The Xposed Newsletter #3
WithSecure
WithSecure™ is the strategic partner for businesses that want measurable security outcomes. Formerly F-Secure Business.
Hello and a very warm welcome to November’s Xposed newsletter!
Things may be getting darker in Europe due to the clocks going back but in terms of the continent’s cyber security, the future is bright. The launch of the NIS2 directive last month is another step forward towards securing a safe digital future for Europe.
The Xposed Podcast – September 2024
“The problem is we find it interesting, so we tend to talk quite a lot.”
It’s a bumper edition of Xposed this month, as Tim and Steve navigate their way through the world of ransomware.
This month, they explore the complexities of vulnerability management, social engineering and lumberware, as well as discussing EDR killers, cups and much, much more.
This podcast is brought to you by Midland Computers Ltd , a proud WithSecure partner.
Listen in now:
Business Email Compromise attacks and compromises
Next up, let’s talk Business Email Compromise (BEC). It’s an issue that won’t go away – if anything it’s getting worse and it impacts all of us.
Here’s our WithIntelligence team to explain all:
Recommended by LinkedIn
Introduction
Recently, the WithSecure Incident Response teams identified an increase in the number of cases related to Business Email Compromise (BEC). This type of attack by threat actors uses social engineering techniques, such as phishing emails, to trick users into compromising their accounts and leveraging that to compromise high-value assets, or even impersonating the user. It then requests fraudulent changes on bank details. In most cases, the threat targets specific individuals within organizations and shares personalized emails with the intended victim.
Business Email Compromise
Business email compromise often starts with threat actors sending phishing emails to the target, most likely targeting high-value or privileged users. Once the victim clicks on the link, the threat actor tries to steal the credentials, and in more advanced phishing campaigns, the threat actors use a proxy connection to steal the token, even if the victim has MFA (multi-factor authentication) enabled. This is done in real-time, meaning all traffic from the victim to the target application, such as Microsoft 365, goes through the threat actor’s proxy, meaning the adversary can steal the access token to authenticate on behalf of the victim (This technique is detailed in tmore detail below).
To read the full article, head over to our website:
The Cyber Security Black Book
Have you seen our Cyber Security Black Book? Packed full of our research from the past year, as well as a controversial article from our ‘secret hacker’ and Mikko Hypponen’s wonderful foreword about a future groundbreaking prime minister.
P.S. We currently putting the final touches to volume 2, so stay tuned!
Mikko Uncut
When he talks, people listen. Welcome to Mikko Uncut, a series in which Mikko Hypponen takes on the biggest issues facing the cyber security industry – in 60 seconds.
This time, Mikko discusses the role of bots in elections…
You can watch the whole series on YouTube by clicking right here
That's it for this edition, see you in December!