• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Maze Ransomware
June 23, 2020
Rewterz Threat Alert – Vendetta Group Targeting Users with Phishing Campaign
June 23, 2020

Rewterz Threat Alert – Increased Office 365 Phishing Campaigns Attacks Related to COVID-19

June 23, 2020

Severity

Medium

Analysis Summary

The transition of remote work and online learning has taken a new leap amidst all the chaos during the Covid-19 pandemic. Threat actors have also found this opportunity to target financial, government and educational sectors across the nation to their gains as the risk of phishing scams have increased rapidly. Last three months have shown that the organizations are at risk of being exploited via phishing emails by threat actors and this has trend has carried on, where COVID-19 is used as a phishing lure. Attackers are sending spoofed emails, that mimic Office 365 services, prompting users to click links and enter their credentials, allowing attackers access to their systems.

Office 365 users are delivered in a well-designed, spoof page that mimics the service. Attackers have also replicated Microsoft’s login page, which will prompt users to login with their credentials and allow attackers to access their accounts, allowing them to obtain personal information. Emails are sent to users in a manner that may resemble those sent out by the organization, prompting users to click on links to check for COVID-19 pandemic updates.

With the current transition to online learning and remote work, students and employees must be aware of these threats.

Impact

  • Credential theft
  • Exposure of sensitive data

Remediation

  • Always be suspicious about emails sent by unknown senders.
  • Never click on links/attachment sent by unknown senders.
  • Enable multi factor authentication to add an extra layer of security when a user logs in.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.