I published the following diary on isc.sans.edu: “Generating PCAP Files from YAML“:
BEC or “Business Email Compromize” is a trending thread for a while. The idea is simple: a corporate mailbox (usually from a C-level member) is compromized to send legitimate emails to other employees or partners. That’s the very first step of a fraud that could have huge impacts.
This morning, while drinking some coffee and reviewing my logs, I detected a peak of rejected authentications against my mail server. There was a peak of attempts but also, amongst the classic usernames, bots tested some interesting alternatives. If the username is “firstname”, I saw attempts to log in with… [Read more]
[The post [SANS ISC] Keep an Eye on Remote Access to Mailboxes has been first published on /dev/random]
Source: /sexobliam-ot-ssecca-etomer-no-eye-na-peek-csi-snas/03/01/9102/eb.llehstoor.golb