• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Thanos Ransomware: Destructive Variant
September 7, 2020
Rewterz Threat Advisory – Nord VPN code execution Vulnerability
September 8, 2020

Rewterz Threat Alert – Phishing Campaign Stealing Company Credentials

September 7, 2020

Severity

Medium

Analysis Summary

Attackers are utilizing targeted company’s homepage as part of a phishing attack aimed at acquiring credentials. This campaign attempts to imitate the technical support team of the employee’s company and claims that the company’s email security service has quarantined three messages, blocking them from entering the inbox. It then prompts that those messages need to be reviewed in order to confirm validity, as two of these emails are considered valid and are being held for deletion. This could potentially lead the employee to believe that the messages could be important to the company and entice the employee to review the held emails urgently before deletion. Potential loss of important documents or emails could make the employee more inclined to interact with this email.

WM_email-redact-1.png.wm-1.jpg

Hovering over the “Review Messages Now” shows the malicious URL.

WM_emailurl-redact-1.png.wm-1.jpg

Upon interacting with the link, the user will be directed to a phishing page unique to the employees’ company. It’s a login screen on the company website. However, further analysis has determined that the page shown is actually the company’s website home page with a fake login panel covering it. The overlay attempts to prompt the user to sign in to access the company account. The entered credentials are then sent to the threat actor, giving them access to the target’s company account. 

Impact

  • Credential Theft
  • Account Compromise

Indicators of Compromise

Domain Name

  • traximgarage[.]com

From Email

  • google[.]com@ashousingcompany[.]com

URL

  • hxxp[:]//google[.]com@ashousingcompany[.]com/www/?email=
  • hxxp[:]//traximgarage[.]com/www/webmail-std/appsuite/1ogin/mai1/

Remediation

  • Block the threat indicators at their respective controls. 
  • If such an email is received, confirm from your technical support team before entering credentials on any page. 
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.