• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – AZORult Trojan – IOCs
May 11, 2020
Rewterz Threat Alert – Poulight Stealer
May 12, 2020

Rewterz Threat Alert – Phishers Continue to Spoof WebEx

May 12, 2020

Severity

Medium

Analysis Summary

Another phishing campaign that attempts to get users to give up their WebEx credentials. The initial email claims that there is an SSL certificate issue related to WebEx that requires the user to login and verify their account. The body of the email appears professional and leverages the WebEx logo to reinforce its legitimacy. Additionally, a SendGrid link is used to hide the true destination URL. If a user clicks the link, they will be redirected to a domain with an SSL certificate and web meeting theme as opposed to the actual WebEx domain. The landing page appears to be a copy of the real WebEx login page. The first page simply asks for the user’s email address, while the second requests their password also. In order to avoid raising suspicions, after the credentials are captured by the attacker, the victim is redirected to the legitimate WebEx login page. The researchers note that they were able to find an open directory hosted on the attacker’s server containing the files that generate the fake webpage.

WM_fig1.png.wm-copy.jpg

Affected Vendors

WebEx

Remediation

  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.
  • Always be suspicious about emails sent by unknown senders.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.