[SANS ISC] Shadow IT Makes People More Vulnerable to Phishing, (Wed, Nov 10th)

Shadow IT is a real problem in many organizations. Behind this term, we speak about pieces of hardware or software that are installed by users without the approval of the IT department. In many cases, shadow IT is used because internal IT teams are not able to provide tools in time. Think about a user who needs to safely exchange files with partners and no tool is available. A change request will be created to deploy one but, with the lack of (time|money|resources), the project will take time. Unfortunately, the user needs the tool now, so an alternative path will be used like a cloud file sharing service.

I spotted an interesting phishing email that uses this shadow IT stuff. When you visit the page, you get a nice page that mimics an online drive:

The page is nicely designed and looks legit, except that it’s delivered through a suspicious domain name. All the links and document snapshots just redirect to a Javascript popup window that will try to collect the victim’s credentials.

Note that the form verifies if the provided password is long enough 🙂

<input type=”password” name=”pass” class=”form-control” id=””
 placeholder=”Email Password” pattern=”.{5,}”
 required title=”5 characters minimum”
 oninvalid=”this.setCustomValidity(‘Enter your correct email password’)”

If you use public cloud services to exchange files with your partners, you make them potentially more vulnerable to phishing attacks. Keep this in mind!

Xavier Mertens (@xme)
Senior ISC Handler – Freelance Cyber Security Consultant

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Source: Read More (SANS Internet Storm Center, InfoCON: green)

You might be interested in …

[ZDNet] Artwork Archive cloud storage misconfiguration exposed user data, revenue records

All posts, ZDNet

An unsecured bucket exposed PII and sales information. Source: Read More (Latest topics for ZDNet in Security)

Read More

[SecurityWeek] ‘What’s the Price Today?’: FBI Phone App Reaped Secrets of Global Drug Networks

All posts, Security Week

One drug trafficker texted another that he had a “job” and a proven way to get it done: two kilograms of cocaine from Bogota using the French embassy’s protected diplomatic pouch. read more Source: Read More (SecurityWeek RSS Feed)

Read More

Daily NCSC-FI news followup 2021-05-27

Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices www.fireeye.com/blog/threat-research/2021/05/updates-on-chinese-apt-compromising-pulse-secure-vpn-devices.html In April, Mandiant published information about Pulse Secure devices, in this blog post they update the findings and provide recommendations to defenders APT hackers breached US local govt by exploiting Fortinet bugs www.bleepingcomputer.com/news/security/fbi-apt-hackers-breached-us-local-govt-by-exploiting-fortinet-bugs/ FBI: As of at least May 2021, an APT actor group […]

Read More