《ONNX商店:一个针对金融机构的钓鱼即服务平台的兴衰.pdf》由会员分享,可在线阅读,更多相关《ONNX商店:一个针对金融机构的钓鱼即服务平台的兴衰.pdf(30页珍藏版)》请在三个皮匠报告上搜索。
1、Sr.Cyber Threat Intelligence Analyst EclecticIQArda BykkayaONNX Store:The Rise and Fall of a Phishing-as-a-Service Platform Targeting Financial Institutions Understanding Phishing-as-a-Service(PhaaS)Inside the ONNX Store Phishing Operations Unmasking the ONNX Store Admin Importance of True Attributi
2、on in CTI Prevention Methods&Key TakeawaysAgendaArda Bykkaya About me Senior Cyber Threat Intelligence Analyst at EclecticIQ 4+years of experience delivering actionable intelligence Background in Malware Analysis and Incident Response Uncovering nation-state APT operations and tracking financially m
3、otivated threat actorsWhichbufferArdaardabuyukkayaUnderstanding Phishing-as-a-Service(PhaaS)Inside the ONNX Store phishing operations Active PhaaS since 2020 as Caffeine Store brand Managed by MRxC0DER persona Microsoft identified 16.8+million phishing emails tied to the ONNX Store 1Rebranding from
4、Caffeine ONNX Store Oct 10,2022:Mandiant exposed the Caffeine Store Research from Mandiant likely created an attention amongst cybercriminals.Nov 27,2023:Poor reviews and support issues led to its rebranding as ONNX Store.Strong branding and marketing:o users can publish their successful operations
5、and get 3 days free accesso stolen icon from Open Neural Network Exchange(They get sued for that one!)24/7 customer support over Telegram channel Payment over cryptocurrencyQR code phishing(Quishing)for delivery Evading the Secure email Gateway QR code embedded inside the PDF attachment QR code scan
6、 trough smartphone leads to Phishing page Companies dont have enough visibility in smartphone usersTargeting Microsoft 365 for Business email compromiseAdversary-in-the-Middle(AiTM)Phishing AttackUnmasking the ONNX Store admin Expired API errors in Caffeine and ONNX Store are nearly identical Both p