The rise of hacking-as-a-service, complete with support, updates (to evade detection) and user feedback and testimonials has seen an increase of less Technal threat groups being able to launch effective phishing attack.
The malware, Mystic Stealer can be rented on the dark web for as little as $150 per month. With it the threat actor can extract a range of information from web browsers, password managers, cryptocurrency applications and credentials from both Steam and the hackers favourite communications channel Telegram.
New Mystic Stealer malware increasingly used in attacks (bleepingcomputer.com)
One interesting feature of the malware is that it detects if it is being run in a research environment making it harder for the AV and security vendors to defend against the threat.
Now to get that malware to you with a phishing attack using a malicious vendor and their phishing-as-a-service:
New ‘Greatness’ service simplifies Microsoft 365 phishing attacks (bleepingcomputer.com)
The Phishing Attack
Your takeaway from this.
A UK Government in 2022 showed phishing attacks to be the top threat to organisations whatever the sector whatever the size (UK Government. 2022). I think we can safely say that the 2023 survey will not see phishing attacks disappearing.
You need the best technical defences and the best human defences that your organisation can afford.
Cyber Security Awareness Training
Clive Catton MSc (Cyber Security) – by-line and other articles
References
UK Government. (2022). Cyber Security Breaches Survey 2022. Retrieved June 19, 2023, from https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2022/cyber-security-breaches-survey-2022