SANS training company was hacked via a simple phishing email

Phishing remains one of the most effective cyberattack variants, and SANS can be a proof of that. Specialists mention that the cybersecurity training firm was the victim of a phishing attack after one of its employees received a simple email.

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

SANS is one of the world’s leading IT security training firms, so it’s unusual for many to have fallen into a phishing campaign so easily.

SANS training company was hacked via a simple phishing email
SOURCE: SANS

Through an alert posted on its website SANS acknowledged that an employee fell into a trap that allowed threat actors to obtain login credentials and access to an enterprise email account. The incident was detected on August 6 during a routine review: “We identified a single phishing email as the attack vector. As a result, one of our employees’ email accounts was affected. We believe that there are no other accounts or systems compromised,” the SANS alert mentions.

After gaining access, the attacker configured a forwarding rule for any email received by the compromised account to an external address, in addition to installing a malicious Office 365 plugin. The company has not revealed any further details about the plugin, although attackers likely have used Office 365 Oauth to gain persistence in the email account.   

In total, 513 emails were forwarded, of which around 28,000 personal records can be obtained from the company’s employees and customers. SANS states that the information provided does not include passwords or financial data, although full names, email addresses, telephone numbers, addresses, and more may be found.

Regarding the incident investigation process, it is SANS staff the same in charge of dealing with the incident. The company ensures that all necessary measures have been taken to ensure that similar incidents are not repeated in the future. Affected users and employees are being notified and should be aware of any new phishing incidents using the compromised information.

The post SANS training company was hacked via a simple phishing email appeared first on Cyber Security News | Exploit One | Hacking News.

By admin