Microsoft Halts Phishing, Calendly Invite Danger, OpenAI Security Incident
It’s December, and while everyone is gearing up for the grand festivities, cybercrooks are also busy developing and executing threat campaigns. There’s something about holidays and the shopping season that these threat actors love way too much. One, people really let their guards down as they try to enjoy life. Secondly, brands try to make the most of this time period by running attractive, limited-time campaigns.
It is these moments of carefree indulgence and chaos that the cybercrooks want to abuse by deploying sophisticated threat campaigns. Only awareness and vigilance can protect you from the clutches of cybercriminals. That’s exactly why we are here with our first cyber bulletin of the month. Let’s not waste any more time and get started on the details!
Microsoft disrupts a massive phishing campaign designed by Storm-0900
A threat actor named Storm-0900 designed a threat campaign around Thanksgiving Eve and flooded inboxes across the USA with malicious emails. It was a carefully planned campaign aimed at compelling unsuspecting users to click on malicious links in the emails. The campaign started to peak around November 26th. Emails were themed around urgent medical results and parking violations. The core purpose was to abuse the time when the majority of the people would be busy traveling, celebrating festivals, or indulging in shopping experiences.
The threat actor carefully structured the campaign to target two key aspects- administrative urgency and personal urgency. Storm-0900 used a neighbor spoofing technique on their targets. The goal was to make the victims succumb to social pressure. Some emails were also designed to look more formal and institutional. Most of these emails claim to be from medical centers and to contain an “INR test report.” An element of urgency was further added to every email claiming that “we are closed Thursday, November 28th, in observance of Thanksgiving.”
Microsoft, with its robust defense systems, managed to identify the threat campaign right on time and disrupted it immediately. A multi-layered security strategy was developed to detect and eradicate the campaign. The defense strategy included multiple steps, like email filtering, endpoint protection, and finally, infrastructure takedown.
To counter these rising phishing threats, organizations are increasingly adopting DMARC, DKIM, and SPF to strengthen email authentication and protect brand integrity.
Beware– That Calendly invite can get your ad manager account hacked
A new phishing campaign is doing the rounds where the threat actors use Calendly-themed invites to get access to Google Workspace and Facebook business accounts. Cybercrooks have been targeting ad manager accounts of businesses for a long time. But this time, the threat actors have effectively increased the success rate of this campaign.
Calendly is a digital scheduling platform that enables organizers to send virtual meeting links to attendees, where the latter can select a suitable time slot. Cybercriminals have misused Calendly earlier, too. But this time, they are abusing reputed brand names such as Disney, Uber, Unilever, LVMH, and MasterCard.
Basically, the threat actor impersonates a recruiter from a popular brand and then shares false meeting invitations to the victims. They take the help of different AI tools to come up with fake emails. When a victim clicks on the malicious link, they get directed to a fake Calendly-lookalike page. There, the victim is required to solve a CAPTCHA. Meanwhile, the AiTM phishing page tries to capture the victim’s Google Workspace login sessions.
So far, threat actors have impersonated around 75 well-known brands.
OpenAI gets breached because of its analytics partner
OpenAI has experienced a major cyber breach as threat actors managed to penetrate the network of Mixpanel, OpenAI’s analytics partner. The threat actors have managed to steal customer profile information.
The CEO of Mixpanel has shared a post stating that the breach happened on November 8th. It was a smishing attack, one that involves malicious SMS to target victims. The threat actors targeted employees at Mixpanel to get access to sensitive data related to OpenAI profiles.
Some of the critical data compromised by this attack includes names, email addresses, referring websites, locations, and so on. Mixpanel claims that they have communicated directly with each and every impacted customer. OpenAI, on the other hand, has terminated its connection with Mixpanel.
OpenAI has clarified that no payment details, API keys, passwords, user credentials, or government IDs were compromised in this incident. But it has advised customers to stay vigilant and double-check any email that appears to be coming from OpenAI’s domain. Turning on Multi-Factor Authentication can also be a smart move in this situation.
This threat attack is a staggering reminder that securing the primary platform is just level one of risk prevention. One must also be equally mindful of securing the secondary platforms and other partners associated with the main platform. Cybercrooks often use these less-secure secondary platforms as backdoors for unauthorized entry.
