Corporate Cybercrime is Getting Personal: What You Need to Know to Protect Your Company in 2024
Cybercriminals are growing increasingly sophisticated, learn how you can protect your company from corporate cybercrimes.
Table of Content
Cybercrime is taking an increasingly personal turn. While yesterday’s cybercriminals favored broad, loosely targeted attacks such as phishing and malware campaigns, today’s criminals target individual identities using highly sophisticated tactics. Microsoft observed a surge in cyberattacks targeting identities in 2023, with attempted password-based attacks increasing by more than tenfold. To protect your company from identity-targeting attacks, it’s vital to understand the latest threats, what steps you can take to mitigate your risk, and how Microsoft and Velosio join forces to keep your corporate identities safe.
In the past, cybercriminals primarily directed phishing scams at lower-ranking employees thought to be more likely to take the bait. Now, however, cybercriminals are more likely to target higher-ranking and more credentialed users within organizations. This trend is part of a strategy known as “whaling,” which is a form of phishing explicitly aimed at high-profile targets like executives, managers, or other individuals with significant access or authority within your organization. These attacks are often more sophisticated and tailored, designed to deceive the targeted individuals into divulging sensitive information or initiating fraudulent transactions.
Similarly, “spear-phishing” is a highly targeted form of phishing, a type of cyber attack involving tricking individuals into divulging sensitive information or taking action that compromises their data security. Unlike general phishing attacks that are typically sent to many recipients with a broad message, spear-phishing is much more personalized and directed at specific individuals or organizations.
Several factors contribute to this shift in focus:
Organizations need to recognize this trend and implement comprehensive security strategies that include educating all employees, especially those in high-ranking positions, about the risks and signs of targeted cyber attacks. Enhanced security measures, such as multifactor authentication and monitoring unusual activities — especially around high-privilege accounts — are also crucial in mitigating these risks. The Velosio IT security team can help with initial configuration and ongoing monitoring.
Octo Tempest is a financially motivated collective of native English-speaking threat actors that has emerged as a significant concern in the cybersecurity landscape. First detected in early 2022, their initial campaigns focused on mobile telecommunications and business process outsourcing organizations, primarily conducting SIM swaps and account takeovers, mainly targeting high-net-worth individuals for cryptocurrency theft.
The group deploys advanced social engineering tactics, adversary-in-the-middle (AiTM) techniques, and SIM-swapping capabilities. Octo Tempest is proficient in executing carefully crafted social engineering attacks, targeting technical administrators and help desk personnel to gain initial access to organizational networks. Their approach often involves impersonating victims or newly hired employees, manipulating individuals into performing password resets or compromising multifactor authentication methods. Additionally, they have been known to resort to fear-mongering tactics, using personal threats to coerce compliance.
In response to the growing threat posed by Octo Tempest, Microsoft has outlined several defensive strategies. These include a thorough understanding of authentication flows within organizations, vigilant monitoring of administrative changes, and employing robust threat detection tools like Microsoft Defender for Cloud. Microsoft also emphasizes the importance of aligning privileges in Microsoft Entra ID and Azure, implementing Conditional Access policies, and maintaining continuous user education on cybersecurity threats. These are all configurations the Velosio security team can assist with.
Even if you’ve yet to hear the term “smishing,” you’ve no doubt seen it. Smishing is a form of phishing attack that occurs through SMS (Short Message Service) or text messages. Unlike traditional phishing attacks that primarily use email, smishing exploits text messaging, which can often be a more direct way to reach potential victims.
Here are key aspects of smishing:
To protect against smishing, it’s essential to be cautious about responding to unsolicited text messages, especially those that request personal information or urge you to click on a link. Verifying the message’s authenticity through other means (like contacting the organization directly using official channels) can also be a crucial step in prevention. Velosio offers workforce training sessions designed to help users identify suspect communications.
Forest Blizzard (STRONTIUM) and Star Blizzard (SEABORGIUM) are prominent state-sponsored cyber threat actors that have become the focal points of Microsoft’s cybersecurity efforts.
Forest Blizzard, linked to Russia’s GRU military intelligence agency, is a state-sponsored group primarily targeting individuals and organizations involved in international affairs, energy, transportation, and information security in the United States, Europe, and the Middle East. This group is adept at exploiting publicly available vulnerabilities, including CVE-2023-23397, to provide unauthorized access to email accounts within Exchange servers. Forest Blizzard’s tactics indicate they are a well-resourced and sophisticated group, constantly evolving their methods to evade detection and attribution. In response, Microsoft has been actively updating its detection and protection systems to combat the evolving threats Forest Blizzard poses.
Star Blizzard also originated in Russia. This actor is notorious for its persistent phishing and credential theft campaigns, leading to intrusions and data theft that appear to support traditional espionage objectives and information operations. Star Blizzard’s operations are characterized by their long-term targeting of organizations in the defense and intelligence sectors, NGOs, think tanks, and higher education.
Microsoft’s Threat Intelligence Center has played a pivotal role in detecting and disrupting Forest Blizzard and Star Blizzard campaigns. The company utilizes its services and frequent software updates to maintain visibility into the actor’s activities and counteract them effectively. This includes disabling accounts used for malicious activities and employing Microsoft Defender SmartScreen to detect phishing domains associated with these actors.
As cybercriminals grow increasingly sophisticated and targeted in their approaches, organizations need to double down on their efforts to thwart them. Microsoft is doing its part, launching hundreds of product innovations each year designed to keep organizations ahead of evolving threats. A skilled Microsoft Partner can help you take the best advantage of those security innovations. Velosio is a premier Microsoft business partner with an expert team of 450 business professionals, including a dedicated IT security team. We can help you deploy the best practices, Microsoft tools, and continual monitoring and training to keep your business and its personnel safe. Contact us with your questions.