Microsoft Warns: Business Email Compromise Attacks Can Happen in Just a Few Hours - 1

Microsoft Warns: Business Email Compromise Attacks Can Happen in Just a Few Hours

  • Written by Ari Denial Cybersecurity & Tech Writer

Microsoft’s Security Intelligence team recently conducted an investigation revealing that threat actors conducting Business Email Compromise (BEC) attacks are operating at a faster pace. The study showed that the entire BEC attack process can now be executed within a few hours, likely aimed at reducing the chances of the victims detecting the attack and taking the necessary measures promptly.

The swift progression of these attacks ensures that targets have limited time to identify signs of fraud and take appropriate measures to prevent them.

The attacker gained access to the victim’s account and spent two hours scouring the mailbox for suitable email threads to hijack.

Hijacking email threads is an effective technique as it makes the fraudulent message appear like a continuation of a legitimate communication exchange, leading the recipients to trust it more.

Subsequently, the attacker registered deceptive domains by using homoglyph characters to make them look nearly identical to the websites of the target organization and the impersonated partner. Within five minutes, the attacker set up an inbox rule to divert emails from the impersonated partner organization to a designated folder.

Within the following minute, the attacker sent a malicious email to the business partner, requesting a wire transfer instruction change and promptly deleted the sent message to minimize the chances of the compromised user discovering the breach.

The entire process, from the initial sign-in to the deletion of the sent email, took a total of 127 minutes, indicating a sense of urgency on the attacker’s part.

According to Microsoft , their testing and evaluation of BEC detections and responses in customer environments, when faced with real-world attack scenarios, demonstrated that dozens of organizations had better protection when accounts were automatically disabled by Microsoft 365 Defender.

Microsoft states that their new automatic disruption capabilities provide the SOC team with complete control to investigate all actions taken by Microsoft 365 Defender, and if necessary, remediate any remaining impacted assets.

News Heading - 2

Ransomware Attack Causes Severe Disruption at Hospital Clínic de Barcelona

  • Written by Ari Denial Cybersecurity & Tech Writer

The Hospital Clinic de Barcelona has been hit by a ransomware attack that caused significant disruptions to its computer systems. As a result, the clinic had to cancel 150 non-urgent surgeries and up to 3,000 patient check-ups. The attack has been linked to foreign threat actors.

As per Security Week’s report, the Sunday ransomware attack had a crippling impact on the Hospital Clinic de Barcelona. The attack impacted various areas, including laboratories, emergency rooms, pharmacies at three main centers, and multiple external clinics.

The attack resulted in around 150 elective surgeries, 500 extractions, and roughly 300 consultations being postponed. The hospital is redirecting urgent cases to other locations.

During a news conference, the hospital director Antoni Castells said – “We can’t make any prediction as to when the system will be back up to normal.” According to a report, Sergi Marcen, the Secretary for Telecommunications and Digital Transformation at the Hospital Clinic de Barcelona, stated that the ransomware attack was carried out by threat actors outside of Spain. Marcen said that “RansomHouse carries out these types of attacks in exchange for money, but so far they have not been in contact.”

Additionally, a government statement noted that the cyberattack had a significant impact on the emergency services of three medical centers linked to Clínic de Barcelona, namely CAP Casanova, CAP Borrell, and CAP Les Corts.

Although the hospital’s SAP system was not affected, all other applications and communications have been disrupted, and the restoration of critical systems is ongoing. As a result, physicians cannot access patient information, and the situation has affected the provision of care services.

To minimize the impact of the attack and facilitate communication between different departments, additional health assistants and administrative staff have been deployed in Clínic de Barcelona.

According to hospital officials, Radiology, endoscopic tests, radiological scans, dialysis, and outpatient pharmacy services have not been affected by the cyberattack and will continue to operate normally.