Office 365 Admins Targeted in Ongoing Phishing Scam

This is not unexpected.  Cybercriminals are fairly smart and they are motivated to target the resources with the greatest and/or most effective access.  As more and more of the world moves their respective Exchange and Active Directory resources to the cloud, O365 and Azure administrators move up the valued target list.

This article simply points out something we have known for some time.  We must take phishing threats and associated awareness training seriously.  This must become a priority for every organization, large and small.  This issue also places a brighter spotlight on the security associated with service providers and 3rd party administrators.  Make sure your security controls take those resources into consideration as well.

https://threatpost.com/office-365-admins-phishing/150352/

A New Attack Category is Born: You Now Need to Also Worry About Evasive Spear Phishing

Spear phishing has long been a serious concern for organizations battling the constant onslaught of social engineering attacks pointed at their users.  This post from the team at KnowBe4 sheds some light on a new form of spear phishing that often focuses in on technology firms and other high value targets.  The depth and level of sophistication associated with these attacks should raise red flags.  The more accurate and relevant the phishing content, the higher the likelihood the end user will fall into the trap and click the link.

Please be diligent in your awareness training and notifications to end users.  These threats are very real!

https://blog.knowbe4.com/a-new-attack-category-is-born-you-now-need-to-also-worry-about-evasive-spear-phishing

Web scraping doesn’t violate anti-hacking law, appeals court rules

This is an intriguing legal development that may have far reaching implications on intellectual property and privacy fronts.  The fact that current legal standards cannot appropriately address web scraping means that our US laws are woefully outdated and unable to tackle the challenges of a highly technical and quickly evolving society.  Agility should be an important component to all future legislative processes.

https://arstechnica.com/tech-policy/2019/09/web-scraping-doesnt-violate-anti-hacking-law-appeals-court-rules/

Wikipedia, World of Warcraft Downed By Weekend DDoS Attacks

This article discusses yet another series of DDOS attacks targeting well known websites.  Based on the article, these DDOS attacks are an example of a hacking group trying to validate skills and work toward larger attacks which will in turn inspire other attacks against new targets by other new hacking groups.  This is a systemic problem that will continue to grow and plague businesses and organizations worldwide.

It is important to consider the potential damage that can be caused by a DDOS attack and how your organization would remediate or mitigate such an attack.

https://threatpost.com/wikipedia-world-of-warcraft-ddos-attacks/148121/