New ways to steal your credentials

The threat actors do not stand still when it comes to cyber-attacks, they are constantly evolving new attack vectors as we start to understand and combat the current ones. Keeping up with these changes, especially when it comes to phishing emails – which is one of the most common ways threat actors defeat cyber security defences.

Jan Kopriva has an article on SANS Internet Storm looking at one of the latest trends in use for credential stealing phishing emails. It is worth looking at – even though it does get a bit technical in places – as it has a screenshot of a malicious message.

Increase in the number of phishing messages pointing to IPFS and to R2 buckets – SANS Internet Storm Center

Your takeaway

Even if you do not have a look at the article, phishing emails are real – here are some real-world examples of phishing and/or credential stealing attacks that happen to either me or the CEO of Octagon Technology:

Bugged by Phishing Email Attacks (pt. 1)

Bugged by Phishing Email Attacks (pt. 2)

Someone is Trying to Get In – A Real Email Phishing Attack

It All Starts with a Phishing Email

Training

You need the best technical cyber security defences you can afford but you also need staff training to catch the new attacks that evade your defences and get to a user’s inbox.

Clive Catton MSc (Cyber Security) – by-line and other articles