Today, Immersive's Container 7 Research Team have released a new lab on ClickFix intrusions
ClickFix has become one of the most popular and successful social engineering techniques in the last decade. With multiple deployment options and a high success rate, cybercriminals are profiting considerably from unsuspecting victims in enterprise organizations and at the individual level.
What is this about?In recent weeks, multiple intrusions have been reported in which cybercriminal actors compromised victims using ClickFix as an initial access method. ClickFix is a social engineering technique that convinces victims to copy malicious code to their clipboard and run it with administrator privileges under the guise of software updates, installations, computer repair, or troubleshooting.
In this lab, we move away from Questions and Answers and towards action-based activities. This lab simulates realistic user-generated noise alongside realistic attacker actions, which are ingested by a SIEM. The user has to apply threat hunting techniques and then update the SIEM case management tool to reflect the discovered artefacts.
Why is this critical for you and your team?The SOC is the beating heart of the security function. The SOC will often be the first individuals (second only to the victim) who will get any indication that a malicious attack has taken place - so it's important for the SOC to understand exactly how ClickFix intrusions work, what tactics attackers use, and how to threat hunt based on known techniques to quickly and accurately identify attacker behaviour.
This lab will help users understand how ClickFix works and what goals an attacker might have after the ClickFix element of their intrusion concludes.
Who is the content for?
- SOC Analyst
- Incident Responders
- Cyber Threat Intelligence Analysts
- Threat Researchers
- Threat Hunters
- Red Teamers
Link to the lab:
Immerser