A Financial Services Information Sharing and Analysis Center (FS-ISAC) employee fell victim to a phishing attack that compromised login credentials enabling additional phishing attacks.
FS-ISAC is a cyber and physical threat intelligence analysis and sharing platform for the global financial industry.
An employee clicked on a malicious email that compromised their credentials allowing the threat actor to create an email with a PDF that had a link to a credential harvesting site which was then sent from the initial compromised account to select members, affiliates and employees, according to a notice sent to affected members that was obtained by KrebsOnSecurity.
The effects of the secondary attacks appear to have been limited and contained since many FS-ISAC members who received the phishing attacks quickly detected and reported the malicious emails as suspicious.
FS-ISAC President and CEO Bill Nelson described the incident as a routine attack that doesn't appear to have been targeted or sophisticated. Nelson told the publication that his firm needs to accelerate multi-factor authentication adoption for all of its assets and that there are plans to implement additional security features moving forward.