Catch of the Day: Cisco Hack Phish
Chef’s Special: More Spear Phish
Examples of clever phish that made it past my spam filters and into my inbox. Some are sent by clients or readers like you, and other reliable sources on the Internet.
You can send phishing samples to me at firstname.lastname@example.org.
My intention is to provide a warning and show current examples of phishing scams, related articles, and education about how these scams and exploits work, and how to detect them in your inbox. If the pictures are too small or extend off the page, double clicking the image will display them in a photo viewer app.
Cisco has disclosed a security incident that occurred as a result of sophisticated voice phishing attacks that targeted employees, according to researchers at Cisco Talos.
The researchers believe the attack was carried out by an initial access broker with the intent of selling access to the compromised accounts to other threat actors.
“On May 24, 2022, Cisco identified a security incident targeting Cisco corporate IT infrastructure, and we took immediate action to contain and eradicate the bad actors,” Cisco said in a statement. “In addition, we have taken steps to remediate the impact of the incident and further harden our IT environment. No ransomware has been observed or deployed and Cisco has successfully blocked attempts to access Cisco’s network since discovering the incident.
“Cisco did not identify any impact to our business as a result of this incident, including no impact to any Cisco products or services, sensitive customer data or sensitive employee information, Cisco intellectual property, or supply chain operations. On August 10 the bad actors published a list of files from this security incident to the dark web.” More…
By Roger A. Grimes.
Hardly a day goes by without a news alert about the latest HUGE data breach. It’s so commonplace today that it rarely rates showing at the top of the news. In a newspaper, the announcement of the latest breach may be on the third page. We’ve become numb to them. And that’s a big problem.
For sure, much of our personal information is out there, including PII, phone numbers, home and work address locations, and a ton of very specific information related to us.
A recent CISO told me he was not only surprised that voice-based phishing calls were over half of his total phishing volume reported to his SOC but that he could not readily understand how the phishing calls understood which of his co-workers were at home (and called their cell phone numbers) and which were back working at work (and called the facility’s main phone number and knew which internal extension to ask for). It was as if the attackers had an up-to-date call list of his employees, even though there wasn’t one to his knowledge.
I’ve had other IT employees remark about they were amazed how the spear phishing scammers knew exactly who to target in accounting or payroll to send their latest business email compromise (BEC) scam. The victims and their roles within their organization were not particularly well-known outside the company, and yet they were still successfully targeted by the exact type of message that made the request seem more legitimate.
I’ve had friends who showed me SMS-based phishing messages that contained their names and other personal information, so that the person trying to scam them, for sure, had relevant personal information. We all know that not only are attackers stealing and abusing other hackers’ piles of stolen information but that we are, being the social creatures that we are, revealing all sorts of good information on ourselves and our work positions, which hackers gladly use to their advantage.