FS-ISAC hit with phishing attacks

A Financial Services Information Sharing and Analysis Center (FS-ISAC) employee fell victim to a phishing attack that compromised login credentials enabling additional phishing attacks.

FS-ISAC is a cyber and physical threat intelligence analysis and sharing platform for the global financial industry.

An employee clicked on a malicious email that compromised their credentials allowing the threat actor to create an email with a PDF that had a link to a credential harvesting site which was then sent from the initial compromised account to select members, affiliates and employees, according to a notice sent to affected members that was obtained by KrebsOnSecurity.

The effects of the secondary attacks appear to have been limited and contained since many FS-ISAC members who received the phishing attacks quickly detected and reported the malicious emails as suspicious.

FS-ISAC President and CEO Bill Nelson described the incident as a routine attack that doesn’t appear to have been targeted or sophisticated. Nelson told the publication that his firm needs to accelerate multifactor authentication adoption for all of its assets and that there are plans to implement additional security features moving forward.

 

Source: https://www.scmagazine.com/financial-cyberthreat-sharing-platform-hit-with-phishing-attacks/article/748361/

B2B media executive with an unusually broad and international range of experience in both the editorial and commercial aspects of publishing, social media and events. I write a range of content types on technical subjects in wholesale finance and IT and have interviewed senior figures from the public and private sector globally for many years.

Related posts

Your thoughts