US itek also uses allowlisting, which has prevented these types of phishing attacks at its end user sites, said Stinner. You need to put the threat of phishing attacks every week.” We have a robust end user training platform called Breach Secure Now which pushes out weekly training to our users. “You need to educated users not to click on unknown links.
“Uneducated users are going to be duped from time to time,” he said. “The biggest issue is providing security awareness training.” Phising Attacks Are Always A Problemĭavid Stinner, founder and president of US itek, a Buffalo, N.Y.-based MSP, said phishing attacks are always a problem for MSPs “We use good credential separation and good conditional access policies which limits our exposure to these threats,” he said. The use of legitimate domains that pass email filters continue to be an avenue that MSPs need to be aware of, said Slagle.Īs for the impact of the current attacks, Slagle said he and his customers do not use Evernote and use OneNote sparingly. The threat actors are finding new and more creative ways to engage in social engineering attacks.” “MSPs continue to be very rich targets because we are a force multiplier for those threat actors. “These phishing attacks are threats to all of us,” said Slagle. “It pays to follow Kyle and the Huntress team, Blackpoint, CompTIA threat analysts and other threat researchers,” he said. Key to keeping customers safe from attacks is staying on top of the latest threat intelligence, said Slagle. “There is always money in the banana stand,” joked Slagle referring to a running gag from the “Arrested Development” TV show. Slagle said the constant attacks force MSPs to always be on guard and to in effect play “whack-a-mole,” knocking back one threat after another.
“The OneNote attack vector involves an attached document while the Evernote attack is a social engineering attack that comes directly from the Evernnote domain,” he said “These are two different, but both very effective attack vectors. Jason Slagle, president of CNWR, a Toledo, Ohio, MSP, said the two phishing attacks are distinct. FML 🤦♀️ /qSajcik101- Kyle Hanslovan February 1, 2023ĬRN reached out to Microsoft and Evernote for a response to the phishing attack but had not heard back at press time. Statistically, someone on that list is going to fall for this. Came from a compromised regional account director in the channel and included 148 other major vendors and MSPs/MSSPs. Just receive a Microsoft 365 login phish hosted on the legit Evernote domain.
0 kommentar(er)
