We all have a fairly reasonable understanding of how a phishing attack works at its most critical moment – when a user falls for social engineering and clicks on the malicious link, attachment, etc. But cyberattacks that use this tactic involve so many more actions that occur well before this point of user engagement, as well as an equally large amount of malicious activity after – making the phish itself only one small part of sophisticated, multi-layer attacks.
Two well-known attacks of 2022 – Uber (resulting in the details of 77,000 employees being leaked on line) and MailChimp (where 214 crypto industry customer accounts were compromised) – both involved the use of phishing and social engineering to achieve their goals.
But what else is there to learn from these two attacks by looking before and after the simple oh-so-fateful click of a maliciously-intended email?
In this Real Training for Free session, 4-time Microsoft MVP, Nick Cavalancia takes my seat as he first covers:
- The current state of the use of phishing in cyberattacks today
- The prevalence of threat actions taken before and after the Inbox
- Aligning phishing attack tactics to MITRE
Up next, you’ll hear from Ray Wallace, CTO at GreatHorn, who will provide a detailed, step-by-step breakdown of two large data breaches of 2022, including Uber and Mailchimp. Ray will also demonstrate the threat actions used in these two attacks live, including:
- Impersonation
- Credential harvesting
- Silent payload delivery
- Use of the Dark Web for selling or purchase of credentials
- Use of MFA Fatigue
- Internal Spearphishing
Ray will break down these attacks across each phase to understand how the attackers are thinking and subsequently what preventative capabilities exist within both the native email platform and additional solutions to protect against attacks using the most common vector used in data breaches – email.
This Real Training for Free session will be chock full of practical, real-world content! Register now!