A Financial Services Information Sharing and Analysis Center (FS-ISAC) employee fell victim to a phishing attack that compromised login credentials enabling additional phishing attacks.
FS-ISAC is a cyber and physical threat intelligence analysis and sharing platform for the global financial industry.
An employee clicked on a malicious email that compromised their credentials allowing the threat actor to create an email with a PDF that had a link to a credential harvesting site which was then sent from the initial compromised account to select members, affiliates and employees, according to a notice sent to affected members that was obtained by KrebsOnSecurity.
The effects of the secondary attacks appear to have been limited and contained since many FS-ISAC members who received the phishing attacks quickly detected and reported the malicious emails as suspicious.
FS-ISAC President and CEO Bill Nelson described the incident as a routine attack that doesn't appear to have been targeted or sophisticated. Nelson told the publication that his firm needs to accelerate multifactor authentication adoption for all of its assets and that there are plans to implement additional security features moving forward.