‘The breadth of targeted cloud platforms continues to expand’: Google’s security team takes a look at how ShinyHunters have rolled out so many SSO scams recently

ShinyHunters use vishing and custom phishing pages to bypass SSO protections
Stolen MFA codes grant access to platforms like Salesforce, Microsoft 365, and Dropbox
Other groups mimic tactics; experts urge phishing-resistant MFA and Zero Trust defenses

A highly effective combination of vishing (voice phishing) and customized infrastructure has allowed the dreaded ShinyHunters extortion gang to launch countless single sign-on (SSO) scams in recent times, experts have concluded

A new report from Google‘s Mandiant experts has explained the modus operandi behind a wave of SSO attacks that hit companies across industries recently, saying it all starts with a phone call.

MFA codes, they log into either Okta, Entra, or Google SSO dashboard, through which they can pick and choose what kind of data to steal: Salesforce, Microsoft 365, SharePoint, DocuSign, Dropbox, or a myriad of others. ShinyHunters, apparently, prefer Salesforce, although they won’t pass up on a different opportunity, too.

Finally, after exfiltrating all of the stolen data, they will add a sample to their data leak page and reach out to the victim in an attempt to get them to pay.

To stay safe, businesses should train their employees on the dangers of phishing and educate them on the latest techniques used in such attacks. They should also use phishing-resistant multi-factor authentication (MFA) wherever possible and deploy Zero Trust Network Architecture (ZTNA).

Via BleepingComputer

The best antivirus for all budgets

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

https://cdn.mos.cms.futurecdn.net/ThNyuwnA55tfcixfqWcEcA-970-80.jpg

Source link

Why traditional metrics are giving CISOs a false sense of security

Top money transfer site Duc leaks user passport and driving license data info online

Regulatory whiplash: Why cyber resilience is now a governance imperative

Agentic AI: Transforming industries and tackling the interoperability imperative

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Colin Jost To Star As Dentist/Drug Kingpin In Drama Series At Peacock

Movies Are Getting Longer. It’s Not Your Imagination.

Aragorn to Be Recast in ‘Lord of the Rings: The Hunt for Gollum’

Jessica Simpson Reacts to Rumor She's Spent $1,000 a Week on Tanning

I helped build Uber and Discord and now my tools help fuel billion-dollar unicorns. But Silicon Valley is losing the AI race to itself

Senators urge Trump to bar Chinese automakers from building cars in US

AI adoption isn’t the hard part, it’s building employee agency

Deepseek’s V4 model will run on Huawei chips, The Information reports

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays