Artwork

Το περιεχόμενο παρέχεται από το Neil C. Hughes. Όλο το περιεχόμενο podcast, συμπεριλαμβανομένων των επεισοδίων, των γραφικών και των περιγραφών podcast, μεταφορτώνεται και παρέχεται απευθείας από τον Neil C. Hughes ή τον συνεργάτη της πλατφόρμας podcast. Εάν πιστεύετε ότι κάποιος χρησιμοποιεί το έργο σας που προστατεύεται από πνευματικά δικαιώματα χωρίς την άδειά σας, μπορείτε να ακολουθήσετε τη διαδικασία που περιγράφεται εδώ https://el.player.fm/legal.
Player FM - Εφαρμογή podcast
Πηγαίνετε εκτός σύνδεσης με την εφαρμογή Player FM !

3029 Fortra on Phishing, AI, and LOTS Tactics: Protecting Against Trusted Service Abuse

30:04
 
Μοίρασέ το
 

Manage episode 440487574 series 2391590
Το περιεχόμενο παρέχεται από το Neil C. Hughes. Όλο το περιεχόμενο podcast, συμπεριλαμβανομένων των επεισοδίων, των γραφικών και των περιγραφών podcast, μεταφορτώνεται και παρέχεται απευθείας από τον Neil C. Hughes ή τον συνεργάτη της πλατφόρμας podcast. Εάν πιστεύετε ότι κάποιος χρησιμοποιεί το έργο σας που προστατεύεται από πνευματικά δικαιώματα χωρίς την άδειά σας, μπορείτε να ακολουθήσετε τη διαδικασία που περιγράφεται εδώ https://el.player.fm/legal.

In this episode of The Tech Talks Daily Podcast, I speak with Michael Tyler from Fortra to uncover the details behind a phishing campaign that exploited USign’s e-signature platform. Fortra recently discovered how cybercriminals leveraged USign’s trusted domain to bypass email security gateways, highlighting the growing challenges related to the "living off trusted services" (LOTS) tactic used by attackers. This phishing campaign exposed vulnerabilities within platforms often regarded as safe by email filters, demonstrating how easily attackers can exploit trusted services.

Cybercriminals disguised fake USign documents as HR notifications, tricking victims into entering passwords instead of signatures. By using USign’s strong sender reputation, these malicious emails were able to bypass traditional email security measures, making them harder to detect. The attack even showed signs of being generated with AI language models, adding another layer of sophistication.

We dive deeper into the LOTS tactic, where attackers take advantage of legitimate services—such as e-signature platforms, file hosting sites, and social media platforms—to execute their malicious activities. This strategy not only reduces the setup effort for attackers but also enables them to hide behind the reputation of trusted service providers, making it increasingly difficult for security systems to flag these threats.

Michael discusses the broader implications for cybersecurity and the need for multi-layered defenses. Organizations must not only invest in user education to help employees recognize phishing attempts but also implement deeper email inspection and rapid response capabilities to quickly mitigate risks. For service providers like USign, enhancing security protocols, such as limiting bulk registrations and monitoring for abnormal activity, is crucial in preventing future exploitation.

The conversation also explores how Fortra is working with organizations to bolster their defenses against such attacks. Michael shares practical recommendations, from improving detection of social engineering attempts to collaborating with trusted service providers to combat platform abuse. As the world of cybersecurity continues to evolve, this episode provides valuable insights into staying one step ahead of increasingly sophisticated phishing tactics.

  continue reading

2055 επεισόδια

Artwork
iconΜοίρασέ το
 
Manage episode 440487574 series 2391590
Το περιεχόμενο παρέχεται από το Neil C. Hughes. Όλο το περιεχόμενο podcast, συμπεριλαμβανομένων των επεισοδίων, των γραφικών και των περιγραφών podcast, μεταφορτώνεται και παρέχεται απευθείας από τον Neil C. Hughes ή τον συνεργάτη της πλατφόρμας podcast. Εάν πιστεύετε ότι κάποιος χρησιμοποιεί το έργο σας που προστατεύεται από πνευματικά δικαιώματα χωρίς την άδειά σας, μπορείτε να ακολουθήσετε τη διαδικασία που περιγράφεται εδώ https://el.player.fm/legal.

In this episode of The Tech Talks Daily Podcast, I speak with Michael Tyler from Fortra to uncover the details behind a phishing campaign that exploited USign’s e-signature platform. Fortra recently discovered how cybercriminals leveraged USign’s trusted domain to bypass email security gateways, highlighting the growing challenges related to the "living off trusted services" (LOTS) tactic used by attackers. This phishing campaign exposed vulnerabilities within platforms often regarded as safe by email filters, demonstrating how easily attackers can exploit trusted services.

Cybercriminals disguised fake USign documents as HR notifications, tricking victims into entering passwords instead of signatures. By using USign’s strong sender reputation, these malicious emails were able to bypass traditional email security measures, making them harder to detect. The attack even showed signs of being generated with AI language models, adding another layer of sophistication.

We dive deeper into the LOTS tactic, where attackers take advantage of legitimate services—such as e-signature platforms, file hosting sites, and social media platforms—to execute their malicious activities. This strategy not only reduces the setup effort for attackers but also enables them to hide behind the reputation of trusted service providers, making it increasingly difficult for security systems to flag these threats.

Michael discusses the broader implications for cybersecurity and the need for multi-layered defenses. Organizations must not only invest in user education to help employees recognize phishing attempts but also implement deeper email inspection and rapid response capabilities to quickly mitigate risks. For service providers like USign, enhancing security protocols, such as limiting bulk registrations and monitoring for abnormal activity, is crucial in preventing future exploitation.

The conversation also explores how Fortra is working with organizations to bolster their defenses against such attacks. Michael shares practical recommendations, from improving detection of social engineering attempts to collaborating with trusted service providers to combat platform abuse. As the world of cybersecurity continues to evolve, this episode provides valuable insights into staying one step ahead of increasingly sophisticated phishing tactics.

  continue reading

2055 επεισόδια

Όλα τα επεισόδια

×
 
Loading …

Καλώς ήλθατε στο Player FM!

Το FM Player σαρώνει τον ιστό για podcasts υψηλής ποιότητας για να απολαύσετε αυτή τη στιγμή. Είναι η καλύτερη εφαρμογή podcast και λειτουργεί σε Android, iPhone και στον ιστό. Εγγραφή για συγχρονισμό συνδρομών σε όλες τις συσκευές.

 

Οδηγός γρήγορης αναφοράς