“This report describes “Phish For The Future,” an advanced persistent spearphishing campaign targeting digital civil liberties activists at Free Press and Fight For the Future. Between July 7th and August 8th of 2017 we observed almost 70 spearphishing attempts against employees of internet freedom NGOs Fight for the Future and Free Press, all coming from the same attackers. This campaign appears to have been aimed at stealing credentials for various business services including Google, Dropbox, and LinkedIn. At least one account was compromised and was used to send out additional spearphishing emails to others in the organization. Because the compromised account had been neglected for years and contained no recent activity, we suspect the attackers were trying to leverage trust in order to compromise a more recent or high-value account. We were unable to determine what the secondary goal of the campaign was after the credentials were stolen. The attackers were remarkably persistent, switching up their attacks after each failed attempt and becoming increasingly creative with their targeting over time…online activism is not always very organized. It often involves a centralized organization and a large network of volunteers, which can pose a security challenge. We recommend an organization-wide requirement to enable two-factor authentication on all accounts with access to sensitive data such as emails, social media accounts, planning documents, github logins, CMS logins, or other credentials. It is our recommended best practice to secure all accounts with two-factor authentication so that trusted compromised accounts can’t be used in the service of more effective spearphishing attacks. For more information on how to set up two-factor authentication see our Surveillance Self Defense guide…”
Sorry, comments are closed for this post.