Dal noto blog di Checkpoint
Cyber-crime is a complex landscape, but when it comes to actually launching cyber-attacks, there are three main techniques that criminals have relied on for decades to help them get around organizations’ defenses and into their networks: phishing, credentials theft and business email compromise. According to Verizon’s Data Breach Investigation Report, these ‘big three’ are the cause over two-thirds (67%) of all successful data breaches globally.
Check Point Research recently joined forces with Otorio to analyze and take a deep dive into a large scale phishing campaign that targeted thousands of global organizations, revealing the campaign’s overall infection chain, infrastructure and how the emails were distributed.
In August, attackers initiated a phishing campaign with emails that masqueraded as Xerox scan notifications, prompting users to open a malicious HTML attachment. While this infection chain may sound simple, it successfully bypassed Microsoft Office 365 Advanced Threat Protection (ATP) filtering and stole over a thousand corporate employees’ credentials.