s account,” Volexity explains.

    The researchers note, “This method has been more effective at successfully compromising accounts than most other targeted spear-phishing campaigns.”

    The attackers began by instigating conversations with the targets via email or messaging apps. After gaining the victim’s trust, they sent links that purportedly led to a Microsoft Teams meeting or a chatroom. These links took the victims to a Microsoft Device Code authentication page that asked them to enter a code.

    In one case, the threat actor contacted a target via Signal, then asked them if they could move the conversation to a different chat application.

    “The message was a ploy to fool the user into thinking they were being invited into a secure chat, when in reality they were giving the attacker access to their account,” the researchers write. “The generated Device Codes are only valid for 15 minutes once they are created. As a result, the real-time communication with the victim, and having them expect the ‘invitation,’ served to ensure the phish would succeed through timely coordination.”

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Volexity has the story.

    Comprehensive Anti-Phishing Guide

    Spear phishing emails remain a top attack vector for cybercriminals, yet most companies still don’t have an effective strategy to stop them. Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, will cover techniques you can implement now to minimize cybersecurity risk due to phishing and social engineering attacks.

    Comprehensive-Anti-Phishing-Guide-Thumbnail

    Strategies include:

    • Developing a comprehensive, defense-in-depth plan
    • Technical controls all organizations should consider
    • Gotchas to watch out for with cybersecurity insurance
    • Benefits of implementing new-school security awareness training
    • Best practices for creating and implementing security policies

    Get the E-Book now!

    Get Your Anti-Phishing Guide!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-reply-test-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top