Phishing Campaign Hits 80+ Orgs: The Escalating Global Threat
Cybersecurity experts are sounding the alarm after a large-scale phishing campaign impacted over 80 organizations in many sectors and highlighted the tremendous increase in complexity and volume of cyber threats. This campaign impacted businesses and government agencies, healthcare organizations, and tech companies, and is reflective of how far phishing has come since being nothing more than email scams, to being a highly strategic and organized cybercrime endeavor.
In recent years, there has been a significant shift in the capabilities of attack actors to carry out phishing campaigns, as they continue to use artificial intelligence (AI), social engineering techniques, credential harvesting techniques, cloud-based attack infrastructure, and multi-layered malware deployment strategies to gain access to enterprise systems. The attack is considered one of the most sophisticated coordinated phishing operations in the recent past, according to security researchers.
The incident reinforces a disturbing fact about organizations around the world: despite making investments in advanced cybersecurity technologies, the human element is still one of the weakest links in the digital security supply chain. Cybercriminal enterprise groups will continually refine their tactics and techniques, leading to increasingly targeted, believable, and costly phishing attacks.
This article looks at the nature of the phishing campaign that affected over 80 organizations, discusses how the attackers conducted the attacks, identifies which industries were most affected, and examines the overall implications for global cybersecurity strategy.
Phishing Campaign Hits 80+ Orgs: The Escalating Global Threat
DigiCert Hacked via Weaponized Screensaver: A New Frontier
The cybersecurity world felt the ramifications of an incident involving the compromise of DigiCert systems. Attackers used an unusual and sophisticated method to bypass security controls—essentially creating a weaponized screensaver file. This incident has caused cybersecurity practitioners to begin discussing how attackers are increasingly able to use overlooked attack vectors such as these to break into organizations that are known for having high levels of security.
For years now, the focus of most cybersecurity defenses has been email phishing, ransomware, zero-day vulnerabilities, and credential theft. However, this situation at DigiCert shows that the evolution of cyber warfare continues, and that attackers will become more creative with the tactics they employ in order to camouflage harmful payloads inside of files that may appear harmless when viewed in isolation, as well as being legitimate components of the system.
The use of malicious screensavers creates an additional layer of alarm because screensavers are normally not thought of as high-threat items by everyday users and/or security teams. Creating a weaponized version of a file format that is always trusted and routinely ignored allows attackers to circumvent traditional security assumptions and successfully run malicious code in enterprise networks.
While investigations are ongoing into this attack, the lessons learned have already begun to demonstrate the ongoing evolution of threat actors’ tactics, the weaknesses of endpoint security, the array of social engineering techniques being utilized, and potential new approaches to protecting against cyber threats in the future.
