Battling BazaCall BuzzKill

It's finally Friday. You successfully made it through another week and the weekend is so close you can taste it. You pour yourself a bowl of your favorite cereal, but before you can get that first bite your phone rings. It's a random number, but for some reason you're feeling chatty and decide to answer. Unfortunately, it's a robot that somehow knows your name and is asking for your social security number, home address, and password from that first AOL account you made in 1998!  It’s easy to recognize classic scams like these, but some of the newer, creative scams can be more challenging to identify.  One of these is called BazaCall, and they don’t call you – oh, no.  BazaCall will have YOU calling THEM! In this episode of Security Unlocked, host Natalia Godyla is re-joined by Microsoft Threat Analysts Emily Hacker and Justin Carroll to talk about a relatively new delivery method for malware and ransomware called BazaCall campaigns. They discuss the different delivery methods used, how attackers evade detection, and where the attack chain begins.      In This Episode You Will Learn:   What makes BazaCall campaigns unique from other email/phone scams How the delivery system works About a new technique called “double extorsion”  Some Questions We Ask:   What is the flow of the attack chain? What are some new tactics used by BazaCall centers? How can organizations mitigate attacks? Resources:  BazaCall: Phony call centers lead to exfiltration and ransomware View Emily on LinkedIn View Justin on LinkedIn View Natalia on LinkedIn Related:Listen to: Afternoon Cyber Tea with Ann JohnsonListen to: Security UnlockedDiscover and follow other Microsoft podcasts at microsoft.com/podcastsSecurity Unlocked is produced by Microsoft and distributed as part of The CyberWire Network. Hosted on Acast. See acast.com/privacy for more information.