Check Point: so ?? phishing arrives in the company

Phishing arrives at the company because the company is the most fertile place to monetize any attacks. Not only that: it is also one of the most prolific contexts, because the user acts in a sort of comfort zone linked to a series of prejudices on the reliability of certain references and certain defense tools, often lowering the critical sense of the actions performed. A Check Point analysis has highlighted what this can determine by analyzing a recent attack (April 2020) that has hit in a particularly sophisticated way.

Redirect question It is enough this brief description of the attack to understand what kind of action it is:

Hackers hijacked the University of Oxford's email server to send malicious emails to victims. The emails contained links that redirected to an Adobe server, used by Samsung in the past, allowing hackers to exploit the facade of a legitimate Samsung domain to successfully deceive the victims. The victims were led on a false path with the aim of pushing them to share Office 365 access credentials.

Targeted resources and brands can be used to mask an attack genuinely, in short, also leaving the attentive user in the face of a situation which is difficult to interpret immediately. This is why defense must be structured above all at a preventive level, following best practices which are now fully known and consolidated, but too often ignored, circumvented or underestimated:

use different passwords for cloud applications. This subdivision protects the information when it is displayed; use security solutions for the cloud and e-mail. The fact that these campaigns thrive shows that the solutions yet native are easy to work around: - use solutions for specific security allows you to remove the threats penetrating via e-mail, and protect the infrastructure-to the cloud, do not enter the credentials when you do not expect to do so, on a site that normally does not require. This is often a scam in disguise. Access to your corporate email can allow a hacker unlimited access to the operations of a company, such as transactions, financial reports, sending e-mail within the company from a reliable source, password, and even address of the cloud resources of a company. To complete the attack, the hacker had access to servers of Samsung and Oxford, which means that it has had the time to understand their internal workings, allowing him to go unnoticed

David Gubiani, Regional Director SE EMEA Southern Check Point

The Oxford University, Adobe and Samsung are completely unaware of the fact that their brands have been used for the attack: Check Point has reported to its responsible for what happened, so that it is possible to take measures for the protection of the companies involved.