A new phishing campaign has been confirmed, posing a significant threat to the security and operations of the Canadian air industry.

The Canadian Center for Cyber Security and Aviation Information Sharing and Analysis Center (AI-ISAC) have confirmed an ongoing phishing campaign targeting the Canadian air industry. This campaign highlights the increasing sophistication of cyber threats and the need for heightened vigilance across all sectors.

Multiple accounts across various Canadian domains have been compromised due to this phishing campaign. The attackers utilized emails designed to look like legitimate SharePoint notifications, embedding a link that prompted users to enter their login credentials.

Once obtained, these credentials allowed attackers to access proprietary information, send further phishing emails, and engage in other malicious activities.

The Attack Explained

The phishing email specifically targeted employees, leading to the compromise of their SharePoint and OneDrive accounts. The attackers mimicked a trusted organization, making it more likely for recipients to fall for the scam.

An E-mail is sent from SharePoint online with an embedded link in the message body linking to a site that is going to prompt you for your login credentials. Their goal is to collect your access token to either collect data or send other e-mail with similar content.

Potential Consequences

The impact of a phishing attack can be serious and wide-ranging, with many potential problems for the affected organizations, including:

  1. Ransomware: Attackers could use stolen credentials to deploy ransomware, encrypting critical data and demanding a ransom for its release.
  2. Session Hijacking: With access tokens, attackers can hijack active sessions, gaining unauthorized access to sensitive information and systems.
  3. Credential Harvesting: Stolen credentials can be used to access other accounts, potentially leading to a broader security breach.

By understanding the potential consequences, organizations can better prepare and implement effective measures to safeguard against such threats. Here are some essential steps to prevent an attack:

Ways to Prevent an Attack

  1. Awareness and Training: Regularly educate employees about the dangers of phishing and how to recognize suspicious emails.
  2. Multi-Factor Authentication (MFA): Implement MFA to add an extra layer of security, making it harder for attackers to gain access with just a password.
  3. Regular Security Audits: Conduct frequent security assessments to identify vulnerabilities and address them proactively.

Is Your Organization Secure?

If you’re uncertain about your organization’s security posture or just want a second opinion, our cybersecurity experts at NetAdmins are here to help. We offer a FREE Security Risk Assessment to identify potential vulnerabilities and recommend actionable steps to secure your systems.

Schedule your assessment today by clicking here or calling us at +1 (866) 638-2364