• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Emotet – IoCs
September 16, 2020
Rewterz Threat Alert – Trickbot IOCs
September 17, 2020

Rewterz Threat Alert – Phishing Email Offers Phishing Awareness Training

September 17, 2020

Severity

High

Analysis Summary

A creative phishing campaign is found using an email template that pretends to be a reminder to complete security awareness training from a well-known security company. With more awareness, threat actors need very creative baits to trick their target users into providing their login credentials. In this campaign, threat actors send emails that pretend to be from KnowBe4, an email security company which offers phishing training and simulation tests. The email reminds the users to log in and take their phishing training. These emails use the subject “Training Reminder: Due Date” and tell the recipient to log in to their “Security Awareness Training” before it expires within 24 hours. The email also warns that the link will not be on the standard phishing training platform but on an external site. This means, the attackers are trying to trick suspicious users again by making them feel informed. If a user clicks on the URL, they will be brought to a URL using the Russia .ru TLD that asks them to login with their Outlook credentials to supposedly begin the training. Once they login, they will be asked to enter further information such as their username, email, name, birthday, address, and once again, their password. 

knowbe4_spoofed-1b
knowbe4_spoofed-2b


Now that the attackers have collected both the victim’s email address, password, and personal information, they can use it in further targeted attacks such as BEC scams or to access a victim’s network.

Impact

  • Credential Theft
  • Unauthorized Access

Indicators of Compromise

Domain Name

  • docentes[.]uto[.]edu[.]bo
  • msk[.]turbolider[.]ru

Email Subject

  • Training Reminder[:] Due Date

URL

  • https[:]//msk[.]turbolider[.]ru/
  • https[:]//msk[.]turbolider[.]ru/wp-includes/bid/login[.]php
  • https[:]//docentes[.]uto[.]edu[.]bo/abaltazarc/bid/login[.]php
  • http[:]//docentes[.]uto[.]edu[.]bo/abaltazarc/bid/login[.]php

Remediation

  • Block the threat indicators at their respective controls.
  • Search for IoCs in your environment.
  • If a security awareness email looks very legitimate, do not respond to it without confirming legitimacy from network administrators.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.