October 2024 - THOTM

 

In October 2024, GoSecure Threat Hunters have uncovered a sophisticated phishing campaign that utilizes tactics like Attacker-in-the-Middle (AitM) and phishing to compromise user accounts through web session cookie theft. This specific method targets cloud-based file hosting applications such as Dropbox and OneDrive, compromising users by manipulating shared files and redirecting them to malicious sites where both credentials and multi-factor authentication details are stolen.

Why This Matters

The theft of web session cookies is a critical threat as it allows attackers to bypass traditional security measures and gain access to sensitive information undetected. These cookies often authenticate personal and financial details, making their theft particularly dangerous. This technique is increasingly used in targeted phishing attacks, making awareness and prevention essential.

Detection and Monitoring

GoSecure’s proactive threat hunt in October identified and intercepted phishing attempts using legitimate-looking documents, such as a DocuSign envelope, as a lure to direct victims to malicious sites. Our Threat Hunters have been vigilant in monitoring for signs of this behavior and have established new detection rules that can identify similar threats in real-time.

Recommendations

To defend against this type of attack, GoSecure recommends the following steps:

  • Enable and enforce multi-factor authentication (MFA) for all cloud services.
  • Educate employees about the dangers of phishing and the importance of verifying the authenticity of requests involving sensitive data or credentials.
  • Utilize advanced email filtering solutions that can detect and block phishing attempts before they reach end users.
  • Review and monitor sign-in logs and file access patterns for unusual activities that could indicate a breach.

Conclusion

GoSecure remains steadfast in its commitment to detect and mitigate emerging cybersecurity threats. Our MXDR service is designed to provide continuous monitoring and targeted threat detection to protect against complex threats like web session cookie theft. For more detailed information on how we’re actively addressing this issue or to enhance your defenses against such phishing attacks, contact us directly (888)-287-5858 or info@gosecure.ai.

Stay secure!

Your GoSecure Threat Hunting Team

GoSecure Titan® Managed Extended Detection & Response (MXDR)​

GoSecure Titan® Managed Extended Detection & Response (MXDR)​ Foundation

GoSecure Titan® Vulnerability Management as a Service (VMaaS)

GoSecure Titan® Managed Security Information & Event Monitoring (Managed SIEM)

GoSecure Titan® Managed Perimeter Defense​ (MPD)

GoSecure Titan® Inbox Detection and Response (IDR)

GoSecure Titan® Secure Email Gateway (SEG)

GoSecure Titan® Threat Modeler

GoSecure Titan® Identity

GoSecure Titan® Platform

GoSecure Professional Security Services

Incident Response Services

Security Maturity Assessment

Privacy Services

PCI DSS Services

Penetration Testing Services​

Security Operations

MicrosoftLogo

GoSecure MXDR for Microsoft

Comprehensive visibility and response within your Microsoft security environment

USE CASES

Cyber Risks

Risk-Based Security Measures

Sensitive Data Security

Safeguard sensitive information

Private Equity Firms

Make informed decisions

Cybersecurity Compliance

Fulfill regulatory obligations

Cyber Insurance

A valuable risk management strategy

Ransomware

Combat ransomware with innovative security

Zero-Day Attacks

Halt zero-day exploits with advanced protection

Consolidate, Evolve & Thrive

Get ahead and win the race with the GoSecure Titan® Platform

24/7 MXDR FOUNDATION

GoSecure Titan® Endpoint Detection and Response (EDR)

GoSecure Titan® Next Generation Antivirus (NGAV)

GoSecure Titan® Security Information & Event Monitoring (SIEM)

GoSecure Titan® Inbox Detection and Reponse (IDR)

GoSecure Titan® Intelligence

OUR SOC

Proactive Defense, 24/7

ABOUT GOSECURE

GoSecure is a recognized cybersecurity leader and innovator, pioneering the integration of endpoint, network, and email threat detection into a single Managed Extended Detection and Response (MXDR) service. For over 20 years, GoSecure has been helping customers better understand their security gaps and improve their organizational risk and security maturity through MXDR and Professional Services solutions delivered by one of the most trusted and skilled teams in the industry.

EVENT CALENDAR

No upcoming events.

LATEST PRESS RELEASE

SECURITY ADVISORIES

 24/7 Emergency – (888)-287-5858