CP
cyberpings
Threat IntelHIGH

Vishing Surge: ShinyHunters Expand SaaS Data Theft Tactics

MAMandiant Threat Intel
ShinyHuntersvishingMFAcredential harvestingcloud security
🎯

Basically, hackers are using phone calls to steal your login info from companies.

Quick Summary

Mandiant reports a rise in vishing attacks linked to ShinyHunters, targeting corporate login credentials. This affects anyone using cloud services, risking sensitive data exposure. Companies are urged to adopt stronger security measures to combat these tactics.

What Happened

A new wave of cyberattacks is unfolding, and it’s more alarming than ever. Mandiant has identified a surge in vishing attacks linked to the notorious ShinyHunters group. These hackers are using sophisticated voice phishing tactics to trick employees into revealing their login credentials and multi-factor authentication (MFA?) codes. Once they gain access, they target cloud-based software to steal sensitive data and internal communications.

This activity is being tracked by Google’s Threat Intelligence Group under various threat clusters, including UNC6661. These groups are evolving their methods, expanding their targets, and even harassing victims to escalate their extortion tactics. The focus is on cloud platforms, which are increasingly vulnerable to these types of social engineering? attacks, rather than flaws in the vendors' security systems.

Why Should You Care

You might think this doesn’t affect you, but it absolutely does. If you work for a company that uses cloud services, your personal and professional data could be at risk. Imagine someone pretending to be your IT department, calling you to say they need your login information to fix a problem. This is the essence of vishing, and it’s happening more frequently.

These attacks can lead to severe consequences, including data breaches that expose sensitive information about you and your company. If hackers gain access to your organization's SaaS applications, they can steal confidential documents and even personal information. Protecting yourself and your company from these attacks is crucial.

What's Being Done

In response to this growing threat, several actions are underway:

  • Mandiant has released a guide with recommendations for hardening defenses against these types of attacks.
  • Google has published a detailed walkthrough to help organizations operationalize these findings.
  • Companies are encouraged to adopt phishing-resistant MFA? methods, such as FIDO2 security keys.

Experts are closely monitoring these developments, especially the tactics used by these threat actors. The key takeaway is to stay vigilant and ensure your organization is using robust security measures. The rise of vishing? attacks is a stark reminder that social engineering? remains a potent threat in today's digital landscape.

💡 Tap dotted terms for explanations

🔒 Pro insight: The escalation of ShinyHunters’ tactics highlights the urgent need for organizations to implement phishing-resistant MFA solutions.

Original article from

Mandiant Threat Intel

Read Full Article

Share

Related Pings

HIGHThreat Intel

Threat Intel - AiTM Phishing Kit Hijacks AWS Accounts

Hackers are using an AiTM phishing kit to hijack AWS accounts. Meanwhile, a year-long malware campaign is targeting HR departments, posing serious risks to sensitive data. Organizations must act swiftly to bolster their defenses.

Help Net Security·
HIGHThreat Intel

Storm-2561 Campaign Targets Users with Fake VPN Sites

Storm-2561 is tricking users into downloading fake VPN software. This affects anyone searching for trusted VPN clients. The risk includes stolen corporate credentials and potential data breaches. Stay vigilant and verify software sources.

Security Affairs·
HIGHThreat Intel

Operation Synergia III: 45,000 Malicious IPs Taken Down Globally

INTERPOL's Operation Synergia III dismantled 45,000 malicious IPs and arrested 94 suspects. This global effort highlights the growing threat of cybercrime. Authorities are committed to ongoing investigations and collaboration to combat these issues.

Security Affairs·
HIGHThreat Intel

Massive Crackdown on 45,000 Malicious IPs Behind Ransomware

In a historic crackdown, INTERPOL and 72 nations shut down over 45,000 malicious IPs linked to cybercrime. This operation highlights the global effort to combat ransomware and phishing attacks. With numerous arrests and seized servers, authorities are making strides to dismantle cybercriminal networks.

Cyber Security News·
HIGHThreat Intel

AI Phishing Attacks Surge with Malicious SVGs Post-Holiday

AI phishing attacks have surged post-holidays, with a 50-fold increase in malicious SVGs. Many users are affected as attackers impersonate trusted entities. This evolving threat highlights the need for enhanced email security measures.

SC Media·
HIGHThreat Intel

Europol Shuts Down Major Phishing Platform: Tycoon 2FA

Europol and vendors have taken down the Tycoon 2FA phishing platform. This operation disrupts a major threat to users. Stay alert and protect your data from phishing scams.

Proofpoint Threat Insight·