Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

Threat Actors Use Credential Dumps, Phishing, ... - Dark Reading

Dr-logo
Threat Actors Use Credential Dumps, Phishing, Legacy Email Protocols to Bypass MFA and Breach Cloud Accounts Worldwide

MARCH 14, 2019 - PROOFPOINT INFORMATION PROTECTION RESEARCH TEAM

In arecentsix-month study of major cloud servicetenants,Proofpoint researchersobservedmassiveattacksleveraging legacy protocols andcredential dumpsto increasethespeed and effectiveness ofbruteforceaccount compromises at scale.Attacks against Office 365 and G Suite cloud accountsusing IMAPare difficult to protectagainstwith multi-factor authentication,where service accounts and shared mailboxes arenotablyvulnerable.Atthe sametime,targeted, intelligentbruteforce attacksbroughta new approach to traditionalpassword-spraying,employingcommon variations of the usernames andpasswordsexposed inlarge credential dumpstocompromise accounts.Moreover,sophisticated phishingcampaignstricked recipientsinto revealing authentication credentials, providing attackers with additional avenues intocorporate...(continued)

View All Trending Stories