Cybercriminals disguised phishing emails as service checks
Cyberfraudsters have become more frequent in disguising phishing links as checks of employer services - to access the infrastructure of various organizations. This was reported to Izvestia by information security companies.
In order to gain access to the infrastructure of a company, attackers make out a letter as a request to employees to check a particular service or as a requirement to confirm or change the password.
Over the past two months, companies from the financial sector, retail, logistics, manufacturing and telecom have been subjected to such attacks, Alexander Dmitriev, general director of the information security company Neuroinform, told Izvestia.
At first, the attackers identified the possibility to pick up e-mail addresses of the company's employees. To do this, they picked up the names of users registered in the organization's system. If the user existed, a captcha appeared after entering an incorrect password. And if the supposed username did not exist, the captcha did not appear. Based on this system error, the fraudsters picked up 50 accounts, figured out their email addresses and sent phishing emails to employees.
"One of the employees who entered his username and password appeared to have permission to connect to a remote desktop. The attackers went to the mail, found a letter from tech support describing how to connect to the VPN, and thus got into the company's internal network," Dmitriev said.
Then, taking advantage of flaws in the domain controller settings, the cybercriminals obtained domain administrator rights. About two weeks after the phishing mailing, all data was encrypted.
Read more in Izvestia's exclusive article:
For the company: fraudsters have become more likely to disguise phishing as employer services
