Threat Actors Leverage Compromised Vendor for Spear-Phishing Attack
Attacks like this from the supply chain ecosystem thwart SEG solutions like Proofpoint.
What is the attack?
- Threat actors compromise vendor accounts within a company's vast supply chain ecosystem to launch spear-phishing campaigns.
- These attacks exploit the trust inherent in established business relationships, using legitimate, compromised email accounts to send malicious content.
Why did it get through?
- These attacks originate from legitimate, trusted vendor accounts with valid SPF/DKIM/DMARC records.
- Because of this, traditional threat intelligence solutions like Proofpoint fail to stop these previously unseen attacks.
- The vast number of vendors (often 30,000+) creates a vast attack surface to monitor.
What is required to solve for this attack?
- Abnormal’s Behavioral AI flags never-before-seen senders and URLs as anomalies that enable the detection of novel attacks.
- This pairs well for defense in depth with the Cloud Email Platform (M365’s) Threat Intelligence layer.