SANS ISC

[SANS ISC] Keep an Eye on Remote Access to Mailboxes

I published the following diary on isc.sans.edu: “Generating PCAP Files from YAML“:

BEC or “Business Email Compromize” is a trending thread for a while. The idea is simple: a corporate mailbox (usually from a C-level member) is compromized to send legitimate emails to other employees or partners. That’s the very first step of a fraud that could have huge impacts.

This morning, while drinking some coffee and reviewing¬†my logs, I detected a peak of rejected authentications against my mail server. There was a peak of attempts but also, amongst the classic usernames, bots tested some interesting alternatives. If the username is “firstname”, I saw attempts to log in with… [Read more]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.