Since the conversation about Bad Bunny here is in full force, can we talk about the fact that DTMF can be interpreted as a mournful song in an era where pandemic erasure is in full force?

We lost millions of people. And here is this man talking about “I should’ve taken more pictures when I could”

#BadBunny #dtmf #SuperBowl #COVID19

I’ve experienced many phishing campaigns in my career. Lots of long nights supporting incident response teams and SOC operations chasing down the phishing infrastructure to stop the campaign for long-term effect rather than blocking sender names.

Most of the times, we were successful. Phishing campaigns were just another event. Maybe 1-2 clicks, credentials were reset, session tokens were reset, and it was just like any other day.

Today was different. Today I experienced for the first time ever, a phishing campaign that went from initial click to full account takeover and business email compromise in 8 minutes on a scale of thousands of recipients.

A completely scripted, and likely automated phishing campaign, enabled the attacker(s) to successfully compromise in synchronization over 100 user accounts in less than 10 minutes. That’s how long it took before I was able to reach the data dump server as I was getting each indicator ingested for blocking. That’s how fast it took the infrastructure to rotate for a second wave.

I’ve ran this exact playbook a thousand times before as a threat intel analyst with great success. Their automated attack beat me to the punch.

It doesn’t matter how fast your response time is, it doesn’t matter how well your team rehearses their playbooks, or how many table tops you conduct a year; the reality is that automation is making defender’s lives harder, where normal, everyday SOC events become severe incidents.

#PhishingAwareness
#cybersecurity
#infosec
#threatintel
#cyberthreatintelligence
#cti