Business Email Compromise (BEC): Tracking a Threat Actor’s Funny Business | allinfosecnews.com

June 24, 2024, 10:05 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Executive Summary

In a recent LevelBlue incident response engagement, an analyst in our managed detection and response (MDR) security operations center (SOC) responded to an alarm that was triggered by a suspicious email/inbox rule. The rule aimed to conceal responses to an internal phishing attempt from the account user, so the attacker could solicit funds from the company's users. According to a report by the Cybersecurity and Infrastructure Security Agency (CISA), “Email systems are the preferred attack vector for malicious …

account actor alarm analyst and response bec business business email compromise center compromise conceal detection detection and response email email compromise engagement executive funny incident incident response internal levelblue managed managed detection managed detection and response mdr operations phishing response security security operations security operations center soc threat threat actor tracking

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Malware development trick 42: Stealing data via legit Discord Bot API. Simple C example 5 hours ago | malware.news

api application bot concept +25

Velvet Ant’s Strategic Targeting: A Long-Term Cyber Espionage Campaign Against F5 BIG-IP Systems 5 hours ago | malware.news

advanced advanced persistent threat adversary ant +21

Affirm says Evolve Bank data breach also compromised some of its customers 6 hours ago | malware.news

8-k affirm amp attack +24

Give a lead to save a child 7 hours ago | malware.news

abuse camera child child sexual abuse +13

365 Total Backup Changes July 2024 7 hours ago | malware.news

article backup backups change +11

Deep Dive into Blockchain Security: Vulnerabilities and Protective Measures 7 hours ago | malware.news

applications article author blockchain +12

Google Summer Of Code 2024 In Stratosphere. Blog for the first month of Sekhar Kumar … 9 hours ago | malware.news

article blog code dash +6

Release notes: Mutexes in TI Lookup, new YARA rules, extractors, and more 9 hours ago | malware.news

any.run capabilities config detection +15

Vulnerabilities in PanelView Plus devices could lead to remote code execution 18 hours ago | malware.news

attackers automation can code +17

Information Assurance Engineer

@ Leidos | 6314 Remote/Teleworker US

View on infosec-jobs.com

SQL Database Admin - INT

@ General Dynamics Information Technology | USA AZ Fort Huachuca - 2133 Cushing St, Bldg 61801 (AZC012)

View on infosec-jobs.com

Network Engineer - Lead

@ QBE LLC | Arlington, VA, US

View on infosec-jobs.com

Cloud Managed Services Engineer

@ Versa Networks | Switzerland

View on infosec-jobs.com

Software Engineer - Microsoft Entra ID

@ BT Group | Snowhill, Birmingham, United Kingdom

View on infosec-jobs.com

Security Cloud Solution Architecture Manager

@ Microsoft | Issy Les Moulineaux, Hauts-de-Seine, France

View on infosec-jobs.com