Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Cybercriminals Target Execs in Microsoft 365 Credential Attack to Launch Internal BEC Scams

    cybercriminal bec attackA new phishing attack spotted in the wild by security researchers at Trend Micro demonstrates how compromised data in an initial cyberattack is purposed in subsequent attacks.

    We all know in concept that any data stolen/compromised/collected by the bad guys is then sold on the dark web, used to extort a ransom, or used to conduct further malicious activity. In the case of this latest attack, dubbed Water Nue, cybercriminals have been targeting executives at over 1000 companies around the world, attempting to compromise their Microsoft 365 credentials. While the concept of stealing Microsoft 365 credentials isn’t new, some of the details of this attack are interesting to note:

    • Attackers use hosting company SendGrid’s email automation to send emails and use SendGrid-generated links to obfuscate the final spoofed M365 logon page URL.
    • Additional “Xmailer” headers citing a mix of email clients are added to confuse email scanning solutions
    • Once credentials are verified and access to the executive’s account is achieved, the bad guys send off BEC emails to the exec’s subordinates, asking for fake invoices to be paid, such as the one below. (BTW, this tactic implies there is some manual diligence done, where the bad guy with access is figuring out who to send emails to, how large an invoice would not raise any red flags, etc.)
    water-nue-email-sample-originating-ip

    This scam highlights the steps cybercriminals are willing to take to avoid detection by security solutions. And once an account is compromised, the BEC requests look legitimate to fellow internal employees.

    To avoid being a victim of such scams, organizations need to have employees undergo continual Security Awareness Training where they will learn about these kinds of scams, the need to always confirm requests via a secondary means (e.g., via phone), and to always put emails under scrutiny – especially when it involves the transfer of money.

     

    Return To KnowBe4 Security Blog

    Get Your CEO Fraud Prevention Manual

    CEO-Fraud-Prevention-Manual-WP-FannedCEO fraud has ruined the careers of many executives and loyal employees, causing over $26 billion in losses. Don’t be the next victim. This manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.

    Get Your Manual

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://info.knowbe4.com/ceo-fraud-prevention-manual

    Topics: Phishing, Security Awareness Training, CEO Fraud, Email Security

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews