Black Basta Rapid-Fire Attack Blasted 1,165 Emails at 22 Target Mailboxes in 90 Minutes
A recent cyberattack mimicking the notorious Black Basta ransomware group’s tactics targeted one of SlashNext’s clients, bombarding 22 user inboxes with 1,165 malicious emails in just 90 minutes. This rapid-fire attack, aimed at huge user bases and bypassing traditional security measures, showcases the evolving sophistication of modern phishing campaigns. The attack began when the client’s […] The post Black Basta Rapid-Fire Attack Blasted 1,165 Emails at 22 Target Mailboxes in 90 Minutes appeared first on Cyber Security News.
A recent cyberattack mimicking the notorious Black Basta ransomware group’s tactics targeted one of SlashNext’s clients, bombarding 22 user inboxes with 1,165 malicious emails in just 90 minutes.
This rapid-fire attack, aimed at huge user bases and bypassing traditional security measures, showcases the evolving sophistication of modern phishing campaigns.
The attack began when the client’s Security Operations Center (SOC) detected a sudden surge of suspicious emails.
Upon investigation, the client found that their Secure Email Gateway (SEG) had indeed flagged an increase in malicious activity.
Turning to the SlashNext phishing-defense tool, part of their Integrated Cloud Email Security (ICES) offering, they quickly identified hundreds of suspicious messages targeting a small group of users.
.webp)
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
Attack Tactics
The Black Basta-style attack employed several sophisticated techniques:
- Platform Impersonation: Attackers posed as popular platforms like WordPress and Shopify, using legitimate-looking domains to send fake account creation and subscription emails.
- Sneaky Domains: Messages originated from seemingly harmless domains like genomelink.io and mandrillapp.com, carefully chosen to evade simple filters.
- Character Obfuscation: Subject lines included unusual characters or minor variations to bypass basic keyword checks and confuse recipients.
- Varied Account Types: Emails referenced different user roles to increase the chances of catching someone’s attention.
- Psychological Triggers: Urgent phrases like “Your account has been created” were used to create a sense of panic and prompt hasty actions.
SlashNext’s AI-powered SEER technology played a crucial role in mitigating this threat. Unlike traditional filters, SEER
analyzes email behavior in real-time, allowing it to detect malicious content even when hidden behind strange symbols or encoded text. The system identified several attack patterns, including:
- URLs leading to fake login pages
- Domain spoofing using subdomains
- Encoded URLs launching harmful software when clicked
By focusing on behavior rather than just appearances, SEER successfully flagged and blocked each suspicious email in real-time, protecting users from potential compromise.
This attack highlights the ongoing evolution of phishing tactics, particularly those associated with ransomware groups like Black Basta.
SlashNext’s success in preventing this attack underscores the importance of AI-powered, behavior-based email security systems in today’s threat landscape.
As attacks become more sophisticated and rapid, traditional security measures may struggle to keep pace. By combining real-time analysis, AI-driven detection, and continuous innovation, solutions like SlashNext’s ICES platform offer businesses a robust defense against emerging email threats.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates
The post Black Basta Rapid-Fire Attack Blasted 1,165 Emails at 22 Target Mailboxes in 90 Minutes appeared first on Cyber Security News.
