← All stories

Huntress

Thwarting Financial Fraud | Huntress

2023-07-13 · Read original ↗

ATT&CK techniques detected

8 predictions

T1657Financial Theft

99%

"the accounts payable department of the outside trusted vendor. their suspected aim was to intercept payment information, such as invoices, with the ultimate goal of manipulating routing numbers to divert funds into attacker - controlled bank accounts. in the following case, the u…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1586.002Email Accounts

86%

"nigerian ip. they began tracing the activity of this user and it quickly became clear that the activity was malicious. activity details the first successful login to the compromised account was detected from an ip address 102. 88. 63 [. ] 112 in kaduna, nigeria " new - inboxrule …"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1564.008Email Hiding Rules

80%

"and does not normally contain emails. the reason this folder was likely chosen by the attacker is that users rarely browse this folder. marking emails as read will often be done in concert with moving them to a less - used folder to allow threat actors time to manipulate and / or…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1657Financial Theft

63%

"thwarting financial fraud | huntress huntress has been hunting malicious actors across 60, 000 + user accounts for almost 2, 000 small businesses enrolled in our managed detection and response ( mdr ) for microsoft 365 product. with mdr for microsoft 365 now in general availabili…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1566.002Spearphishing Link

41%

"action of true, also have a high probability of being malicious in nature. parting thoughts the rise of financial fraud, particularly through bec attacks, poses significant challenges to businesses worldwide. it is crucial for organizations to prioritize cybersecurity and adopt c…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1137.005Outlook Rules

39%

"and does not normally contain emails. the reason this folder was likely chosen by the attacker is that users rarely browse this folder. marking emails as read will often be done in concert with moving them to a less - used folder to allow threat actors time to manipulate and / or…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1078.004Cloud Accounts

39%

"action of true, also have a high probability of being malicious in nature. parting thoughts the rise of financial fraud, particularly through bec attacks, poses significant challenges to businesses worldwide. it is crucial for organizations to prioritize cybersecurity and adopt c…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1114.003Email Forwarding Rule

32%

"and does not normally contain emails. the reason this folder was likely chosen by the attacker is that users rarely browse this folder. marking emails as read will often be done in concert with moving them to a less - used folder to allow threat actors time to manipulate and / or…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

In this blog, explore how Huntress caught an attempt at financial fraud through business email compromise (BEC) in Microsoft 365.