phishing attackGroup-IB continues to conduct research and has found that a large scale phishing maneuver is underway.

This offensive has had an impact on 130 companies in a wide range of businesses. These include, but are not limited too, professional recruitment firms and companies related to finance and tech.

Just a few of the targeted include giants within their fields, such as:

  • HubSpot
  • Evernote
  • Best Buy
  • Epic Games
  • Microsoft
  • AT&T
  • Twitter
  • Verizon Wireless
  • MailChimp
  • MetroPCS
  • Twilio
  • T-Mobile

This is also the result of an unsuccessful attempt at Cloudflare's Network Breach.

The hacking maneuver uses a kit code-named "Oktapus" and has been in progress since at least March 2022. It has many tentacles, as the Group-IB report reveals. The campaign's creators have been able to access targeted networks with nearly ten thousand stolen login credentials.

As with many attacks, the attack starts as it always does. An email message is sent to the target with a link to a website. The page appears legitimate. This page is an exact copy of a corporate website, using all the appropriate branding and logo images.

A opt-in box is usually displayed to the user. They are encouraged to enter their account information along with two-factor authentication codes, if they are used. This gives hackers control of the site another login option.

Okta is a legitimate and widely respected Identity-as-a-service (IDaaS) that allows users to employ a single login to access all software assets in their company. Hackers have found a way to abuse this to steal customer data. This is then used to launch additional attacks against firms within the supply chain of the originally targeted company.

Even if you aren't in any of these industries, make sure your IT staff is aware. Integrated Technology Systems provides managed IT services and can work with your IT staff to ensure your employees are well educated and your data is secure from attack.

LastPass has been hacked

LassPass-hackIt is best to use different passwords for every website. Also, keep them in a password manager. Although it's generally a good idea, what happens if the password vaults are compromised?

This is what LastPass's more than 25 million users are discovering. LastPass is the world's largest password vault, making it an attractive target for hackers. CEO of LastPass, Karim Toubba, announced on August 25, 2022 that "an unauthorized third party had stolen portions the source code as well as some proprietary LastPass technical information."

It appears that the breach was limited to the company's servers for development. A developer's account was also compromised. There is  good news for LastPass customers. The first is that no customer data was stored on the development servers. LastPass uses a "zero knowledge" architecture. This means that although it stores your passwords but cannot access them without your master password.

LastPass claimed that the breach did not affect the master passwords of its users, and that there was no evidence of criminal activity. Accordingly, no action is required from users of their service at the moment.

The company stated that while an investigation continues into the incident, it has implemented new preventative measures as well as retained the services of a leading cybersecurity and forensics firm.

Companies of all sizes are venerable to a cyber attack. What is your company doing to prevent an attack? Call Integrated Technology Systems today for a complete cybersecurity review.

Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017