The IT Nerd

Researchers have uncovered a powerful weapon in the cybercriminal arsenal dubbed Atlantis AIO that enables attackers to test millions of stolen credentials in rapid succession. It also provides pre-configured modules to automate the targeting of specific services from email providers.

You can go into the weeds on this here: https://abnormalsecurity.com/blog/atlantis-aio-credential-stuffing-140-platforms

Darren James, Senior Product Manager at Specops Software, commented:

“Threat actors who use these tools are looking for username and password pairs that work on any of these targeted systems. They rely on the fact that many people re-use these credentials across multiple websites.

Consumer credentials are useful for specific account takeover, but usernames that are from the affected persons work account are often prized highly, as these accounts can be used to steal data or blackmail an entire organization rather than a single individual.

Organizations can protect themselves by using tools that continuously monitor business accounts for breached passwords, and Digital Risk Protection systems that look for these credential pairs, and can either warn you about your “risky” users or even force the user to change that compromised password.

The risk of having a password becoming compromised has increased over time with advice from various organization’s being that password expiry dates should be removed. This advice, however, always comes with a caveat that the user’s password must be changed if it becomes compromised. However, without the additional tools I mentioned above, this is extremely difficult to detect until it’s too late.”

This is a perfect example as to why password hygiene matters. By having good password hygiene, you make yourself less of a target. Thus you should spend a weekend or two looking at all your passwords and making them as complex and unique as possible. Other tips on good password hygiene can be found here.

Abnormal Security has revealed its latest research of real-world examples of threats Abnormal customers received in 2024 that demonstrates and predicts the anticipated evolution of the threat landscape we can expect to see in 2025. The blog also provides critical insights into the attack strategies organizations must be ready to detect and defend against these threats.

According to the company’s observations, the five advanced email attacks to watch for in 2025 are:

• Cryptocurrency Fraud 
• File-Sharing Phishing 
• Multichannel Phishing 
• AI-Generated Business Email Compromise 
• Email Account Takeover

This blog emphasises the dire need for AI-native defenses that are able to identify anomalies and analyze context in real time. By understanding how attackers adopt solutions, organizations can protect the company and its employees from the increasing and evolving sophistication of email threats.

You can read the research here.

Abnormal Security has released its latest blog of a phishing campaign exploiting Dropbox’s platform—blending genuine email elements with adversary-in-the-middle (AiTM) tactics to steal login credentials. 

In this attack, the email claims “Human Resources” has shared a document regarding annual salary increases and open enrolment on Dropbox. Clicking the “View on Dropbox” button sends recipients to Dropbox’s legitimate site, where they are instructed to provide Dropbox login credentials to view the file. What makes this attack unique is that it originated from a trusted sender and includes legitimate embedded links.

From there, employees are redirected to a spoofed Microsoft OneDrive portal and prompted to provide their Microsoft login credentials where credentials are ultimately stolen.

You can read the blog post here: https://abnormalsecurity.com/blog/adversary-in-the-middle-dropbox-phishing-open-enrollment

Abnormal Security has published its latest research about the year-over-year uptick in email threats targeting the healthcare industry. The study analyzed emails between August 2023 and August 2024, finding that vendor email compromise (VEC) attacks consistently trended upward, with a 60% increase, and the number of phishing attacks on healthcare organizations increased by 37%.

Mike Britton, CISO of Abnormal Security, can discuss healthcare industry attack trends, including: 

• What makes healthcare an appealing target for cybercrime?
• Why do VEC and phishing attacks targeting the healthcare industry continue to grow?
• How do we protect health organizations from sophisticated email attacks?

You can read the blog post here.

Abnormal Security has released its latest blog reporting on how cybercriminals use Evilginx to bypass multi-factor authentication (MFA) in attacks targeting Gmail, Outlook, Yahoo, and more. 

Evilginx, a tool commonly used in phishing attacks, operates as a middleman between users and legitimate websites. It intercepts and manipulates traffic, allowing cybercriminals to steal login credentials, session cookies, and other sensitive information. 

Attackers typically configure Evilginx to mimic high-value targets such as online banking portals, cloud service providers, email platforms, and social media sites. These sites often rely on MFA as a security measure, and the tool offers a way to bypass that protection. 

Abnormal shows a custom price list for these configurations, including brands/services (LinkedIn, Intuit, Telegram, GitHub, Airbnb, and the previously mentioned email platforms), price, website, login URL, and details. Evilginx has also become a service that cybercriminals sell to each other. 

Abnormal Security’s research team demonstrates:

• Why Evilginx has become a valuable tool for cybercriminals involved in phishing campaigns
• What is the potency of the tool in real-world cyber espionage and nation-state-sponsored hacking
• How organizations can protect themselves against AiTM Attacks

You can read the blog entry here.

The transportation industry is the lifeblood of the global economy, however, as the world becomes increasingly interconnected, so too does the vulnerability of this critical sector. Between July 2023 and July 2024, phishing attacks on transportation organizations increased by an alarming 175%.

Today, Abnormal Security published their latest blog highlighting how ransomware, phishing, BEC and VEC attacks emerged as major threats in the transportation industry. 

In the blog, researchers note a ransomware attack on a freight shipping provider, Estes Express Lines, which disrupted systems for more than two and a half weeks and compromised personal data of 21,000 individuals including names, and Social Security numbers.

You can read more about the research here: https://abnormalsecurity.com/blog/transportation-industry-email-attack-trends. 

Abnormal Security has released its latest blog showing an exponential surge of cyberattacks in the educational sector, exposing over 650,000 records in the last 60 days. 

Mike Britton, CISO at Abnormal Security discusses how educational institutions across the US are becoming easy prey for cybercriminals as the school year approaches, making phishing a big threat to students, teachers, and staff.

The blog dives deep into four instances of schools, all the way from Elementary schools to University, whose students and staff that were exposed, making them vulnerable to potential phishing attacks:

• Data Breach exploiting 46,169 University students on a cybercrime forum
• 576,735 records exposed in Elementary school teachers’
• Data Breach Targeting Rowan College at Burlington County Compromises 27,000 Records
• $200 Million IT System Breach Impacting 25,000

You can read the blog here.

Abnormal Security has released its H2 2024 Email Threat Report, revealing the growing threat of file-sharing phishing attacks, whereby threat actors use popular file-hosting to manipulate victims into revealing confidential information or downloading malware onto devices. 

The report calls attention to the shift from traditional threats to behavior-based attacks, strongly emphasizing the need for organizations to focus on protecting humans as their most vulnerable targets.

Key highlights from the report showed:

• 350% Year-over-year growth in file-sharing phishing attacks
• How BEC attacks grew by more than 50% over the last year
• Construction and engineering firms, as well as retailers and consumer goods manufacturers, were most vulnerable to VEC attacks, with 70% of organizations receiving at least one VEC attack in the first half of the year.

Download the full H2 2024 Email Threat Report, “Bait and Switch: File-Sharing Phishing Attacks Surge 350% ”, here. 

Abnormal Security has revealed that French businesses, particularly those in the hospitality, transport, and tourism sectors, are at high risk of being targeted as they experience an influx of customers and transactions, making them prime targets for cybercriminals seeking to exploit the situation.

Abnormal Security researchers have additionally identified a worrying trend in online chat rooms as the threat extends beyond Olympic ticket buyers with an observation of an uptick in data offered for sale and trade.

In an example of the growing cyber threat that emerged at the beginning of this month, a user on a popular cybercrime forum contacted an undercover security researcher, offering access to VIP transport companies in the Paris area. The seller highlighted the expected booking surge as the Olympics drew closer and disclosed they had access to the company’s Stripe, email, and invoice software.

Cybercriminals can exploit this type of access to send fraudulent emails impersonating Stripe, making customers susceptible to phishing attacks. They can also target employees within the business, exposing the company to risks such as invoice fraud, compromised financial information, and operational disruptions.

You can read the details here: https://abnormalsecurity.com/blog/french-companies-olympics-threats