orwg.cap.gov
Main Content

Cybersecurity

Cybersecurity

The latest information about Cybersecurity threats

NTIC Cyber Weekly Bulletin - August 20 2020 - TLP WHITE

Click here

 

Cyber Criminals Take Advantage of Increased Telework Through Vishing Campaign

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are issuing this advisory in response to a voice phishing (vishing)1 campaign. 

The COVID-19 pandemic has resulted in a mass shift to working from home, resulting in increased use of corporate virtual private networks (VPNs) and elimination of in-person verification. In mid-July 2020, cybercriminals started a vishing campaign—gaining access to employee tools at multiple companies with indiscriminate targeting—with the end goal of monetizing the access. Using vished credentials, cybercriminals mined the victim company databases for their customers’ personal information to leverage in other attacks. The monetizing method varied depending on the company but was highly aggressive with a tight timeline between the initial breach and the disruptive cash-out scheme. 

NTIC Cyber Alert - Cyber Threat Actors Exploit Open Redirect Vulnerabilities on Government Websites

This alert is being provided for informational purposes and for potential use to protect systems, networks, and data against this cyber threat at the sole discretion of recipients. As the cyber threat landscape is ever-evolving and attribution can be difficult, the NTIC Cyber Center makes no guarantees of the accuracy of this information during and after the dissemination of this alert as indicators of compromise IoCs) and adversary tactics,techniques, and procedures (TTPs) may change.Recipients are urged to use caution before implementing any changes to systems,software, and procedures.

 

Two Active Phishing Campaigns Using Compromised Enterprise Accounts to Steal Microsoft Office 365 Login Credentials

The NTIC Cyber Center is aware of two currently active phishing campaigns that attempt to steal Microsoft Office 365 login credentials from unsuspecting victims. These campaigns use previously compromised enterprise email accounts to send fraudulent emails to addresses in the accounts' contact lists. Both campaigns include the words "proposal" and "relief margin" in either the subject or body of the emails. In one campaign that we observed, the phishing emails contained a malicious link in both the body of the email and in a PDF attachment that, if opened, redirects to a fraudulent website prompting victims to enter their Microsoft Office 365 login credentials.

© 2020 Civil Air Patrol. All rights reserved.