From a threat intelligence perspective, this post presents the Tactic, Technique and Procedure (TTP), which can be best described as Living Off The Land at Scale (LOTLS).
Phishing threats are not homogeneous in nature. Malicious actors use several different phishing attack topologies to execute their campaigns – each of which require a different approach to detect and mitigate the threat.
Driven by the spike in remote access demand due to the global pandemic, organizations now face an urgent need to shift from legacy VPNs to Secure Web Gateways in order to support a modern, cloud-based architecture.
WordPress is an easy target and attackers are compromising vulnerable and misconfigured deployments to serve Qakbot and other malware.