I got hit by a devastating worm that spread through phishing. This is how it worked and what I learned from it.
A long time ago in a world without Multi-Factor Authentication…
The first report came in shortly after 10 am. A user had fallen victim to a phishing attack. Their account was spamming out an unusual amount of email, triggering an alert. Another day, another attack.
The response team hit the big red ‘account breached’ button, locking the compromised account down, then we started to investigate. We were looking for the root cause of the compromise and any damage that had been caused. Applications used, data downloaded, emails sent, etc.
The second report came in at 10:10 am. This wasn’t uncommon. Emails that made it through the filtering rules tended to hit a number of people at the same time. If you land enough phishing emails of reasonable quality it’s almost inevitable that one or two people will fall for them.
The third report came in at 10:14. As did the forth, the fifth, and the sixth. Now, this was unusual.
[Read more…] about Phishing with Worms – The Greatest Password Theft I’ve Ever Seen